Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React framework, and for offering services such as serverless functions, edge computing, and CI/CD pipelines. READ MORE...
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it's halting operations after experiencing a $13 million heist carried out by "western special services" hackers. Researchers from TRM, which has confirmed the theft, put the value of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 more than Grinex reported. Neither TRM nor fellow blockchain research firm Elliptic has said how the attackers slipped past Grinex's defenses. READ MORE...
Bluesky Disrupted by Sophisticated DDoS Attack
Bluesky, the decentralized microblogging social media platform, reported service outages last week due to a distributed denial-of-service (DDoS) attack aimed at its systems. The DDoS attack appears to have started late on April 15 (Pacific Time) and continued into the next day. The company described it as a sophisticated attack that caused intermittent app outages. The company did not say who was behind the attack. READ MORE...
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and when the victim calls back, hands them off to either a human scammer or an AI voice agent. AI is becoming part of everyday criminal workflows, and fueling the rise in cyber fraud. READ MORE...
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
In the wake of a major takedown of phishing's biggest brand name, Tycoon 2FA, phishers worldwide have scattered. Some have stuck around, but many have moved to other phishing service providers, and some seem to be jumping on a fast-growing trend toward device code phishing. It would be shortchanging Tycoon 2FA to merely distinguish it as the world's premiere phishing-as-a-service (PhaaS) group. READ MORE...
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade. The US cybersecurity agency added the bug, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, triggering a Binding Operational Directive (BOD) 22-01 deadline that gives Federal Civilian Executive Branch agencies until April 30 to fix their systems. READ MORE...
Network 'background noise' may predict the next big edge-device vulnerability
Attackers rarely exploit an edge-device vulnerability indiscriminately. Typically, they first test how widely the flaw can be used and how much access it can provide, then move on to steal data or disrupt operations. Pre-attack surveillance and planning leaves a lot of noise in its wake. These signals - particularly spikes in traffic that are hitting specific vendors - can act as an early-warning system, often preceding public vulnerability disclosures. READ MORE...
How NIST's Cutback of CVE Handling Impacts Cyber Teams
The chilly air-conditioned Scottsdale ballroom hardly stirred while Harold Booth, program manager for NIST's National Vulnerability Database (NVD), discussed a major operational change - his organization is scaling back its operations and will prioritize which CVEs are chosen for enrichment, rather than taking them all on. It was an admission that the scope of the NVD had grown beyond the capacity of the National Institute of Standards and Technology (NIST) to administer. READ MORE...
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, a fresh Censys report shows. In use for more than half a century, FTP uses a client-server model architecture to facilitate the transfer of files and folders between computers. Unlike modern protocols, however, FTP transmits data unencrypted and has been deemed insecure for years. Its continued use exposes enterprises and end users alike to avoidable risks. READ MORE...
TP-Link routers face exploitation attempt linked to high-severity flaw
Hackers are attempting to exploit a high-severity flaw found in several end-of-life routers from TP-Link, according to a blog post published Friday by Palo Alto Networks' Unit 42. Researchers warn the observed payloads share similarities to those found in malware used in Mirai-like botnets. Such activity would involve attempts to download the malware and execute on vulnerable devices, according to researchers. READ MORE...
- ...in 1902, Marie and Pierre Curie successfully isolate radioactive radium salts from the mineral pitchblende.
- ...in 1940, The first electron microscope is demonstrated by RCA researcher Vladimir Zworykin in Philadelphia, PA.
- ...in 1946, The League of Nations is dissolved, transferring most of its power to the United Nations.
- ...in 2008, Danica Patrick wins the Indy Japan 300, becoming the first woman in history to win an Indy car race.
