Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks include attending in-person meetings, photographing locations, delivering items, and surveying physical sites.
Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source
Researchers submit papers to arXiv daily, often including LaTeX source files alongside PDFs. About 93% of submissions contain these files, which may include drafts, comments, figures, and leftover project data. A study from RWTH Aachen University, to be presented at the 2026 IEEE Symposium on Security and Privacy, analyzed 2.7 million arXiv submissions since 1991. It found that 88% contained material not intended for public release.
Open-source IPFire DNS Firewall blocks malware and phishing at the resolver
The IPFire project shipped Core Update 201 for its 2.29 release line, bringing DNS-layer domain blocking into the open-source firewall distribution. The update replaces two components that many IPFire operators had paired with the system for years, the built-in URL Filter and external Pi-hole deployments, by handling blocklist enforcement directly inside the firewall’s DNS proxy.
US state privacy fines reached $3.425 billion in 2025
State privacy regulators across the United States collected $3.425 billion in privacy-related fines from companies in 2025. Gartner said the upward trend is expected to accelerate through 2028. Annual cumulative fines stood at $1.827 billion in 2024, putting the 2025 result at nearly double the previous year’s level.
The Exchange Online security controls organizations keep getting wrong
In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussion covers default settings worth changing tomorrow, including legacy protocols like SMTP AUTH that survive due to printer, scanner, and ERP dependencies.
Cisco releases open-source toolkit for verifying AI model lineage
Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026 from Cisco places this level of access inside a growing pattern of AI-driven operations that connect directly to core business systems, and identifies AI supply chain exposure as a recurring risk.
Attackers use MS Teams, fake mailbox repair utility to breach organizations
A threat group has penetrated corporate networks by impersonating IT helpdesk staff on Microsoft Teams, tricking employees into downloading malware and surrendering their credentials to a fake “Mailbox Repair Utility”. UNC6692 is a newly identified threat group, documented by Google’s Threat Intelligence Group (GTIG) following a campaign that began in late December 2025.
Cyber crooks got Robinhood to send phishing emails to its own users
An email phishing campaign is currently targeting a subset of users of the Robinhood brokerage / investment platform and, judging by the comments on Reddit, some have fallen for it. The emails started hitting inboxes on Sunday, April 26, and users soon began reporting the emails to Robinhood and warning other users on Reddit and elsewhere.
The metrics killing your SOC, and what to use instead
Security operations centres risk being rendered entirely ineffective if organizations measure them using the wrong performance indicators, according to Dave Chismon, CTO for Architecture at UK’s National Cyber Security Centre. Evaluating ones’ SOC using the same ticket-based metrics applied to IT service desks can actively work against its core purpose: detecting and responding to real attacks.
CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. CVE-2026-32202 stems from an incomplete patch for CVE-2026-21510, a vulnerability that, in conjunction with CVE-2026-21513, has been exploited by APT28 (aka Fancy Bear) via weaponized LNK files that bypass Windows security features.
Buggy Vect ransomware is effectively a data wiper, researchers find
Due to a bug in the ransomware, affiliates of the Vect Ransomware-as-a-Service operation are irretrievably encrypting victims’ data. After Vect announced that it will be partnering with BreachForums and providing an “affiliate key” to every registered user of the forum, Check Point researchers opened a BreachForums account and got access to Vect’s panel and ransomware builder.
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
When researchers at Wiz reported an easily exploitable GitHub remote code execution flaw (CVE-2026-3854) on March 4, the company confirmed it within 40 minutes and pushed a fix to GitHub.com in under two hours. But for too many of the thousands of organizations running GitHub Enterprise Server on their own infrastructure, the vulnerability still represents a risk.
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)
Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is publicly available.
cPanel zero-day exploited for months before patch release (CVE-2026-41940)
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical details about the vulnerability – they have been spotted exploiting CVE-2026-41940 since February 23, and have likely been abusing it even earlier.
Your IAM was built for humans, AI agents don’t care
Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well for decades.
Identity discovery: The overlooked lever in strategic risk reduction
If you ask a CISO what keeps them up at night, it’s not a lack of tools, it’s uncertainty. Uncertainty about unseen risks, attacker movement, and whether identity programs reduce risk. dentity discovery sits at the center of that uncertainty. It is not glamorous. It does not get the same attention as AI-driven detection or zero trust initiatives. But it is the foundation of meaningful risk reduction.
Identity is the control plane for distributed infrastructure
Teleport CEO Ev Kontsevoy makes the case that distributed infrastructure, across cloud, Kubernetes, databases, and servers, can’t be secured by layering more tools on top of fragmented identity systems. He argues for fewer credentials, fewer entry points, and a single identity layer that gives security and engineering teams unified visibility and control.
Hackers claim millions of records stolen in ADT breach
ADT, a Florida-based provider of alarm monitoring solutions, confirmed that hackers breached its systems and accessed a portion of customer data. According to a company statement, unauthorized access was detected on April 20 and affected “a limited set of customer and prospective customer data.”
500,000 UK volunteers’ medical data listed for sale on Alibaba
Medical data from around 500,000 British volunteers in the health research project, the UK Biobank, was offered for purchase through the Chinese marketplace Alibaba, the British government has confirmed. More than 22,000 researchers from over 60 countries use data from the UK Biobank to study disease development and improve global public health. The dataset comprises genetic data, clinical records, biological samples, and lifestyle-related information.
ICS intrusion detection has blind spots that complicate plant security
Industrial control systems on plant floors run alongside a growing layer of monitoring software meant to catch intruders before they reach a turbine, a valve, or a chemical mixer. Vendors sell these intrusion detection systems on the promise of broad coverage across both network traffic and the physical process. A new paper from researchers at RWTH Aachen University lays out three reasons that promise tends to wobble in practice.
OpenAI releases Symphony to automate Codex work through Linear
Engineering teams running coding agents at scale find themselves managing dozens of parallel sessions across browser tabs and command-line windows. OpenAI has released an open-source specification called Symphony that removes much of that supervision work by tying Codex agents directly to issue trackers.
Open-source privacy tool BleachBit 6.0.0 upgrades code signing across Windows and Linux
System cleaning utilities have grown more relevant as web browsers stockpile larger volumes of cached data, tracking artifacts, and site storage on local disks. The open-source utility BleachBit moved into a new major version on with a 6.0.0 release that targets that buildup. The update contains more than 100 changes covering browser cleaners, the command-line interface, secure deletion, and platform-specific fixes for Windows and Linux.
Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research
Chinese national Xu Zewei was extradited from Italy to the United States to face charges tied to an alleged cyber espionage campaign that breached thousands of computers worldwide. Xu is charged alongside Zhang Yu, who remains at large.
ShinyHunters claims it stole 1.4 million records from Udemy
The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical addresses, phone numbers, employer information, and instructor payout methods, including PayPal, cheque, and bank transfer.
Police arrest 10 suspected members of Black Axe cybercrime gang
A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europe. Most of those arrested are reported to be of Nigerian origin.
FIDO Alliance wants to keep AI agents from going rogue on online payments
AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf.
AI prompt confidentiality and false citations worry researchers
Academic researchers using commercial AI tools for literature review and idea generation are sending unpublished research questions, draft hypotheses, and proprietary domain knowledge into systems whose data handling they do not understand. A think-aloud study of 15 researchers documents the workarounds these users have built to manage what they see as unresolved confidentiality and output verification problems in tools including Research Rabbit and Elicit AI.
Time to keep up with AI-driven attacks is narrowing, OpenAI says
OpenAI is outlining a plan to expand access to advanced AI tools for cybersecurity defenders, warning that attackers are already using the technology to scale operations. In contrast, Anthropic has taken a more cautious stance, emphasizing tighter control and restricted access to advanced AI capabilities.
Police bust scam call centres behind €50 million in fraud losses
Authorities have dismantled a cybercrime ring running call centres in Albania and defrauding victims of more than €50 million, arresting 10 suspects and seizing nearly €900,000. After a spike in victims in Vienna in June 2023, Austrian authorities traced cyber fraud activity to Albanian suspects, triggering a joint investigation with Albanian authorities supported by Eurojust and Europol.
Automated LLM red teaming gets a learning layer
Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target model, an evaluator scores the results, and the cycle repeats. Two approaches dominate. One relies on trial and error and often produces limited results. The other, like WildTeaming, combines crowdsourced attack data at random. Researchers at Capital One propose Adaptive Instruction Composition, which builds on these inputs and adds a learning layer to prioritize the most promising attack combinations.
Hackers arrested for stealing and reselling 600,000 Roblox accounts
Ukrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Authorities state that the group used stolen login data and malicious software to gain access. Some tools were disguised as game-related programs, which helped them collect user credentials.
Open-source privacy proxy masks PII before prompts reach external AI services
Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network.
Met Police face criticism for using AI to spy on their own officers
London police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been informed of plans to use Palantir’s AI to analyze officers’ movements.
Product showcase: LuLu reveals unauthorized outbound connections from Mac apps
LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic.
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond to incidents throughout the development and operational lifecycle.
Linux storage management tool Stratis 3.9.0 adds online encryption and cache-less pool startup
Stratis is a tool for configuring pools and filesystems with enhanced storage functionality within the existing Linux storage management stack. It focuses on a command-line interface, an API, and an automated approach to storage management. It builds on existing components, including device-mapper, LUKS, XFS, and Clevis.
Canada’s first SMS blaster case leads to three arrests
Canadian law enforcement arrested three men who face 44 charges for operating an SMS blaster device that mimicked a legitimate cellular tower. The device was operated from vehicles, allowing it to move throughout the Greater Toronto Area and operate in multiple locations.
Product showcase: SimpleX Chat removes user identifiers from messaging
SimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including iOS, Android, Windows, macOS, and Linux. After downloading the app, the user creates a profile by entering a display name. The profile is stored locally on the device.
Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6
The Fedora Project released Fedora Linux 44, delivering updated desktop environments, revised installer behavior, and several lower-level system changes across its editions and spins.
Visual Studio cloud agents now run inside GitHub Copilot
Microsoft’s April update to Visual Studio introduces cloud agent integration in GitHub Copilot, enabling developers to offload tasks to remote infrastructure for scalable, isolated execution. You can now start cloud agent sessions directly from Visual Studio.
Visual Studio Code 1.118 adds auto model selection to Copilot CLI
Microsoft’s editor releases continue on a monthly cadence, with the Insiders build of Visual Studio Code 1.118. The update concentrates on the Copilot CLI integration, session management in the Agents app, and an opt-in path for TypeScript 7.0.
Warp open sources its AI terminal client
Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the founding sponsor of the repository.
Bad bots make up 40% of internet traffic
The normalization of AI and automation within internet infrastructure is changing how organizations interpret traffic. Activity that once appeared anomalous is now treated as expected behavior. AI agents have emerged as a third category of automated traffic alongside good and bad bots, according to the Thales 2026 Bad Bot Report: Bad Bots in the Agentic Age.
Proxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobs
Proxmox Backup Server 4.2 is a maintenance and feature update built on Debian 13.4 “Trixie” that adds S3-compatible object storage as a supported backend and introduces parallel processing for sync jobs.
Researchers develop tool to expose GPS signal spoofing in transit networks
The Oak Ridge National Laboratory (ORNL) has developed a portable detector that identifies GPS spoofing in real time, including during motion, to help protect transportation systems. The ORNL team combined expertise in sensing, radio frequency signals, mathematics, computing, electronics, and national security to create a highly sensitive detector designed to expose manipulation of GPS signals.
Shadow AI risks deepen as 31% of users get no employer training
Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI adoption and the controls organizations have in place to manage it.
AI traffic is getting bigger, louder, and less predictable
AI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift from diffuse internet-style traffic to large, high-bandwidth flows between fewer endpoints.
Download: Automating Pentest Delivery Guide
This guide on Automating Pentest Delivery teaches you how to modernize your workflows and transform traditional reporting into a continuous, collaborative process where findings become actionable the moment they’re discovered.
Cybersecurity jobs available right now: April 28, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the month: April 2026
Here’s a look at the most interesting products from the past month, featuring releases from Advenica, Aptori, Axonius, Broadcom, GlobalSign, Intruder, IP Fabric, Mallory, Secureframe, Siemens, Sitehop, and Virtue AI.
Deixe o seu comentário