Episode 32 — 20 Apr 2026
1. Vercel confirms breach as hackers claim to be selling stolen data
Source: Bleeping Computer
Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud...
2. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Source: The Hacker News
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used...
3. Payouts King ransomware uses QEMU VMs to bypass endpoint security
Source: Bleeping Computer
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems...
4. Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Source: The Hacker News
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires...
5. Grinex exchange blames "Western intelligence" for $13.7M crypto hack
Source: Bleeping Computer
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble...
6. Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Source: The Hacker News
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices...
7. Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
Source: The Hacker News
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence,...
8. $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
Source: The Hacker News
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a...
