A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, highlighting its severe impact on confidentiality,…
Tag: EN
Anthropic launches Claude Opus 4.8, prepares Mythos-class models for all customers
Anthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 (Source: Anthropic) Claude Opus 4.8 is available…
Claude Opus 4.8 Released With Advanced Engineering-Level Coding Capabilities
Anthropic has announced the release of Claude Opus 4.8, a major upgrade to its flagship AI model that introduces advanced engineering-level coding capabilities and improved autonomous task execution. The latest version builds on Opus 4.7, focusing on enhanced reasoning, longer…
OpenVPN Connect macOS Vulnerability Allows Remote Command Execution
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on affected systems. The issue, tracked as CVE-2026-9560, impacts the privileged helper component in OpenVPN Connect and has…
Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The research, carried out by Token…
Humanix expands detection to identify live violations of security procedures
Humanix has announced a capability to identify live violations of organization-defined procedures governing IT support workflows. Designed to prevent unauthorized access, these procedures typically require help desk and service desk agents to follow identity verification steps before fulfilling sensitive requests,…
Claroty targets cyber-physical system risks with AI-powered security agent
Claroty has launched Claroty Claire, a CPS-native AI security agent designed to help organizations defend mission-critical infrastructure. Claire is powered by a CPS language model trained on more than a decade of industry expertise and CPS-related data. The launch expands…
Netskope extends data localization capabilities with NewEdge updates
Netskope has enhanced its NewEdge Network infrastructure, expanding data sovereignty capabilities to more regions than any other SASE cloud provider. The NewEdge Network architecture provides national data localization features that address requirements for network transport, data processing, and metadata governance…
World Cup fraud, US military location targets, IBM and Red Hat go Project Lightwell
Fraud gang steals from World Cup fans Pentagon says US military targeted by location IBM and Red Hat commit to “Project Lightwell” Check out your show notes here: https://cisoseries.com/cybersecurity-news-world-cup-fraud-us-military-location-targets-ibm-and-red-hat-go-project-lightwell/ Huge thanks to our sponsor, Guardsquare Attackers are treating your mobile…
Fake Video Player Updates Spread Miner and RAT Malware
Hackers are actively exploiting illegal streaming platforms to distribute advanced malware, using fake video player updates as a lure to infect unsuspecting users. The attack begins when users attempt to play a video on compromised streaming websites. Instead of playback,…
AI Security Best Practices for technical and non-technical people
AI Security Best Practices: What Every Employee Needs to Know A summary of an AI Security Policy — covering the risks that matter, with real examples of what goes wrong when they are ignored. AI tools are now part of…
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. This article has been indexed from Securelist Read the…
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored…
Fake Codex Remote UI Steals OpenAI Auth Tokens
A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication tokens, highlighting a growing trend where threat actors build credible software to mask malicious intent. Unlike typical typosquatting or disposable malware packages,…
ESET APT Activity Report Q4 2025–Q1 2026
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 This article has been indexed from WeLiveSecurity Read the original article: ESET APT Activity Report Q4 2025–Q1 2026
Threat Actors Deploy Tiflux RMM for Persistent Remote Access
Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT…
MicrosoftSystem64 Malware Abuses Hugging Face for Stealthy Data Theft
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a powerful cross-platform malware loader. First observed in early April 2026, the package went through 29 incremental versions, gradually transforming from…
Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff
A growing wave of vishing (voice phishing) campaigns in which threat actors abuse Microsoft Teams’ external collaboration features to impersonate IT helpdesk personnel and investigators is now turning to the Microsoft 365 Unified Audit Log (UAL) as a critical forensic…
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers
A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production environments. Given the extension’s widespread adoption across modern development workflows,…
Google Employee Charged for Making $1.2 Million With Confidential Information
A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of…