Information security
Information security

[ follow ]

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Information security

fromSecurityWeek

9 hours ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

fromTheregister

1 hour ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Information security

fromSecurityWeek

9 hours ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

Copy of Trump's Cyber Strategy Is a Strong Playbook, but It's All in the Execution

fromTechRepublic

2 hours ago

Information security

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

fromNextgov.com

2 hours ago

Information security

Expect more cybersecurity executive orders soon, national cyber director says

fromFortune

5 hours ago

Information security

Artemis raises $70M to help fight AI-powered attacks with AI | Fortune

fromThe Hacker News

1 day ago

Information security

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

fromThe Hacker News

1 day ago

Information security

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

Information security

fromThe Cipher Brief

53 minutes ago

Copy of Trump's Cyber Strategy Is a Strong Playbook, but It's All in the Execution

The National Cyber Strategy aims to enhance U.S. national security through aggressive defense and collaboration with the private sector.

Information security

fromTechRepublic

2 hours ago

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

A hacking group exploited 108 Chrome Extensions to steal data from around 20,000 users, posing as legitimate tools.

Information security

fromNextgov.com

2 hours ago

Expect more cybersecurity executive orders soon, national cyber director says

President Trump is expected to sign more cybersecurity executive orders soon, following the release of the national cyber strategy.

Information security

fromFortune

5 hours ago

Artemis raises $70M to help fight AI-powered attacks with AI | Fortune

Artemis, a cybersecurity startup, raised $70 million to combat AI-driven attacks using AI technology.

Information security

fromThe Hacker News

1 day ago

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

A cluster of 108 malicious Chrome extensions collects user data and injects ads, compromising browser security.

Information security

fromThe Hacker News

1 day ago

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA added six security flaws to its KEV catalog due to evidence of active exploitation.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

3 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

fromTechzine Global

10 hours ago

Information security

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

fromInfoQ

19 hours ago

Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

Information security

fromTheregister

11 hours ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

fromTNW | Anthropic

3 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Information security

fromTechzine Global

10 hours ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Information security

fromInfoQ

19 hours ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Information security

fromTechzine Global

2 days ago

Anthropic's Mythos preview: why the human layer matters more, not less

Anthropic's Mythos Preview autonomously discovers and exploits high-severity vulnerabilities, achieving a 72.4% success rate in exploit chaining.

Information security

fromThe Hacker News

5 hours ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Information security

fromTechzine Global

2 days ago

Anthropic's Mythos preview: why the human layer matters more, not less

Anthropic's Mythos Preview autonomously discovers and exploits high-severity vulnerabilities, achieving a 72.4% success rate in exploit chaining.

Information security

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

fromTechRepublic

3 hours ago

Information security

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Information security

fromZero Day Initiative

1 day ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Information security

fromSecurityWeek

1 day ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Information security

fromTheregister

22 hours ago

Microsoft's massive Patch Tuesday: It's raining bugs

A spoofing vulnerability in Microsoft SharePoint Server was exploited before a fix was issued, allowing unauthorized access to sensitive information.

Information security

fromComputerWeekly.com

1 day ago

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

Information security

fromThe Hacker News

10 hours ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Information security

fromTechRepublic

3 hours ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Information security

fromZero Day Initiative

1 day ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Information security

fromSecurityWeek

1 day ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Information security

fromTheregister

22 hours ago

Microsoft's massive Patch Tuesday: It's raining bugs

A spoofing vulnerability in Microsoft SharePoint Server was exploited before a fix was issued, allowing unauthorized access to sensitive information.

Information security

fromComputerWeekly.com

1 day ago

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

Information security

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

fromTechCrunch

2 days ago

Information security

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

fromTheregister

2 days ago

Information security

Rockstar Games confirms third-party breach hit company data

Information security

fromSecuritymagazine

19 hours ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Information security

fromTechCrunch

2 days ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

Information security

fromTheregister

2 days ago

Rockstar Games confirms third-party breach hit company data

ShinyHunters claims to have accessed Rockstar Games' data through a third-party breach, demanding payment to avoid leaking information.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

fromTheregister

2 days ago

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Information security

fromSecurityWeek

2 days ago

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

Information security

fromSecurityWeek

8 hours ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

fromTheregister

2 days ago

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Information security

fromSecurityWeek

2 days ago

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

Information security

fromSecurityWeek

7 hours ago

Mirax RAT Targeting Android Users in Europe

A new remote access trojan named Mirax targets Android users in Europe, enabling extensive control and data theft through sophisticated techniques.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

4 hours ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Information security

fromThe Hacker News

5 hours ago

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Information security

fromSecurityWeek

4 hours ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

14 hours ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromComputerworld

14 hours ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

Information security

fromInfoWorld

14 hours ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

Information security

fromTechzine Global

1 day ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

Information security

fromWIRED

23 hours ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

Information security

fromAxios

23 hours ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

Information security

fromThe Hacker News

2 days ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

Information security

fromSecurityWeek

2 days ago

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

Information security

fromTNW | Apps

2 hours ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

Information security

fromTechzine Global

1 day ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

Information security

fromWIRED

23 hours ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

Information security

fromAxios

23 hours ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

Information security

fromThe Hacker News

2 days ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

Information security

fromSecurityWeek

2 days ago

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

#ai

fromTechzine Global

11 hours ago

Information security

GPT-5.4-Cyber aims to further embed AI in cybersecurity

fromThe Hacker News

13 hours ago

Information security

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

Information security

fromSecurityWeek

1 day ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

fromFortune

1 day ago

Information security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

fromTechzine Global

1 day ago

Information security

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Information security

fromTechzine Global

11 hours ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Information security

fromThe Hacker News

13 hours ago

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI launched GPT-5.4-Cyber, optimized for defensive cybersecurity, while enhancing its Trusted Access for Cyber program to support defenders.

Information security

fromSecurityWeek

1 day ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.

Information security

fromFortune

1 day ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

Information security

fromTechzine Global

1 day ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Beyond the Bodyguard: Why Executive Protection Requires a New Playbook

The executive protection model must evolve from a reactive approach to a comprehensive security infrastructure due to increased accessibility of personal information.

Information security

fromSecurityWeek

5 hours ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Information security

fromZDNET

2 hours ago

Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works

Windows now indicates Secure Boot status, showing if the latest updates are installed and patching 164 security flaws.

Information security

fromTheregister

7 hours ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Information security

fromTechzine Global

6 hours ago

NTT Research wants to accelerate innovation with Scale Academy: SaltGrain is the first result

NTT Research launched Scale Academy to accelerate technology transition from R&D to market, introducing SaltGrain to enhance Zero Trust security.

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Information security

fromTechCrunch

1 day ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Information security

fromTNW | Apps

5 hours ago

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Information security

fromTechCrunch

1 day ago

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

Information security

fromLondon Business News | Londonlovesbusiness.com

1 day ago

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

Information security

fromnews.bitcoin.com

1 day ago

Cow Protocol Halts Trading After Frontend Domain Hijack

Cow Swap paused its protocol after a DNS hijacking incident on April 14, 2026, with no confirmed contract-level losses reported.

Information security

fromThe Hacker News

1 day ago

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

A new ad fraud scheme uses SEO techniques and AI-generated content to deceive users into enabling browser notifications for scams.

#phishing

fromTechzine Global

1 day ago

Information security

Attackers are targeting developers via Slack and Google Sites

fromThe Hacker News

2 days ago

Information security

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

Information security

fromTechzine Global

1 day ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Information security

fromThe Hacker News

2 days ago

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Information security

fromInfoQ

1 day ago

New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

New Rowhammer attacks target NVIDIA GPUs, escalating from memory corruption to full system compromise, highlighting significant hardware security risks.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Information security

fromSecurityWeek

1 day ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Information security

fromTechCrunch

1 day ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Information security

fromTheregister

2 days ago

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Information security

fromTechRepublic

1 day ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Information security

fromSecurityWeek

1 day ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Information security

fromTechCrunch

1 day ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Information security

fromTheregister

2 days ago

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Commvault has a Ctrl+Z for rogue AI agents

Commvault's AI Protect monitors AI agents in cloud environments and can roll back actions to enhance AI resilience.

Information security

fromSecurityWeek

1 day ago

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

fromYcombinator

1 day ago

Information security

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

Information security

fromSecurityWeek

1 day ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

Information security

fromSecuritymagazine

1 day ago

3 Quantum Realities to Confront this World Quantum Day

World Quantum Day emphasizes the urgency for organizations to prepare for quantum risks and the importance of starting migration processes now.

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.

Information security

fromBitcoin Magazine

2 days ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

Information security

fromFinbold

1 day ago

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.

Information security

fromBitcoin Magazine

2 days ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

Relm Insurance Launches Crypto and Cannabis Kidnap Coverage

Relm Insurance launched a specialized kidnap and ransom insurance product for the Web3 and cannabis sectors to address rising physical threats.

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google integrates a Rust-based DNS parser into Pixel modem firmware to enhance security and promote memory-safe code.

Information security

fromSecurityWeek

1 day ago

Google Adds Rust DNS Parser to Pixel Phones for Better Security

Google integrates a Rust-based DNS parser into Pixel phone modems to enhance security and reduce vulnerabilities.

Information security

fromThe Hacker News

1 day ago

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google integrates a Rust-based DNS parser into Pixel modem firmware to enhance security and promote memory-safe code.

Information security

fromSecurityWeek

1 day ago

Google Adds Rust DNS Parser to Pixel Phones for Better Security

Google integrates a Rust-based DNS parser into Pixel phone modems to enhance security and reduce vulnerabilities.

more#google

fromSecurityWeek

1 day ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus has reinstated its global fraud engine, shifting its focus toward emerging markets while maintaining a persistent threat to Western enterprise assets.

Information security

fromTheregister

1 day ago

0APT ransomware gang extorts Krybit amid doxxing threat

0APT threatens to expose Krybit members, highlighting the bizarre rivalry between ransomware gangs.

fromThe Hacker News

1 day ago

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

fromwww.businessinsider.com

1 day ago

We're in a new era of heightened CEO safety measures, security pros say

This attack is just shedding light on the fact that you're even more vulnerable outside of the office, said Don Aviv, CEO of Interfor International, a security consultancy.

Information security

fromThe Hacker News

1 day ago

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

Information security

fromArs Technica

1 day ago

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

Information security

fromTheregister

1 day ago

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

Information security

fromInfoWorld

2 days ago

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Information security

fromThe Hacker News

1 day ago

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

Information security

fromwww.theguardian.com

2 days ago

Hacker group threatens to release Grand Theft Auto VI data in Rockstar Games attack

Rockstar Games faces a cyberattack from ShinyHunters, demanding ransom or threatening to leak stolen data.

Information security

fromTechzine Global

2 days ago

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

Information security

fromTechzine Global

2 days ago

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

Information security

fromThe Hacker News

2 days ago

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

APT37 employs social engineering on Facebook to deliver RokRAT via a compromised PDF viewer.

Information security

fromwww.housingwire.com

1 day ago

FBI: Seniors lost $7.75B to cybercrime in 2025 a 59% jump

Tech and customer support scams caused $1.04 billion in losses for older victims, with AI enhancing the sophistication of these frauds.

fromnews.bitcoin.com

2 days ago

Polkadot Price Dips 6% Following 1 Billion Token Minting Breach on Ethereum

A hacker exploited a vulnerability within the Hyperbridge gateway smart contract, using a fabricated message to gain administrative privileges over the bridged DOT contract on Ethereum, triggering a transaction that generated 1 billion unauthorized tokens.

Information security

fromwww.bbc.com

2 days ago

GTA-maker Rockstar Games hacked again but downplays impact

Rockstar Games experienced a data breach by hackers demanding ransom, but the company claims it has no impact on its operations or players.

Information security

fromSecurityWeek

2 days ago

Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users

Google introduces end-to-end encryption in Gmail for enterprise users on mobile devices, enhancing privacy and security for email communications.

[ Load more ]

Information securityInformation security

Critical Fortinet sandbox bugs allow auth bypass and RCE

Fortinet Patches Critical FortiSandbox Vulnerabilities

Critical Fortinet sandbox bugs allow auth bypass and RCE

Fortinet Patches Critical FortiSandbox Vulnerabilities

Copy of Trump's Cyber Strategy Is a Strong Playbook, but It's All in the Execution

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Expect more cybersecurity executive orders soon, national cyber director says

Artemis raises $70M to help fight AI-powered attacks with AI | Fortune

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

Copy of Trump's Cyber Strategy Is a Strong Playbook, but It's All in the Execution

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Expect more cybersecurity executive orders soon, national cyber director says

Artemis raises $70M to help fight AI-powered attacks with AI | Fortune

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Dutch government warns against controversial Anthropic Mythos model

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Dutch government warns against controversial Anthropic Mythos model

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Anthropic's Mythos preview: why the human layer matters more, not less

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Anthropic's Mythos preview: why the human layer matters more, not less

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Zero Day Initiative - The April 2026 Security Update Review

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's massive Patch Tuesday: It's raining bugs

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Zero Day Initiative - The April 2026 Security Update Review

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's massive Patch Tuesday: It's raining bugs

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Rockstar Games confirms third-party breach hit company data

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Rockstar Games confirms third-party breach hit company data

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Fake Linux Foundation leader using Slack to phish devs

Fake Claude Website Distributes PlugX RAT

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Fake Linux Foundation leader using Slack to phish devs

Fake Claude Website Distributes PlugX RAT

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Mirax RAT Targeting Android Users in Europe

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

Exploited Vulnerability Exposes Nginx Servers to Hacking

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

Exploited Vulnerability Exposes Nginx Servers to Hacking

Curity looks to reinvent IAM with runtime authorization for AI agents

Curity looks to reinvent IAM with runtime authorization for AI agents

Curity looks to reinvent IAM with runtime authorization for AI agents

Curity looks to reinvent IAM with runtime authorization for AI agents

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI replaces certificates following Axios incident

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI expands access to cyber AI as hacking risks grow

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI replaces certificates following Axios incident

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI expands access to cyber AI as hacking risks grow

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Information security
Information security