Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-07 08:00 PDT
- Why Your Automated Pentesting Tool Just Hit a Wall
BleepingComputer • 2026-04-07 07:01 • www.bleepingcomputer.com
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the “PoC cliff” leaves major attack surfaces untested and creates a dangerous validation gap. […]
https://www.bleepingcomputer.com/news/security/why-your-automated-pentesting-tool-just-hit-a-wall/ - Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
The Hacker News • 2026-04-07 05:46 • thehackernews.com
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet.
“A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already
https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html - [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
The Hacker News • 2026-04-07 05:17 • thehackernews.com
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing.
According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These “dark
https://thehackernews.com/2026/04/webinar-how-to-close-identity-gaps-in.html - The Hidden Cost of Recurring Credential Incidents
The Hacker News • 2026-04-07 04:30 • thehackernews.com
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential
https://thehackernews.com/2026/04/the-hidden-cost-of-recurring-credential.html - Hong Kong Police Can Force You to Reveal Your Encryption Keys
Schneier on Security • 2026-04-07 02:45 • www.schneier.comAccording to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport.
In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic de…
https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
