Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Serial-to-IP Devices Hide Thousands of Old & New Bugs
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.
NB571: Linux Loads 7.0 with Network Upgrades; NetGear Routes Around FCC Ban, But How?
Take a Network Break! Our Red Alert covers a trio of vulnerabilities in Cisco ISE. On the news front, Cloudflare announces a private network offering for AI agents and a partnershi…
Linux 7.1 will have an optional new NTFS driver
Good news for those working with Windows, bad news for Paragon Software
You too can build a nuclear battery from junk you have lying around the house
It won't provide much juice, but its creator calls it a 'nanowatt nuclear power plant'
WhatsApp Leaks User Metadata to Attackers
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Blue Origin nails the landing, but puts the payload satellite in the wrong orbit
Wouldn't be the first time a Jeff Bezos company left a package in the wrong place
AI quota inflation is no token effort. It's baked in
We've been here before. This time, we may not get out
NASA working on ‘Big Bang’ upgrade to keep the Voyagers alive for longer
Tests scheduled for May can’t come soon enough after VGER 1 power glitch led to instrument shutdown
Up to 8M Bees Are Living in an Underground Network Beneath This Cemetery
Article URL: https://www.discovermagazine.com/up-to-8-million-bees-are-living-in-an-underground-network-beneath-this-cemetery-48977 Comments URL: https://news.ycombinator.com/item?…
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
HN823: Defining A Modern Network Service
On today’s episode Ethan is joined by Mark Prosser, a self-described Network Operator Advocate and Network Automation Dreamer, to embark on a thought exercise about network service…
Every Old Vulnerability Is Now an AI Vulnerability
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
NASA gets the ball rolling on its part in Europe's jinxed Mars rover mission
Rosalind Franklin moving again, though another budget cut looms
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.
North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
IPB198: IPv6 Privacy and Temporary Addresses
Today our hosts discuss IPv6 Privacy and Temporary Addresses to clarify how address provisioning can potentially work for host operating systems. The discussion covers the differen…
N4N053: Well Actually 03 – Multicast, Routing Protocols, RFC 1918
We asked for follow ups and you did not disappoint! On today’s show we respond to listener comments and corrections on multicast, routing protocols, security, and more. We also hav…
Show HN: MacMind – A transformer neural network in HyperCard on a 1989 Macintosh
I trained a transformer in HyperCard. 1,216 parameters. 1989 Macintosh. And yes, it took a while.MacMind is a complete transformer neural network, embeddings, positional encodin…
QUIC will soon be as important as TCP – but it's vastly different
Deciphering the third transport protocol's four RFCs is a task to rival the proverbial blind man trying to understand an elephant
Don't let the bot play doctor! AI gets early diagnoses wrong 80% of the time
'LLMs should not be trusted for patient-facing diagnostic reasoning,' boffins advise
Decades-old Linux UI bug fixed by dev younger than the window manager
Kamila Szewczyk prefers old software, as back then people understood something could actually be finished
D2DO300: Open Source Malware!
Malware has shifted from phishing expeditions to open source packages, domains, and repositories. Ned and Kyler welcome Jenn Gile, co-founder of Open Source Malware, to discuss how…
The only technology that died more times than VR is AI, and that seems to have worked out
The perfect combination of hardware and experiences will arrive, no matter what Zuck and Neal Stephenson think
Out-Of-Bounds Write in administrative interface
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafte…
Amazon to acquire Globalstar and expand Amazon Leo satellite network
Article URL: https://www.businesswire.com/news/home/20260414237496/en/Amazon-to-Acquire-Globalstar-and-Expand-Amazon-Leo-Satellite-Network Comments URL: https://news.ycombinator.co…
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-d…
PP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)
Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threa…