Microsoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors are already exploiting this weakness in…
Zero Trust for Nonhuman Workload Access: A Primer
6 min readZero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house. The post…
IT Security News Hourly Summary 2026-04-15 09h : 9 posts
9 posts were published in the last hour 6:32 : Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions 6:32 : OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis 6:32 : 25,000+ Endpoints Exposed by…
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
Ivanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unauthorized access to corporate…
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
OpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providing verified security professionals with advanced…
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers on Anthropic’s Claude Mythos,…
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers
Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that purpose. The…
Fortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
Fortinet has recently released a comprehensive security update, patching 11 newly identified vulnerabilities across several of its core enterprise products. The security flaws affect critical infrastructure components, including FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager. Addressing these vulnerabilities is paramount for organizations…
JanaWare Ransomware Hits Turkish Users via Customized Adwind RAT
A new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict activity to Turkish systems, signaling a focused and…
How to improve the SOC analyst experience — and why it matters
<p>Security Operations Center analysts stand on the front lines between their organizations and countless cyberthreats. How effectively an analyst reacts to any given security alert could mean the difference between a contained, minor incident and a full-on data breach.</p> <p>Too…
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive use of AI accelerates defenders – those responsible for keeping…
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting…
Microsoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-Day
Microsoft has released its highly anticipated April 2026 Patch Tuesday security updates, addressing a massive 168 vulnerabilities across its vast product portfolio. According to recent cybersecurity news reports, this comprehensive update includes a patch for one actively exploited zero-day vulnerability…
Dragon Boss Solutions Supply Chain Attack Exposes 25,000+ Endpoints
Early on Sunday, 22 March 2025, what initially appeared to be routine adware suddenly escalated into a serious supply chain risk across managed environments. Seemingly benign executables, signed by Dragon Boss Solutions LLC, were using a built-in update mechanism to…
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub…
Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure infrastructure. He outlines how…
Top 10 Best Passwordless Authentication Solutions in 2026
Passwords are susceptible to phishing, brute-force attacks, credential stuffing, and human error, leading to an alarming number of data breaches and significant financial losses for enterprises worldwide. The frustration of forgotten passwords and endless resets also plagues users, leading to…
OpenAI Launches GPT-5.4 with Reverse Engineering, Vulnerability and Malware Analysis Features
OpenAI has unveiled GPT-5.4-Cyber, a specialized variant of its flagship GPT-5.4 model fine-tuned for advanced defensive cybersecurity workflows, granting vetted security professionals expanded access to capabilities such as binary reverse engineering, vulnerability scanning, and malware analysis, with fewer restrictions than…
Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian
AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read files, run shell commands, and call external tools during a session. That…
North Korean Spies DM You On Facebook
Android Mirax RAT, North Korea’s Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote…
Network segmentation projects fail in predictable patterns
Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type…
IT Security News Hourly Summary 2026-04-15 06h : 1 posts
1 posts were published in the last hour 3:34 : Cisco CRM “Salesforce Data Breach” Claims Tied to ShinyHunters: What Defenders Should Look For and How to Respond
Cisco CRM “Salesforce Data Breach” Claims Tied to ShinyHunters: What Defenders Should Look For and How to Respond
ShinyHunters is claiming access to a large set of CRM data tied to Cisco, including Salesforce records, AWS assets, and GitHub repositories, and threatening to extort with it. Whether you’re a security analyst trying to understand what’s being alleged or…