Much of the talk around cybersecurity these days revolves around AI and the threat it poses to corporate systems when used by nefarious actors. But the reality on the ground remains a little more mundane than polymorphic AI malware and criminal masterminds putting machine learning and generative AI to work at scale. Still, keeping on…
Category: Exploits
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Russia, Venture
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
On April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats to a single group but makes reference to 2023 attacks on US water and wastewater facilities linked to the…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses
Editor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X. The recent wave of ClickFix attacks has introduced several new ways to compromise users, establishing itself as a technique that is likely here to stay. We have observed Lazarus Group using…
Cybersecurity, Exploits, Global Security News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2023-27351 (CVSS score: 8.2) – An improper authentication vulnerability in PaperCut
AI, Cybersecurity, Exploits, Global Security News, Network Security
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
As organizations consider agentic AI for their business and IT stacks, researchers continue to find bugs and vulnerabilities in major, commercial models that can significantly expand their attack surface. This week, researchers at Pillar Security disclosed a vulnerability in Antigravity, an AI-powered developer tool for filesystem operations made by Google. The bug, since patched, combined…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy
France’s ANTS ID System website hit by cyberattack, possible data breach
A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passports, ID cards, residence permits, and driver’s licenses. Authorities detected the incident on April 15 and warned it may have exposed personal data from both individuals…
AI, Apps, Europe, Exploits, Global Security News, malware, Network Security, Risk Management
Cyberattack That Could Have Poisoned a City’s Water Supply by Manipulating Chlorine Levels
In mid-April 2026, researchers at Darktrace published a detailed breakdown of a malware sample that occupies a narrow but alarming niche in the threat landscape: a Windows-based OT weapon apparently designed from the ground up to sabotage Israeli water treatment and desalination infrastructure. The malware identifies itself internally as ZionSiphon — the name appears in a core…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management
Vercel’s security breach started with malware disguised as Roblox cheats
Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday. The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. An attacker traversed third-party…
Exploits, Global Security News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
NIST Scales Back Vulnerability Scoring in 2026 as CVE Volume Surges
The National Institute of Standards and Technology (NIST) is narrowing how it analyzes and scores software vulnerabilities, citing a sharp increase in submissions that has made it difficult to keep pace. “For years, security teams relied on NVD for vulnerability context to support prioritization decisions. But that model is under real strain,” said Ian Gray,…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so far without success. The vulnerability is a command…
AI, Exploits, Global Security News
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
AI, Endpoint, Exploits, Global Security News, malware, Risk Management
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
Attackers are increasingly exploiting enterprise collaboration platforms such as Microsoft Teams to gain initial access, impersonating IT helpdesk staff and persuading employees to grant remote control, according to new research from Microsoft. In a blog post, Microsoft described a “cross-tenant helpdesk impersonation” technique in which threat actors initiate conversations with employees via Teams’ external access…
AI, Exploits, Global Security News, Network Security
Network ‘background noise’ may predict the next big edge-device vulnerability
Attackers rarely exploit an edge-device vulnerability indiscriminately. Typically, they first test how widely the flaw can be used and how much access it can provide, then move on to steal data or disrupt operations. Pre-attack surveillance and planning leaves a lot of noise in its wake. These signals — particularly spikes in traffic that are…
AI, Exploits, Global Security News
Copilot & Agentforce offen für Prompt-Injection-Tricks
KI-Agenten sind populär – und anfällig dafür, missbraucht zu werden. DC Studio / Shutterstock KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration – wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben sowohl in Microsoft Copilot Studio als auch Salesforce Agentforce Prompt-Injection-Schwachstellen entdeckt. Diese ermöglichen Angreifern in beiden Fällen schadhafte Befehle über…
AI, Cybersecurity, Exploits, Global Security News
Claude Mythos – ist der Hype gerechtfertigt?
Claude Mythos wird derzeit von ausgesuchten Organisationen getestet – in erster Linie großen Tech-Konzernen aus den USA. Anthropic | Screenshot Der Hype um Anthropics Security-Modell Mythos bekommt erste Risse: Während KI-Konkurrent OpenAI plant, mit einem eigenen Cybersecurity-fokussierten KI-Modell „entgegenzuwirken“, stellen die Sicherheitsexperten von VulnCheck in einer aktuellen Untersuchung die praktischen Auswirkungen von Claude Mythos, respektive…
AI, Apps, Exploits, Global Security News, Risk Management
AI Model Claude Opus turns bugs into exploits for just $2,283
Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find and exploit vulnerabilities. Below is the cost of the experiment: Model…
AI, Exploits, Global Security News, Risk Management
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has become a defining challenge of modern defensive security. Some numbers[1]: CVEs published in 2023: 29K+ CVEs published in 2024: 40K+ New CVEs…
AI, Data Breaches, Exploits, Global Security News
Cyber attacks fuel surge in cargo theft across logistics industry
Hackers infiltrate logistics firms to steal cargo and divert payments, cyberattacks are linked to organized crime and rising losses. Proofpoint researchers observed crooks targeting trucking and logistics companies, running coordinated remote access campaigns to steal cargo and divert payments. These attacks appear to be linked to organized crime. The findings highlight a growing trend of…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack Fake Claude site installs malware that gives attackers access to your computer Malware Analysis Static SKILL for Codex JanelaRAT: a financial threat targeting users in Latin…
AI, APAC, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware Nexcorium Mirai variant…
AI, Exploits, Global Security News
Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Bringing governance and visibility to machine and AI identities In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…
Exploits, Global Security News
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. […]
Exploits, Global Security News
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
Exploits, Global Security News
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
AI, Exploits, Global Security News, malware
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks
A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for…
AI, Exploits, Global Security News
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…
AI, Exploits, Global Security News, Network Security
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability…
AI, Apps, Exploits, Global Security News, Risk Management
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale and is described as a Server-Side Template Injection (SSTI) issue. Thymeleaf has a sandbox-like protection…
AI, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
World ID expands its ‘proof of human’ vision for the AI era
Identity management is a critical concern for any enterprise, and it’s becoming ever more complex and convoluted with the advent of AI agents. World ID is taking a unique (and to some, controversial) approach to this challenge by building a ‘digital proof of human’ ecosystem for the internet. Today, at its “Lift Off” event, the…
AI, Apps, Compliance, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management
Microsoft’s Patch Tuesday release for April is a whopper
Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle we can recall. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild. The Readiness team is recommending “Patch Now” schedules…
AI, Data Breaches, Exploits, Global Security News
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading…
AI, APAC, Apps, china, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management
Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week
Major Threats & Vulnerabilities Zero-Day and Active Exploits A critical flaw in Nginx UI is being actively exploited in the wild, allowing unauthenticated users to perform privileged actions through an unprotected endpoint. Administrators are urged to patch immediately and restrict public access to management interfaces. The EngageLab SDK vulnerability affecting over 50 million Android users…
AI, Exploits, Global Security News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Commercial AI Models Show Rapid Gains in Vulnerability Research
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds
AI, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Risk Management
White House moves to give federal agencies access to Anthropic’s Claude Mythos
The US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerabilities and offer the ability to exploit them. Federal Chief Information Officer Gregory Barbaccia at the White House Office of Management and Budget (OMB)…
AI, Exploits, Global Security News
Another Microsoft Defender privilege escalation bug emerges days after patch
Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling of certain cloud-tagged…
Exploits, Global Security News
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The second, “UnDefend,” allows a standard user to block Microsoft Defender from receiving signature updates or…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Network Security, Risk Management
Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
In two decades, Palo Alto Networks has evolved from a next-generation niche player to one of the largest global cybersecurity giants today. Under its mantra of “platformization,” the company has catapulted its revenues over its closest competitors and boosted its stock valuation to over $130 billion. No stranger to AI use in cybersecurity, Palo Alto recently announced…
APAC, Exploits, Global Security News
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […]
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-34197 is a critical flaw in Apache ActiveMQ caused by…
AI, Exploits, Global Security News
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. […]
APAC, Cybersecurity, Exploits, Global Security News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian
AI, Exploits, Global Security News, Network Security, Risk Management
US nationals sentenced for aiding North Korea’s tech worker scheme
Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said. The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Admins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must upload a new identity provider (IdP) SAML certificate to Webex…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Admins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must upload a new identity provider (IdP) SAML certificate to Webex…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
RCE by design: MCP architectural choice haunts AI agent ecosystem
AI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the STDIO interface, with broad implications for the agent ecosystem, according to a new…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
NIST cuts down CVE analysis amid vulnerability overload
Overwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in its National Vulnerability Database (NVD), the agency will focus on just the most critical CVEs, which…
Cybersecurity, Exploits, Global Security News
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. […]
AI, Exploits, Global Security News, Risk Management
Cisco fixed four critical flaws in Identity Services and Webex
Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting…
Exploits, Global Security News, malware
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. […]
AI, Exploits, Global Security News, malware
AI platform n8n abused for stealthy phishing and malware delivery
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
Exploits, Global Security News
NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management
Microsoft’s Windows Recall still allows silent data extraction
Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine
Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…
AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management
Microsoft’s Windows Recall still allows silent data extraction
Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…
AI, Cybersecurity, Exploits, Global Security News, Politics
Behind the Mythos hype, Glasswing has just one confirmed CVE
Efforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE. While Project Glasswing, the controlled access program for Mythos, promises a powerful offensive capability, gated…
AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory
ANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside the victim’s browser using blob objects. The result is a phishing payload that lives entirely in memory, leaving little to no trace in logs, caches,…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…
Exploits, Global Security News
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. […]
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
McGraw-Hill Confirms Data Exposure Tied to Salesforce Issue
McGraw-Hill has confirmed unauthorized access to a limited set of internal data following a reported Salesforce misconfiguration. The disclosure comes after an extortion threat that raised questions about the scale and sensitivity of the incident. “ShinyHunters has no shortage of options for potential follow-up campaigns. They can target instructors with convincingly branded messages, pivot into…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Critical nginx UI tool vulnerability opens web servers to full compromise
Security vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032, first appeared on the National Vulnerability Database (NVD) on March 30, the same day that threat intelligence companies…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said…
AI, Endpoint, Exploits, Global Security News, Network Security
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2009-0238 Microsoft Office Remote…
AI, Cybersecurity, Exploits, Global Security News
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model
OpenAI said it is expanding its Trusted Access for Cyber program to “thousands of individuals and organizations,” who will use the company’s technology to root out bugs and vulnerabilities in their products. The program will also incorporate GPT 5.4 Cyber, a new variant of ChatGPT that OpenAI says is specifically optimized for cybersecurity tasks. OpenAI’s…
Exploits, Global Security News
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8
Exploits, Global Security News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. “
AI, Exploits, Global Security News
Copilot and Agentforce fall to form-based prompt injection tricks
Enterprise AI agents are supposed to streamline workflows. Instead, two fresh findings show they can just as easily streamline data exfiltration. Security researchers have uncovered prompt-injection vulnerabilities in both Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to execute malicious instructions via seemingly harmless prompts. According to Capsule Security findings, SharePoint forms and public-facing…
AI, Apps, Exploits, Global Security News, malware, Risk Management
Mirax malware campaign hits 220K accounts, enables full remote control
Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
The deepfake dilemma: From financial fraud to reputational crisis
Deepfake technology has crossed a critical threshold. What was impossible 10 years ago and required specific expertise only a few years ago is now cheap and accessible. Worse, it’s now good enough to fool a wide range of employees and executives. In fact, a 2025 Gartner survey found that 43% of cybersecurity leaders experienced at…
Exploits, Global Security News
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are
AI, Exploits, Global Security News
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
AI, Exploits, Global Security News
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers
Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that purpose. The company is scaling its Trusted Access for Cyber (TAC) program to thousands of verified individual…
AI, Cybersecurity, Exploits, Global Security News, Risk Management, Venture
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: What are the real threat vectors for our organization?…
AI, Cloud Security, Exploits, Global Security News
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers on Anthropic’s Claude Mythos, which autonomously found thousands of zero-day vulnerabilities across major operating systems and browsers, generated working…
AI, Exploits, Global Security News, Network Security, Risk Management
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather…
AI, Exploits, Global Security News, Network Security, Risk Management
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security
Microsoft drops its second-largest monthly batch of defects on record
Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update. “By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Space Force official touts AI’s impact on cyber compliance
Seth Whitworth, who is both acting Associate Deputy Chief of Space Operations for Cyber and Data and acting chief information security officer, said he believes AI tools are shifting the way defenders review cyber risk, both for individual systems and more holistically throughout an enterprise. In particular, Large Language Models can be used to systematically…
Exploits, Global Security News
McGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […]
AI, Exploits, Global Security News, Network Security
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
This month’s Microsoft Patch Tuesday looks like a record one, but let’s look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related.…
AI, Cybersecurity, Europe, Exploits, Global Security News
EU regulators largely denied access to Anthropic Mythos
European regulators have largely been frozen out of early access to Anthropic’s new Mythos model, Politico reports. The AI technology, aimed at cybersecurity use cases, is said to be able to identify and exploit technical vulnerabilities at a level that surpasses most humans — signaling a structural shift for CISOs and the cybersecurity industry. For security…
AI, Exploits, Global Security News
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below – CVE-2026-40176 (CVSS
AI, Apps, Exploits, Global Security News
Oligo enables real-time exploit detection and blocking at application runtime
Oligo Security has unveiled Runtime Exploit Blocking, a new capability that stops exploit attempts at the application layer in real time. By providing visibility into how applications execute and behave, Oligo identifies and blocks malicious activity at the point of execution, without killing containers or processes, or impacting the application. Attackers rely on repeatable exploit…
AI, china, Cloud Security, Endpoint, Exploits, Global Security News, malware, Network Security
China-linked cloud credential heist runs on typos and SMTP
China-aligned hackers have deployed a Linux-based ELF backdoor to steal cloud credentials at scale from workloads across AWS, GCP, Azure, and Alibaba Cloud environments. According to Breakglass Intelligence findings, the backdoor uses a “zero-detection” technique, employing SMTP port 25 as a covert command-and-control (C2) channel to harvest cloud provider credentials and metadata. “A selective C2…
AI, Exploits, Global Security News, Risk Management
DataVisor brings conversational AI agents to fraud and AML operations
DataVisor has announced Vera, a suite of conversational AI agents designed to combat financial crime. Vera enables institutions to manage risk using natural language, allowing teams to issue instructions that AI agents execute across the fraud and AML lifecycle. By reducing manual workflows, the platform supports a more efficient and adaptive operating model for modern…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it. This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The…
AI, Data Breaches, Europe, Exploits, Global Security News, Network Security
ShinyHunters claim the hack of Rockstar Games breach and started leaking data
Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters. An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and…
AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags
For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month brought the shift into focus. Google Quantum AI published research suggesting the computing resources needed to break…
AI, china, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, Risk Management, Russia
Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey
On March 23, the Senate confirmed Senator Markwayne Mullin as the next homeland security secretary, marking an important step in strengthening leadership during a critical moment for our nation’s security. But only half of the job is done. The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s main civilian cyber defense agency, still lacks…
AI, china, Cybersecurity, Exploits, Global Security News, Risk Management
Attackers target unpatched ShowDoc servers via CVE-2025-0520
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…
AI, china, Cybersecurity, Exploits, Global Security News, Risk Management
Attackers target unpatched ShowDoc servers via CVE-2025-0520
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
How AI is transforming threat detection
Artificial intelligence is rapidly reshaping how security teams detect and hunt cyber threats by helping analyze vast volumes of security data, uncovering subtle signs of malicious activity, and identifying potential attacks faster than traditional tools or human analysts alone. Analyst firm Gartner expects that by 2028, 50% of threat detection, investigation, and response (TDIR) platforms…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-34621 Adobe Acrobat…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Fake Claude AI installer abuses DLL sideloading to deploy PlugX
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The…
china, Exploits, Global Security News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of
Cybersecurity, Exploits, Global Security News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to