🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
16 Apr KEVNginx-UI Flaw Actively Exploited to Enable Full Server TakeoverA severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers to completely tak…GBHACKERS.COM
16 AprSplunk Enterprise and Cloud Platform Exposed to Dangerous RCE VulnerabilitySplunk has disclosed a high-severity vulnerability affecting both its Enterprise and Cloud Platform environments. Tracked as CVE-2026-20204, this flaw allows attackers to execute arbitrary code remotely. With a CVSS score of 7.1, the vulnerability requires immediate attention fro…GBHACKERS.COM
16 AprCisco Webex Vulnerability Allows User Impersonation AttacksCisco has released an urgent security advisory warning organizations of a critical vulnerability in its Webex communication platform. Tracked as CVE-2026-20184, this severe flaw could allow unauthenticated, remote attackers to entirely bypass security checks and impersonate any l…GBHACKERS.COM
16 AprNew PoC Exploit Published for Microsoft Defender 0-Day FlawA security researcher operating under the alias “Chaotic Eclipse” has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerabil…GBHACKERS.COM
16 AprCisco Patches Four Critical Identity Services, Webex Flaws Enabling Code ExecutionCisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below&nbs…THEHACKERNEWS.COM
16 AprBehind the Mythos hype, Glasswing has just one confirmed CVEEfforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE. While Project Glass…CSOONLINE.COM
16 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeoversubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.htmlSH.ITJUST.WORKS
16 AprNVD shifts strategy to deal with a CVE backlog.McGraw Hill confirms data breach. Two US nationals sentenced to prison for involvement in North Korean IT worker schemes.THECYBERWIRE.COM
16 AprToo many flaws, not enough time.NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sente…THECYBERWIRE.COM
16 Apr KEVNIST cuts down CVE analysis amid vulnerability overloadOverwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in i…CSOONLINE.COM
16 AprCisco Systems issues three advisories for critical vulnerabilities in Webex, ISEAdmins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 32[−]
16 AprMcGraw Hill - 13,500,136 breached accountsIn April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB …HAVEIBEENPWNED.COM
16 AprKonform Browser - Open source web browser taking privacy, security and freedom to the next levelsubmitted by ken to cybersecurity 8 points | 1 comments https://codeberg.org/konform-browser/ Would like to share this FLOSS project been working on for a while now and hope that is cool with you all! Was not satisfied with status quo on browser options for our use-cases and need…SH.ITJUST.WORKS
16 AprWho is winning the scam game?This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
16 AprAI Content Hijacks Google Discover to Deliver Malicious AlertsA new large-scale cyber operation is exploiting Google’s Discovery feed to spread malicious notifications and scams through AI-generated content. Pushpaganda begins with threat actors creating around 113 fake domains filled with AI-written articles and clickbait headlines. These …GBHACKERS.COM
16 AprUAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware CampaignThe Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data fr…THEHACKERNEWS.COM
16 Apr KEVCisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, incl…GBHACKERS.COM
16 AprChrome Privacy Vulnerability Exposes Users via Fingerprinting and Header LeaksA new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced some o…GBHACKERS.COM
16 AprCritical Cisco ISE Flaws Let Remote Attackers Execute Malicious CodeNetworking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy manag…GBHACKERS.COM
16 AprSniffnet 1.5: Welches Programm funkt nach Hause?Der Open-Source-Netzwerkmonitor Sniffnet ordnet Traffic nun einzelnen Programmen zu. Version 1.5.0 bringt zudem Blacklists und Adapter-Vorschauen.HEISE.DE
16 AprHuman Trust of AI AgentsInteresting research: “ Humans expect rationality and cooperation from LLM opponents in strategic games .” Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs …SCHNEIER.COM
16 AprHackers Exploit n8n Webhooks to Spread MalwareA new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized …GBHACKERS.COM
16 AprThe endless CISO reporting line debate — and what it says about cybersecurity leadershipIt is difficult to understand why, in 2026, we are still debating the reporting line of the chief information security officer (CISO). It is one of the first topics I wrote about in 2015 , and after more than two decades of high-profile cyber incidents, sustained regulatory press…CSOONLINE.COM
16 AprPowMix botnet targets Czech workforceCisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.”TALOSINTELLIGENCE.COM
16 Apr KEVDefending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than EverIntroduction Advances in AI model-powered exploitation have demonstrated that general-purpose AI models can excel at vulnerability discovery, even without being purpose-built for the task. Eventually, capabilities such as these will be integrated directly into the development cyc…CLOUD.GOOGLE.COM
16 AprFake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaignMultiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors …GBHACKERS.COM
16 Apr KEVMicrosoft’s Windows Recall still allows silent data extractionMicrosoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator p…CSOONLINE.COM
16 AprMicrosoft, Salesforce Patch AI Agent Data Leak Flawssubmitted by kid to cybersecurity 5 points | 0 comments https://www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flawsSH.ITJUST.WORKS
16 AprPHP Composer flaws enable remote command execution via Perforce VCSsubmitted by kid to cybersecurity 7 points | 0 comments https://securityaffairs.com/190824/security/php-composer-flaws-enable-remote-command-execution-via-perforce-vcs.htmlSH.ITJUST.WORKS
16 AprThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More StoriesYou know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people'…THEHACKERNEWS.COM
16 AprVom BlueHammer-Autor: Neuer Windows-Zeroday verschafft AdminrechteDer Exploit nutzt ausgerechnet ein unsicheres Verhalten des Windows Defender und eines Datei-API, um sich Systemrechte zu sichern. Er ist noch ungepatcht.HEISE.DE
16 AprAI platform n8n abused for stealthy phishing and malware deliveryAttackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and coll…SECURITYAFFAIRS.COM
16 AprEU’s official age verification app found exposing sensitive user dataThe European Commission has unveiled its official age-verification app, presenting it as a privacy-preserving, open-source solution to protect minors online. Within hours of its release, however, security researchers reported critical flaws that could expose biometric data and al…CYBERINSIDER.COM
16 AprFake Proton VPN sites are pushing NWHStealer malware to Windows usersA newly uncovered malware campaign is leveraging fake Proton VPN websites, alongside gaming mods and utility tools, to distribute a Windows infostealer known as NWHStealer. According to Malwarebytes, which documented the activity, attackers rely on a mix of deceptive websites, op…CYBERINSIDER.COM
16 AprNewly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 TrafficCybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing int…THEHACKERNEWS.COM
16 AprEU’s official age verification app found exposing sensitive user data; also EU Age Verification can be bypassed using their own infrastructuresubmitted by beep to cybersecurity 28 points | 2 comments https://video.twimg.com/amplify_video/2044718576485953536/vid/avc1/996x2160/hyLmEHaGr6DltAA6.mp4 Hacking the EU Age Verification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app …INFOSEC.PUB
16 AprThe Q1 vulnerability pulseThor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.TALOSINTELLIGENCE.COM
16 AprFoxit, LibRaw vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco&…TALOSINTELLIGENCE.COM
16 AprBeating the Mythos clock: Using Tenable Hexa AI custom agents for automated patchingSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuou…TENABLE.COM
16 AprMcGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records LeakedMcGraw-Hill confirms a data exposure tied to a Salesforce misconfiguration as hackers claim 45M records, raising concerns over SaaS security risks. The post McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprRCE by design: MCP architectural choice haunts AI agent ecosystemAI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the S…CSOONLINE.COM
16 AprWhen “No Exploit” Becomes OneSecurity teams sometimes rank vulnerabilities lower if no exploit exists or if exploitation seems difficult. That assumption is often based on current knowledge—like proof-of-concept code or known exploitation in the wild. This approach can fail fast. Exploits can appear suddenly…YOUTUBE.COM
16 AprThe AI "Vulnpocolypse" Is Real? - PSW #922This week: - CSA issues guidance to CISOs on Mythos - Vuln management woes - Windows tells you about Secure Boot - AI-assisted firmware vuln hunting - The dumbest hack - Edge decay and the failing perimeter - Mac OS X on a Wii - Little snitch comes to Linux - CPUID served malware…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
16 AprCritical Chrome Flaws Allow Arbitrary Code Execution – Patch ImmediatelyGoogle has released an urgent security update for its Chrome web browser to address 31 vulnerabilities, including five rated as critical. The stable channel has been updated to version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. This update is currently …GBHACKERS.COM
📢 SECURITY ADVISORIES 3[−]
16 AprInsurance carriers quietly back away from covering AI outputsSeveral major insurance carriers have begun to back away from providing cybersecurity and other insurance to companies using AI to run internal processes, insiders say. While there’s no standard response to customer use of AI in the insurance market, many carriers are now quietly…CSOONLINE.COM
16 AprSpionageangst im Bendlerblock: Pistorius verbannt Privat-Handys aus SitzungenWegen akuter Abhörgefahren durch Russland und China verschärft das Verteidigungsministerium die Regeln für Smartphones und Smartwatches in sensiblen Bereichen.HEISE.DE
16 AprEarly Results From KnowBe4’s AI Agents Show Easier Administration and Lower Cyber RiskYou often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI…KNOWBE4.COM
🔥 INCIDENT REPORTING 11[−]
16 AprHow Nations Hack, Spy, and WinMost people think nation-state cyberattacks are unpredictable. Allie Mellen wrote the book that proves they’re not. Allie Mellen is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield and a leading industry analyst and former hacker. She advises Glo…THECYBERWIRE.COM
16 AprSweden reports cyberattack attempt on heating plant amid rising energy threatsSweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officia…SECURITYAFFAIRS.COM
16 AprBooking.com breach gives scammers what they need to target guestsGuest reservation data stolen from the booking giant can be used by scammers to impersonate hotels to steal payment and personal info.MALWAREBYTES.COM
16 AprMcGraw Hill data breach incident exposed 13.5 million accountsA data breach affecting education publisher McGraw Hill has resulted in the exposure of 13.5 million user records. The incident, which occurred earlier this month, has now been independently verified through analysis of the leaked dataset by Have I Been Pwned (HIBP). The breach f…CYBERINSIDER.COM
16 Apr[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your EnvironmentIn 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: serv…THEHACKERNEWS.COM
16 AprUAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data TheftA surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral moveme…GBHACKERS.COM
16 AprAutovista blames ransomware for service disruption • The Registersubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2026/04/15/automotive_data_biz_autovista_ransomwareSH.ITJUST.WORKS
16 Apr KEVCookeville hospital notifies 337K after hack | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/cookeville-regional-medical-center-ransomware-337k-exposed/SH.ITJUST.WORKS
16 AprMalicious WordPress Plugins with Backdoors Compromise Thousands of WebsitesMore than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic .TECHREPUBLIC.COM
16 Apr KEVCookeville Regional Medical Center hospital data breach impacts 337,917 peopleA ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data bre…SECURITYAFFAIRS.COM
16 AprHere's What Agentic AI Can Do With Have I Been Pwned's APIsPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencer…TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 21[−]
16 AprISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 AprFake Adobe Reader Download Drops ScreenConnect via Fileless LoaderA deceptive campaign in which attackers distributed a fake Adobe Acrobat Reader installer that secretly deployed ConnectWise’s ScreenConnect via a complex in‑memory execution chain. Although ScreenConnect is a legitimate remote‑access tool, it was repurposed for unauthorized syst…GBHACKERS.COM
16 AprRussian Hosting Tied to 1,250+ C2 Servers Across 165 ProvidersMore than 1,250 C2 servers were identified across 165 Russian infrastructure providers within the past 3 months. Infrastructure analytics and ISP mapping are exposing the hidden backbone of cyber threats operating inside Russian networks. By looking beyond single IPs or one-off i…GBHACKERS.COM
16 AprTwo U.S. Nationals Sentenced in $5 Million DPRK Remote Worker Laptop Farm SchemeThe U.S. Justice Department has sentenced two New Jersey residents, Kejia Wang and Zhenxing Wang, for enabling a massive fraudulent employment operation that generated over $5 million for the Democratic People’s Republic of Korea (DPRK). Kejia Wang received a 108-month prison ter…GBHACKERS.COM
16 AprFrom clinics to government: UAC-0247 expands cyber campaign across UkraineCERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilitie…SECURITYAFFAIRS.COM
16 AprBlobPhish: The Phantom Phishing Campaign Hiding in Browser MemoryANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside t…ANY.RUN
16 AprUS Moves Toward Mandatory Data Center Energy Reporting as EIA Pilot ExpandsThe EIA’s pilot survey offers the clearest look yet at how the US government plans to measure data center power use as AI strains the grid. The post US Moves Toward Mandatory Data Center Energy Reporting as EIA Pilot Expands appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprGoogle, Microsoft, Meta Tracking You Even if You Opt Out - New Researchsubmitted by kid to cybersecurity 5 points | 0 comments https://cybersecuritynews.com/google-microsoft-meta-tracking-even-you-opt-out/SH.ITJUST.WORKS
16 AprFrench cops free mother and son after crypto kidnapping • The Registersubmitted by kid to cybersecurity 5 points | 0 comments https://www.theregister.com/2026/04/15/crypto_kidnap_france/SH.ITJUST.WORKS
16 AprAI adoption is outpacing the safeguards around it - Help Net Securitysubmitted by kid to cybersecurity 3 points | 0 comments https://www.helpnetsecurity.com/2026/04/14/ai-adoption-safety-transparency-report/SH.ITJUST.WORKS
16 AprWordPress plugins injected with malicious code | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/wordpress-essential-plugins-injected-malicious-code/SH.ITJUST.WORKS
16 AprFortinet Patches Critical FortiSandbox Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/fortinet-patches-critical-fortisandbox-vulnerabilities/SH.ITJUST.WORKS
16 AprQuantum-safe encrypted cloud storage Tuta Drive debuts in closed betaTuta has launched an invite-only beta for Tuta Drive, a new end-to-end encrypted cloud storage service designed with post-quantum cryptography. The release marks a significant step in the company’s effort to build a privacy-focused alternative to mainstream cloud platforms. The c…CYBERINSIDER.COM
16 AprAI Security Arms Race BeginsAI is increasingly being used by attackers, leading to a rise in scalable threats like phishing, social engineering, and network intrusions. This creates an “arms race” dynamic where defenders must adopt similar AI-driven tactics to keep pace. As attacks become cheaper and easier…YOUTUBE.COM
16 AprAdobe Expands Firefly Into AI-Powered Editing Assistant Across Creative AppsAdobe unveils Firefly AI Assistant, new editing tools, and adds partner models as it turns Firefly into a hub for agentic creative workflows. The post Adobe Expands Firefly Into AI-Powered Editing Assistant Across Creative Apps appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprTwo Americans sentenced for helping North Korea steal $5 million in fake IT worker schemeThe U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.TECHCRUNCH.COM
16 AprMajor Disney Layoffs: 1,000 Jobs Cut in Tech-Driven ShakeupDisney cuts 1,000 jobs as it shifts toward a tech-driven, automated future. The move signals broader media industry changes and investor optimism. The post Major Disney Layoffs: 1,000 Jobs Cut in Tech-Driven Shakeup appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprEU Declares New Digital Age Verification App Ready for DeploymentThe EU unveils a privacy-first age verification app to protect minors online, pressuring platforms to comply with stricter digital safety rules. The post EU Declares New Digital Age Verification App Ready for Deployment appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprNew MacBook Pro Overhaul Expected with OLED, Touchscreen, and M6 ChipsRumors point to a redesigned MacBook Pro with OLED, touch support, thinner hardware, and M6 chips, but Apple’s launch timing still looks uncertain. The post New MacBook Pro Overhaul Expected with OLED, Touchscreen, and M6 Chips appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprNTT Research Launches Scale Academy to Bring Lab Technology to MarketNTT Research launches Scale Academy to turn AI and security research into real products, debuting SaltGrain, a zero-trust data security platform. The post NTT Research Launches Scale Academy to Bring Lab Technology to Market appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprThe Boy That Cried Mythos: Verification is Collapsing Trust in Anthropicsubmitted by codeinabox to security 1 points | 0 comments https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/ cross-posted from: lemmy.bestiver.se/post/1051864 CommentsPROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 3[−]
16 AprAnthropic vs Washington.This week, Dave and Ben revisit Anthropic’s lawsuits against the Pentagon after the company was reclassified as a supply chain risk. Additionally, Dave and Ben also take a look at the looming Section 702 deadline, which is set to expire on April 20th.THECYBERWIRE.COM
16 AprA fake Slack download is giving attackers a hidden desktop on your machineThis trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep dive into the attack.MALWAREBYTES.COM
16 AprObsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto AttacksA "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financi…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
16 AprExtending zero trust beyond the endpoint with Rob Allen from ThreatLockerRob Allen, CPO at ThreatLocker joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He discusses the evolution of zero trust beyond applications into network and cloud access, and how enforcing deny-by-default policies at …THECYBERWIRE.COMHTTPS:
📡 INFOSEC NEWS 17[−]
16 AprChrome-Update stopft 31 Sicherheitslücken, davon fünf kritischeUpdates für Google Chrome aus der Nacht zum Donnerstag schließen 31 Sicherheitslücken. Fünf davon gelten als kritisches Risiko.HEISE.DE
16 AprCisco: Kritische Codeschmuggel-Lücken in ISE und mehr geschlossenIn Ciscos Identity Services Engine sowie Webex klaffen kritische Sicherheitslücken. Insgesamt stopfen die Entwickler 10 Sicherheitslecks.HEISE.DE
16 AprAnonymisierendes Linux: Notfallupdate auf Tails 7.6.2 schließt Flatpak-LückeEine Sicherheitslücke in Flatpak ist Auslöser für ein Notfallupdate für die Linux-Distribution Tails, die anonymes Surfen ermöglicht.HEISE.DE
16 AprMore than pretty pictures: Wendy Bishop on visual storytelling in techWendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.TALOSINTELLIGENCE.COM
16 AprHidden Passenger? How Taboola Routes Logged-In Banking Sessions to TemuA bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical brea…THEHACKERNEWS.COM
16 AprFashion retailer Express left customers’ personal data and order details exposed to the internetRetail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would not say if it plans to notify customers.TECHCRUNCH.COM
16 AprBrowser Guard gets even better with Access ControlTake control of pesky permission pop-ups and decide exactly which websites can access your camera, microphone, location, and send you notifications.MALWAREBYTES.COM
16 Apr“iCloud storage is full” scam is back, and now it wants your payment detailsApple users: Watch out for “upgrade now or lose your photos” scams that rush you into handing over your payment details.MALWAREBYTES.COM
16 AprAndroid Canary: Google testet überarbeitetes Kontextmenü für App-IconsIn der aktuellen Android-Canary-Version testet Google ein kompakteres, zweigeteiltes Kontextmenü für App-Icons sowie eine neue Benachrichtigungsanzeige.HEISE.DE
16 AprGimp: Ungepatchte Lücke erlaubt Codeschmuggel mit GIFsSicherheitslücken in Gimp erlauben das Einschleusen von Schadcode mit manipulierten Dateien wie GIFs. Noch gibt es kein Update.HEISE.DE
16 AprÖPNV-Expressmodus-Funktion beim iPhone: YouTuber zeigen potenziellen AngriffMit dem Expressmodus kann man in U-Bahn-Systemen wie in London oder New York schnell sein Ticket per NFC bezahlen. Besteht hier eine Sicherheitslücke?HEISE.DE
16 Apr„Power Off“: BKA geht gegen DDoS-Angebote vorBundeskriminalamt und Generalstaatsanwaltschaft Frankfurt sind mit internationalen Partnern gegen sogenannte Stresserdienste vorgegangen. Es gab Festnahmen.HEISE.DE
16 AprIt’s not just you — Bluesky is (sorta) downBluesky has been experiencing ongoing service disruptions since just before 3 a.m. ET.TECHCRUNCH.COM
16 AprDie Natur ist unsere Quelle der Zufälligkeit: zum Tode von Michael O. RabinIm Alter von 94 Jahren ist Michael Oser Rabin gestorben. Er war der einzige Empfänger des Turing-Awards, der im Deutschen Reich geboren wurde.HEISE.DE
16 AprEuropean police email 75,000 people asking them to stop DDoS attacksEuropol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.TECHCRUNCH.COM
16 AprCisco fixed four critical flaws in Identity Services and WebexCisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code …SECURITYAFFAIRS.COM
16 AprTreasury Secretary holds a meeting to cover risks related to Anthropic’s new model.Europe set to deploy new age-verification tool.THECYBERWIRE.COM