Cyber Security News

Start. Stay. Grow.

Curated daily. The latest hacks, breaches, and cyber trends—humanized.

Daily cyber brief

Monday, April 20, 2026

Hacking Brief – April 20, 2026

Web infrastructure platform Vercel confirmed a security breach stemming from a compromise at Context AI, an integrated development tool. The incident granted unauthorized access to Vercel's internal systems, exposing limited customer credentials including authentication tokens and environment variables. A threat actor using the ShinyHunters moniker is reportedly offering stolen data—including GitHub tokens and customer secrets—for $2 million. The breach carries particular significance for Web3 and crypto projects that deploy frontends on Vercel's platform, as non-sensitive environment variables may contain exposed secrets. Vercel has initiated credential resets for affected customers.

Microsoft Defender faces active exploitation of three zero-day vulnerabilities tracked as BlueHammer, RedSun, and UnDefend. Huntress researchers confirmed in-the-wild exploitation beginning April 16-17, 2026, after a researcher publicly disclosed the flaws. The vulnerabilities allow attackers to bypass Microsoft Defender protections on Windows systems. Separately, a major DeFi hack resulted in the theft of $293 million in rsETH tokens, triggering contagion effects across decentralized finance protocols and forcing Aave to freeze related markets. The incident underscores ongoing systemic risks in cryptocurrency infrastructure where single exploits can cascade across interconnected platforms.

Sources: The Hacker News · The Block · Help Net Security · IDN Financials

Around the Web

Last Updated: N/A

Hacks + Heists

How teens are being recruited into criminal hacking on gaming sites like Roblox

ABC News investigates teen hackers and how some are being recruited into breaking the law on the interactive gaming platform Roblox.

A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency

A 17-year-old Microsoft Excel vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog because threat actors are actively exploi...

'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach

Discover the details of the massive PowerSchool breach. We explain how the FBI arrested teen hacker Matthew Lane for stealing 60 million records.

Angry researcher drops second Windows Defender zero-day exploit: "They mopped the floor with me"

A second Windows Defender zero-day exploit enabling privilege escalation has been released publicly, with the researcher threatening to release additi...

Man who hacked US Supreme Court filing system sentenced to probation - TechCrunch

Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on ...

Big Cyber

He Pled Guilty To Blackmailing Apple. What Really Happened. - Cybercrime Magazine

This week in cybersecurity from the editors at Cybercrime Magazine ... Kerem Albayrak from north London threatened to wipe 319 million accounts unless...

TP-Link routers face exploitation attempt linked to high-severity flaw | Cybersecurity Dive

The Cybersecurity and Infrastructure Security Agency previously added the command injection vulnerability, tracked as CVE-2023-33538, to its Known ...

Navigating FDA's Updated Cybersecurity Guidance for Medical Devices

Pre-market submissions are a key opportunity for the FDA to evaluate cybersecurity measures, expert says.

CISA Warns of Active Exploitation of Apache ActiveMQ Vulnerability Hidden for 13 Years

CISA warns that attackers are actively exploiting a high-severity Apache ActiveMQ vulnerability (CVE-2026-34197) that went undetected for 13 years bef...

The Cybersecurity Chronicles

‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.

Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.

Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.

Mark Nole Book Cover for Cybersecurity book

Stay Updated with Cyber Security News

Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.

Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.