《金融产品网络营销管理办法》答记者问

+1 from  cac.cn

 Apple Fixes iOS Notification Bug Exposing Deleted Messages  - Apple patches iOS flaw that retained deleted notifications, exposing message data

+1 from  infosecurity-magazine

 Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents  - Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents

+3 from  infosecurity-magazine

 Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not  - A company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictable...

 Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug  - Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372 , carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has been...

+5 from  thehackernews

 Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation  - Malicious npm packages spread via worm-like propagation and steal developer credentials

 CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks

+1 from  cisa

 “I was still bleeding:” MrBeast lawsuit alleges harassment, maternity firing  - Former employee Lorrayne Mavromatis has filed a federal lawsuit against Beast Industries over alleged wrongful termination. She claims she was fired shortly after returning from maternity leave.

 ShinyHunters dumps Mytheresa, Zara, Carnival, 7-Eleven data in fresh leak wave  - ShinyHunters appears to have followed through on its latest ransom threats, dumping data tied to Mytheresa, Zara, Carnival, and 7-Eleven just days after naming the brands on its leak site.

 芳菲竞绽今更盛——以习近平同志为核心的党中央引领网络强国建设迈上新征程

 CISA Adds One Known Exploited Vulnerability to Catalog

 Surge in Silent Subject Phishing Attacks Targets VIP Users  - Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse

+6 from  infosecurity-magazine

 News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category  - NEW YORK, Apr. 21, 2026, CyberNewswire— BreachLock , a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation .

 FIRESTARTER Backdoor

+1 from  cisa

 ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories  - You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind...

+3 from  thehackernews

 Defending Against China-Nexus Covert Networks of Compromised Devices

 CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection  - Many modern cloud security challenges come down to visibility. The complexity of modern environments, the deluge of alerts, and the lack of relevant context make it difficult for security teams to ide[…]

+1 from  crowdstrike

 Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain  - Cybersecurity researchers have warned of malicious images pushed to the official " checkmarx/kics " Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine,...

+1 from  thehackernews