SecurityWeek

SAP Patches Critical ABAP Vulnerability

SAP has released 19 new security notes on its April 2026 security patch day, including one that resolves a critical-severity ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

Gimp: Unpatched vulnerability allows code injection with GIFs

Security vulnerabilities in Gimp allow code injection with manipulated files like GIFs. There is no update yet.

A Claude code plugin in an afternoon: What I learned

Plugins for AI coding tools sound like complex infrastructure. In practice, Markdown files and an HTTP API are sufficient.
Blockonomi

Cybercriminals Weaponize Obsidian Plugins in Sophisticated Crypto Malware Campaign

Cybercriminals exploit Obsidian Plugins to deploy PHANTOMPULSE malware, targeting crypto users via LinkedIn and Telegram in ...

Google shoehorned Rust into Pixel 10 modem to make legacy code safer

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to ...
FinanceFeeds

Sophisticated Scam Targets Crypto Users Through Widely Used Notes Application

Elastic Security Labs uncovers a social engineering campaign abusing the Obsidian note-taking app to deploy the PHANTOMPULSE ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...
CoinDesk

The Protocol: Bitcoin proposal that could freeze quantum-related coins

XRP Ledger adds zero-knowledge proofs targeting institutional privacy gap ...
Security Boulevard

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

Hiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain ...
ObserverOpinion

A.I. Agents Need Identity Before Cybercrime Scales Beyond Attribution

Humanity’s Terence Kwok argues that the cybersecurity industry is dangerously misframing the rise of A.I.-driven threats. As ...