Meta Complies With Florida Age Law, GoPro Cuts Over 20 Percent Staff

CISA Directs Federal Agencies to Patch Ivanti EPMM Vulnerability by Sunday

• Agency added CVE-2026-1340 to Known Exploited Vulnerabilities list.
• Flaw allegedly enabled unauthenticated remote code execution.
• Federal Civilian Executive Branch agencies face April 11 deadline.

WASHINGTON D.C., Apr 08 (TNGB) – The Cybersecurity and Infrastructure Security Agency ordered federal agencies to address a critical vulnerability in Ivanti Endpoint Manager Mobile that attackers have already exploited. Tracked as CVE-2026-1340 the code injection flaw permits remote code execution on exposed appliances without prior authentication. Ivanti released patches in January yet many systems remain unupdated. CISA placed the issue in its Known Exploited Vulnerabilities catalog to enforce rapid remediation under binding directives. Agencies must complete patching by midnight on April 11 to avoid further risk. The flaw affected systems exposed online according to monitoring data.

Timely patching prevents exploitation of known critical flaws.

Meta Agrees to Comply With Florida Age Verification Digital ID Law

• Platform will verify ages and remove under-14 accounts starting May.
• Florida law requires digital ID submission for adult users.
• Compliance announced after state attorney general confirmation.

USA, Apr 08 (TNGB) – Meta confirmed it will follow Florida’s age verification requirements for social media platforms under House Bill 3. The company plans to begin purging accounts belonging to users under 14 years old in early May. Adults in the state must submit digital identification to access services while parents receive tools for minor oversight. State officials described the move as a step toward protecting children online. Privacy groups continue to question the broader implications of mandatory ID checks for platform access. Florida Attorney General James Uthmeier announced the compliance.

Age verification laws test the balance between safety and anonymity.

Thirteen Year Old Bug in ActiveMQ Allows Remote Code Execution

• Apache ActiveMQ Classic vulnerability tracked as CVE-2026-34197.
• Flaw allegedly permitted arbitrary command execution via crafted requests.
• Affected versions span from 5.x to recent 6.x releases.

USA, Apr 08 (TNGB) – Security researchers uncovered a remote code execution vulnerability in Apache ActiveMQ that had remained undetected for over a decade. The high-severity issue CVE-2026-34197 allows attackers to force the broker to retrieve and process a malicious Spring XML file during initialization. Affected versions include all releases before 5.19.4 and certain 6.x builds. Organizations using the messaging platform received urgent guidance to apply patches immediately. The discovery highlights the importance of ongoing code audits in widely deployed open-source software. Horizon3.ai identified the flaw through analysis of the Jolokia API.

Long-dormant bugs still pose serious risks in production environments.

US and EU Negotiate Biometric Data Sharing Agreement

• Negotiations cover fingerprint and facial data transfers to DHS.
• EU framework would grant direct query access to member state records.
• Agreement reportedly first of its scale with a non-EU country.

WASHINGTON D.C., Apr 08 (TNGB) – Officials from the United States and European Union entered formal talks on sharing biometric information for border security purposes. The proposed arrangement would allow the Department of Homeland Security to query European databases containing fingerprints and other records held by member states. The EU Council authorized the framework in late 2025 with data protection safeguards under discussion. European privacy supervisors expressed reservations about the volume of personal information involved. Resolution of legal and technical details remains pending.

Biometric sharing expands international cooperation yet raises privacy stakes.

New macOS Stealer Campaign Abuses Script Editor in ClickFix Attacks

• Attackers tricked users into opening Script Editor via web prompts.
• Atomic Stealer malware delivered through obfuscated shell commands.
• Technique bypassed need for manual Terminal interaction.

USA, Apr 08 (TNGB) – A fresh malware campaign targeted macOS users by leveraging the built-in Script Editor application within a refined ClickFix social engineering sequence. Victims visiting compromised websites received prompts to launch Script Editor which then executed hidden commands to download and run Atomic Stealer in memory. The approach avoided direct Terminal commands that many users now recognize as suspicious. Security firms noted the campaign’s efficiency in bypassing traditional user warnings. Apple users received reminders to verify sources before opening unexpected files or applications.

Trusted system tools require constant vigilance against abuse.

Hackers Hide Credit Card Stealer in Oversized SVG Images

• Attackers embedded skimmer code inside large pixel SVG files.
• Technique allegedly evaded detection by security scanners.
• Stolen card data transmitted to remote servers undetected.

USA, Apr 08 (TNGB) – Cybercriminals adopted an unusual method to conceal credit card skimming scripts by embedding them within massively oversized SVG image files. The pixel dimensions helped the malicious code slip past automated security tools that flag typical script sizes. Once loaded on e-commerce sites the hidden stealer captured payment details and forwarded them silently. Researchers observed the tactic in multiple recent incidents targeting online retailers. Web developers received advice to inspect all image assets for anomalous code patterns.

Creative obfuscation techniques keep evolving in payment fraud campaigns.

YouTube Removes Official Bitcoin Channel Over Harmful Content Claim

• Platform cited violation of harmful and dangerous policy.
• Channel owners disputed the decision and sought reinstatement.
• Content focused on educational material about cryptocurrency.

USA, Apr 08 (TNGB) – YouTube terminated the official Bitcoin channel after determining its videos violated policies on harmful and dangerous content. Channel representatives argued the material centered solely on factual education and market analysis without promoting illegal activity. The abrupt removal sparked debate within cryptocurrency communities about platform moderation standards. YouTube has not released specific examples of offending material in its notification. Appeals process remains available though no timeline has been confirmed for resolution.

Content policies shape visibility for emerging technology discussions.

GoPro Announces Layoff of Over 20 Percent of Workforce

• Company will cut 145 positions representing 23 percent of staff.
• Restructuring follows year-end financial losses reported in 2025.
• Action expected to conclude by end of 2026.

USA, Apr 08 (TNGB) – Action camera maker GoPro disclosed plans to reduce its global workforce by more than 20 percent as part of a broader cost-cutting initiative. The San Mateo company will eliminate 145 roles beginning in the second quarter with full implementation targeted before year end. Executives linked the decision to recent financial performance and competitive market pressures. Severance and benefits costs were estimated between 11.5 million and 15 million dollars. Remaining teams will focus on core product innovation and operational efficiency.

Market challenges force difficult decisions even at established brands.

New UNC6783 Hackers Steal Corporate Zendesk Support Tickets

• Group targeted customer support portals for sensitive data access.
• Stolen tickets reportedly contained internal communications and credentials.
• Google attributed the activity to UNC6783 threat actors.

USA, Apr 08 (TNGB) – Google’s threat intelligence team identified a new adversary group labeled UNC6783 that specializes in breaching corporate Zendesk instances. The hackers extracted support tickets containing employee communications and credential details. Compromised organizations faced secondary risks from exposed customer data and internal processes. The campaign highlighted weaknesses in third-party support platforms commonly used by enterprises. Security teams recommended enabling multi-factor authentication and monitoring for anomalous access across helpdesk systems.

Third-party platforms represent expanding attack surfaces for corporate data.

Digital ID Checks Proposed to Enforce Social Media Bans for Children

• Proposal would require ID verification to block underage access.
• Critics argue it ends online anonymity for all users.
• Alternative emphasis placed on parental and school education.

UK, Apr 08 (TNGB) – Advocates for stricter social media regulation suggested digital identity checks as the only practical way to enforce age-based bans on platforms. The approach would require adults to verify identity while automatically restricting younger users. Privacy organizations countered that such measures eliminate anonymity across the internet and create permanent surveillance infrastructure. They urged lawmakers to invest instead in resources for parents and schools to promote healthy online habits. The debate continues as governments weigh enforcement feasibility against civil liberties.

Policy solutions must protect children without sacrificing adult privacy.