A former ransomware negotiator has pleaded guilty to secretly working with the BlackCat ransomware group and consipring to launch attacks against multiple victims across the US. Angelo Martino, 41, of Land O’Lakes, Florida, admitted one count of conspiracy to obstruct,… Read More "Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang"
Mozilla says Anthropic’s new cybersecurity-focused Claude Mythos AI model has discovered 271 vulnerabilities in Firefox. The vulnerabilities, identified with an early version of Claude Mythos Preview, were patched in the popular web browser this week with the release of version… Read More "Claude Mythos Finds 271 Firefox Vulnerabilities"
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of… Read More "Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug"
Cybersecurity researchers have uncovered a Belarus-based software platform which is helping SIM farm operators support cybercrime on an “industrial scale.” In a new report published yesterday on April 21, Infrawatch said that it had identified 87 instances of ProxySmart control panels in… Read More "Researchers Uncover ProxySmart Software Powering 90+ SIM Farms"
Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of both security researchers and cybercriminals. Google Antigravity is an ‘agent-first’ development platform that evolves the traditional code editor into a mission control for autonomous AI agents. Powered… Read More "Google Antigravity in Crosshairs of Security Researchers, Cybercriminals"
Dark web credential markets in India are fueling enterprise data breaches, corporate leaks, and escalating cybersecurity threats across Indian organizations. The underground economy of stolen credentials has matured into a structured, high-volume marketplace, and Indian enterprises are at the center.… Read More "Dark Web Credential Markets India & Enterprise Data Risk"
Ravie LakshmananApr 22, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over… Read More "Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles"
Anthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it… Read More "Anthropic bets on EPSS for the coming bug surge"
The UK faces a “perfect storm” for cybersecurity as the next decade will be defined by a combination of geopolitical tensions and high-seed technological evolution. Speaking at the tenth annual CYBERUK conference in Glasgow, Richard Horne, CEO of the UK’s… Read More "UK Faces a Cyber ‘Perfect Storm’"
Oracle on Tuesday announced the release of 481 new security patches as part of its April 2026 Critical Patch Update (CPU). Across the 28 product families that received security updates, more than 300 patches address vulnerabilities that are remotely exploitable… Read More "Oracle Patches 450 Vulnerabilities With April 2026 CPU"
