AttackFeed by Joe Wagner

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery  – Read More  – The Hacker News 

OpenAI said it is expanding its Trusted Access for Cyber program to “thousands of individuals and organizations,” who will use the company’s technology to root out bugs and vulnerabilities in their products. The program will also incorporate  GPT 5.4 Cyber, a new variant of ChatGPT that OpenAI says is specifically optimized for cybersecurity tasks. OpenAI’s … Read More “OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model   – CyberScoop” »

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database   – Read More  – The … Read More “April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More  – The Hacker News” »

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. ”  – Read More  … Read More “Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover  – The Hacker News” »

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed  – Read More  – The Hacker News 

Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A new Qrator Labs report reveals that the largest DDoS botnet has grown to 13.5 million devices, and…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Last year, Nvidia CEO Jensen Huang repeatedly denied that China was obtaining America’s most advanced chips. ‘There’s no evidence of any AI chip diversion,’ he said, dismissing such reports on another occasion as ‘tall tales.’ Federal prosecutors would beg to differ. They’ve charged six men over the past three weeks with smuggling billions of dollars’ … Read More “We’re only seeing the tip of the chip-smuggling iceberg  – CyberScoop” »

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are  – Read More  – The Hacker News 

OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems  – Read … Read More “OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams  – The Hacker News” »

The Cybersecurity and Infrastructure Security Agency has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security.  Emails from CISA obtained by CyberScoop recently informed applicants that the agency will not bring any CyberCorps: … Read More “CISA cancels summer internships for cyber scholarship students amid DHS funding lapse  – CyberScoop” »

Digital Annotations replace paper markups in business, enabling real time collaboration, version control, and secure document workflows across teams.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited … Read More “Patch Tuesday, April 2026 Edition  – Krebs on Security” »

Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update.  “By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post … Read More “Microsoft drops its second-largest monthly batch of defects on record  – CyberScoop” »

A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. […]  – Read More  – BleepingComputer 

Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. […]  – Read More  – BleepingComputer 

Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]  – Read More  – BleepingComputer 

Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […]  – Read More  – BleepingComputer 

Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. […]  – Read More  – BleepingComputer 

Seth Whitworth, who is both acting Associate Deputy Chief of Space Operations for Cyber and Data and acting chief information security officer, said he believes AI tools are shifting the way defenders review cyber risk, both for individual systems and more holistically throughout an enterprise.   In particular, Large Language Models can be used to systematically … Read More “Space Force official touts AI’s impact on cyber compliance  – CyberScoop” »

Philadelphia, United States / Pennsylvania, 14th April 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

It’s time once again for Patch Tuesday, and this one is huge. We’ve also got multiple exploits in the wild, which adds another layer of urgency to this month’s release. Take a break from your regularly scheduled activities, and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather … Read More “The April 2026 Security Update Review  – Zero Day Initiative – Blog” »

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below – CVE-2026-40176 (CVSS  – Read More  – The Hacker News 

A small group of former Black Basta affiliates have targeted more than 100 employees across dozens of organizations to intrude network systems for potential data theft, ransomware deployment and extortion, according to ReliaQuest. The social engineering campaign, which involves mass email bombing and Microsoft Teams help desk impersonation, surged last month and dates back to … Read More “Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign  – CyberScoop” »

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been  – Read More  – … Read More “AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud  – The Hacker News” »

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. “The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of … Read More “Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security  – The Hacker News” »

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Booking.com confirms a data breach exposing customer details to hackers. No payment data accessed, but users face risk of targeted phishing scams now!  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More