Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Apr 20, 2026
Security & Infrastructure Tools
China's Apple App Store infiltrated by crypto-stealing wallet apps
Security researchers have uncovered 26 fake crypto-wallet apps on Apple's App Store in China that impersonate wallets like MetaMask, Coinbase, Trust Wallet, and OneKey to steal seed phrases. The FakeWallet campaign, linked to SparkKitty, used typosquatting and spoofed branding and was disguised as games or calculator apps to evade bans. These trojanized apps harvest mnemonic phrases during setup, encrypt them, and transmit them to attackers, enabling funds to be drained from wallets—even via phishing prompts on cold-storage devices. Although China-focused, the malware has no geographic limit. Apple removed all 26 apps after the disclosure; users should verify publishers and use official sources only.
By TechLogHub
Apr 20, 2026
Security & Infrastructure Tools
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Check Point reveals that The Gentlemen ransomware affiliate network has begun using SystemBC proxy malware, forming a botnet of over 1,570 hosts to covertly deliver payloads and support post‑exploitation operations, signaling a shift toward a broader, more mature toolchain targeting corporate environments across the US, UK, Germany, Australia, and Romania.
By TechLogHub
Apr 20, 2026
Security & Infrastructure Tools
NIST to stop rating non-priority flaws due to volume increase
NIST’s National Vulnerability Database will stop assigning severity scores to lower-priority vulnerabilities due to a surge in submissions. Beginning April 15, 2026, CVEs will be enriched only if they meet risk-based criteria: they appear in CISA’s Known Exploited Vulnerabilities catalog, affect U.S. federal software, or involve software deemed critical under Executive Order 14028. All submitted CVEs will still appear in the NVD, but those not meeting the criteria will be labeled Not Scheduled; enrichment requests for the lowest-priority CVEs can still be sent to nvd@nist.gov. The change aims to focus on vulnerabilities with the greatest potential for widespread impact amid a 263% rise in submissions and 42,000 CVEs enriched in 2025.
By TechLogHub
Apr 20, 2026
Security & Infrastructure Tools
Vercel confirms breach as hackers claim to be selling stolen data
Vercel confirms a security incident after a third-party AI tool’s Google Workspace OAuth app was compromised, with attackers claiming to sell stolen data. The breach allegedly allowed access to non‑sensitive environment variables and, later, broader access; Vercel says core services remain unaffected and is working with investigators and law enforcement. Customers are advised to review environment variables, rotate secrets, and enable the sensitive-variable encryption feature; attribution to ShinyHunters remains unverified.
By TechLogHub