Russia says a full VPN ban is technically “impossible” because VPNs are deeply embedded in banking, developer, and enterprise infrastructure.

Russia says a full VPN ban is technically “impossible” because VPNs are deeply embedded in banking, developer, and enterprise infrastructure.

Authorities continue restrictions despite acknowledging enforcement limits.

Russia Official Says Fully Banning VPNs Is ‘Impossible’ Amid Internet Crackdown

VPN ban Russia: a Kremlin official admits a full VPN ban is impossible while warning of risks to businesses and continued censorship efforts.

TechNadu (www.technadu.com)

#CyberSecurity #VPN #Privacy #InfoSec

Iran-linked MuddyWater APT reportedly breached organizations across 9 countries in Q1 2026 using DLL sideloading, PowerShell implants, Chromium credential theft, and SOCKS5 tunneling.
Researchers say signed Fortemedia & SentinelOne binaries were abused for stealth.

Iran-Linked MuddyWater Group Breached Organizations in 9 Countries in Q1 2026, Including Major Electronics Maker

Iran-linked MuddyWater abused signed binaries to breach global targets, including a major Korean electronics firm.

TechNadu (www.technadu.com)

#CyberSecurity #ThreatIntel #APT #InfoSec

TeamPCP claims it breached Mistral AI while the company confirms impact from the TanStack supply chain attack involving malicious NPM and PyPI packages.

Mistral says there’s currently no evidence of an internal infrastructure breach.

https://www.technadu.com/teampcp-claims-mistral-ai-breach-the-company-announces-being-impacted-by-the-tanstack-supply-chain-attack/627870/

#Cybersecurity #SupplyChainSecurity #AI #Infosec

Fake Claude Code installers are deploying PowerShell stealers that abuse Chrome’s IElevator2 interface to extract browser credentials, cookies & payment data from developers.
AI tooling ecosystems are quickly becoming a major attack surface.

Source: https://www.ontinue.com/resource/blog-behind-a-fake-claude-code-installer/

Follow @technadu for more threat intelligence updates.

#Infosec #CyberSecurity #AI #Malware #ThreatIntel

Sophos reports that 71% of orgs faced identity-related breaches last year, with average costs reaching $1.64M.

Weak API keys, service accounts, and AI agents are now major ransomware entry points.

https://www.technadu.com/sophos-2026-report-details-escalating-security-threats-identity-security-breaches-cost-1-6-million/627836/

#CyberSecurity #IdentitySecurity #Ransomware #Infosec

AI dictation tools and vibe coding platforms are changing office culture fast.

Some startup leaders say future workplaces may sound “more like a sales floor” as employees increasingly talk to AI assistants instead of typing.

Would you work in a voice-first office?

Source: https://techcrunch.com/2026/05/10/get-ready-for-the-whisper-filled-office-of-the-future/

Follow @technadu for more AI updates.

#AI #FutureOfWork #TechNews

A fake Hugging Face repo impersonating OpenAI’s Privacy Filter model reportedly reached #1 trending while distributing infostealer malware.

Researchers say it hit ~244K downloads before removal.
AI supply chain attacks are accelerating fast.

Source: https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html

Follow TechNadu for more updates.
#CyberSecurity #AI #Malware #InfoSec

New survey:
• 64% of developers report 25%+ productivity gains from AI
• Top use cases: code writing, reviews, explanations
• Claude Code, Gemini Code Assist & GitHub Copilot lead adoption
Challenges remain around cost, governance & code quality.

Source: https://devops.com/survey-sees-ai-driving-devops-productivity-gains-despite-challenges/

Follow TechNadu for more AI and DevOps updates.
#AI #DevOps #SoftwareEngineering #InfoSec

ShinyHunters reportedly defaced Canvas login pages after another alleged Instructure breach.

The incident raises concerns around:
• EdTech platform security
• Student/faculty data exposure
• Extortion-driven attacks
• Third-party risk management

Education infrastructure is increasingly becoming a high-value cyber target.

Source: https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/

Follow @technadu for more threat intelligence updates.

#CyberSecurity #InfoSec #DataBreach #ShinyHunters #Canvas

Canvas disruptions linked to alleged ShinyHunters extortion activity are impacting schools nationwide.

The incident reportedly involves:
• 275M+ records
• Login page defacements
• SaaS platform outages during finals
Major reminder about third-party risk and SaaS dependency in education infrastructure.

Source: https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/

Follow TechNadu for more threat intel and cyber updates.

#InfoSec #CyberSecurity #Canvas #DataBreach

New cloud worm “PCPJack” targets exposed infrastructure for credential theft.
• Docker & Kubernetes targeted
• API keys and SSH secrets harvested
• Telegram-based C2 observed
• No cryptomining payloads

Cloud Credential Worm ‘PCPJack’ Targets TeamPCP Victims

PCPJack is a cloud worm that evicts TeamPCP tools and steals credentials from Kubernetes, Docker, Anthropic, and OpenAI environments.

TechNadu (www.technadu.com)

Are credential-focused cloud attacks the new norm?

#InfoSec #CloudSecurity #CyberSecurity

Passwordless adoption isn’t failing because of tech

Pax8’s Robb Reck says SMBs struggle with:
• Legacy apps
• Identity sprawl
• MFA rollout friction
• Limited IT resources
Operational drag remains the real blocker.

https://www.technadu.com/the-real-reason-passwordless-security-stalls-in-smbs/627460/

#Infosec #Passwordless #Cybersecurity

Malicious NuGet packages targeted Chinese .NET developers.
• ~65K downloads
• Infostealer payloads
• CI/CD systems at risk

Malicious NuGet Packages Target Chinese .NET Ecosystem Developers

Five malicious NuGet packages deploy an infostealer to harvest crypto wallets, SSH keys, and browser data from .NET developers in China.

TechNadu (www.technadu.com)

How are you validating dependencies?
#InfoSec #DevSecOps #CyberSecurity

CVE-2026-41940 in cPanel & WHM under mass exploitation.
550K+ servers potentially exposed → auth bypass → ransomware deployment.
CISA urges immediate patching.

https://www.technadu.com/hackers-mass-exploit-critical-cpanel-vulnerability-may-impact-550000-potentially-vulnerable-servers/627301/

Patched yet?

#Infosec #Vulnerability

Third-party breach exposes ~120K Vimeo accounts.

ShinyHunters leaked data via Anodot compromise.
Emails + metadata exposed—no passwords.

https://www.technadu.com/almost-120000-vimeo-accounts-exposed-in-shinyhunters-data-breach/627297/

Are vendor risks under control?

#Infosec #DataBreach

Italy breach alert:
IBM subsidiary hit, Salt Typhoon suspected.
• Supply chain entry point
• Critical infra exposure
• Long-term espionage risk

Source: https://securityaffairs.com/191638/apt/salt-typhoon-breach-ibm-subsidiary-in-italy-a-warning-for-europes-digital-defenses.html

Follow @technadu

#Infosec #APT #CyberSecurity

CVE-2026-31431 added to KEV.
Linux kernel vuln, active exploitation confirmed.
Patch ASAP.

Source: https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog

Thoughts?
Follow @technadu

#Infosec #Linux #CyberSecurity

Ubuntu hit by DDoS.
Updates, APIs disrupted.
Booter services lower attack barrier.
Availability = risk.

Source: https://techcrunch.com/2026/05/01/ubuntu-services-hit-by-outages-after-ddos-attack/

Thoughts?
Follow @technadu

#Infosec #DDoS #Linux

China-linked phishing ops exposed
100+ domains, journalists targeted
Outsourced cyber campaigns rising

Source: https://therecord.media/china-linked-hackers-led-phishing-campaigns-journalists

Thoughts?
Follow @technadu

#InfoSec #Phishing #ThreatIntel

88% of arXiv papers leak hidden data
Keys, metadata, comments exposed
Security papers worst affected
Docs = attack surface

Source: https://www.helpnetsecurity.com/2026/04/28/cybersecurity-researchers-arxiv-latex-source-leaks/

Thoughts?
Follow @technadu

#InfoSec #DataLeak #Security