Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency…
Raspberry Pi OS 6.2 disables passwordless sudo by default
Raspberry Pi OS 6.2, based on the Trixie version, introduces small changes, bug fixes, and disables passwordless sudo by default for new installations. Screenshot of password prompt (Source: Raspberry Pi) “We continually review the security of Raspberry Pi OS to…
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated…
OpenAI Investors Criticise ‘Unfocused’ Strategy
Some early backers of OpenAI reportedly unhappy with company’s strategic shifts, but firm cites $852bn valuation as proof of success This article has been indexed from Silicon UK Read the original article: OpenAI Investors Criticise ‘Unfocused’ Strategy
From Data to Decisions: Building a Real-Time Business
Enterprises are under pressure to move faster than ever. But becoming a real-time business is not about speed alone; it’s about aligning data, culture, and decision-making to act with confidence at pace This article has been indexed from Silicon UK…
Italian Court Accepts Legal Action Over Facebook Mass Breach
Italian court gives green light to class-action lawsuit on behalf of tens of millions of Facebook users affected by data leak This article has been indexed from Silicon UK Read the original article: Italian Court Accepts Legal Action Over Facebook…
Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack
Microsoft has released patch Tuesday security updates to address a newly discovered zero-day vulnerability in the Microsoft Defender Antimalware Platform. Disclosed on April 14, 2026, the flaw is tracked as CVE-2026-33825 and carries an “Important” severity rating. If successfully…
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT
A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a…
What changed in nginx 1.30.0 and what it means for your upstream config
nginx 1.30.0 brings together features accumulated across the 1.29.x mainline series. The release covers a broad range of changes, from protocol support additions to security-relevant fixes and new configuration options. Keepalive to upstreams is now on by default One of…
Agentic LLM Browsers Open New Front in Prompt Injection, Data Theft
Agentic LLM browsers are turning everyday browsing into automated, AI-driven workflows but they also expose a powerful new attack surface for prompt injection and data theft. By letting an AI “drive” the browser with your full session, cookies, and permissions,…
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven’t warned users
Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal…
Over 100 Malicious Chrome Extensions Steal Google Tokens, Hijack Telegram Sessions, and Inject Ads
Security researchers at Socket have identified over 100 malicious extensions in the Chrome Web Store that are part of a coordinated campaign. Thank you for being a Ghacks reader. The post Over 100 Malicious Chrome Extensions Steal Google Tokens, Hijack…
Banks Test Systems After Anthropic Mythos Warning
US Treasury seeks access to latest Claude model, Wall Street banks carry out tests after Anthropic warns of security risks This article has been indexed from Silicon UK Read the original article: Banks Test Systems After Anthropic Mythos Warning
ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa patched vulnerabilities. The post ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Ransomware drama, faked Ledger app, Treasury wants Mythos
Ransomware rivals turn on each other Fake Ledger app drains millions in crypto US Treasury wants access to Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-ransomware-drama-faked-ledger-app-treasury-wants-mythos/ Huge thanks to our sponsor, Conveyor Your trust center was a great start. But if…
EU flags four porn sites for failing to protect minors
The European Commission has preliminarily found Pornhub, Stripchat, XNXX, and XVideos in breach of the Digital Services Act for failing to keep minors from accessing… The post EU flags four porn sites for failing to protect minors appeared first on…
Texas Man Charged With Molotov Attack On Altman Home
Daniel Moreno-Gama, 20, arraigned in San Francisco after allegedly attempting to set fire to Altman’s home, battering OpenAI headquarters This article has been indexed from Silicon UK Read the original article: Texas Man Charged With Molotov Attack On Altman Home
FUNNULL Scam Network Resurfaces With 175+ Rotating Domains Worldwide
FUNNULL-Linked Triad Nexus has quietly rebuilt its scam infrastructure, now rotating through more than 175 CNAME domains to keep a sprawling global fraud and brand‑impersonation network online. Following U.S. Treasury sanctions in May 2025 against FUNNULL Technology Inc., a core…
Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
Microsoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors are already exploiting this weakness in…
Zero Trust for Nonhuman Workload Access: A Primer
6 min readZero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house. The post…
IT Security News Hourly Summary 2026-04-15 09h : 9 posts
9 posts were published in the last hour 6:32 : Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions 6:32 : OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis 6:32 : 25,000+ Endpoints Exposed by…
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
Ivanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unauthorized access to corporate…
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
OpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providing verified security professionals with advanced…
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…