Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-21 08:00 PDT
- ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
KrebsOnSecurity • 2026-04-21 07:53 • krebsonsecurity.com
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.
https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/ - Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
BleepingComputer • 2026-04-21 07:02 • www.bleepingcomputer.com
Fraud prevention and user experience don’t have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. […]
https://www.bleepingcomputer.com/news/security/stopping-fraud-at-each-stage-of-the-customer-journey-without-adding-friction/ - UK probes Telegram, teen chat sites over CSAM sharing concerns
BleepingComputer • 2026-04-21 06:49 • www.bleepingcomputer.com
Ofcom, the United Kingdom’s independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it’s being used to share child sexual abuse material (CSAM). […]
https://www.bleepingcomputer.com/news/security/uk-probes-telegram-teen-chat-sites-over-csam-sharing-concerns/ - 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
The Hacker News • 2026-04-21 06:00 • thehackernews.com
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.
The root cause of slow MTTR is almost never “not enough analysts.” It is almost always the same structural problem: threat intelligence that exists
https://thehackernews.com/2026/04/5-places-where-mature-socs-keep-mttr.html - NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
The Hacker News • 2026-04-21 05:45 • thehackernews.com
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate.
“The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš Štefanko said in a
https://thehackernews.com/2026/04/ngate-campaign-targets-brazil.html - CISA flags new SD-WAN flaw as actively exploited in attacks
BleepingComputer • 2026-04-21 05:30 • www.bleepingcomputer.com
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. […]
https://www.bleepingcomputer.com/news/security/cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks/ - No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The Hacker News • 2026-04-21 04:30 • thehackernews.com
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials.
Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing
https://thehackernews.com/2026/04/no-exploit-needed-how-attackers-walk.html - Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
BleepingComputer • 2026-04-21 04:17 • www.bleepingcomputer.com
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. […]
https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/ - Mexican Surveillance Company
Schneier on Security • 2026-04-21 04:04 • www.schneier.comGrupo Seguritech is a Mexican surveillance company that is expanding into the US.
https://www.schneier.com/blog/archives/2026/04/mexican-surveillance-company.html
- Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
The Hacker News • 2026-04-21 03:22 • thehackernews.com
Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.
The flaw, since patched, combines Antigravity’s permitted file-creation capabilities with an insufficient input sanitization in Antigravity’s native file-searching tool, find_by_name, to bypass the program’s Strict
https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html - Former ransomware negotiator pleads guilty to BlackCat attacks
BleepingComputer • 2026-04-21 03:12 • www.bleepingcomputer.com
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. […]
https://www.bleepingcomputer.com/news/security/former-ransomware-negotiator-pleads-guilty-to-blackcat-attacks/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
