Tech News

1. Cybersecurity / Vulnerabilities: Microsoft's April Patch Tuesday addresses 167 vulnerabilities, including a critical SharePoint Server zero-day (CVE-2026-32201) being actively exploited and a privilege escalation flaw in Windows Defender dubbed "BlueHammer." Google Chrome also released its fourth zero-day patch of 2026, and Adobe issued an emergency update for an exploited flaw in Reader. 👉 msrc.microsoft.com^$ 👉 msrc.microsoft.com^$ 👉 bleepingcomputer.com 👉 krebsonsecurity.com

2. Cybercrime / Ransomware: German authorities have identified Daniil Maksimovich Shchukin, also known as "UNKN," as the alleged leader behind the GandCrab and REvil ransomware gangs, which are estimated to have extorted nearly 2 million euros from victims across Germany. Shchukin was previously named in U.S. Justice Department filings related to REvil proceeds. 👉 bka.de 👉 krebsonsecurity.com

3. Cybercrime / Botnets: U.S. authorities, in collaboration with Canadian and German counterparts, have dismantled four major IoT botnets—Aisuru, Kimwolf, JackSkid, and Mossad—responsible for millions of distributed denial-of-service (DDoS) attacks. These botnets compromised over three million devices, including routers and webcams, and were used for extortion. 👉 justice.gov 👉 krebsonsecurity.com

4. Cybercrime / Extortion: A financially motivated group known as "TeamPCP" is reportedly conducting wiper attacks targeting Iran, deploying a worm that spreads through compromised cloud services and targets systems in Iran's time zone or with Farsi as the default language. The group previously utilized supply chain attacks and credential theft. 👉 aikido.dev 👉 krebsonsecurity.com

5. Cybercrime / Phishing: A new phishing-as-a-service called "Starkiller" is enabling criminals to conduct sophisticated attacks by dynamically loading legitimate website login pages and acting as a man-in-the-middle proxy to steal credentials and MFA codes. The service also offers real-time session monitoring and automated Telegram alerts. 👉 abnormal.ai 👉 krebsonsecurity.com

6. AI / Security: OpenAI has launched GPT-5.4-Cyber, a specialized version of its GPT-5.4 model optimized for defensive cybersecurity tasks, expanding access through its Trusted Access for Cyber (TAC) program. This move mirrors Anthropic's earlier release of its cybersecurity-focused AI model, Mythos. 👉 openai.com 👉 thehackernews.com

7. Cybercrime / Data Breach: Booking.com has warned that customer data may have been exposed following a security incident where hackers accessed reservation details, leading to reports of phishing attempts via email, calls, and WhatsApp targeting users. 👉 cybernews.com

8. Cybersecurity / Vulnerabilities: Microsoft's April Patch Tuesday addresses 169 vulnerabilities, including actively exploited flaws in SharePoint Server and Windows Defender, as well as issues in AMD, Node.js, and Git for Windows. 👉 msrc.microsoft.com^$ 👉 thehackernews.com 👉 krebsonsecurity.com

9. Cybercrime / Data Breach: The cryptocurrency exchange Kraken is reportedly facing extortion from hackers who claim to have obtained internal videos showing client data, following a breach attributed to an insider. 👉 bleepingcomputer.com

10. Cybercrime / Data Breach: Educational company McGraw-Hill confirmed a data breach resulting from a Salesforce misconfiguration, which reportedly led to hackers accessing internal data after an extortion threat. 👉 bleepingcomputer.com

11. Cybersecurity / Vulnerabilities: A critical vulnerability (CVE-2026-33032) in the nginx-ui web-based Nginx management tool, dubbed "MCPwn," is being actively exploited and allows for authentication bypass, potentially leading to full server takeover. 👉 nginx-ui.com 👉 thehackernews.com

12. Cybercrime / Data Theft: Over 100 malicious Google Chrome extensions have been found in the Chrome Web Store, designed to steal user data, including Google account identity via OAuth2 tokens, and facilitate arbitrary JavaScript injection. 👉 bleepingcomputer.com

13. Cybercrime / Data Breach: Rockstar Games has reported a data breach linked to a security incident at Anodot, with the "ShinyHunters" extortion group allegedly leaking the stolen analytics data. 👉 bleepingcomputer.com

14. Cybercrime / Phishing: A new campaign is utilizing fake travel reservation links to target travelers, exploiting the inconvenience of flight cancellations and overbooking with phishing attempts via emails, calls, and WhatsApp. 👉 cybernews.com

15. Cybersecurity / Vulnerabilities: Critical vulnerabilities have been disclosed in PHP Composer, a package manager for PHP, specifically CVE-2026-40176 and CVE-2026-40261, which could allow for arbitrary command execution through improper input validation and inadequate escaping. Patches have been released. 👉 github.com 👉 thehackernews.com

16. Mobile Security / Exploitation: Google has integrated a Rust-based DNS parser into the modem firmware of Pixel 10 devices, enhancing security by mitigating a class of vulnerabilities and promoting memory-safe code. 👉 security.googleblog.com 👉 thehackernews.com

17. Cybercrime / Ad Fraud: A campaign dubbed "Pushpaganda" is leveraging SEO poisoning and AI-generated content to spread scareware and ad fraud through Google Discover, tricking users into enabling persistent browser notifications. 👉 humansecurity.com 👉 thehackernews.com

18. Mobile Security / Malware: A new Android remote access trojan (RAT) named "Mirax" is targeting Spanish-speaking countries, turning infected devices into SOCKS5 proxies and reaching users through advertisements on Meta platforms. 👉 cleafy.com 👉 thehackernews.com

19. Application Security / AI: OX Security's 2026 analysis of 216 million security findings revealed a fourfold increase in critical risks, attributing the surge to AI-assisted development and a "velocity gap" in remediation workflows. 👉 oxsecurity.com 👉 thehackernews.com

20. Vulnerabilities / Exploitation: A critical remote code execution (RCE) vulnerability (CVE-2025-0520) in ShowDoc, a document management service popular in China, is being actively exploited by hackers who can upload arbitrary PHP files to achieve code execution. 👉 vulhub.org 👉 thehackernews.com

21. Security / WordPress: Dozens of WordPress plugins, used by thousands of websites, have been found to contain planted backdoors, compromising website security and potentially leading to further data breaches. 👉 techcrunch.com

22. AI / Regulation: Anthropic co-founder Dario Amodei has confirmed that the company briefed the Trump administration on its advanced AI model, Mythos, as government agencies explore the capabilities and implications of cutting-edge AI technologies. 👉 techcrunch.com

23. Biotech / Health Tech: Max Hodak's Science Corp. is preparing to implant its first sensor into a human brain, marking a significant step in the development of brain-computer interfaces for therapeutic and enhancement purposes. 👉 techcrunch.com

24. Cybercrime / Phishing: The FBI, along with Canadian and German authorities, has dismantled a global phishing operation known as "W3LL," leading to the arrest of its alleged developer and the seizure of its infrastructure. 👉 bleepingcomputer.com

25. Cybercrime / Data Breach: Booking.com has confirmed that hackers gained unauthorized access to customer reservation data, potentially exposing millions of users to follow-on phishing and scams. 👉 cybernews.com

26. Cybersecurity / Vulnerabilities: Adobe has released an emergency update to address a critical zero-day vulnerability in its Acrobat and Reader software that was being actively exploited by attackers to execute remote code. 👉 helpx.adobe.com 👉 bleepingcomputer.com

27. AI / Cybersecurity: OpenAI has launched GPT-5.4-Cyber, an AI model specifically tuned for defensive cybersecurity tasks, expanding access to security teams through its Trusted Access for Cyber program. 👉 openai.com 👉 thehackernews.com

28. Application Security / Vulnerabilities: Two high-severity vulnerabilities (CVE-2026-40176 and CVE-2026-40261) in PHP Composer, a package manager for PHP, have been patched, which could have allowed arbitrary command execution. 👉 github.com 👉 thehackernews.com

29. Cybersecurity / AI: A report from OX Security analyzing 216 million security findings indicates a fourfold increase in critical risks, largely attributed to the rapid adoption of AI in development processes and a resulting "velocity gap" in remediation. 👉 oxsecurity.com 👉 thehackernews.com

30. Mobile Security / Malware: A new Android RAT called "Mirax" is actively spreading through Meta ads, turning infected devices into SOCKS5 proxies and potentially compromising over 220,000 accounts. 👉 cleafy.com 👉 thehackernews.com

31. Cybercrime / Ad Fraud: A new campaign called "Pushpaganda" is using AI and SEO poisoning to distribute scareware and ad fraud via Google Discover, tricking users into enabling intrusive browser notifications. 👉 humansecurity.com 👉 thehackernews.com

32. Cybersecurity / Data Breach: Fashion retailers Lacoste, Ralph Lauren, and Canada Goose are reportedly among the victims of a data breach originating from a supplier, with alleged data exposure affecting millions of customers. 👉 cybernews.com

33. AI / Regulation: OpenAI has reportedly briefed the Trump administration on its advanced AI model, Mythos, as federal agencies investigate the rapidly evolving landscape of artificial intelligence and its potential impacts. 👉 techcrunch.com

34. Biotech / Health Tech: Max Hodak's Science Corp. is preparing for its first human brain sensor implant, a milestone in the development of advanced brain-computer interfaces. 👉 techcrunch.com

35. Cybersecurity / Vulnerabilities: Adobe has released an emergency patch for a zero-day vulnerability in Acrobat and Reader that was actively exploited by hackers for remote code execution. 👉 helpx.adobe.com 👉 cybernews.com

36. Cybercrime / Data Breach: Hackers have allegedly gained access to data from luxury retailers Lacoste, Ralph Lauren, and Canada Goose, potentially exposing millions of customer records. 👉 cybernews.com

37. Privacy / Internet Archive: Several major news organizations, including The New York Times and USA Today, are reportedly blocking the Internet Archive's Wayback Machine, raising concerns about the preservation of digital history. 👉 cybernews.com

38. News / UFOs: The disappearance of Steven Garcia in New Mexico has become a focal point in a deepening UFO mystery, drawing renewed attention to unexplained aerial phenomena. 👉 cybernews.com

39. Tech / Geopolitics: Microsoft is reportedly facing financial implications due to its operations in Europe, potentially linked to geopolitical tensions and trade policies impacting technology companies. 👉 cybernews.com

40. Entertainment / Social Media: An Uber Eats driver has shared methods for other women to increase their tips, reportedly without significant effort, highlighting evolving gig economy dynamics. 👉 cybernews.com

41. AI / Cybersecurity: OpenAI has launched GPT-5.4-Cyber, a new AI model tailored for cybersecurity defense, in response to Anthropic's earlier release of its Mythos model for similar applications. 👉 cybernews.com

42. Retail / Investigation: Consumers are reportedly waiting for discounts on Lululemon products amidst an ongoing investigation into "forever chemicals" in their apparel, raising questions about corporate responsibility and consumer behavior. 👉 cybernews.com

43. Cybersecurity / WordPress: Security researchers have discovered that numerous WordPress plugins, widely used across the internet, were compromised with malicious backdoors, affecting thousands of websites. 👉 cybernews.com

44. Tech / Business: Amazon has acquired satellite communications company Globalstar for $11 billion, aiming to bolster its own satellite internet network and compete more directly with SpaceX's Starlink. 👉 cybernews.com

45. Privacy / Social Media: A Dutch court has ordered X (formerly Twitter) to disclose user information related to a shadowban complaint, potentially impacting the platform's content moderation practices. 👉 cybernews.com

46. Privacy / Technology: LinkedIn is facing lawsuits over allegations that its browser extensions illegally track user activity, raising privacy concerns about data collection practices. 👉 cybernews.com

47. Privacy / Software: A European company has released a free, open-source tool designed to block tracking and enhance privacy, promoting reduced reliance on foreign technology. 👉 cybernews.com

48. Cybercrime / Crypto: Victims of the massive OneCoin cryptocurrency scam may receive only a small fraction of their losses back, as the U.S. Department of Justice begins distributing compensation funds. 👉 cybernews.com

49. Editorial / AI: Elon Musk's work with Neuralink is prompting discussions about the future of human-computer interaction and the potential for significant societal impact, despite controversies surrounding his ventures. 👉 cybernews.com

50. Cybercrime / Data Breach: Hackers reportedly stole $450,000 worth of Bitcoin from an American rock singer via a malicious app that bypassed Apple's security measures. 👉 cybernews.com

1776262200000