Information security
Information security

[ follow ]

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromSecurityWeek

3 days ago

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

fromTechzine Global

3 days ago

Information security

AI agents on GitHub leak API keys via prompt injection

fromTheregister

2 days ago

Information security

Git identity spoof fools Claude into giving bad code the nod

Information security

fromTheregister

4 days ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

3 days ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Information security

fromTheregister

1 hour ago

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Information security

fromSecurityWeek

3 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Information security

fromTechzine Global

3 days ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Information security

fromTheregister

2 days ago

Git identity spoof fools Claude into giving bad code the nod

AI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.

Information security

fromTheregister

4 days ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

3 days ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Information security

fromThe Hacker News

1 day ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

Information security

fromSecurityWeek

1 day ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

#cybercrime

Information security

fromwww.independent.co.uk

1 day ago

Scottish man faces 22 years in US prison for $8m virtual currency scam

A Scottish man pleaded guilty to hacking and stealing over $8 million in virtual currency through phishing attacks.

Information security

fromTechCrunch

2 days ago

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

Information security

fromwww.independent.co.uk

1 day ago

Scottish man faces 22 years in US prison for $8m virtual currency scam

A Scottish man pleaded guilty to hacking and stealing over $8 million in virtual currency through phishing attacks.

Information security

fromTechCrunch

2 days ago

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

fromSecurityWeek

2 days ago

Information security

ZionSiphon Malware Targets ICS in Water Facilities

fromThe Hacker News

3 days ago

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

fromSecurityWeek

4 days ago

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

fromTechRepublic

1 day ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

fromSecurityWeek

2 days ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

Information security

fromThe Hacker News

3 days ago

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

Information security

fromSecurityWeek

4 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

fromTechCrunch

1 day ago

Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

fromLondon Business News | Londonlovesbusiness.com

1 day ago

Information security

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

fromSecuritymagazine

3 days ago

Information security

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

fromThe Hacker News

2 days ago

Information security

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

fromSecurityWeek

2 days ago

Information security

Government Can't Win the Cyber War Without the Private Sector

Information security

fromSecurityWeek

2 days ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

Information security

fromTechCrunch

1 day ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Information security

fromLondon Business News | Londonlovesbusiness.com

1 day ago

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Cyber incidents now lead to significant financial and reputational damage, necessitating a unified strategy for backup and cyber protection.

Information security

fromSecuritymagazine

3 days ago

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

OpenAI launched GPT-5.4-Cyber for cybersecurity, offering broad access to defenders while emphasizing safety and continuous improvement.

Information security

fromThe Hacker News

2 days ago

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

A new botnet named PowMix targets Czech Republic's workforce, utilizing advanced evasion techniques and multi-stage infection methods since December 2025.

Information security

fromSecurityWeek

2 days ago

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Information security

What is Claude Mythos and what risks does it pose?

fromSecurityWeek

2 days ago

Information security

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

Information security

fromComputerWeekly.com

3 days ago

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

fromTechzine Global

4 days ago

Information security

GPT-5.4-Cyber aims to further embed AI in cybersecurity

fromThe Hacker News

4 days ago

Information security

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

Information security

fromSecurityWeek

4 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

Information security

fromwww.bbc.com

1 day ago

What is Claude Mythos and what risks does it pose?

Anthropic's Claude Mythos AI model outperforms humans in some cybersecurity tasks, raising concerns among regulators and tech companies.

Information security

fromSecurityWeek

2 days ago

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.

Information security

fromComputerWeekly.com

3 days ago

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

Information security

fromTechzine Global

4 days ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Information security

fromThe Hacker News

4 days ago

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI launched GPT-5.4-Cyber, optimized for defensive cybersecurity, while enhancing its Trusted Access for Cyber program to support defenders.

Information security

fromSecurityWeek

4 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

more#ai

#north-korea

fromComputerWeekly.com

1 day ago

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

Information security

fromTheregister

2 days ago

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Information security

fromComputerWeekly.com

1 day ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

Information security

fromTheregister

2 days ago

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

Information security

fromDevOps.com

1 day ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

Information security

fromComputerWeekly.com

1 day ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

Information security

fromTechzine Global

2 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Information security

fromSecurityWeek

3 days ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Information security

fromThe Hacker News

2 days ago

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

Information security

fromComputerWeekly.com

1 day ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

Information security

fromTechzine Global

2 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Information security

fromSecurityWeek

3 days ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

Information security

fromThe Cipher Brief

1 day ago

An FBI Perspective on FISA Section 702

Allowing Section 702 to lapse would create intelligence gaps that adversaries are poised to exploit, threatening American security.

Information security

fromThe Hacker News

1 day ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Information security

fromThe Hacker News

2 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

Information security

fromSecurityWeek

2 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

Information security

fromTheregister

1 day ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Information security

fromThe Hacker News

2 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

Information security

fromSecurityWeek

2 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

Information security

Microsoft closes book on rogue Windows Server 2025 upgrades

fromComputerworld

2 days ago

Information security

Microsoft's Windows Recall still allows silent data extraction

fromSecurityWeek

3 days ago

Information security

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

fromThe Hacker News

4 days ago

Information security

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Information security

fromTechRepublic

3 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Information security

fromZero Day Initiative

4 days ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Information security

fromTheregister

1 day ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.

Information security

fromComputerworld

2 days ago

Microsoft's Windows Recall still allows silent data extraction

Microsoft needs to enhance code integrity for AIXHost.exe to prevent injection attacks.

Information security

fromSecurityWeek

3 days ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

Information security

fromThe Hacker News

4 days ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Information security

fromTechRepublic

3 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Information security

fromZero Day Initiative

4 days ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Information security

fromThe Hacker News

3 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

3 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Information security

fromTheregister

2 days ago

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Information security

fromThe Hacker News

3 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

3 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

more#cisco

fromThe Hacker News

2 days ago

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

"Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims."

Information security

fromTechzine Global

1 day ago

Broadcom brings secure AI agent environment to VMware Tanzu

Broadcom's VMware Tanzu Platform Agent Foundations provides a secure environment for autonomous AI applications with zero-trust networking and automated management.

#bluesky

fromTechRepublic

1 day ago

Information security

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

fromMashable

1 day ago

Information security

Bluesky outage: Why it happened

fromTechCrunch

2 days ago

Information security

It's not just you - Bluesky is (sorta) down | TechCrunch

fromTechRepublic

1 day ago

Information security

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

fromMashable

1 day ago

Information security

Bluesky outage: Why it happened

fromTechCrunch

2 days ago

Information security

It's not just you - Bluesky is (sorta) down | TechCrunch

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.

Information security

fromThe Hacker News

3 days ago

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

Information security

fromTheregister

2 days ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

Information security

fromComputerWeekly.com

2 days ago

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

Information security

fromComputerworld

2 days ago

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Information security

fromTNW | Apps

3 days ago

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Information security

fromTechRepublic

2 days ago

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Information security

fromTNW | Apps

3 days ago

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.

Information security

fromTheregister

3 days ago

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

McGraw Hill linked to 13.5M-record data leak

McGraw Hill experienced a data breach exposing 13.5 million records due to a Salesforce misconfiguration, leading to personal information circulating online.

Information security

fromSecuritymagazine

4 days ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Information security

fromTheregister

3 days ago

McGraw Hill linked to 13.5M-record data leak

McGraw Hill experienced a data breach exposing 13.5 million records due to a Salesforce misconfiguration, leading to personal information circulating online.

Information security

fromSecuritymagazine

4 days ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

more#data-breach

fromSecurityWeek

3 days ago

Ransomware Hits Automotive Data Expert Autovista

We are responding to a ransomware incident affecting certain Autovista systems in Europe and Australia. We appreciate our customers' patience as we work to respond to this incident in a disciplined manner.

Information security

fromThe Hacker News

3 days ago

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Information security

fromThe Hacker News

3 days ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

fromTheregister

3 days ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Information security

fromSecurityWeek

4 days ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

fromTheregister

3 days ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

Information security

fromSecurityWeek

4 days ago

Mirax RAT Targeting Android Users in Europe

A new remote access trojan named Mirax targets Android users in Europe, enabling extensive control and data theft through sophisticated techniques.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

3 days ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Information security

fromThe Hacker News

3 days ago

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

3 days ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

4 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromComputerworld

4 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

4 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

Information security

fromSecurityWeek

3 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Information security

fromSecuritymagazine

4 days ago

Beyond the Bodyguard: Why Executive Protection Requires a New Playbook

The executive protection model must evolve from a reactive approach to a comprehensive security infrastructure due to increased accessibility of personal information.

Information security

fromSecurityWeek

3 days ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Information security

fromZDNET

3 days ago

Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works

Windows now indicates Secure Boot status, showing if the latest updates are installed and patching 164 security flaws.

Information security

fromTheregister

4 days ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Information security

fromTechzine Global

3 days ago

NTT Research wants to accelerate innovation with Scale Academy: SaltGrain is the first result

NTT Research launched Scale Academy to accelerate technology transition from R&D to market, introducing SaltGrain to enhance Zero Trust security.

Information security

fromArs Technica

3 days ago

"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

The Recall system's security is compromised by AIXHost.exe, which lacks the same protections after user authentication.

Information security

fromSecurityWeek

4 days ago

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

Information security

fromLondon Business News | Londonlovesbusiness.com

5 days ago

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

[ Load more ]

Information securityInformation security

AI vendors' response to security flaws: It wasn't me

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

AI agents on GitHub leak API keys via prompt injection

Git identity spoof fools Claude into giving bad code the nod

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

AI vendors' response to security flaws: It wasn't me

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

AI agents on GitHub leak API keys via prompt injection

Git identity spoof fools Claude into giving bad code the nod

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Scottish man faces 22 years in US prison for $8m virtual currency scam

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Scottish man faces 22 years in US prison for $8m virtual currency scam

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

New Phishing Attack Turns n8n Into On-Demand Malware Machine

ZionSiphon Malware Targets ICS in Water Facilities

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

New Phishing Attack Turns n8n Into On-Demand Malware Machine

ZionSiphon Malware Targets ICS in Water Facilities

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Government Can't Win the Cyber War Without the Private Sector

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Government Can't Win the Cyber War Without the Private Sector

What is Claude Mythos and what risks does it pose?

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

UK businesses must face up to AI threat, says government | Computer Weekly

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

What is Claude Mythos and what risks does it pose?

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

UK businesses must face up to AI threat, says government | Computer Weekly

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

Recent advances push Big Tech closer to the Q-Day danger zone

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST updates NVD: not every CVE will be scrutinized

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST updates NVD: not every CVE will be scrutinized

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

Cursor AI Vulnerability Exposed Developer Devices

An FBI Perspective on FISA Section 702

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft's Windows Recall still allows silent data extraction

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Information security
Information security