Cybersecurity News from Across the Internet
Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below – CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on … Read More “Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution – The Hacker News” »
Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability – Read More –
A company wakes up to a news story claiming it has suffered a major data breach. The details are specific, technical and convincing. But the breach didn’t happen. No systems were compromised. No data was taken. A language model generated the entire story, filling in plausible details from scratch. And before the company can figure … Read More “Ghost breaches: How AI-mediated narratives have become a new threat vector – CyberScoop” »
Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers – Read More –
Triad Nexus scales $200m scams, uses infrastructure laundering, localized fraud and US-access blocks – Read More –
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April – Read More – The Hacker News
VPNs help secure remote server access by encrypting traffic, restricting entry to authorized users, and reducing exposure of critical systems to the internet. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake. Oh, and by the way, … Read More “Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying – GRAHAM CLULEY” »
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said … Read More “NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities – CyberScoop” »
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app? – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
National Cyber Director Sean Cairncross expects more executive orders coming from the White House as part of implementing the national cybersecurity strategy, he said Wednesday. Staffers on Capitol Hill and others in the cyber world have been awaiting the implementation guidance the Trump administration had proclaimed would come to accompany the strategy published last month. … Read More “Executive orders likely ahead in next steps for national cyber strategy – CyberScoop” »
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery – Read More – The Hacker News
OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing – Read More –
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure – Read More –
Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints – Read More –
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE – Read More –
OpenAI said it is expanding its Trusted Access for Cyber program to “thousands of individuals and organizations,” who will use the company’s technology to root out bugs and vulnerabilities in their products. The program will also incorporate GPT 5.4 Cyber, a new variant of ChatGPT that OpenAI says is specifically optimized for cybersecurity tasks. OpenAI’s … Read More “OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model – CyberScoop” »
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8 – Read More –
ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database – Read More – The … Read More “April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More – The Hacker News” »
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. ” – Read More … Read More “Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover – The Hacker News” »
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed – Read More – The Hacker News
A step change in frontier AI models’ capabilities to find vulnerabilities in code can ultimately be a good thing for our cyber security. – Read More – All Feed
Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A new Qrator Labs report reveals that the largest DDoS botnet has grown to 13.5 million devices, and… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Last year, Nvidia CEO Jensen Huang repeatedly denied that China was obtaining America’s most advanced chips. ‘There’s no evidence of any AI chip diversion,’ he said, dismissing such reports on another occasion as ‘tall tales.’ Federal prosecutors would beg to differ. They’ve charged six men over the past three weeks with smuggling billions of dollars’ … Read More “We’re only seeing the tip of the chip-smuggling iceberg – CyberScoop” »
Barracuda says 88% of brute-force attempts in Q1 were from the region – Read More –
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future – Read More –
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are – Read More – The Hacker News
Microsoft has patched two zero-day flaws and over 160 others – Read More –
The PCI DSS 4.0 embodies a paradigm shift on payment data security- that of compliance checklists to on-going, risk-based… The post PCI DSS 4.0 roadmap for DPOs using vault appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems – Read … Read More “OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams – The Hacker News” »
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat Reader is a free, widely used software application from Adobe that allows users to view, print, sign, share, and annotate PDF documents. Adobe InDesign is desktop publishing software used to create, pre-flight, and publish … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. FortiAnalyzer is a unified security operations platform that consolidates telemetry across networks, endpoints, and cloud environments. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running the … Read More “Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, April 14, 2026 – Cyber Security Advisories – MS-ISAC” »
The Cybersecurity and Infrastructure Security Agency has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security. Emails from CISA obtained by CyberScoop recently informed applicants that the agency will not bring any CyberCorps: … Read More “CISA cancels summer internships for cyber scholarship students amid DHS funding lapse – CyberScoop” »
Digital Annotations replace paper markups in business, enabling real time collaboration, version control, and secure document workflows across teams. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited … Read More “Patch Tuesday, April 2026 Edition – Krebs on Security” »
Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update. “By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post … Read More “Microsoft drops its second-largest monthly batch of defects on record – CyberScoop” »
A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. […] – Read More – BleepingComputer
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. […] – Read More – BleepingComputer
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […] – Read More – BleepingComputer
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […] – Read More – BleepingComputer
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. […] – Read More – BleepingComputer
Seth Whitworth, who is both acting Associate Deputy Chief of Space Operations for Cyber and Data and acting chief information security officer, said he believes AI tools are shifting the way defenders review cyber risk, both for individual systems and more holistically throughout an enterprise. In particular, Large Language Models can be used to systematically … Read More “Space Force official touts AI’s impact on cyber compliance – CyberScoop” »
Philadelphia, United States / Pennsylvania, 14th April 2026, CyberNewswire – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
