ASN: AS48979Location: Tashkent, UZAdded: 2026-04-15T11:49#shodansafari #infosec

A thoughtful piece by Anthropic on the shift we face as AI accelerates offensive work, and how to adjust.We're right to stress out about teams' abilities to patch systems quickly enough. In my mind, the only sustainable approach to vulnerability management is modern design patterns and shrinking the attack surface. That means fewer components to patch, simpler architectures, and deny-by-default settings in our products and in what we deploy.These aren't new ideas, but AI-accelerated offense makes them necessary rather than aspirational.https://claude.com/blog/preparing-your-security-program-for-ai-accelerated-offense#Cybersecurity #InfoSec #AI

Impac Mortgage Holdings Reports Two-Year-Old Data Breach Affecting Over 19,000 IndividualsImpac Mortgage Holdings disclosed a data breach that exposed the Social Security numbers of 19,253 individuals after an unknown actor accessed its systems in early 2024. The company waited two years after discovery to notify the public and is now offering credit monitoring services.****#cybersecurity #infosec #incident #databreachhttps://beyondmachines.net/event_details/impac-mortgage-holdings-reports-two-year-old-data-breach-affecting-over-19000-individuals-u-v-h-c-a/gD2P6Ple2L

CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. https://radar.offseq.com/threat/cve-2026-6570-authorization-bypass-in-kodcloud-kod-786c22b7 #OffSeq #Vuln #KodExplorer #Infosec

ASN: AS13767Location: Pleasant Grove, USAdded: 2026-04-15T13:42#shodansafari #infosec

𝗟𝗲𝘀 𝗰𝗼𝗻𝗳é𝗿𝗲𝗻𝗰𝗲𝘀 𝗽𝗿𝗶𝗻𝗰𝗶𝗽𝗮𝗹𝗲𝘀 𝗱𝗲 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝘀𝗼𝗻𝘁 𝗮𝗻𝗻𝗼𝗻𝗰é𝗲𝘀 • 𝗞𝗲𝘆𝗻𝗼𝘁𝗲𝘀 𝗮𝗻𝗻𝗼𝘂𝗻𝗰𝗲𝗱!Kerberoasting legend + Bloomberg security leaders = keynotes you can't miss!️ Thursday Keynote by Tim Medin : Hacking DumberlyTim Medin, founder of Red Siege, globally recognized offensive security expert and creator of Kerberoasting, will open NorthSec 2026 with Hacking Dumberly: We all hear about APT, but most breaches aren't really by A (advanced) or P (persistent) threat actors. In this talk, Tim will discuss simple ways for attack and defense, and to show you that often times the "dumb" stuff can be super effective. And as an experienced infosec professional, we can learn a lot of new folks. "Newbs" have valuable insight that isn't poisoned by "that's how we've always done it" or "this is how X works". Experienced folks can learn a lot from less experienced folks, and they can go a long way in their development… or than can crush them. Let's help each other be better.️ Friday Keynote by Varsha Dwarakanathan & Salini Mishra (Bloomberg): Lost in the AI Woods: Why the Future Still Needs YouVarsha Dwarakanathan (Senior Product Security Engineer, Bloomberg) & Salini Mishra (Senior Product Security Engineer, Bloomberg CISO Office) will present a reflection on AI and cybersecurity: how to stay relevant and human in a constantly evolving technological world. An invitation to use AI as leverage while managing pace, priorities, and energy over the long term.️ But there's more! 24 cutting-edge talks, 7 hands-on workshops and legendary CTF challenges! Full lineup at https://nsec.io/speakersGet your tickets now: https://nsec.io#NorthSec #Cybersecurity #Infosec #Keynote

Critical Remote Code Execution Vulnerability Discovered in Protobuf.js LibraryProtobuf.js patched a critical remote code execution vulnerability (CVE-2026-41242) caused by unsafe dynamic code generation when processing malicious protobuf schemas. The flaw allows attackers to execute arbitrary JavaScript code on servers or developer machines, potentially exposing sensitive credentials and enabling lateral movement.**If your applications use protobuf.js (or libraries like gRPC, Firebase, or Google Cloud SDKs), update protobuf.js to version 8.0.1 or 7.5.5 ASAP. Run npm audit to catch hidden dependencies. Going forward, only load schemas you control and prefer precompiled static schemas in production to avoid this class of attack entirely.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/critical-remote-code-execution-vulnerability-discovered-in-protobuf-js-library-o-k-k-y-h/gD2P6Ple2L

ASN: AS7489Location: Cape Town, ZAAdded: 2026-04-14T20:29#shodansafari #infosec

ASN: AS139549Location: Nāngloi Jāt, INAdded: 2026-04-14T16:48#shodansafari #infosec

Big shout out to @jerry for still holding down and keeping #infosecexchange running.#infosec #fediverse #MastoAdmin

ASN: AS24940Location: Falkenstein, DEAdded: 2026-04-15T16:19#shodansafari #infosec

ASN: AS4694Location: Tokyo, JPAdded: 2026-04-14T16:03#shodansafari #infosec

Security News Digest - 2026-04-17 18 updates from 7 sources: Security Boulevard: Randall Munroe’s XKCD ‘Home Remedies’ https://securityboulevard.com/2026/04/randall-munroes-xkcd-home-remedies/ Security Boulevard: The Wall Around Claude 4.7 Does Not Extend to Dread https://securityboulevard.com/2026/04/the-wall-around-claude-4-7-does-not-extend-to-dread/ Security Boulevard: The Wall Around Claude 4.7 Does Not Extend to Dread https://securityboulevard.com/2026/04/the-wall-around-claude-4-7-does-not-extend-to-dread-2/ Security Boulevard: Booking.com Breach Shows Exactly How Smishing Attacks Get Made https://securityboulevard.com/2026/04/booking-com-breach-shows-exactly-how-smishing-attacks-get-made/ Security News | TechCrunch: Hackers are abusing unpatched Windows security flaws to hack into organizations https://techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/ Security Boulevard: National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges https://securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/ Security Boulevard: NIST, Overrun by Massive Numbers of Submitted CVEs, Limits Analysis Work https://securityboulevard.com/2026/04/nist-overrun-by-massive-numbers-of-submitted-cves-limits-analysis-work/ Security Boulevard: When Geopolitics Writes Your Compliance Roadmap https://securityboulevard.com/2026/04/when-geopolitics-writes-your-compliance-roadmap/ The Record from Recorded Future News: Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown https://therecord.media/ddos-hire-europol-doj-crackdown The Record from Recorded Future News: Ransomware attack continues to disrupt healthcare in London nearly two years later https://therecord.media/ransomware-nhs-cyberattack-disruption Latest Bulletins: CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver https://aws.amazon.com/security/security-bulletins/rss/2026-016-aws/ SecurityWeek: White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology https://www.securityweek.com/white-house-chief-of-staff-to-meet-ith-anthropic-ceo-over-its-new-ai-technology/ Security Boulevard: [un]prompted 2026 – Kinetic Risk: Securing And Governing Physical Al In The Wild https://securityboulevard.com/2026/04/unprompted-2026-kinetic-risk-securing-and-governing-physical-al-in-the-wild/ darkreading: Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing BleepingComputer: Payouts King ransomware uses QEMU VMs to bypass endpoint security https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/ Security Boulevard: We Need a Shared Responsibility Model for AI https://securityboulevard.com/2026/04/we-need-a-shared-responsibility-model-for-ai/ darkreading: How NIST's Cutback of CVE Handling Impacts Cyber Teams https://www.darkreading.com/threat-intelligence/nist-cutbacks-nvd-handling-impacts-cyber-teams Security News | TechCrunch: Man who hacked US Supreme Court filing system sentenced to probation https://techcrunch.com/2026/04/17/man-who-hacked-us-supreme-court-filing-system-sentenced-to-probation/#InfoSec #SecurityNews

New ransom group blog post!Group name: krybitPost title: rhode-hv.deInfo: https://cti.fyi/groups/krybit.html#ransomware #cti #threatintelligence #cybersecurity #infosec

New ransom group blog posts!Group name: incransomPost title: Mag. Fünder Hausverwaltungs GmbHInfo: https://cti.fyi/groups/incransom.htmlGroup name: genesisPost title: ***Info: https://cti.fyi/groups/genesis.htmlGroup name: ransomexxPost title: SOGO AuctionInfo: https://cti.fyi/groups/ransomexx.htmlGroup name: ransomhousePost title: Winnitex (Americas) LimitedInfo: https://cti.fyi/groups/ransomhouse.html#ransomware #cti #threatintelligence #cybersecurity #infosec

"In just the last week, Freecash was removed for how it sold user data. Apple only killed it after it was asked about the issue."Apple Insider: App Store scams are getting worse and Apple isn't doing enough https://appleinsider.com/articles/26/04/17/app-store-scams-are-getting-worse-and-apple-isnt-doing-enough @appleinsider @WGallagher #Apple #scam #infosec #privacy

️ El Curso de Hacking con Kali Linux está permanente disponible en el aula virtual para acceso inmediato. WhatsApp: https://wa.me/51949304030 https://www.reydes.com/e/Curso_de_Hacking_con_Kali_Linux #kalilinux #cybersecurity #infosec #zerotrust #cyberthreats #cyberattack #threatintelligence

Nothing like a Friday afternoon malware hunt to remind you why you don't trust random GitHub repos.Even the "cybersecurity" ones. Especially those.

️ Heads up #infosec communityFound a malicious GitHub repo posing as a curated list of cybersecurity Telegram channels.Every link in the README (download, "official website", "Twitter") points to the same ZIP payload. Classic trojanized repo targeting security folks. https://github.com/simplefastfunnels254/tg-cybersecVT 0/91 on the URL for now, likely evasion. Reported to GitHub (Active Malware/DSA).#CyberSecurity #ThreatIntel #OSINT #Malware #GitHub

Before the #vulnpocalypse, there will be be the #vulnslopalypse.As someone who has been dealing with vulnerability reports in all shapes, forms and levels of veracity for at least a decade, that's where we will hurt the most, for the longest time, and without reaching symmetry.For the old farts: remember the burpsuite bugbounties submissions?#vulnpocalypse #Mythos #infosec #vulnerability #vulnslopocalypse