Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns. For over a decade, Google has said that API keys for public services such as Maps are… Read More "Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access"
Ravie LakshmananApr 09, 2026Vulnerability / Threat Intelligence Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a… Read More "Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025"
Infosecurity Europe has announced former Ukrainian Minister of Foreign Affairs, Dr. Dmytro Kuleba as headline keynote for its 2026 conference program. The event will run from 2–4 June at ExCeL London. Kuleba will take to the keynote stage on Wednesday,… Read More "Dmytro Kuleba to Address the New Cyber Frontline at Infose Europe"
The increasing use of artificial intelligence within and by business is problematic on two fronts: firstly, we rely on it as if it were the voice of God, and secondly, attackers are able to turn our reliance against us. First,… Read More "Can we Trust AI? No – But Eventually We Must"
Ravie LakshmananApr 09, 2026Hacking News / Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments,… Read More "Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories"
The researchers pointed out that the behavior of the Script Editor may vary depending on the macOS version. “On recent versions of macOS Tahoe, an additional warning prompt is presented, requiring the user to allow the script to be saved… Read More "New ClickFix variant bypasses Apple safeguards with one‑click script execution"
Several civil society figures in Middle Eastern countries, including three high-profile journalists in Egypt and Lebanon, have been targeted by a spear-phishing campaign likely tied to a known South Asian cyber espionage group. The campaign was detected by digital civil… Read More "Middle East Hack-for-Hire Operation Traced to South Asian APT Group"
Researchers from RSAC have found a way to bypass the safety protocols of Apple’s Intelligence AI with a high success rate. Apple Intelligence is a deeply integrated personal intelligence system for iOS, iPadOS, and macOS that combines generative AI with… Read More "Apple Intelligence AI Guardrails Bypassed in New Attack"
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing… Read More "The Hidden Security Risks of Shadow AI in Enterprises"
Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connected networks. I learned early that tightly… Read More "Weak at the seams | CSO Online"
