Palo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as CVE-2026-0234, this security flaw exists within the Microsoft Teams integration. If successfully exploited, it allows an…
Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks
SonicWall has published a critical security advisory addressing four distinct vulnerabilities in its SMA1000 series appliances. These security flaws open the door for attackers to escalate their system privileges, guess user credentials, and bypass essential multi-factor authentication protocols. Administrators must…
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
New analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hides behind a Chinese-language pack-decoy and an uncommon ZPAQ-based packer. The MSI is a WiX-built installer (IssueAccentRequest,…
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates immediately to…
AI agent intent is a starting point, not a security strategy
In this Help Net Security video, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains why organizations…
Microsoft Confirms Windows 11 Update Breaks Start Menu Search
Microsoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directly…
Meta Business Alerts Abused for Phishing Campaigns
Hackers are weaponizing legitimate Meta Business Manager notifications to sneak phishing emails past security filters and into users’ inboxes. By abusing trusted Meta infrastructure, attackers make their messages appear authentic while quietly funneling victims to credential‑stealing pages. Because Meta systems…
Asqav: Open-source SDK for AI agent governance
AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each…
Fortinet EMS Zero-Day, Anthropic’s AI Finds Thousands of Bugs, Iranian Hackers Target US ICS
Fortinet EMS Zero-Day Exploited, Anthropic’s AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and…
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard authentication requirements…
Prompt injection tags along as GenAI enters daily government use
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt injection…
IT Security News Hourly Summary 2026-04-09 06h : 2 posts
2 posts were published in the last hour 3:9 : Critical Vulnerability in Ninja Forms Exposes WordPress Sites 3:9 : Google API Keys Quietly Gain Access to Gemini on Android Devices
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Google API Keys Quietly Gain Access to Gemini on Android Devices
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks This article has been indexed from www.infosecurity-magazine.com Read the original article: Google API Keys Quietly Gain Access to Gemini on Android Devices
ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, April 9th, 2026…
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on…
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed…
IT Security News Hourly Summary 2026-04-09 03h : 3 posts
3 posts were published in the last hour 0:34 : Stateless Hash-Based Signatures for AI Model Weight Integrity 0:11 : Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture 0:11 : GDPR Compliance and Data…
Stateless Hash-Based Signatures for AI Model Weight Integrity
Learn how stateless hash-based signatures like SLH-DSA protect AI model weight integrity against quantum threats in MCP environments. The post Stateless Hash-Based Signatures for AI Model Weight Integrity appeared first on Security Boulevard. This article has been indexed from Security…
Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture
Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based security methods tend to respond to audits or attacks, instead of stopping them. This paper introduces a risk-based security architecture,…
GDPR Compliance and Data Deletion in Software Systems
The General Data Protection Regulation (GDPR) is a comprehensive EU data privacy law that came into effect in 2018. One of its key provisions is the right to erasure (Article 17), often called the “right to be forgotten.” In simple…
The 2026 Digital Omnibus
For the better part of a decade, doing business under EU digital law has been challenging, with DDPR, ePrivacy updates, the NUS2 Directive, the AI and Data Acts, and others coming in rapid succession. For organizations already investing heavily in…
Cracks in the Bedrock: Agent God Mode
Unit 42 reveals “Agent God Mode” in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42. This article has been indexed…
WireGuard VPN developer can’t ship software updates after Microsoft locks account
The popular open source VPN maker is the second high-profile developer to say Microsoft locked his account without notifying him and are blocking their ability to send software updates to users. This article has been indexed from Security News |…