🚨 CISA KEV 2[−]
15 Apr KEVRisky Business #833 -- The Great Mythos Freakout of 2026On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it…RISKY.BIZ
15 Apr KEVU.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and …SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 40[−]
15 Apr KEVApril Patch Tuesday roundup: Zero day vulnerabilities and critical bugsA critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT s…CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-dayMicrosoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most inter…SECURITYAFFAIRS.COM
15 AprCVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBeforeInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuseInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertionInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTSInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication BypassInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext RecoveryInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf CertificatesInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized PointerInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMACInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tagInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicNameInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OIDInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSLInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifierInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname ValidationInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streamingInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LFInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-35201 Discount has an Out-of-bounds Read in rdiscountInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayoutInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden charactersInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden charactersInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection ChainInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRFInformation published.MSRC.MICROSOFT.COM
15 Apr KEVMicrosoft Warns of Actively Exploited SharePoint Server Zero-DayMicrosoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors …GBHACKERS.COM
15 AprCVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."Information published.MSRC.MICROSOFT.COM
15 AprWindows Active Directory Flaw Opens Door to Malicious Code ExecutionMicrosoft disclosed a critical security vulnerability within Windows Active Directory that exposes enterprise networks to severe risks. Tracked officially as CVE-2026-33826, this vulnerability allows authenticated attackers to execute malicious code remotely over an adjacent netw…GBHACKERS.COM
15 AprCopilot and Agentforce fall to form-based prompt injection tricksEnterprise AI agents are supposed to streamline workflows. Instead, two fresh findings show they can just as easily streamline data exfiltration. Security researchers have uncovered prompt-injection vulnerabilities in both Microsoft Copilot Studio and Salesforce Agentforce that a…CSOONLINE.COM
15 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server TakeoverA recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that ena…THEHACKERNEWS.COM
15 AprApril Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and MoreA number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Busin…THEHACKERNEWS.COM
15 Apr KEVCVE-2026-33032: severe nginx-ui bug grants unauthenticated server accessAn actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypas…SECURITYAFFAIRS.COM
15 AprCritical nginx UI tool vulnerability opens web servers to full compromiseSecurity vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032 , first appeared on the…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
15 AprCurity looks to reinvent IAM with runtime authorization for AI agentsIn 2026, enterprise developers are building and deploying the first generation of powerful, increasingly autonomous AI agents at incredible speed. Now comes the hard part: working out how to secure them. Vendors in the space are facing multiple challenges. To begin with, traditio…CSOONLINE.COM
15 AprNorth Korean Spies DM You On FacebookAndroid Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote acc…CYBERSECURITYTODAY.LIBSYN.COM
15 AprTop 10 Best Passwordless Authentication Solutions in 2026Passwords are susceptible to phishing, brute-force attacks, credential stuffing, and human error, leading to an alarming number of data breaches and significant financial losses for enterprises worldwide. The frustration of forgotten passwords and endless resets also plagues user…GBHACKERS.COM
15 Apr13 Fragen gegen DrittanbieterrisikenDrum prüfe… Miljan Zivkovic | shutterstock.com Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die …CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-DayMicrosoft has released its highly anticipated April 2026 Patch Tuesday security updates, addressing a massive 168 vulnerabilities across its vast product portfolio. According to recent cybersecurity news reports, this comprehensive update includes a patch for one actively exploit…GBHACKERS.COM
15 AprOpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware AnalysisOpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providi…GBHACKERS.COM
15 AprIvanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User SessionsIvanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unautho…GBHACKERS.COM
15 AprMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized ActionBuilt by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their…CSOONLINE.COM
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New VulnerabilitiesMicrosoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated&nbs…THEHACKERNEWS.COM
15 AprHackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business EmailsAttackers are quietly abusing Microsoft 365 mailbox rules to steal emails, hide alerts, and maintain long-term access without installing malware. These stealthy tactics are increasingly common in business email compromise (BEC) campaigns targeting enterprise users worldwide. Afte…GBHACKERS.COM
15 AprPHP Composer flaws enable remote command execution via Perforce VCSTwo high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a …SECURITYAFFAIRS.COM
15 AprThe need for a board-level definition of cyber resilienceCyber resilience has become a critical governance concern as organizations face increasingly complex and costly cyber threats. However, recent research reveals that the concept of cyber resilience remains inconsistently defined across regulatory frameworks and in some cases prese…CSOONLINE.COM
15 AprCredit Resources Vault: Why this credit email set off our scam alarmsInside a targeted email campaign that funnels the most vulnerable financial people into handing over sensitive data, and signing up for weekly fees.MALWAREBYTES.COM
15 AprThe deepfake dilemma: From financial fraud to reputational crisisDeepfake technology has crossed a critical threshold. What was impossible 10 years ago and required specific expertise only a few years ago is now cheap and accessible. Worse, it’s now good enough to fool a wide range of employees and executives. In fact, a 2025 Gartner survey fo…CSOONLINE.COM
15 AprApril Patch Tuesday fixes two zero-days, including one under active attackThis month’s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.MALWAREBYTES.COM
15 AprHackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email FiltersHackers are exploiting Google Cloud Storage to bypass email and web filters and deliver Remcos RAT through convincing Google Drive–themed phishing campaigns that blend social engineering with fileless, multi‑stage execution chains. Phishing emails link to Google Cloud Storage buc…GBHACKERS.COM
15 AprMuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle EastA threat group resembling MuddyWater has conducted a large-scale reconnaissance and intrusion operation targeting critical sectors in the Middle East, including aviation, energy, and government entities. The attackers reportedly scanned over 12,000 internet-facing systems before …GBHACKERS.COM
15 AprUnlocking foundational visibility for cyber-physical systems with OT vulnerability managementStop managing risk in silos. VM-Native OT Discovery, now available in Tenable Vulnerability Management and Tenable Security Center provides unified visibility across IT and OT domains. See every asset and manage your total cyber exposure in a unified view. Key takeaways The air g…TENABLE.COM
15 AprTop 10 Best Application Security Testing Companies in 2026In the rapidly evolving digital landscape of 2026, applications are the backbone of every enterprise. From customer-facing web portals and mobile apps to intricate internal systems and APIs, software drives business operations, innovation, and customer engagement. However, this u…GBHACKERS.COM
15 AprOrganizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/organizations-warned-of-exploited-windows-adobe-acrobat-vulnerabilities/SH.ITJUST.WORKS
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilitiessubmitted by kid to cybersecurity 5 points | 0 comments https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.htmlSH.ITJUST.WORKS
15 AprwolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update Now!submitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/wolfssl-vulnerability-iot-routers-military-systems/SH.ITJUST.WORKS
15 AprEFF urges state probe into Google over undisclosed data sharing with ICEThe Electronic Frontier Foundation (EFF) has filed complaints with California and New York authorities accusing Google of deceptive practices, alleging that the company failed to notify users before handing their data to law enforcement. The case centers on a Ph.D. student whose …CYBERINSIDER.COM
15 AprPatch Tuesday notes: Microsoft addresses two zero-days.CISA recalls furloughed employees despite funding lapse. Business news: Cisco to acquire AI observability platform Galileo.THECYBERWIRE.COM
15 AprMicrosoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-DaysMicrosoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprA heavy patch Tuesday lands.Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant opera…THECYBERWIRE.COM
15 AprSmashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifyingA hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via …GRAHAMCLULEY.COM
📋 SECURITY BULLETINS 2[−]
15 AprFortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManagerFortinet has recently released a comprehensive security update, patching 11 newly identified vulnerabilities across several of its core enterprise products. The security flaws affect critical infrastructure components, including FortiSandbox, FortiOS, FortiAnalyzer, and FortiMana…GBHACKERS.COM
15 AprMicrosoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2Microsoft has released KB5083769, the April 14, 2026 cumulative security update for Windows 11 versions 24H2 and 25H2, moving the operating system to builds 26100.8246 and 26200.8246 respectively. The update bundles the latest security fixes with quality improvements that were pr…GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
15 AprChile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response ReadinessIn Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious …ANY.RUN
15 AprMichigan’s New Bill Takes Aim at AI Employee SurveillanceThe AI surveillance boom is colliding with regulation—and employers are the ones in the crosshairs. The post Michigan’s New Bill Takes Aim at AI Employee Surveillance appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprDeterministic + Agentic AI: The Architecture Exposure Validation RequiresFew technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and securit…THEHACKERNEWS.COM
15 AprGoogle, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-OutA recent independent audit conducted by privacy technology firm webXray has revealed that major technology companies, including Google, Microsoft, and Meta, are actively tracking users who have explicitly opted out of data sharing. The findings suggest widespread, industrial-scal…GBHACKERS.COM
15 AprSweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plantSweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."TECHCRUNCH.COM
🔥 INCIDENT REPORTING 6[−]
15 Apr'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prisonsubmitted by monica_b1998 to cybersecurity 4 points | 0 comments https://abcnews.com/US/addicted-hacking-young-hacker-historic-breach-speaks-1st/story?id=131855776SH.ITJUST.WORKS
15 AprJanaWare Ransomware Hits Turkish Users via Customized Adwind RATA new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict activity to Turkish systems…GBHACKERS.COM
15 AprNot All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - BSW #443So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, jo…YOUTUBE.COM
15 AprTrusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor CampaignHackers secretly planted a remote code-execution backdoor in more than 30 popular WordPress plugins, leaving it dormant for about 8 months before activating malware that rewrote wp-config.php and injected cloaked SEO spam at scale. The incident centers on “Essential Plugin,” a po…GBHACKERS.COM
15 AprComcast’s $117.5M Breach Settlement: Up to 30M People May QualifyComcast customers affected by the 2023 breach may qualify for cash, reimbursement, and identity protection under a proposed $117.5 million settlement. The post Comcast’s $117.5M Breach Settlement: Up to 30M People May Qualify appeared first on TechRepublic .TECHREPUBLIC.COM
15 Apr[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
ISC.SANS.EDU
🕵️ THREAT INTELLIGENCE 31[−]
15 AprISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 AprDragon Boss Solutions Supply Chain Attack Exposes 25,000+ EndpointsEarly on Sunday, 22 March 2025, what initially appeared to be routine adware suddenly escalated into a serious supply chain risk across managed environments. Seemingly benign executables, signed by Dragon Boss Solutions LLC, were using a built-in update mechanism to hide a multi‑…GBHACKERS.COM
15 AprFUNNULL Scam Network Resurfaces With 175+ Rotating Domains WorldwideFUNNULL-Linked Triad Nexus has quietly rebuilt its scam infrastructure, now rotating through more than 175 CNAME domains to keep a sprawling global fraud and brand‑impersonation network online. Following U.S. Treasury sanctions in May 2025 against FUNNULL Technology Inc., a core …GBHACKERS.COM
15 AprAgentic LLM Browsers Open New Front in Prompt Injection, Data TheftAgentic LLM browsers are turning everyday browsing into automated, AI-driven workflows but they also expose a powerful new attack surface for prompt injection and data theft. By letting an AI “drive” the browser with your full session, cookies, and permissions, old bugs like XSS …GBHACKERS.COM
15 AprFiverr exposes sensitive data via public URLs indexed by GoogleFiverr appears to have exposed user-uploaded files through publicly accessible Cloudinary URLs, with many assets indexed by Google search results. The exposure was reported by user ‘morpheuskafka,' on Hacker News. CyberInsider’s independent verification confirms the platform serv…CYBERINSIDER.COM
15 AprGet This Fast and Powerful Lenovo ThinkPad for $1,000 OffThis refurbished 2022 ThinkPad T14 is lightweight, responsive and certified to be in near-mint condition. The post Get This Fast and Powerful Lenovo ThinkPad for $1,000 Off appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprDefense in Depth, Medieval StyleThis article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 1520 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, en…SCHNEIER.COM
15 AprYour AI Hiring Tools Are Now a Civil Rights Liability in IllinoisIf your AI tools discriminate, it’s your liability—not your vendor’s. The post Your AI Hiring Tools Are Now a Civil Rights Liability in Illinois appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprGoogle Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory SafetyGoogle has officially integrated the memory-safe Rust programming language into the cellular baseband firmware of its Pixel 10 smartphones. According to a detailed technical breakdown published on the Google Online Security Blog on April 10, 2026, the engineering team has replace…GBHACKERS.COM
15 AprThe n8n n8mare: How threat actors are misusing AI workflow automationCisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026.TALOSINTELLIGENCE.COM
15 AprTop 10 Best API Security Providers Protecting Web Apps in 2026In the intricate tapestry of the modern digital world, Application Programming Interfaces (APIs) are the invisible threads that connect everything. They power mobile applications, enable seamless third-party integrations, facilitate microservices communication, and drive the func…GBHACKERS.COM
15 AprGoogle Photos Fixes Android Image Editing Tool: Here’s What ChangedGoogle Photos fixes Android crop tool bugs and adds smoother animations. Here’s what changed and why it matters for users. The post Google Photos Fixes Android Image Editing Tool: Here’s What Changed appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprThis $60 AI Assistant Aims to Consolidate Your Daily Work ToolsInstead of bouncing between AI tools, this platform puts models, file features, and creative tools together. The post This $60 AI Assistant Aims to Consolidate Your Daily Work Tools appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprWhy CSOs Fail the BusinessA key predictor of CSO success is their ability to understand the business, including financials and stakeholder priorities. Without this alignment, security leaders risk becoming isolated—seen as blockers rather than partners. Communicating in business terms and building relatio…YOUTUBE.COM
15 AprDependency cooldowns turn you into a free-ridersubmitted by codeinabox to security 3 points | 0 comments https://calpaterson.com/deps.htmlPROGRAMMING.DEV
15 AprTesting reveals Claude Mythos's offensive capabilities and limits - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2026/04/14/claude-mythos-test-attack-capabilities-limits/SH.ITJUST.WORKS
15 AprMalicious Chrome Extensions Campaign Exposes User Data - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/chrome-extensions-expose-user-data/SH.ITJUST.WORKS
15 AprWhatsApp New Update Lets You Chat Without Sharing Your Phone NumberWhatsApp is testing usernames that could let users chat without sharing phone numbers, adding a new privacy layer now rolling out to some beta users. The post WhatsApp New Update Lets You Chat Without Sharing Your Phone Number appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprMicrosoft Takes Over Key Stargate Site in Latest OpenAI PullbackMicrosoft has taken over Norway data center capacity once earmarked for OpenAI’s Stargate project, adding 30,000 Nvidia Vera Rubin chips. The post Microsoft Takes Over Key Stargate Site in Latest OpenAI Pullback appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprKraken Exchange Faces Extortion After Insider Recorded System Footagesubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/kraken-exchange-extortion-insider-system-footage/SH.ITJUST.WORKS
15 AprFake Ledger Live app on Apple’s App Store stole $9.5M in cryptosubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/SH.ITJUST.WORKS
15 AprGoogle to penalize “back button hijacking” starting June 2026Google has announced an update to its Search spam policies that explicitly targets “back button hijacking,” a deceptive browsing manipulation technique. The change will take effect on June 15, 2026, and sites engaging in the practice risk search ranking penalties or manual action…CYBERINSIDER.COM
15 Aprn8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing EmailsThreat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging t…THEHACKERNEWS.COM
15 AprAI Zuckerberg Runs the CompanyAI versions of executives are no longer sci-fi. Meta is reportedly building a photorealistic AI Zuckerberg to interact with employees and give feedback. What starts as an experiment quickly turns into a strange thought experiment about leadership, automation, and control. If exec…YOUTUBE.COM
15 AprCybersecurity Looks Like Proof of Work Nowsubmitted by codeinabox to security 2 points | 0 comments https://www.dbreunig.com/2026/04/14/cybersecurity-is-proof-of-work-now.htmlPROGRAMMING.DEV
15 AprMassive Chrome Extension Scam Exposes 20,000 Users to Data TheftResearchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection. The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprYouTube Will Show Fewer Livestream Ads During Purchases and Chat SpikesYouTube is changing livestream ad timing to avoid interrupting purchases and peak chat moments, giving creators a clearer view of where automated monetization is headed. The post YouTube Will Show Fewer Livestream Ads During Purchases and Chat Spikes appeared first on TechRepubli…TECHREPUBLIC.COM
15 AprSS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking?Deal teams are moving beyond virtual data rooms toward platforms that support the full deal lifecycle. Here’s how Intralinks DealCentre AI and Datasite compare. The post SS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking? appeare…TECHREPUBLIC.COM
15 AprNews Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption securitySUNNYVALE, Calif., Apr. 15, 2026 – NTT Research, Inc. , a division of NTT (TYO:9432), today announced the launch of Scale Academy , a startup incubator responsible for bringing to market products and services based upon technologies studied within the … (more…) The post New…LASTWATCHDOG.COM
15 AprTech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AISnap cuts 1,000 jobs as it cites “rapid advancements” in AI, saying smaller teams can do more amid rising competition and a push for profitability. The post Tech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AI appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprSecurity Became the Business NexusSecurity has evolved from a siloed function into one that interacts with nearly every part of the business, including executives, technical teams, and external stakeholders. This shift positions security as a central hub—or “nexus”—within organizations. It increases both influenc…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
15 AprFrom fake Proton VPN sites to gaming mods, this Windows infostealer is everywhereHiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain cryptocurrency wallets.MALWAREBYTES.COM
15 AprMirax malware campaign hits 220K accounts, enables full remote controlMirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reac…SECURITYAFFAIRS.COM
15 AprThreat landscape for industrial automation systems in Q4 2025The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.SECURELIST.COM
15 AprNach Anthropic Mythos: OpenAI kündigt GPT-5.4-Cyber anOpenAI bringt mit GPT-5.4-Cyber ein eigenes KI-Modell für Cybersicherheit. Wie bei Anthropics Mythos bleibt der Zugang zunächst eingeschränkt.HEISE.DE
🎙️ PODCASTS 1[−]
15 AprHuman-centered security in an AI world with Johnny Hand from TrendAIJohnny Hand, VP for AI Excellence at TrendAI joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He shares why organizations need to focus on AI operational excellence, how AI is accelerating both opportunity and risk in …THECYBERWIRE.COMHTTPS:
📡 INFOSEC NEWS 23[−]
15 AprWeekly Threat Bulletin – April 15th, 2026These are the top threats you should know about this week.F5.COM
15 AprAzure-Hosted Scanning Cluster Launches WordPress Webshell Discovery CampaignSensor Intel Series: March 2026 CVE TrendsF5.COM
15 AprScanning for AI Models, (Tue, Apr 14th)Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, the DShield database shows reporting of these probes started that day and has be…ISC.SANS.EDU
15 AprWhat Founders Get Wrong About Early Marketing with Merav Ben Avi, VP of Marketing at YL VenturesMerav Ben Avi, VP of Marketing at YL Ventures, makes a strong case for something most security founders get wrong: marketing should not come later. It should be there from the start. She explains why hiring too late creates messy positioning, weak launches, and marketers stuck fi…THECYBERWIRE.COM
15 AprOpenAI Launches GPT-5.4-Cyber with Expanded Access for Security TeamsOpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerate…THEHACKERNEWS.COM
15 AprFortinet stopft 18 SicherheitslecksInsgesamt 18 Sicherheitsnotizen hat Fortinet in der Nacht zum Mittwoch veröffentlicht. Sie behandeln teils kritische Lücken.HEISE.DE
15 AprPatchday: Angreifer attackieren Edge und Microsoft SharePoint ServerAufgrund von laufenden Attacken auf Edge und SharePoint Server sollten Admins sicherstellen, dass die aktuellen Microsoft-Sicherheitsupdates installiert sind.HEISE.DE
15 AprWarnung vor Attacken auf 17 Jahre alte Excel-LückeDie US-Cybersicherheitsbehörde warnt vor beobachteten Angriffen auf eine uralte Excel-Lücke. Auch SharePoint wird angegriffen.HEISE.DE
15 AprAdobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.Wichtige Sicherheitsupdates schließen Schwachstellen in Anwendungen von Adobe. Weil viele Lücken kritisch sind, sollten Admins zeitnah handeln.HEISE.DE
15 AprBugs ohne Bounty: Eclipse Foundation startet Sicherheitsprogramm für Open VSXSchutz für die Lieferkette: Die Eclipse Foundation motiviert Entwickler dazu, Schwachstellen in der Open VSX Registry zu finden – Geld gibt es jedoch nicht.HEISE.DE
15 AprMicrosoft Office 2021: Support endet am 13. Oktober 2026Microsoft erinnert an das Support-Ende für Office 2021 am 13. Oktober 2026. Es gibt keine erweiterten Sicherheitsupdates (ESU).HEISE.DE
15 Apr„Passwort“ Folge 55: News mit Claude-Code-Klau, PKI-Oopsies und QuantenturboDer Osterurlaub fiel für einige Admins PKI-bedingt kurz aus. Welche Fortschritte und Lecks es bei KI über die Feiertage gab, ist auch Thema der aktuellen Folge.HEISE.DE
15 AprRaspberry Pi OS 6.2: Update verspricht mehr SicherheitDie Raspberry-Pi-Entwickler haben in Raspberry Pi OS 6.2 die Sicherheit verbessert. Sie deaktivieren das passwortlose sudo.HEISE.DE
15 Apr108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 usersCybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point. Read more in my artic…BITDEFENDER.COM
15 AprWireGuard: Update für Windows-Client nach vier JahrenNachdem Probleme mit der Treibersignierung durch Blockade von Microsoft gelöst wurden, ist nun WireGuard 0.6.1 für Windows erschienen.HEISE.DE
15 AprFake YouTube copyright notices can steal your Google loginThis convincing copyright scam is targeting YouTube creators. Attackers can take over your channel, plus your entire Google account.MALWAREBYTES.COM
15 AprOpenSSL 4.0 verschlüsselt, was TLS bisher verraten hatOpenSSL 4.0.0 ist da: Die Kryptobibliothek entfernt Altlasten, führt ECH für mehr Datenschutz ein und bereitet auf Post-Quantum-Kryptografie vor.HEISE.DE
15 AprÜberwachung weltweit: Bundesregierung winkt UN-Cybercrime-Konvention durchTrotz massiver Kritik stimmt Berlin dem Abkommen gegen Cyberkriminalität zu. Es handelt sich um einen völkerrechtlichen Vertrag mit gefährlich viel Spielraum.HEISE.DE
15 Apr21. BSI-Sicherheitskongress: NIS-2-Umsetzung weit hinter den ErwartungenDie Richtlinie ist noch immer zu unbekannt und Unternehmen ignorieren die Registrierungspflicht, konstatiert das BSI auf seinem Jahreskongress.HEISE.DE
15 AprIdentität bleibt geheim: EU-App für Altersnachweis kommtKommissionschefin von der Leyen kündigt eine fertige Lösung zur Altersprüfung an, die anonymes Surfen ermöglichen und Plattformen in die Pflicht nehmen soll.HEISE.DE
15 AprSpotting cyberthreats: a guide for blind and low-vision users | Kaspersky official blogLearn how Be My Eyes assists visually impaired users, whether it can truly stop phishing, and the key security measures users should be taking.KASPERSKY.COM
15 AprAI clickbait can turn your notifications into a scam feedA new AI-driven campaign known as Pushpaganda is using clickbait to turn your browser notifications into a stream of scams and fake alerts.MALWAREBYTES.COM
15 AprCisco intends to acquire AI observability and evaluation platform provider GalileoAim Intelligence and Capsule Security each raise $7 million.THECYBERWIRE.COM