195 posts were published in the last hour 21:32 : Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed 21:31 : Trump’s CISA director pick withdraws after tumultuous nomination 21:11 : CISA Adds One Known Exploited Vulnerability to Catalog 21:11 :…
Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
More than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic. This article has been indexed from…
Trump’s CISA director pick withdraws after tumultuous nomination
CISA has been without a permanent director for more than a year, imperiling its efforts to establish a strategic direction. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Trump’s CISA director pick…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…
Malicious Google Ads Target Crypto Users With Wallet Drainers and Seed Phrase Theft
Cybercriminals are now using Google’s own advertising platform to steal cryptocurrency from unsuspecting users. They place fake ads that look exactly like real links to popular crypto applications, and when users click on them, they land on websites designed to…
Google’s Workspace Intelligence promises privacy while running on your data
Security and data governance are among the key considerations in Google’s latest AI update, which introduces Workspace Intelligence within Google Workspace. Google describes the feature as “a secure, dynamic system that inherently understands complex semantic relationships within your Workspace apps…
France confirms data breach at government agency that manages citizens’ IDs
The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens. This article has been indexed from Security News | TechCrunch Read the original…
Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments
A North Korea-linked threat group is quietly getting hired by real companies. Jasper Sleet, a threat actor tied to North Korea, has been building fake professional identities and using them to land legitimate remote IT jobs, giving them direct access…
Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack
A newly discovered malware called Lotus Wiper has been used in a targeted destructive attack against the energy and utilities sector in Venezuela. Unlike ransomware, this threat does not ask for money or lock files for a ransom payment. Instead,…
Cybercriminals Exploit French Fintech Accounts to Move Stolen Money Before Detection
Organized fraud networks are now using a new method to move stolen money in France. They create fake business accounts on freelancer fintech platforms and use those accounts as mule accounts to launder funds quickly, often before anyone can trace…
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected.…
Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure
In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned…
[un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026 – macOS Vulnerability…
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. This article has been…
Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
Vonage’s partnership with Girls Who Code is more than feel-good philanthropy; it’s a blueprint for building diverse AI talent pipelines. The post Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like appeared first on TechRepublic. This article has been…
Apple fixes bug that cops used to extract deleted chat messages from iPhones
The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app. This article has been indexed from Security News | TechCrunch Read the original article: Apple fixes bug…
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence nationale des titres sécurisés (ANTS), operates under the French Ministry of the…
A Poisoned Xinference Package Targets AI Inference Servers
Three poisoned xinference releases on PyPI target AI infrastructure credentials. The post A Poisoned Xinference Package Targets AI Inference Servers appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: A Poisoned Xinference…
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The…
DDoS wave continues as Mastodon hit after Bluesky incident
Mastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days after a similar disruption affected Bluesky. Mastodon…
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and…
IT Security News Hourly Summary 2026-04-22 21h : 4 posts
4 posts were published in the last hour 18:32 : Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach 18:32 : Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus 18:32 : Fake Google Antigravity Installer Can Steal Accounts…
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus
Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. This article has…