Latest Cybersecurity News and Articles
16 April 2026
Securing national resilience now depends on faster, deeper partnerships with the private sector.
The post Government Can’t Win the Cyber War Without the Private Sector appeared first on SecurityWeek.
16 April 2026
OpenAI has launched GPT-5.4-Cyber, a model optimized for defensive cybersecurity usage.
16 April 2026
GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work.
The post OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal appeared first on SecurityWeek.
16 April 2026
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for.
Not all bad though. Some
16 April 2026
Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data.
The post Data Breach at Tennessee Hospital Affects 337,000 appeared first on SecurityWeek.
16 April 2026
The startup is leveraging AI to prevent AI-powered attacks across applications, users, machines, and cloud workloads.
The post Artemis Emerges From Stealth With $70 Million in Funding appeared first on SecurityWeek.
16 April 2026
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
16 April 2026
The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution.
The post Splunk Enterprise Update Patches Code Execution Vulnerability appeared first on SecurityWeek.
16 April 2026
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.
The details of the vulnerabilities are below -
CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO)
16 April 2026
Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool.
The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on SecurityWeek.
16 April 2026
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors.
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
16 April 2026
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
16 April 2026
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation.
Read the full technical breakdown in the Security Intelligence Brief. Download now →
The "First-Hop Bias" Blind Spot
Most&
16 April 2026
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS.
The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
16 April 2026
The automotive analysis and data company is working with external experts to investigate the attack.
The post Ransomware Hits Automotive Data Expert Autovista appeared first on SecurityWeek.
16 April 2026
A researcher has disclosed the details of the AI attack method he has named ‘Comment and Control’.
The post Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments appeared first on SecurityWeek.
16 April 2026
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp.
The activity, which was observed between March and April
15 April 2026
New automation and AI-driven triage capabilities dramatically reduce alert noise and accelerate investigations for modern security teams San Jose, Calif. – Apr. 15, 2026 As security operations teams struggle to keep pace with escalating alert volumes and increasingly automated attacks, Stellar Cyber just introduced new
The post Stellar Cyber Unveils New Agentic AI Capabilities for the Human-Augmented Autonomous SOC appeared first on Cybercrime Magazine.
15 April 2026
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails.
"By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
15 April 2026
In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden.
The post Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure appeared first on SecurityWeek.