Vercel's CEO reckons the crooks behind its recent breach likely had a helping hand from AI, saying the attackers moved with "surprising velocity" and a deep understanding of the company's infrastructure.β¦
A Mexican IT infrastructure and digital transformation biz is on clean-up duty after a criminal posted screenshots of what they claimed was company video surveillance footage to a cybercrime forum.β¦
We analysed almost 100 UK charity websites and found that ~1 in 6 are running vulnerable JavaScript dependencies.
What stood out more though:
- Some vulnerabilities were 10+ years old, including high and critical ratings
- Same jQuery CVE (2015-9251) appearing across multiple organisations
Weβve now seen similar patterns in the HE/FE and also hospitality sectors as well.
Are we right in thinking that this feels like a visibility problem alongside budget issues more than anything else?
How are you tracking dependencies effectively in your organisations?
Full write-up if useful: https://cybaa.io/blog/2026-04-20/uk-health-charity-website-security-2026
London's Metropolitan Police is trialing new retail technology to help curtail the city's pervasive shoplifting problemβ¦ and it doesn't rely on live facial recognition (LFR).β¦
UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomware crew claims it grabbed far more than the company is currently admitting.β¦
Japanese industrial giant Panasonic has created a new form of QR code it says will only work on designated devices and environments.β¦
Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations.β¦
UPDATED Vibe-coding platform Lovable is pooh-poohing a researcherβs finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the companyβs story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.β¦
One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser extensions without consent.β¦
Login