Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025.…
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a separate…
OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide
OpenAI has announced the expansion of its “Trusted Access for Cyber” program, granting worldwide security organizations access to its advanced GPT-5.4-Cyber model. The initiative operates on a foundational premise: cutting-edge cyber capabilities must reach network defenders on a broad scale…
Mythos and Cybersecurity
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted…
New ZionSiphon Malware Discovered Targeting Israeli Water Systems
Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: New ZionSiphon Malware…
Leaked Windows Defender 0-Day Vulnerability Actively Exploited in Attacks
An active in-the-wild exploitation of three recently leaked Windows Defender privilege escalation vulnerabilities, with threat actors deploying proof-of-concept exploit code sourced directly from public GitHub repositories against real enterprise targets. On April 2, 2026, a security researcher operating under the…
CISA Warns of Apache ActiveMQ Input Validation Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security defect in Apache ActiveMQ. On April 16, 2026, the agency officially added the vulnerability, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog.…
Payouts King Rises as New Ransomware Threat Linked to Former BlackBasta Affiliates
A relatively unknown ransomware group called Payouts King has emerged as a serious cybersecurity threat, carrying the torch of the now-defunct BlackBasta operation. Since its appearance in April 2025, the group has quietly carried out targeted attacks while remaining largely…
Another DraftKings Hacker Sentenced to Prison
Kamerin Stokes sold stolen credentials through an online marketplace even after pleading guilty to his role in the DraftKings attack. The post Another DraftKings Hacker Sentenced to Prison appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
From Analytics to “Interception”: How Website Tracking Became a Wiretap Problem—and What Companies Should Do About It
There is a certain irony in watching a statute designed to prevent clandestine eavesdropping on telephone calls become one of the most aggressively deployed tools against ordinary website functionality. The federal Wiretap Act—codified as part of the Electronic Communications Privacy…
Google wipes out 602 million scam ads with Gemini on duty
Google claims that its security teams work around the clock using its Gemini AI models to detect and stop harmful ads. “Bad actors are using generative AI to create deceptive ads at scale, and Gemini helps us detect and block…
Claude Mythos: Dangers and rewards, right next to each other
A lot has already been written about Anthropic’s “Mythos.” While some welcome it and embrace the new possibilities, others are heralding the end of cybersecurity. The truth lies somewhere in between. This article has been indexed from Security Blog G…
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
Thursday’s discussion comes as leaders on Capitol Hill grapple with the dizzying pace of global developments in which technology plays a central role. The post Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed appeared first…
Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built
Explore the clash between “Vibe Coding” and modern software governance. Learn why high-speed AI generation demands stronger SBOM transparency and accountability in 2026. The post Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built…
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The…
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain
A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate…
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.… This…
The Shocking Secrets of Madison Square Garden’s Surveillance Machine
Famously vengeful Knicks owner Jim Dolan has long spied on people at his iconic arenas. WIRED goes deep inside the operation that allegedly tracked a trans woman, lawyers, protesters, and more. This article has been indexed from Security Latest Read…
Inside ZionSiphon: politically driven malware aims at Israeli water systems
New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt…
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April. The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Recent…
GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics
GitLab has released GitLab 18.11, expanding agentic AI across the entire software lifecycle with security remediation, pipeline configuration, and delivery analytics. AI-generated code moves faster than the systems around it can keep up with, creating the AI paradox: faster code…
IT Security News Hourly Summary 2026-04-17 12h : 11 posts
11 posts were published in the last hour 9:34 : New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files 9:34 : Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters 9:34 : PoC Released for FortiSandbox Flaw Enabling…
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters
OX Security researchers have uncovered a critical, systemic vulnerability built directly into the architecture of Anthropic’s Model Context Protocol (MCP). As the industry standard for AI agent communication, this foundational flaw exposes systems to Arbitrary Command Execution (RCE). Attackers who…