Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an encrypted state.

Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just hours after the bug disclosure.

The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had access to sensitive financial watchdog data for more than a year.

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition or PIN.

Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: “Don’t do crime CRIME IS BAD xoxo from Prague.”

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out of 10.

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.