Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
GovInfoSecurity

How AI Supply-Chain Monitor Spotted Unfolding Axios Attack

Elastic Security Labs quickly spotted the unfolding supply-chain attack that backdoored the popular JavaScript library Axios, ...
Le Lézard

Chainguard and Cursor Partner to Secure Agentic Coding with Trusted Open Source

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
ITWeb

ANALYSIS: Big Tech sets AI to catch AI

AI companies are holding back models that could be used in cyber attacks, instead deploying them to build defence systems.
The Caledonian-Record

ESET Research: New NGate hides in NFC payment app, possibly built with AI

ESET researchers discovered a new NGate malware variant abusing the legitimate Android HandyPay application.To trojanize HandyPay, threat actors most likely used GenAI.The campaign has been ongoing si ...
The Hacker News

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA adds 8 exploited vulnerabilities to KEV, sets April 23 and May 4, 2026 deadlines, driving urgent federal patching.
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...
Cult of Mac

Make your iPhone completely hacker-proof — with a huge downside

But if you feel you absolutely must use it, or are just curious, enabling Lockdown Mode on your iPhone is easy. Open the ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
BankInfoSecurity

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...