60K Bitcoin addresses leaked as LockBit ransomware gang gets hacked
Nearly 60,000 Bitcoin addresses linked to the LockBit ransomware gang were leaked after their dark web affiliate panel was breached, though private keys were not compromised. The leaked database, containing negotiation messages and ransomware build details, could aid blockchain analysts in tracing illicit financial flows and potentially link past ransom payments to known wallets.
Jet fuel risk is now a traveller issue: What it could mean for your summer plans | Edward Kiledjian
Global jet fuel disruptions could lead to higher fares, schedule cuts, and more flight cancellations, particularly impacting travel to Europe and Asia. Travelers should favor nonstop flights, choose major hubs, build in buffer time, and prioritize flexible bookings to navigate a less forgiving air travel system.
A Bluetooth tracker hidden inside a postcard and mailed to the Dutch warship HNLMS Evertsen exposed its location for 24 hours, putting the $585 million ship and its NATO carrier strike group at risk. The Dutch Ministry of Defense has since banned electronic greeting cards, and similar incidents involving Strava and unauthorized Starlink terminals highlight ongoing operational security challenges with new technologies.
Trusted access for the next era of cyber defense | OpenAI
OpenAI is expanding its Trusted Access for Cyber (TAC) program to provide thousands of verified defenders and hundreds of teams with access to advanced AI models, including the new GPT-5.4-Cyber, specifically fine-tuned for defensive cybersecurity use cases. This initiative emphasizes democratized access, iterative deployment, and ecosystem resilience to accelerate cyber defense efforts while implementing robust safeguards and verification processes to prevent misuse.
Microsoft has raised prices for all its Surface PCs, citing increased memory and component costs due to global memory shortages. These price hikes now make most Surface models, including the Surface Pro and Surface Laptop, more expensive than their equivalent Mac counterparts.
Apple Removes Fake Crypto Wallet App That Stole $9.5 Million From Mac Users - MacRumors
A fake crypto wallet app disguised as Ledger Live was available on the Mac App Store, successfully scamming Mac users out of $9.5 million in cryptocurrency before being removed by Apple. The fraudulent app, which operated for about two weeks, tricked users into revealing their seed phrases, a tactic not used by legitimate crypto wallets.
Backblaze has quietly stopped backing up your data | Robert Reese’s Website
Article claims : Backblaze has quietly stopped backing up user data from cloud storage folders like OneDrive and Dropbox, and also .git folders, despite previously promising to back up all data. This change, implemented without direct user notification, means Backblaze is no longer fulfilling its core function of comprehensive data backup, eroding user trust.
The Iran-linked CyberAv3ngers group, formally connected to the IRGC-CEC, has evolved into a significant threat targeting U.S. critical infrastructure, including water and wastewater systems and energy facilities. They have exploited vulnerabilities in programmable logic controllers (PLCs) and deployed custom malware like IOCONTROL, causing operational disruption and financial losses.
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
The new Storm infostealer operates by hijacking browser sessions and decrypting data server-side, a shift from traditional methods that evaded endpoint security. For a monthly fee, it harvests credentials, session cookies, and crypto wallets, enabling attackers to gain authenticated access to SaaS platforms and cloud environments without triggering alerts.
The cybercrime group ShinyHunters claims to have breached Rockstar Games systems through a cloud analytics platform, threatening to release stolen data if a ransom is not paid. Rockstar Games confirmed a limited data breach but stated it has no impact on the company or its players.
Apache Tomcat Vulnerabilities Enables Bypass of EncryptInterceptor
Multiple Apache Tomcat vulnerabilities have been disclosed, including a critical EncryptInterceptor bypass (CVE-2026-34486) resulting from a flawed security patch, and issues related to padding oracle attacks and certificate authentication (CVE-2026-34500). Administrators are urged to update to the latest secure releases to mitigate these risks.
Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure
A critical pre-authentication RCE vulnerability (CVE-2026-39987) in the Marimo Python notebook platform was exploited within 10 hours of its disclosure, allowing attackers to steal cloud credentials. The flaw affects the /terminal/ws endpoint, and users are advised to update to version 0.23.0 or later immediately.
APT41 Delivers ‘Undetectable’ Backdoor to Steal Cloud Credentials
The China-backed threat group APT41 is utilizing a ‘zero-detection’ backdoor to target cloud environments like AWS, Google, Azure, and Alibaba, aiming to harvest credentials. This sophisticated malware, written in ELF format, employs typosquatting and uses SMTP port 25 for covert command-and-control (C2), making its activity exceptionally difficult to detect.
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
The BITTER APT group is using Signal, Google, and Zoom lures in spearphishing attacks to spread ProSpy and ToSpy spyware, targeting journalists and activists in the Middle East. These attacks trick victims into downloading malware that can steal photos, messages, and files by impersonating legitimate login pages and using malicious QR codes.
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency fix for a zero-day vulnerability (CVE-2026-34621) in Acrobat and Reader that allowed malicious PDFs to bypass sandbox restrictions and execute arbitrary code. The flaw, exploited since December, enabled attackers to read and steal local files, and was discovered by Haifei Li after a suspicious PDF sample was submitted for analysis.
Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels
Cybercriminals are exploiting GitHub and Jira notification systems to deliver phishing emails, bypassing traditional security measures by using the platforms' own verified infrastructure. This tactic, termed Platform-as-a-Proxy (PaaP), leverages automated notifications for fake invoices or alerts to harvest user credentials.
FBI, Indonesia take down W3LL phishing tool | The Record from Recorded Future News
The FBI and Indonesian law enforcement have dismantled the W3LL phishing tool, a platform that enabled hackers to create fake login portals for $500, leading to the arrest of its alleged developer and seizure of critical domains. This sophisticated cybercrime service facilitated the theft of over 25,000 compromised accounts and was used in attacks targeting more than 56,000 corporate Microsoft 365 accounts globally.
Claude AI Reportedly Down for Hundreds of Users With Intermittent 500 Errors - Cyber Security News
Hundreds of users reported Claude AI experiencing intermittent 500 errors on April 13, 2026, affecting its website, API, and Claude Code, despite the official status page indicating all systems are operational. This incident adds to a pattern of recurring disruptions for Anthropic’s AI services throughout March and April.
PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage
A recent PwC survey reveals that cybersecurity is a top three risk for 60% of American corporations, yet only 6% feel capable of addressing it. Despite increased investments in technology and AI, companies often operate defensively, with attackers leveraging AI to exploit vulnerabilities at an unprecedented speed and scale.
Rockstar confirms it was hacked as attackers threaten to leak data | KitGuru
Rockstar Games has confirmed it was the victim of a recent cyber-attack, where a hacking group called ShinyHunters gained access to a limited amount of non-material company information from cloud-based servers. The attackers are threatening to leak the stolen data, which includes financial information and player habit studies, after their ransom demand went unpaid.
Booking.com warns customers of hack that exposed their data | Hacking | The Guardian
Booking.com has alerted customers to a data breach where unauthorised parties accessed booking details, including names, emails, addresses, and phone numbers, but not financial information. This incident is the latest in a series of cybercrime attempts targeting the platform.
FBI Recovers Deleted Signal Messages Through iPhone Notifications
The FBI has discovered a method to recover deleted Signal messages from iPhones by accessing notification data, even after the app is deleted. This loophole, which affects other messaging apps like WhatsApp and Telegram as well, can be mitigated by disabling message previews in both iPhone and app notification settings.
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign has evolved to use a Zig-compiled dropper hidden within a fake IDE extension to infect multiple developer tools, including VS Code, Cursor, and VSCodium. This sophisticated attack chain allows threat actors to stealthily compromise developer environments at scale by installing a second-stage dropper that steals data and deploys a persistent RAT.
OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately
OpenAI is warning macOS users to update ChatGPT and other applications immediately due to a software supply chain attack that compromised a third-party library, potentially exposing code-signing certificates. While no user data or systems were compromised, updating is crucial as older versions will become non-functional after May 8, 2026.
Over 20,000 crypto fraud victims identified in international crackdown
An international law enforcement operation named Operation Atlantic has identified over 20,000 victims of cryptocurrency fraud across Canada, the UK, and the US, freezing over $12 million in criminal proceeds and identifying over $45 million in stolen crypto. This operation highlights the success of public-private partnerships in combating fraud, a model that will be central to the UK’s new Fraud Strategy.