THREAT INTEL | Gastroenterology & Hepatology of CNY Actor "exitium" claims UndisclosedAllegedly exposed (+4 more)• Email addresses• Phone numbers• Physical addresses️ Unverified claimhttps://www.yazoul.net/intel/claim/2026-04-15-gastroenterology-hepatology-of-cny-hit-by-exitium-apr-2026#DarkWeb #DataBreach #ThreatIntel #CyberSecurity #InfoSec

New security advisory:CVE-2025-65135 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2025-65135-school-management-system-1-0-unauthenticated-sql-injection#Cybersecurity #PatchNow #InfoSecCommunity

New ransom group blog post!Group name: akiraPost title: Truckload Carriers AssociationInfo: https://cti.fyi/groups/akira.html#ransomware #cti #threatintelligence #cybersecurity #infosec

"Rolling Networks: Securing the Transportation Sector"" NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks."https://www.bleepingcomputer.com/news/security/rolling-networks-securing-the-transportation-sector/#Cybersecurity

Kloeckner Metals Corporation Reports Network Intrusion and Data ExfiltrationKloeckner Metals Corporation reported a data breach where unauthorized actors accessed its network for six days, stealing files containing names and Social Security numbers. The company has implemented security enhancements and offered identity protection services to affected individuals.****#cybersecurity #infosec #incident #databreachhttps://beyondmachines.net/event_details/kloeckner-metals-corporation-reports-network-intrusion-and-data-exfiltration-r-o-z-q-d/gD2P6Ple2L

This dumb password rule is from Bank of America.20 character max and lots of special character restrictions.Bank of America - keeping your money safe.Also: If you paste a password greater than 20 characters,the form truncates it without telling you or giving anerror.https://dumbpasswordrules.com/sites/bank-of-america/#password #passwords #infosec #cybersecurity #dumbpasswordrules

🧠 Formbook Daily Report️ Trend: rising (229%) 24 new samples 55 C2 serversFull analysis, IOCs, and hashes:https://www.yazoul.net/malware/formbook/reports/2026-04-15#CyberSecurity #MalwareAnalysis #SOC

THREAT INTEL | Hacked 0APT🟢 Actor "krybit" claims Undisclosed️ Unverified claimhttps://www.yazoul.net/intel/claim/2026-04-15-hacked-0apt-ransomware-claim-by-krybit-april-2026#DarkWeb #DataBreach #ThreatIntel #CyberSecurity #InfoSec

#chrome extension Tiktok Order Sync By Hubf seems malicious. Its #cybersecurity badness score is 99/100!```json{"id": "ogghnognjclkbpaeoophcgapbgmgdiok", "score": 99, "platform": "chrome", "name": "Tiktok Order Sync By Hubf"}```

New ransom group blog post!Group name: akiraPost title: CIR RealtyInfo: https://cti.fyi/groups/akira.html#ransomware #cti #threatintelligence #cybersecurity #infosec

GitHub Webhook Secret Exposure: Some Secrets Inadvertently Leaked in HTTP Headers Between September 2025 and January 2026A bug in GitHub's new webhook delivery platform (active Sept 2025–Jan 2026) inadvertently exposed webhook secrets in an HTTP header, potentially allowing attackers who obtained them to forge GitHub webhook payloads. GitHub has notified affected owners and urged them to immediately rotate their webhook secrets, purge any logs containing the exposed headers, and verify HMAC signature validation.**If you received a notification from GitHub about this webhook secret exposure, rotate your affected webhook secrets immediately and purge any HTTP request header logs on your receiving systems that may contain the leaked secrets. After rotating, verify that your endpoint is properly validating the X-Hub-Signature-256 header with the new secret to prevent forged payloads. If you are using CircleCI, check their advisory as well.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/github-webhook-secret-exposure-incident-secrets-inadvertently-leaked-in-http-headers-between-september-2025-and-january-2026-l-j-3-7-t/gD2P6Ple2L