RECON

Latest stories for ZDNET in Security205IN STACK · 1h ago

5 ways your Windows updates are about to get a lot less painful

Microsoft wants to fix 'pain points' in Windows 11 PCs. The first batch of changes, targeting the Windows Update experience, is hitting Insider preview channels and coming soon to your desktop.

unSafe.sh - 不安全200IN STACK · 2h ago

代码编辑器Notepad++登陆macOS平台

代码编辑器Notepad++登陆macOS平台备受欢迎的Notepad++代码编辑器现已推出原生的macOS应用。这得益于开源社区成功将其原始的Windows代码库移植过来。此替代方案作为一个通用二进

Rapid7 Blog73 · 1h ago

Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect

This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. We start with the report, but quickly move into what’s already playing out in active campaigns. What stands out is not a change in attacker technique, but the pace. Weak credentials, missing MFA, exposed services, and unpatched systems still drive most intrusions. What h...

The Register (Security)32 · 31m ago

GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash

Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a single command.…

Cybersecurity News36 · 45m ago

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

The post Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access appeared first on Daily CyberSecurity . Related posts: Race Against the Clock: The 10-Minute Window Granting Root RCE in Nginx UI Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE

unSafe.sh - 不安全223IN STACK · 6h ago

How I Fixed Windows Installation - BitLocker, a Write-Protected USB, and the IRST Rabbit Hole

New StorybySarath Chandra Vidya Sagar MachupallibySarath Chandra Vidya Sagar Machupalli@vidyasagarm

BleepingComputer35 · 52m ago

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]

unSafe.sh - 不安全208IN STACK · 5h ago

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Kno

Infosecurity24 · 33m ago

Researchers Track 2.9 Billion Compromised Credentials

KELA claims infostealers remained the primary access vector for attacks in 2025

BleepingComputer21 · 28m ago

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. [...]

Bitdefender Labs23 · 38m ago

Operation Road Trap: Fake toll and parking texts are spreading worldwide

A new mass smishing campaign uncovered by Bitdefender Labs shows that scammers are sending tens of thousands of fraudulent text messages to mobile users across 12 countries, impersonating transport authorities, toll operators, and parking services. Key takeaways * Since December 2025, Bitdefender Labs researchers have been tracking smishing campaigns targeting drivers on a global scale. The scam campaigns are still active as of April 2026 * Over 79,000 fraudulent messages have already been

Dark Reading20 · 33m ago

Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities

An analysis of the destructive malware reveals sophisticated living-off-the-land (LotL) techniques and detailed strategies for the widespread deletion of data.

The Hacker News34 · 1h ago

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The problem? Most defensive workflows

Cybersecurity News335IN STACK · 11h ago

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

The post CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws appeared first on Daily CyberSecurity . Related posts: The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted CISA Adds 2008 Windows Flaw & Chrome Zero-Day to KEV

Hacker News Frontpage18 · 50m ago

Letting AI play my game – building an agentic test harness to help play-testing

Article URL: https://blog.jeffschomay.com/letting-ai-play-my-game Comments URL: https://news.ycombinator.com/item?id=47947525 Points: 3 # Comments: 0

Hacker News Frontpage18 · 54m ago

He asked AI to count carbs 27000 times. It couldn't give the same answer twice

Article URL: https://www.diabettech.com/i-asked-ai-to-count-my-carbs-27000-times-it-couldnt-give-me-the-same-answer-twice/ Comments URL: https://news.ycombinator.com/item?id=47947490 Points: 82 # Comments: 79

Security Boulevard23 · 1h ago

Deploying SafePaaS in Oracle E‑Business Suite: A 90‑Day Blueprint to Continuous, Independent Control Monitoring

This blueprint shows how a large Oracle E‑Business Suite (EBS) enterprise deploys SafePaaS as an independent control layer alongside EBS, identity providers, and identity governance and administration (IGA), and how it operates day to day once live. It is designed for complex, audit‑intensive EBS environments with multiple operating units, sets of books and ledgers, recurring […] The post Deploying SafePaaS in Oracle E‑Business Suite: A 90‑Day Blueprint to Continuous, Independent Control Moni...

Hacker News Frontpage13 · 34m ago

Notepad++ Code Editor Comes to Mac After 20-Year Wait

Article URL: https://www.macrumors.com/2026/04/29/notepad-plus-plus-editor-comes-to-mac/ Comments URL: https://news.ycombinator.com/item?id=47947740 Points: 9 # Comments: 1

Security Boulevard20 · 1h ago

Deploying SafePaaS for Oracle ERP Cloud: A 90‑Day Blueprint to Strengthen Risk Management

This blueprint shows how an Oracle ERP Cloud customer deploys SafePaaS as an independent control layer and how it operates day to day once live. It is designed for complex, audit‑intensive Oracle Cloud environments with multi‑entity footprints, connected SaaS applications, recurring external audits, and growing pressure to prove that Oracle‑generated evidence is complete, accurate, and […] The post Deploying SafePaaS for Oracle ERP Cloud: A 90‑Day Blueprint to Strengthen Risk Management appea...

The Register (Security)20 · 1h ago

EU waves through open source age-check tool to keep kids safe online

'Online platforms can rely on our app,' says Commish, 'there are no more excuses' The European Commission has recommended EU member states adopt an age verification app designed to protect children from harmful online content.…