Information security
Information security

[ follow ]

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Information security

fromTechRepublic

45 minutes ago

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

A new botnet named PowMix targets Czech Republic's workforce, utilizing advanced evasion techniques and multi-stage infection methods since December 2025.

Information security

fromSecuritymagazine

19 hours ago

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

OpenAI launched GPT-5.4-Cyber for cybersecurity, offering broad access to defenders while emphasizing safety and continuous improvement.

Information security

fromSecurityWeek

2 hours ago

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Information security

fromThe Hacker News

5 hours ago

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.

Information security

fromSecurityWeek

7 hours ago

Artemis Emerges From Stealth With $70 Million in Funding

Artemis launched with $70 million funding, offering an AI platform for threat detection and response across various environments.

Information security

fromTechRepublic

1 day ago

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

A hacking group exploited 108 Chrome Extensions to steal data from around 20,000 users, posing as legitimate tools.

Information security

fromThe Hacker News

56 minutes ago

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

A new botnet named PowMix targets Czech Republic's workforce, utilizing advanced evasion techniques and multi-stage infection methods since December 2025.

Information security

fromSecuritymagazine

19 hours ago

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

OpenAI launched GPT-5.4-Cyber for cybersecurity, offering broad access to defenders while emphasizing safety and continuous improvement.

Information security

fromSecurityWeek

2 hours ago

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Information security

fromThe Hacker News

5 hours ago

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.

Information security

fromSecurityWeek

7 hours ago

Artemis Emerges From Stealth With $70 Million in Funding

Artemis launched with $70 million funding, offering an AI platform for threat detection and response across various environments.

Information security

fromTechRepublic

1 day ago

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

A hacking group exploited 108 Chrome Extensions to steal data from around 20,000 users, posing as legitimate tools.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

Information security

fromSecurityWeek

2 days ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus is a cybercrime network responsible for over $200 million in losses through scams and money laundering, using various techniques to evade sanctions.

Information security

fromTechCrunch

1 hour ago

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

Information security

fromSecurityWeek

2 days ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus is a cybercrime network responsible for over $200 million in losses through scams and money laundering, using various techniques to evade sanctions.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

#ai-security

fromSecurityWeek

11 hours ago

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

fromTechzine Global

8 hours ago

Information security

AI agents on GitHub leak API keys via prompt injection

fromTheregister

7 hours ago

Information security

Git identity spoof fools Claude into giving bad code the nod

Information security

fromTheregister

1 day ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

1 day ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Information security

fromTechzine Global

1 day ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Information security

fromSecurityWeek

11 hours ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Information security

fromTechzine Global

8 hours ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Information security

fromTheregister

7 hours ago

Git identity spoof fools Claude into giving bad code the nod

AI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.

Information security

fromTheregister

1 day ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

1 day ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Information security

fromTechzine Global

1 day ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

Information security

fromSecurityWeek

1 day ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

fromThe Hacker News

12 hours ago

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

Information security

fromSecurityWeek

1 day ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

9 hours ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Information security

fromThe Hacker News

7 hours ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

9 hours ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

more#cisco

Information security

fromComputerWeekly.com

6 hours ago

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Information security

fromSecurityWeek

9 hours ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Information security

fromTechzine Global

5 hours ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Information security

fromSecurityWeek

9 hours ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Information security

fromTNW | Apps

1 day ago

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Information security

fromTechCrunch

2 days ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Information security

fromTechRepublic

3 hours ago

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Information security

fromTNW | Apps

1 day ago

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Information security

fromTechCrunch

2 days ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.

Information security

fromTheregister

11 hours ago

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

#ai

fromSecurityWeek

5 hours ago

Information security

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

Information security

fromComputerWeekly.com

22 hours ago

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

fromTechzine Global

1 day ago

Information security

GPT-5.4-Cyber aims to further embed AI in cybersecurity

fromThe Hacker News

1 day ago

Information security

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI launched GPT-5.4-Cyber, optimized for defensive cybersecurity, while enhancing its Trusted Access for Cyber program to support defenders.

Information security

fromSecurityWeek

2 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

Information security

fromSecurityWeek

5 hours ago

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.

Information security

fromComputerWeekly.com

22 hours ago

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

Information security

fromTechzine Global

1 day ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Information security

fromThe Hacker News

1 day ago

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI launched GPT-5.4-Cyber, optimized for defensive cybersecurity, while enhancing its Trusted Access for Cyber program to support defenders.

Information security

fromSecurityWeek

2 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

Information security

McGraw Hill linked to 13.5M-record data leak

fromSecuritymagazine

1 day ago

Information security

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

Information security

fromTheregister

8 hours ago

McGraw Hill linked to 13.5M-record data leak

McGraw Hill experienced a data breach exposing 13.5 million records due to a Salesforce misconfiguration, leading to personal information circulating online.

Information security

fromSecuritymagazine

1 day ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Information security

Microsoft's Windows Recall still allows silent data extraction

fromSecurityWeek

8 hours ago

Information security

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

fromThe Hacker News

1 day ago

Information security

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

fromTechRepublic

1 day ago

Information security

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Information security

fromZero Day Initiative

2 days ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Information security

fromSecurityWeek

2 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Information security

fromComputerworld

6 hours ago

Microsoft's Windows Recall still allows silent data extraction

Microsoft needs to enhance code integrity for AIXHost.exe to prevent injection attacks.

Information security

fromSecurityWeek

8 hours ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

Information security

fromThe Hacker News

1 day ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Information security

fromTechRepublic

1 day ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Information security

fromZero Day Initiative

2 days ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Information security

fromSecurityWeek

2 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

Information security

fromTheregister

2 days ago

0APT ransomware gang extorts Krybit amid doxxing threat

0APT threatens to expose Krybit members, highlighting the bizarre rivalry between ransomware gangs.

Information security

fromSecurityWeek

10 hours ago

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

Information security

fromTheregister

2 days ago

0APT ransomware gang extorts Krybit amid doxxing threat

0APT threatens to expose Krybit members, highlighting the bizarre rivalry between ransomware gangs.

It's not just you - Bluesky is (sorta) down | TechCrunch

Bluesky's website and app are experiencing service interruptions due to a denial-of-service attack.

Information security

fromThe Hacker News

1 day ago

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Information security

fromThe Hacker News

1 day ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

fromTheregister

1 day ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Information security

fromSecurityWeek

1 day ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

fromTheregister

1 day ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

Information security

fromSecurityWeek

1 day ago

Mirax RAT Targeting Android Users in Europe

A new remote access trojan named Mirax targets Android users in Europe, enabling extensive control and data theft through sophisticated techniques.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

1 day ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Information security

fromThe Hacker News

1 day ago

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

1 day ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromComputerworld

1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

Information security

fromTechzine Global

2 days ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

Information security

fromWIRED

1 day ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

Information security

fromAxios

1 day ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

Information security

fromTNW | Apps

1 day ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

Information security

fromTechzine Global

2 days ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

Information security

fromWIRED

1 day ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

Information security

fromAxios

1 day ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Information security

fromSecuritymagazine

1 day ago

Beyond the Bodyguard: Why Executive Protection Requires a New Playbook

The executive protection model must evolve from a reactive approach to a comprehensive security infrastructure due to increased accessibility of personal information.

Information security

fromSecurityWeek

1 day ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Information security

fromZDNET

1 day ago

Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works

Windows now indicates Secure Boot status, showing if the latest updates are installed and patching 164 security flaws.

Information security

fromTheregister

1 day ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Information security

fromTechzine Global

1 day ago

NTT Research wants to accelerate innovation with Scale Academy: SaltGrain is the first result

NTT Research launched Scale Academy to accelerate technology transition from R&D to market, introducing SaltGrain to enhance Zero Trust security.

Information security

fromArs Technica

23 hours ago

"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

The Recall system's security is compromised by AIXHost.exe, which lacks the same protections after user authentication.

Information security

fromSecurityWeek

1 day ago

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

Information security

fromLondon Business News | Londonlovesbusiness.com

2 days ago

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

Information security

fromnews.bitcoin.com

2 days ago

Cow Protocol Halts Trading After Frontend Domain Hijack

Cow Swap paused its protocol after a DNS hijacking incident on April 14, 2026, with no confirmed contract-level losses reported.

Information security

fromThe Hacker News

2 days ago

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

A new ad fraud scheme uses SEO techniques and AI-generated content to deceive users into enabling browser notifications for scams.

Information security

fromTechzine Global

2 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Information security

fromThe Hacker News

2 days ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Information security

fromInfoQ

2 days ago

New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

New Rowhammer attacks target NVIDIA GPUs, escalating from memory corruption to full system compromise, highlighting significant hardware security risks.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Information security

fromSecurityWeek

2 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Information security

fromTechCrunch

2 days ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Information security

fromTechRepublic

2 days ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Information security

fromSecurityWeek

2 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Information security

fromTechCrunch

2 days ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Commvault has a Ctrl+Z for rogue AI agents

Commvault's AI Protect monitors AI agents in cloud environments and can roll back actions to enhance AI resilience.

Information security

fromSecurityWeek

2 days ago

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

fromYcombinator

2 days ago

Information security

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

Information security

fromSecurityWeek

2 days ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

Information security

fromSecuritymagazine

2 days ago

3 Quantum Realities to Confront this World Quantum Day

World Quantum Day emphasizes the urgency for organizations to prepare for quantum risks and the importance of starting migration processes now.

fromFinbold

2 days ago

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

fromnews.bitcoin.com

2 days ago

Relm Insurance Launches Crypto and Cannabis Kidnap Coverage

Relm Insurance launched a specialized kidnap and ransom insurance product for the Web3 and cannabis sectors to address rising physical threats.

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google integrates a Rust-based DNS parser into Pixel modem firmware to enhance security and promote memory-safe code.

Information security

fromSecurityWeek

2 days ago

Google Adds Rust DNS Parser to Pixel Phones for Better Security

Google integrates a Rust-based DNS parser into Pixel phone modems to enhance security and reduce vulnerabilities.

Information security

fromThe Hacker News

2 days ago

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google integrates a Rust-based DNS parser into Pixel modem firmware to enhance security and promote memory-safe code.

Information security

fromSecurityWeek

2 days ago

Google Adds Rust DNS Parser to Pixel Phones for Better Security

Google integrates a Rust-based DNS parser into Pixel phone modems to enhance security and reduce vulnerabilities.

more#google

fromThe Hacker News

2 days ago

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

fromwww.businessinsider.com

2 days ago

We're in a new era of heightened CEO safety measures, security pros say

This attack is just shedding light on the fact that you're even more vulnerable outside of the office, said Don Aviv, CEO of Interfor International, a security consultancy.

Information security

fromThe Hacker News

2 days ago

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

Information security

fromArs Technica

2 days ago

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

[ Load more ]

Information securityInformation security

North Korea targets macOS users in latest heist

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

Government Can't Win the Cyber War Without the Private Sector

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Artemis Emerges From Stealth With $70 Million in Funding

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

Government Can't Win the Cyber War Without the Private Sector

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Artemis Emerges From Stealth With $70 Million in Funding

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Triad Nexus Evades Sanctions to Fuel Cybercrime

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Triad Nexus Evades Sanctions to Fuel Cybercrime

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

AI agents on GitHub leak API keys via prompt injection

Git identity spoof fools Claude into giving bad code the nod

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Dutch government warns against controversial Anthropic Mythos model

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

AI agents on GitHub leak API keys via prompt injection

Git identity spoof fools Claude into giving bad code the nod

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Dutch government warns against controversial Anthropic Mythos model

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

NIST updates NVD: not every CVE will be scrutinized

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates NVD: not every CVE will be scrutinized

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Splunk Enterprise Update Patches Code Execution Vulnerability

Server-room lock was nothing but a crock

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

UK businesses must face up to AI threat, says government | Computer Weekly

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

UK businesses must face up to AI threat, says government | Computer Weekly

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

McGraw Hill linked to 13.5M-record data leak

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill linked to 13.5M-record data leak

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

Microsoft's Windows Recall still allows silent data extraction

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Zero Day Initiative - The April 2026 Security Update Review

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Windows Recall still allows silent data extraction

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Zero Day Initiative - The April 2026 Security Update Review

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Ransomware Hits Automotive Data Expert Autovista

Information security
Information security