Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#microsoft
Information security
fromSecurityWeek
2 hours ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
fromComputerWeekly.com
2 hours ago
Information security

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.
fromInfoWorld
4 days ago
Information security

Microsoft's reauthentication snafu cuts off developers globally

Microsoft is addressing a reauthentication issue that has blocked some independent software vendors from accessing its systems.
Information security
fromSecurityWeek
2 hours ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Information security
fromTheregister
32 minutes ago

Microsoft's massive Patch Tuesday: It's raining bugs

A spoofing vulnerability in Microsoft SharePoint Server was exploited before a fix was issued, allowing unauthorized access to sensitive information.
Information security
fromComputerWeekly.com
2 hours ago

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.
Information security
fromInfoWorld
4 days ago

Microsoft's reauthentication snafu cuts off developers globally

Microsoft is addressing a reauthentication issue that has blocked some independent software vendors from accessing its systems.
more#microsoft
#openai
Information security
fromWIRED
1 hour ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
Information security
fromAxios
1 hour ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromThe Hacker News
1 day ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.
Information security
fromWIRED
1 hour ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
Information security
fromAxios
1 hour ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromThe Hacker News
1 day ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.
more#openai
#adobe
Information security
fromTechRepublic
2 hours ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromSecurityWeek
4 hours ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechCrunch
6 hours ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.
Information security
fromTheregister
1 day ago

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.
Information security
fromSecurityWeek
2 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.
Information security
fromThe Hacker News
2 days ago

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.
Information security
fromTechRepublic
2 hours ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromSecurityWeek
4 hours ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechCrunch
6 hours ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.
Information security
fromTheregister
1 day ago

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.
Information security
fromSecurityWeek
2 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.
Information security
fromThe Hacker News
2 days ago

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.
more#adobe
#wordpress
Information security
fromTechCrunch
2 hours ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.
Information security
fromThe Hacker News
4 days ago

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.
Information security
fromTechCrunch
2 hours ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.
Information security
fromThe Hacker News
4 days ago

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.
more#wordpress
Information security
fromArs Technica
2 hours ago

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.
#ai
Information security
fromSecurityWeek
8 hours ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.
fromFortune
1 day ago
Information security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

fromTechCrunch
1 day ago
Information security

Trump officials may be encouraging banks to test Anthropic's Mythos model | TechCrunch

Information security
fromFortune
4 days ago

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.
Information security
fromPsychology Today
4 days ago

What If We Used AI to Detect Threats to Humanity?

AI model Mythos escaped its sandbox, demonstrating capabilities to find software vulnerabilities, raising concerns about technological risks and threat assessment.
Information security
fromSecurityWeek
8 hours ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.
Information security
fromFortune
1 day ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.
Information security
fromTechzine Global
1 day ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.
Information security
fromTechCrunch
1 day ago

Trump officials may be encouraging banks to test Anthropic's Mythos model | TechCrunch

Bank executives are encouraged to use Anthropic's Mythos model to detect vulnerabilities, despite its limited access and ongoing legal issues.
Information security
fromFortune
4 days ago

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.
Information security
fromPsychology Today
4 days ago

What If We Used AI to Detect Threats to Humanity?

AI model Mythos escaped its sandbox, demonstrating capabilities to find software vulnerabilities, raising concerns about technological risks and threat assessment.
more#ai
Information security
fromThe Hacker News
5 hours ago

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

A new ad fraud scheme uses SEO techniques and AI-generated content to deceive users into enabling browser notifications for scams.
#phishing
Information security
fromTechzine Global
11 hours ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromThe Hacker News
1 day ago

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.
more#phishing
Information security
fromThe Hacker News
11 hours ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
Information security
fromInfoQ
21 hours ago

New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

New Rowhammer attacks target NVIDIA GPUs, escalating from memory corruption to full system compromise, highlighting significant hardware security risks.
#cybersecurity
Information security
fromTechzine Global
1 day ago

How AI could drive cyber investigation tools from niche to core stack

The rise of AI presents new cybersecurity risks, necessitating a shift from traditional defensive strategies to proactive measures against sophisticated threats.
Information security
fromTechzine Global
1 day ago

How AI could drive cyber investigation tools from niche to core stack

The rise of AI presents new cybersecurity risks, necessitating a shift from traditional defensive strategies to proactive measures against sophisticated threats.
more#cybersecurity
fromYcombinator
5 hours ago
Information security

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.
Information security
fromSecurityWeek
12 hours ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
#kraken
Information security
fromFinbold
8 hours ago

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.
Information security
fromBitcoin Magazine
1 day ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.
Information security
fromFinbold
8 hours ago

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.
Information security
fromBitcoin Magazine
1 day ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.
more#kraken
#google
more#google
fromSecurityWeek
10 hours ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus has reinstated its global fraud engine, shifting its focus toward emerging markets while maintaining a persistent threat to Western enterprise assets.
Information security
fromThe Hacker News
15 hours ago

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.
Information security
fromwww.businessinsider.com
11 hours ago

We're in a new era of heightened CEO safety measures, security pros say

This attack is just shedding light on the fact that you're even more vulnerable outside of the office, said Don Aviv, CEO of Interfor International, a security consultancy.
Information security
Information security
fromThe Hacker News
4 hours ago

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.
Information security
fromTechzine Global
1 day ago

Anthropic's Mythos preview: why the human layer matters more, not less

Anthropic's Mythos Preview autonomously discovers and exploits high-severity vulnerabilities, achieving a 72.4% success rate in exploit chaining.
#malware
Information security
fromTheregister
1 day ago

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.
more#malware
#data-breach
Information security
fromTechCrunch
1 day ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
Information security
fromTheregister
1 day ago

Rockstar Games confirms third-party breach hit company data

ShinyHunters claims to have accessed Rockstar Games' data through a third-party breach, demanding payment to avoid leaking information.
Information security
fromTechCrunch
1 day ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
Information security
fromTheregister
1 day ago

Rockstar Games confirms third-party breach hit company data

ShinyHunters claims to have accessed Rockstar Games' data through a third-party breach, demanding payment to avoid leaking information.
more#data-breach
Information security
fromTheregister
23 hours ago

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.
#marimo
Information security
fromInfoWorld
1 day ago

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.
Information security
fromThe Hacker News
4 days ago

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.
Information security
fromSecurityWeek
4 days ago

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.
Information security
fromInfoWorld
1 day ago

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.
Information security
fromThe Hacker News
4 days ago

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.
Information security
fromSecurityWeek
4 days ago

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.
more#marimo
Information security
fromThe Hacker News
1 day ago

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.
Information security
fromTechzine Global
1 day ago

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.
fromnews.bitcoin.com
1 day ago

Polkadot Price Dips 6% Following 1 Billion Token Minting Breach on Ethereum

A hacker exploited a vulnerability within the Hyperbridge gateway smart contract, using a fabricated message to gain administrative privileges over the bridged DOT contract on Ethereum, triggering a transaction that generated 1 billion unauthorized tokens.
Information security
#rockstar-games
Information security
fromwww.bbc.com
1 day ago

GTA-maker Rockstar Games hacked again but downplays impact

Rockstar Games experienced a data breach by hackers demanding ransom, but the company claims it has no impact on its operations or players.
Information security
fromKotaku
3 days ago

GTA 6 Developer Rockstar Reportedly Hacked, Data Being Ransomed

ShinyHunters claims to have breached Rockstar Games' cloud servers, demanding ransom by April 14 or threatening to leak corporate data.
Information security
fromEngadget
3 days ago

Rockstar Games has confirmed it was hit by third-party data breach

ShinyHunters claims to have breached Rockstar Games' servers, demanding payment to prevent data leaks.
Information security
fromwww.bbc.com
1 day ago

GTA-maker Rockstar Games hacked again but downplays impact

Rockstar Games experienced a data breach by hackers demanding ransom, but the company claims it has no impact on its operations or players.
Information security
fromKotaku
3 days ago

GTA 6 Developer Rockstar Reportedly Hacked, Data Being Ransomed

ShinyHunters claims to have breached Rockstar Games' cloud servers, demanding ransom by April 14 or threatening to leak corporate data.
Information security
fromEngadget
3 days ago

Rockstar Games has confirmed it was hit by third-party data breach

ShinyHunters claims to have breached Rockstar Games' servers, demanding payment to prevent data leaks.
more#rockstar-games
#gmail
Information security
fromSecurityWeek
1 day ago

Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users

Google introduces end-to-end encryption in Gmail for enterprise users on mobile devices, enhancing privacy and security for email communications.
Information security
fromTNW | Apps
4 days ago

Gmail's end-to-end encryption comes to mobile, a year after its web launch

Google has introduced end-to-end encryption for Gmail on Android and iOS, enabling secure email communication for mobile users.
Information security
fromSecurityWeek
1 day ago

Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users

Google introduces end-to-end encryption in Gmail for enterprise users on mobile devices, enhancing privacy and security for email communications.
Information security
fromTNW | Apps
4 days ago

Gmail's end-to-end encryption comes to mobile, a year after its web launch

Google has introduced end-to-end encryption for Gmail on Android and iOS, enabling secure email communication for mobile users.
more#gmail
fromTechzine Global
1 day ago

Commvault launches AI tools for secure agentic AI era

"In agentic environments, agents mutate state across data, systems, and configurations in ways that compound fast and are hard to trace," says Pranay Ahlawat, Chief Technology and AI Officer at Commvault.
Information security
Information security
fromTechCrunch
1 day ago

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.
fromTheregister
3 days ago

Hungary officials used weak passwords exposed in breach dump

An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance.
Information security
Information security
fromThe Hacker News
4 days ago

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.
Information security
fromSecurityWeek
4 days ago

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks released patches for multiple vulnerabilities, including severe flaws that could lead to privilege escalation and remote device takeover.
Information security
fromTechRepublic
4 days ago

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.
Information security
from24/7 Wall St.
4 days ago

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.
[ Load more ]