BuzzSec

from Human Risk Management Blog https://blog.knowbe4.com/cyberheistnews-vol-16-14-heads-up-clever-hackers-use-custom-fonts-to-bypass-ai-defenses

In the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time. from Human Risk Management Blog https://blog.knowbe4.com/campaign-mode-because-your-soc-team-has-a-life

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential from The Hacker News https://thehackernews.com/2026/04/the-hidden-cost-of-recurring-credential.html

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes a step further than GPUHammer, demonstrating for the first time that from The Hacker News https://thehackernews.com/2026/04/new-gpubreach-attack-enables-full-cpu.html

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic devices, including cellphones and laptops. The consulate warned that refusal to comply is now a criminal offense. It also said authorities have expanded powers to take and keep personal electronic devices as evidence if they claim the devices are linked to national security offenses. from Schneier on Security https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent from The Hacker News https://thehackernews.com/2026/04/china-linked-storm-1175-exploits-zero.html