Regular password resets may not be as secure as believed, according to Specops Software. The company highlights how attackers can exploit helpdesk social engineering to turn legitimate reset requests into full account compromises. This underscores the vulnerability of password reset procedures, emphasizing the need for stronger security measures to prevent social engineering attacks.
The US military is operating a Bitcoin node as part of cyber defense tests, according to Admiral Samuel Paparo. The initiative aims to explore Bitcoin's strategic utility for national security. This development underscores the military's interest in blockchain technology for cybersecurity purposes, though specific dates or amounts were not disclosed.
JPMorgan warns that ongoing security flaws are hindering DeFi's growth, citing a recent exploit that erased around $20 billion in total value locked. The attack involved minting $292 million in unbacked rsETH and creating nearly $200 million in bad debt. Hack losses this year are comparable to 2025 levels, raising concerns about DeFi's institutional appeal.
JPMorgan reports that ongoing DeFi exploits and stagnant total value locked (TVL) are reducing institutional interest. The bank notes that persistent hacks are driving investors to Tether's USDT, especially during periods of stress, as users withdraw funds from DeFi platforms. This trend highlights security concerns impacting DeFi's growth and institutional adoption.
Lido’s $3 million first-loss buffer was tested after a security breach at Kelp, a liquid restaking protocol, on April 23, 2026. The incident impacted Lido’s EarnETH vault, prompting the platform to pause deposits and withdrawals. Lido is addressing issues related to exposure to a compromised asset and a liquidity squeeze, highlighting ongoing security risks in DeFi.
Chinese APT group has exploited multiple cloud tools, including Microsoft Outlook, Slack, Discord, and file.io, to conduct online espionage targeting Mongolia. The threat actor used these platforms for command and control, highlighting vulnerabilities in cloud-based communication tools. The attack underscores ongoing security risks associated with cloud service abuse by state-sponsored cyber espionage groups.
Meta faces a class-action lawsuit for allegedly generating $16 billion from scam ads, exposing major security and regulatory issues. The lawsuit, filed by the Consumer Federation of America, seeks damages and aims to hold Meta accountable for failing to protect users from fraudulent advertising, raising concerns over platform security and user safety.
