Security

Morpheus Android spyware, linked to Italian firm IPS, tricks targets into installing a fake update app by cutting off their mobile data first, then hijacks their WhatsApp account using biometric spoofing.

The largest home security company in the United States, ADT, confirmed it suffered a data breach on April 20. This breach involved the compromise of customers' personally identifying information. A hacker group known as ShinyHunters has claimed responsibility and issued a ransom threat.

OpenAI GPT 5.5 and 5.5 Pro have launched with enhanced intelligence and greater cybersecurity threats, requiring enhanced safeguards. Versus Claude Opus 4.7, GPT 5.5 / 5.5 Pro demonstrates better tool use, hacking skills, academic problem solving, and abstract reasoning.

Threat group UNC6692 is using Microsoft Teams IT impersonation and mass email bombing to deploy the SNOW malware toolkit and steal credentials from enterprise networks.

Microsoft’s Windows 11 KB5083769 April 2026 update causes critical boot failures, pixelated BSODs, and BitLocker recovery loops on Windows 11 24H2 and 25H2 PCs.

A new iOS update patches a security issue where the notification log was exposed where it should have been deleted. The issue became well known after the FBI used it to extract Signal messages from a suspect's phone.

A phishing campaign is abusing Apple's notification system to deliver scams inside real Apple emails that pass all authentication checks.

The indoor camera with the somewhat cumbersome name Tapo C245D comes with two independently usable lenses, which are designed to offer a wider field of view and therefore more security than other cameras.

A Dutch journalist demonstrated a major operational-security flaw by slipping a $5 Bluetooth tracker into a postcard that, once aboard the $585 million HNLMS Evertsen, broadcast the frigate’s real-time location via a crowdsourced network for roughly 24 hours. The incident, enabled by lenient mail screening and a tracker “phone-leeching” design, prompted the Dutch Ministry of Defense to ban battery-powered electronic greeting cards and renewed scrutiny after similar location leaks, such as Strava activity on France’s Charles de Gaulle.

Sony is now stipulating that gamers in the UK and Ireland complete age verification. PSN users must prove their identities or lose access to text messaging, voice chat, and more. Privacy advocates worry that companies will fail to protect sensitive information they collect.

Microsoft has released emergency out-of-band updates KB5091157 and KB5091575 to fix LSASS crashes and domain controller reboot loops caused by the April 2026 KB5082063 update.

The Samsung Galaxy S26 Ultra shines with a long-term update promise; however, this does not yet apply to all areas, as one important update is still missing.

Microsoft confirmed that its April 2026 security updates, including KB5082063 and KB5083769, are triggering BitLocker recovery prompts on some Windows Server 2025, Windows 11, and Windows 10 devices.

Denuvo aims to curb piracy, but it can also frustrate legitimate buyers. Pragmata Steam Deck and Linux players who update their PCs may not be able to run the game. The DRM has a 5-machine activation limit per 24 hours, and these changes count toward that restriction.

Microsoft April 2026 Patch Tuesday fixes 167 vulnerabilities, including an actively exploited SharePoint zero-day. Windows 11 KB5083769 and KB5082052 bring new builds and RDP security.

It didn’t take a hacker long to overcome Denuvo protection in Resident Evil Requiem. While the DRM thwarted pirates in the past, more games are being pirated closer to release dates. Resident Evil Requiem performance also improved compared to the hypervisor bypass alternative.

Threat group ShinyHunters has listed Rockstar Games on its leak site, alleging a data breach through an Anodot-Snowflake integration. The group has set an April 14 deadline for the studio to respond to these claims.

More and more users are reporting that their Samsung Galaxy S22 Ultra has been rendered unusable by an attack via Samsung Knox, and Samsung's support is apparently unable to restore the flagships to working order in many cases.

Although the recently discovered vulnerabilities in Firefox 140.9.1 have apparently not been exploited yet, Tails 7.6.1 comes to ensure that won't happen in the future either. This emergency release includes Tor Browser 15.0.9 and Tor client 0.4.9.6, as well as some refreshed firmware packages for improved hardware support.

Anthropic is keeping its new cyber AI, Claude Mythos, under wraps, even though the company says the model has found security vulnerabilities in major operating systems and browsers. The reason: Mythos may not only be able to detect vulnerabilities, but also help create dangerous exploits.

Anthropic just announced Project Glasswing - the company's newest initiative to secure critical software using the unreleased Claude Mythos Preview model. The project includes $100 million in usage credits and $4 million in donations.

Pebblebee has announced a new device that is the first of a new product category. Called the Halo, it is described as a safety device with a siren, strobe light, and live notification alert. It also doubles as an item finder.

Shortly after an accidental source code leak, a critical vulnerability was discovered in the AI coding agent called Claude Code. It potentially allows attackers to bypass security safeguards and steal sensitive data from developers.

For about four hours, Nicholas Carlini worked on FreeBSD supported by Anthropic’s Claude. Carlini states that Claude performed a large part of the work autonomously, from identifying the vulnerability to the finished exploit.

WhatsApp has reportedly warned around 200 users, mainly in Italy, after a fake version of the app was used in a spyware campaign linked to Italian vendor SIO.

Microsoft’s March 31 out-of-band release for Windows 11 24H2 and 25H2 folds the pulled KB5079391 preview back into a new cumulative update that fixes error 0x80073712.

Nomad has launched a version of its Tracking Card Air Bluetooth tracker that is compatible with Android devices. While it costs the same as the version for Apple devices, the Android version has a slightly longer battery life.

Cloudflare’s new closed beta lets Magic Transit customers upload custom eBPF-based logic to detect and filter DDoS traffic aimed at specialized UDP protocols such as gaming, VoIP, telecom, and streaming.

A new IC3 public service announcement says some foreign-developed apps, especially those tied to Chinese firms, may collect extensive personal data, store it on servers in China, or introduce malware risks.

Microsoft has temporarily limited availability of the optional Windows 11 KB5079391 preview update for 24H2 and 25H2 after some systems began failing with error 0x80073712.

GitHub’s latest roadmap post signals a broader security push for Actions, centered on secure-by-default behavior, stronger policy enforcement, and better CI/CD observability.

Ride-hailing company Uber, together with Verne and Pony.ai, is bringing autonomous taxis to European roads. The first commercial robotaxi network is launching in Croatia.

Google has begun an early stable rollout of Chrome 147.0.7727.24/.25 for Windows and Mac, but the company has not yet published a detailed desktop feature or security breakdown in the release notes.

Looking back at the first BackTrack Linux release, which arrived two decades ago as Kali's ancestor, the update 2026.1 features a classic theme directly inspired by its looks. Additionally, there are several new tools included, such as WPProbe, Fluxion, and GEF, while the Discord community can still enjoy the Kali 13th Birthday Event.

Krafton says PUBG: Battlegrounds permanently banned about 260,000 DMA cheaters in 2025 as its 2026 anti-cheat roadmap adds AI video analysis, stronger re-entry blocks, and false-ban review improvements.

While the state sector has long restricted the use of foreign networking equipment, the Federal Communications Commission’s recent actions mark a significant escalation. Now, "all consumer-grade routers produced in foreign countries" are banned from being imported to the US.

Apple says malicious web content has been used against out-of-date iPhones, and users on older iOS versions should install recent updates to stay protected.

Microsoft has acknowledged a new known issue in Windows 11 update KB5079473 that can block Microsoft account sign-ins in apps, including Teams Free, OneDrive, Edge, Word, and Excel.

Apple has detailed Background Security Improvements, a new system for delivering smaller security fixes to iPhone, iPad, and Mac users between full OS updates.

SecurityWeek and Hudson Rock point to infostealer-exposed credentials as a possible entry point, but Stryker’s investigation is still ongoing and the company has not confirmed the intrusion path.

Sony has introduced the IMX908, a new 4K security camera sensor with 1.45 µm LOFIC pixels, 96 dB dynamic range, and single-exposure HDR.

Microsoft has confirmed a Windows 11 known issue that can make the C: drive inaccessible on some Samsung PCs, although it says the root cause is the Galaxy Connect app.

Meta says a global anti-scam crackdown disabled more than 150,000 accounts linked to Southeast Asian scam-center networks, with 21 arrests reported in Thailand.

Microsoft has released out-of-band Windows 11 hotpatch KB5084597 for an RRAS security issue, with no restart required on eligible hotpatch-enabled devices.

Windows 11 users are reporting crashes, freezes, BSODs, and failed installs after KB5079473, but Microsoft still lists no known issues for the March 2026 update.

The FBI is seeking the public’s help to limit the number of Steam games with hidden malware. Infected titles downloaded from the marketplace stole money and confidential information. Valve is assisting the FBI with the investigation, but some gamers blame the company for lax moderation.

Meta has launched new AI-powered anti-scam tools for WhatsApp, Facebook, and Messenger, including device-linking warnings and suspicious friend request alerts.

Some gamers are refunding their Crimson Desert pre-orders. Pearl Abyss has added Denuvo DRM to its latest title, raising concerns about reduced performance and stuttering. Many buyers object to the anti-piracy protection appearing so close to the Crimson Desert release date.