Get the latest tech news

Most of the CVE-2026-4020 attackers are the same client

Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thousands of short-lived instances, disguised by 3,299 rotating user-agents, sweeping more than 36,000 ports for .env files, git configs, credentials, and database dumps.

None

Get the Android app

Or read this on Hacker News

Related news:

Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them

Attackers scale deception with AI. Defenders need truth at machine speed.

Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV

« France to ditch Palantir’s AI data tools in favour of domestic provider

Hacker News but for independent blogs »