soc

Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios. The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek.

Vercel Breach: Hacker Claims to Sell Stolen Data in Potential Global Supply Chain Attack On April 19, 2026, Vercel, the cloud development platform behind Next.js and Turbopack, disclosed a security incident following a threat actor’s public claim to be selling stolen corporate data on the Dark Web. Vercel’s subsequent investigation traced the breach back to […]

Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals. The post British Scattered Spider Hacker Pleads Guilty in the US appeared first on SecurityWeek.

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments.  On March 31, 2026, two npm packages for versions axios@1.14.1 […]

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability CVE-2025-2749 Kentico Xperience Path Traversal Vulnerability CVE-2025-32975 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability CVE-2025-48700 Synacor Zimbra Collaboration Suite (ZCS) Cross-site […]

The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools. The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek.

A pro-Iran hacker group has taken credit for the attack on Bluesky, which appears to have lasted 24 hours.  The post Bluesky Disrupted by Sophisticated DDoS Attack appeared first on SecurityWeek.

The Senate approved a short-term renewal until April 30 of a controversial surveillance program used by U.S. spy agencies. The post Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House appeared first on SecurityWeek.

Vercel and Binance Data Claims, Israel Facebook Leak, FALKONc2 Sale, and Gmail Caller Recruitment SOCRadar Dark Web Team identified several new underground posts, including an alleged Vercel access key and source code sale framed as a supply chain risk, and a separate listing claiming a 1.5 million record Binance dataset. Other posts promoted an alleged […]

The continued use of the half-century-old protocol exposes enterprises and end users to various types of attacks. The post Half of the 6 Million Internet-Facing FTP Servers Lack Encryption appeared first on SecurityWeek.