New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes…
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced This article has been indexed from www.infosecurity-magazine.com Read the original article: Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
IT Security News Hourly Summary 2026-04-07 12h : 9 posts
9 posts were published in the last hour 9:32 : Why the cybersecurity skills gap is partly self-inflicted 9:32 : Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images 9:32 : German Police Unmask REvil Ransomware…
Why the cybersecurity skills gap is partly self-inflicted
The cybersecurity skills gap is usually framed as a hiring problem. Organizations respond by expanding recruitment pipelines, investing in certifications, and launching internal training programs. The logic seems simple: if security teams are understaffed, the solution is to add more…
Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images
Microsoft has officially rolled out its latest security intelligence update for Microsoft Defender Antivirus, delivering crucial protections for Windows 11, Windows 10, and Windows Server installation images. This vital release ensures that Microsoft’s built-in antimalware solutions are fully equipped to identify…
German Police Unmask REvil Ransomware Leader
Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already supports, but…
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
A critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious…
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer…
The quiet revolt: what the world happiness report 2026 tells security professionals
Something the World Happiness Report 2026 reveals deserves more attention than it has received outside wellbeing circles. In Western Europe and English-speaking countries, young people who use social media for more than seven hours a day report significantly lower wellbeing…
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through February…
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate parts of that process, and Comp AI…
Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installers that mimic…
The Quiet Revolt: What the World Happiness Report 2026 Tells Security Professionals
Something the World Happiness Report 2026 reveals deserves more attention than it has received outside wellbeing circles. In Western Europe and English-speaking countries, young people who use social media for more than seven hours a day report significantly lower wellbeing…
White House Seeks to Slash CISA Funding by $707 Million
The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure. The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek. This article has been indexed…
Hackers Use Fake TradingView Premium Posts on Reddit to Deliver Vidar and AMOS Stealers
A threat actor has been running an active campaign on Reddit, using fake posts that promise free TradingView Premium access to deliver two malware families — Vidar on Windows and AMOS on macOS. The operation is still live, with new…
OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens
The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs at BeyondTrust recently discovered a critical command-injection vulnerability in OpenAI Codex. This flaw allowed attackers to steal sensitive GitHub User Access Tokens. By…
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts a maximum CVSS severity score of 9.8, making it a severe…
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks
A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing systems — and deploying the Medusa ransomware as the final blow. What makes this…
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems. “The threat actor’s high operational tempo and proficiency in…
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns
Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing malware. Sophos’ Managed Detection and Response (MDR) teams first saw this…
Drift blames exploit on North Korea, GitHub attacks target South Korea, Die Linke breach threatens data leak
Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulation…
EvilTokens: an AI-augmented Phishing-as-a-Service for automating BEC fraud – Part 2
A TLP:AMBER version of this post was originally distributed as a private FLINT report to our customers on 30 March 2026. Introduction As detailed in our previous blog post New widespread EvilTokens kit: device code phishing as-a-service – Part 1,…
OpenAI Concludes $122bn Funding Round At $852bn Valuation
Start-up OpenAI concludes biggest funding round to date, as it plans massive infrastructure investments, looks to cut costs This article has been indexed from Silicon UK Read the original article: OpenAI Concludes $122bn Funding Round At $852bn Valuation