Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: New ZionSiphon Malware…
Leaked Windows Defender 0-Day Vulnerability Actively Exploited in Attacks
An active in-the-wild exploitation of three recently leaked Windows Defender privilege escalation vulnerabilities, with threat actors deploying proof-of-concept exploit code sourced directly from public GitHub repositories against real enterprise targets. On April 2, 2026, a security researcher operating under the…
CISA Warns of Apache ActiveMQ Input Validation Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security defect in Apache ActiveMQ. On April 16, 2026, the agency officially added the vulnerability, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog.…
Payouts King Rises as New Ransomware Threat Linked to Former BlackBasta Affiliates
A relatively unknown ransomware group called Payouts King has emerged as a serious cybersecurity threat, carrying the torch of the now-defunct BlackBasta operation. Since its appearance in April 2025, the group has quietly carried out targeted attacks while remaining largely…
Another DraftKings Hacker Sentenced to Prison
Kamerin Stokes sold stolen credentials through an online marketplace even after pleading guilty to his role in the DraftKings attack. The post Another DraftKings Hacker Sentenced to Prison appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
From Analytics to “Interception”: How Website Tracking Became a Wiretap Problem—and What Companies Should Do About It
There is a certain irony in watching a statute designed to prevent clandestine eavesdropping on telephone calls become one of the most aggressively deployed tools against ordinary website functionality. The federal Wiretap Act—codified as part of the Electronic Communications Privacy…
Google wipes out 602 million scam ads with Gemini on duty
Google claims that its security teams work around the clock using its Gemini AI models to detect and stop harmful ads. “Bad actors are using generative AI to create deceptive ads at scale, and Gemini helps us detect and block…
Claude Mythos: Dangers and rewards, right next to each other
A lot has already been written about Anthropic’s “Mythos.” While some welcome it and embrace the new possibilities, others are heralding the end of cybersecurity. The truth lies somewhere in between. This article has been indexed from Security Blog G…
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
Thursday’s discussion comes as leaders on Capitol Hill grapple with the dizzying pace of global developments in which technology plays a central role. The post Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed appeared first…
Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built
Explore the clash between “Vibe Coding” and modern software governance. Learn why high-speed AI generation demands stronger SBOM transparency and accountability in 2026. The post Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built…
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The…
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain
A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate…
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.… This…
The Shocking Secrets of Madison Square Garden’s Surveillance Machine
Famously vengeful Knicks owner Jim Dolan has long spied on people at his iconic arenas. WIRED goes deep inside the operation that allegedly tracked a trans woman, lawyers, protesters, and more. This article has been indexed from Security Latest Read…
Inside ZionSiphon: politically driven malware aims at Israeli water systems
New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt…
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April. The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Recent…
GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics
GitLab has released GitLab 18.11, expanding agentic AI across the entire software lifecycle with security remediation, pipeline configuration, and delivery analytics. AI-generated code moves faster than the systems around it can keep up with, creating the AI paradox: faster code…
IT Security News Hourly Summary 2026-04-17 12h : 11 posts
11 posts were published in the last hour 9:34 : New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files 9:34 : Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters 9:34 : PoC Released for FortiSandbox Flaw Enabling…
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters
OX Security researchers have uncovered a critical, systemic vulnerability built directly into the architecture of Anthropic’s Model Context Protocol (MCP). As the industry standard for AI agent communication, this foundational flaw exposes systems to Arbitrary Command Execution (RCE). Attackers who…
PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution
A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with the highest level of…
Top 5 Disaster Recovery Companies in 2026
This is a comprehensive list of the top Disaster Recovery as a Service providers. Use this guide to compare and choose the best solution for you. The post Top 5 Disaster Recovery Companies in 2026 appeared first on TechRepublic. This…
One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands
Windows Admin Center is a locally deployed, browser-based management tool used by IT administrators to manage Windows servers, clients, and clusters from a centralized graphical interface. This newly discovered critical flaw, identified by Cymulate Research Labs, allows attackers to achieve…
Windows Snipping Tool Vulnerability Allows Attacker to Perform Spoofing Over a Network
Microsoft has addressed a moderate-severity security flaw in the Windows Snipping Tool that could allow malicious actors to steal user credentials. Tracked as CVE-2026-33829, this spoofing vulnerability was officially patched during the April 14, 2026, security updates. Discovered and reported…