Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems over the past two days. Attributed to the TeamPCP hacking group, the campaign was first spotted on April 29, after malicious versions of four SAP NPM packages were caught delivering information-stealing malware and attempting to propagate to other packages. The malware would collect credentials, keys, tokens, and other secrets from the infected machines and publish the data to GitHub repositories containing the hardcoded description “A Mini Shai-Hulud has Appeared”. The same description has been used in a fresh round of…
Author: admin
With a hunch, and an hour of AI-assisted scanning, cybersecurity researchers identified and then figured out how to exploit a nine-year-old root escalation vulnerability affecting every Linux build since 2017.The vulnerability, which researchers at Xint are calling “Copy Fail,” has officially been given the designation CVE-2026-31431. It allows any local user to escalate root by leveraging a logic flaw in the Linux kernel’s cryptography system. The flaw allows any unprivileged attacker to write four specific bytes of data to the in-memory copy of a readable file, to essentially piggyback on the program’s default root powers.Copy Fail works thanks to a…
Google’s Preferred Sources now supports all languages, not just the English language. “Preferred Sources is now rolling out globally in all supported languages,” Google wrote on its blog this morning. “This feature gives you more control over the news you see on Search by letting you choose the outlets and sites you want to appear more often in Top Stories,” Google added. In December, Google rolled out preferred sources globally but it only supported English. Now it supports all languages globally as well. Stats. Google added some interesting data including: “Readers are twice as likely to click through to a…
Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an embedded Python payload (‘svc.py’), and establishes persistence through multiple mechanisms including Startup folder scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions,” Securonix researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee said in a report shared with The Hacker News.…
AI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift from diffuse internet-style traffic to large, high-bandwidth flows between fewer endpoints. Monthly view of all bits transferred to each network type (2025-05 to current) (Source: Backblaze) “From a network perspective, this represents a meaningful shift from diffuse, internet-style traffic patterns to large, high-bandwidth flows between a smaller set of endpoints typical of AI-centric infrastructure,” Brent Nowak, Manager of Network Engineering…
Hiring managers are watching something uncomfortable happen in interview rooms right now. Candidates arrive with the right credentials, the right vocabulary, the right tool stack on their résumés, and then someone asks them to reason through a problem out loud, and the room goes quiet in the wrong way. Not in the thoughtful kind of way, but the empty kind that tells you the person across the table has never actually had to think through a hard problem on their own. And research is converging on the same conclusion. Microsoft, the Swiss Business School, and TestGorilla have all documented the…
A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. Swatting is a dangerous criminal harassment tactic involving making false reports to emergency responders of an ongoing violent threat at a target’s address to provoke an armed police response. 27-year-old Thomasz Szabo, who was extradited from Romania in November 2024, was also ordered three years of supervised release after he pleaded guilty to one count of conspiracy and one count of threats involving explosives in June 2025. Szabo, who operated…
Designing for extreme variability Most enterprise networks are designed for relatively consistent load patterns. Churchill Downs faces something entirely different: a facility that might host 50,000 people on a typical day can swell to 170,000-180,000 during Derby Week, with peak demand concentrated in specific time windows. “It really is all about that week,” Simon explains. “That building on a really big day outside the week of the Kentucky Derby might be 50,000, but on Derby Day it’s 150, 170, or 180,000 people.” This creates unique design requirements. Entire sections of the facility remain “mothballed” for most of the year but…
Industrialized cybercrime now delivers attacks with greater scale, speed and success. Defenders must match this with a similar use of AI and automation. The industrialization of cybercrime began in the 1990s. As crime began to mimic the means, methods and motives of other industries, it effectively became a business. Business efficiency requires an efficient organization and more return for less effort; and cybercrime today achieves this through AI, automation and efficient data sharing. FortiGuard has analyzed the current threat landscape targeted by cybercrime using telemetry from millions of sensors deployed worldwide since 2002. This analysis covers data gathered in 2025…
Google is filling a key measurement gap between awareness and consideration, giving advertisers a clearer view of how their brand is actually perceived — not just remembered. What’s new. Google Ads has introduced a new “Association” metric within Brand Lift Studies. Advertisers can define a concept, category or attribute, and Google will ask users a survey-style question: which brands they associate with that specific idea. How it works. Instead of measuring simple recall, the metric evaluates whether audiences connect your brand to a desired positioning. That could mean “premium,” “sustainable,” or even a product category — offering a more nuanced…