The Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The newly…
Adobe patches zero-day, Marimo flaw exploited, Venice flood threat
Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you…
Are scammers trying to profit from the 2028 Summer Olympics ticket sales?
Yes, they are. The 2028 Summer Olympics in Los Angeles tickets are now officially available for lucky users who registered for the draw and received… The post Are scammers trying to profit from the 2028 Summer Olympics ticket sales? appeared…
Uber Delivery Robots Defaced In Sheffield
Autonomous robots making food deliveries for Uber Eats in Sheffield suburb defaced only days after initial rollout This article has been indexed from Silicon UK Read the original article: Uber Delivery Robots Defaced In Sheffield
A week in security (April 6 – April 12)
A list of topics we covered in the week of April 6 to April 12 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (April 6 – April 12)
Can AI Help “Solve” The Child Porn Problem? Magic 8 Ball Says, “Answer Hazy – Ask Again Later”
The technological trajectory is clear: Hash-based systems anchored in the National Center for Missing and Exploited Children (“NCMEC”) database remain highly effective for identifying known CSAM, but they are structurally incapable of addressing synthetic, modified, or previously unseen material. Machine…
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI
Ransomware will never die, will it? In fact, it’s more powerful than ever thanks to GenAI and creative operators that evolve techniques to generate profit. The post Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI appeared first on Security Boulevard. This…
IT Security News Hourly Summary 2026-04-13 09h : 6 posts
6 posts were published in the last hour 6:36 : WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass 6:36 : Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers Stranded 6:7 : EDR Killers Broaden Ransomware Tactics, ESET Warns 6:7 :…
WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass
A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability allows remote attackers to gain full administrative…
Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers Stranded
Parking lots were filled with cars that couldn’t be moved and drivers had to awkwardly explain to employers why they couldn’t make it to work after a cyberattack took down the Intoxalock vehicle breathalyzer system. The post Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers…
EDR Killers Broaden Ransomware Tactics, ESET Warns
Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It…
ZeroID: Open-source identity platform for autonomous AI agents
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution problem The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to…
Fixing vulnerability data quality requires fixing the architecture first
In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce…
CPUID Website Hacked to Serve Malware Through CPU-Z and HWMonitor Download Links
Hackers accessed a secondary API on the CPUID website between April 9 at 15:00 UTC and April 10 at around 10:00 UTC. Thank you for being a Ghacks reader. The post CPUID Website Hacked to Serve Malware Through CPU-Z and…
Public Quizlet Flashcards Raise Concerns Over Possible CBP Security Exposure
A set of publicly available flashcards discovered through simple online searches has sparked concern after appearing to reveal sensitive details related to facility security at U.S. Customs and Border Protection locations in Kingsville, Texas. The flashcards were hosted on…
New GPU Rowhammer Attacks on Nvidia Cards Enable Full System Takeover
High-performance GPUs, often priced at $8,000 or more, are commonly shared among multiple users in cloud environments—making them attractive targets for attackers. Researchers have now uncovered three new attack techniques that allow a malicious user to gain full root…
Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader
Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating…
WhatsApp’s “End-to-End Encryption by Default” Claim Called Consumer Fraud by Pavel Durov
Telegram founder Pavel Durov has publicly criticized WhatsApp, labeling its “end-to-end encryption by default” claim as a massive consumer fraud. He argues that while messages may be encrypted during transit, the default backup settings leave the vast majority of user…
Google Brings End-to-End Encrypted Gmail to Android and iPhone
Google has officially expanded Gmail’s end-to-end encryption (E2EE) feature to Android and iOS devices, empowering organizations and users to protect the confidentiality of email content directly from their mobile devices. This enhancement is part of Gmail’s client-side encryption (CSE) program, enabling stricter compliance…
Elon Musk Announces XChat Launch With Self-Destructing Messages
Elon Musk has officially announced the launch of XChat, a new secure messaging application scheduled to release on iOS devices on April 17. The platform builds upon the existing direct messaging infrastructure of X (formerly Twitter) but introduces a dedicated…
MITRE releases a shared fraud-cyber framework built from real attack data
Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible for stopping fraud, fraud investigators and cybersecurity analysts, have historically operated separately,…
Marimo RCE Flaw Exploited Within Hours of Disclosure
A Marimo RCE flaw is being exploited within hours, giving attackers unauthenticated access to sensitive systems. The post Marimo RCE Flaw Exploited Within Hours of Disclosure appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
The Dark Web Explained with John Hammond
The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and…
7 Privilege Management Mistakes That Put Business Data at Risk
Every growing business has at least one lingering privilege management issue. It’s not because your team is lazy. It’s because organizations grow, restructure and hire far faster than manual access processes can keep up. When roles evolve or contractors come…