China disguises cyberattacks with 'covert network' botnets, US and allies warn
Hackers working for the Chinese government are increasingly hiding their attacks behind ready-made networks of hacked routers and other networking equipment, the U.S. and several allies said on Thursday. Attackers' use of these so-called covert networks is not new, the agencies said in a joint advisory, "but China-nexus cyber actors are now using them strategically, and at scale." By funneling their activity through compromised networking equipment, hackers can obfuscate their origins. READ MORE...
Vercel attack fallout expands to more customers and third-party systems
Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise. The company, which makes tools and hosts cloud infrastructure for developers, maintains a "small number" of accounts were impacted, but it has yet to share a number or range of known incidents linked to the attack. Vercel created and maintains Next.js, a platform supporting AI agents. READ MORE...
US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor
At least one US federal agency was infected with a backdoor as part of a widespread China-linked espionage campaign targeting Cisco firewalls. In May 2024, Cisco patched two vulnerabilities in its Adaptive Security Appliance (ASA) firewall platform that had been exploited as zero-days in a state-sponsored campaign tracked as ArcaneDoor. A year later, the company fixed two more zero-days linked to the same campaign, tracked as CVE-2025-20333 and CVE-2025-20362. READ MORE...
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
The China-linked advanced persistent threat (APT) known as Tropic Trooper appears to be changing up its tactics, techniques, and procedures (TTPs), with an odd spear-phishing effort that involved compromising a target's home Wi-Fi network. Tropic Trooper has been active since at least 2011. The group historically spies on government, military, healthcare, transportation, and high-tech organizations in Taiwan, the Philippines, and Hong Kong. READ MORE...
Vulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike and Tenable informed customers this week about potentially serious vulnerabilities found and patched in their products. CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem. The cybersecurity giant pointed out that Next-Gen SIEM customers are not affected and the vulnerability has been mitigated. READ MORE...
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran's uranium enrichment centrifuges. The company's Vitaly Kamluk discussed the malware in a talk at the Black Hat Asia conference today. SentinelOne has also published a blog post about the malware. READ MORE...
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. According to reports by Socket, JFrog, and OX Security, the malicious package was distributed as version 2026.4.0 and remained available between 5:57 PM and 7:30 PM ET on April 22, 2026, before being removed. READ MORE...
Weak security means attackers could disable all of a city's public EV chargers
Developers of rented internet of things infrastructure - stuff like public EV chargers and shared e-bikes - are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of service attacks on their services. That frightening thesis was the subject of a Friday talk at the Black Hat Asia conference, delivered by Hetian Shi, a hardware and IoT security researcher at China's Tsinghua University. READ MORE...
In a first, a ransomware family is confirmed to be quantum-safe
A relatively new ransomware family is using a novel approach to hype the strength of the encryption used to scramble files-making, or at least claiming, that it is protected against attacks by quantum computers. Kyber, as the ransomware is called, has been around since at least last September and quickly attracted attention for the claim that it used ML-KEM, short for Module Lattice-based Key Encapsulation Mechanism and is a standard shepherded by NIST. READ MORE...
- ...in 1800, the Library of Congress is established, starting with a mere 740 books and three maps.
- ...in 1945, President Harry Truman is fully briefed on the details of the Manhattan Project.
- ...in 1990, the Hubble Space Telescope is launched from Space Shuttle Discovery.
- ...in 1995, the last 4th generation Chevrolet Corvette ZR-1 was produced.
