RECON

[DRAGNET]208IN STACK · 2h ago

VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXi

VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXi    gbhackers.com

Latest stories for ZDNET in Security205IN STACK · 3h ago

5 ways your Windows updates are about to get a lot less painful

Microsoft wants to fix 'pain points' in Windows 11 PCs. The first batch of changes, targeting the Windows Update experience, is hitting Insider preview channels and coming soon to your desktop.

unSafe.sh - 不安全200IN STACK · 4h ago

代码编辑器Notepad++登陆macOS平台

代码编辑器Notepad++登陆macOS平台备受欢迎的Notepad++代码编辑器现已推出原生的macOS应用。这得益于开源社区成功将其原始的Windows代码库移植过来。此替代方案作为一个通用二进

Rapid7 Blog73 · 3h ago

Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect

This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. We start with the report, but quickly move into what’s already playing out in active campaigns. What stands out is not a change in attacker technique, but the pace. Weak credentials, missing MFA, exposed services, and unpatched systems still drive most intrusions. What h...

unSafe.sh - 不安全223IN STACK · 8h ago

How I Fixed Windows Installation - BitLocker, a Write-Protected USB, and the IRST Rabbit Hole

New StorybySarath Chandra Vidya Sagar MachupallibySarath Chandra Vidya Sagar Machupalli@vidyasagarm

unSafe.sh - 不安全208IN STACK · 7h ago

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Kno

Hacker News Frontpage13 · 20m ago

Mistral Medium 3.5

Article URL: https://mistral.ai/news/vibe-remote-agents-mistral-medium-3-5 Comments URL: https://news.ycombinator.com/item?id=47949642 Points: 11 # Comments: 1

Cybersecurity News335IN STACK · 13h ago

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

The post CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws appeared first on Daily CyberSecurity . Related posts: The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted CISA Adds 2008 Windows Flaw & Chrome Zero-Day to KEV

The Record from Recorded Future News20 · 1h ago

Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe

Swiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe.

Cybersecurity News36 · 2h ago

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

The post Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access appeared first on Daily CyberSecurity . Related posts: Race Against the Clock: The 10-Minute Window Granting Root RCE in Nginx UI Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE

The Register (Security)32 · 2h ago

GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash

Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a single command.…

BleepingComputer35 · 2h ago

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]

Hacker News Frontpage13 · 1h ago

Zed is 1.0

Article URL: https://zed.dev/blog/zed-1-0 Comments URL: https://news.ycombinator.com/item?id=47949027 Points: 249 # Comments: 70

The Hacker News34 · 3h ago

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The problem? Most defensive workflows

Infosecurity24 · 2h ago

Researchers Track 2.9 Billion Compromised Credentials

KELA claims infostealers remained the primary access vector for attacks in 2025

Bitdefender Labs23 · 2h ago

Operation Road Trap: Fake toll and parking texts are spreading worldwide

A new mass smishing campaign uncovered by Bitdefender Labs shows that scammers are sending tens of thousands of fraudulent text messages to mobile users across 12 countries, impersonating transport authorities, toll operators, and parking services. Key takeaways * Since December 2025, Bitdefender Labs researchers have been tracking smishing campaigns targeting drivers on a global scale. The scam campaigns are still active as of April 2026 * Over 79,000 fraudulent messages have already been

BleepingComputer21 · 2h ago

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. [...]

Hacker News Frontpage13 · 1h ago

Tangled – We need a federation of forges

Article URL: https://blog.tangled.org/federation/ Comments URL: https://news.ycombinator.com/item?id=47948603 Points: 180 # Comments: 107

Dark Reading20 · 2h ago

Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities

An analysis of the destructive malware reveals sophisticated living-off-the-land (LotL) techniques and detailed strategies for the widespread deletion of data.

VulDB Recent Entries139 · 11h ago

CVE-2026-7344 | Google Chrome up to 147.0.7727.117 on Windows Accessibility use after free (ID 503419)

A vulnerability was found in Google Chrome on Windows and classified as critical . The impacted element is an unknown function of the component Accessibility . Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2026-7344 . It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.