Apple Intelligence flaw kept stolen tokens reusable on another device
Researchers say Apple Intelligence’s token design let attackers steal and replay credentials across devices, turning what should have been device-bound access into reusable bearer tokens. The reported impact goes beyond token theft: the same weakness could let an attacker burn through a victim’s daily Apple Intelligence quota or repurpose stolen access for automated clients, which makes this one worth tracking as AI service authentication starts becoming part of the attack surface.
French govt agency confirms breach as hacker offers to sell data
France Titres, the agency tied to official identity and registration documents in France, disclosed a breach after a threat actor claimed to have stolen citizen data and offered it for sale. The agency said the incident happened last week and that multiple categories of personal data may have been exposed, making this a notable government-sector breach with potential downstream fraud and identity abuse implications.
NIST to limit work on CVE entries as submissions surge
NIST said it will stop fully enriching every CVE record and will instead prioritize vulnerabilities tied to CISA’s known exploited catalog, federal use cases, and software it deems critical. That’s a meaningful shift for defenders because the National Vulnerability Database has long been a default source for severity and metadata, and this change reflects just how hard it has become to keep pace with the volume of newly reported flaws.
Third US Security Expert Admits Helping Ransomware Gang
A third U.S. security professional has pleaded guilty to aiding the BlackCat ransomware operation while working in ransomware negotiation, according to SecurityWeek. Prosecutors say he used confidential victim information from five cases to help maximize ransom payments, which is a stark reminder that insider risk in incident response and negotiation workflows can be just as damaging as the initial intrusion.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Researchers disclosed a now-patched flaw in Google’s Antigravity AI developer tool that reportedly let prompt injection bypass secure mode and reach remote code execution. The detail that stands out is that a native file-search tool appears to have executed outside the intended security boundary, which is exactly the kind of control-plane weakness defenders should watch for as agentic tooling gets rolled into development environments.
The post InfoSec News Nuggets 04/22/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
