-
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Apr. 24, 2026– Read the full story in it-daily.net
According to the 2026 CISO Report, published by Cybersecurity Ventures in collaboration with Sophos, a massive gap exists in strategic security leadership.
Worldwide, just around 35,000 Chief Information Security Officers (CISOs) are currently active. This small group of experts faces a staggering number of approximately 359 million businesses. Statistically, that means a single CISO is responsible for more than 10,000 organizations.
While Fortune 500 and Global 2000 companies have near-universal access to dedicated security chiefs, the rest of the world economy, and especially small and mid-sized businesses (SMBs), is left without this critical function. Four out of five small businesses experienced a security incident in the past year, often resulting in six-figure losses that can be existentially threatening to them.
The urgency for new models is underscored by the forecasts, Bavaria, Germany-based IT-Verlag GmbH reports in it’s it-daily-net media. Cybersecurity Ventures estimates that the global cost of cybercrime will climb to $12.2 trillion annually by 2031. For 2026 alone, ransomware damages are projected at around $74 billion.
The report sees the answer in Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs), acting as force multipliers. Through hybrid models that combine human expertise with modern technology, including agent-based AI, strategic functions such as governance, compliance, and risk management can be industrialized and delivered at scale.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post One CISO For 10,000 companies: Cybersecurity On Too Few Shoulders appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority. They are triggered, invoked, provisioned, or
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. “Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets,” Kaspersky
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to potential privilege escalation. Although the administrative role was designed strictly to manage AI agent identities, a boundary breakdown […]
The post Hackers Exploit Agent ID Administrator Role to Hijack Service Principals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advanced persistent threats (APTs) and lone attackers could potentially misuse large language models to accelerate harmful biological research. To address […]
The post GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security […]
The post Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains that eventually redirect victims through a traffic distribution system (TDS) to a fake CAPTCHA page. […]
The post Fake CAPTCHA Scam Triggers Costly SMS Fraud appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower eXtensible Operating System (FXOS). These flaws allowed the threat actor to gain unauthorized access to targeted devices without requiring zero-day capabilities, instead weaponizing already-patched but unmitigated vulnerabilities […]
The post Hackers Exploit Cisco Firepower N-Day Flaws for Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
