Latest Cybersecurity News and Articles
14 April 2026
Critical ColdFusion vulnerabilities are the most at risk of being exploited in attacks, according to the software giant.
The post Adobe Patches 55 Vulnerabilities Across 11 Products appeared first on SecurityWeek.
14 April 2026
Venice’s hydraulic pump system was hacked.
14 April 2026
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below -
CVE-2026-40176 (CVSS
14 April 2026
New intelligence suggests a pro-Iranian actor is responsible for the L.A. Metro cyberattack.
14 April 2026
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams.
The campaign, which has been
14 April 2026
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.
"The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
14 April 2026
CISOs face a shrinking window to prepare as AI models like Mythos collapse the gap between vulnerability discovery and exploitation, driving a new era of high-velocity cyberattacks.
The post ‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats appeared first on SecurityWeek.
14 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 14, 2026 – Read the full story in Time For the past few years, it’s escaped no one that levels of Internet and telephone fraud have skyrocketed. TIME reports that one in four
The post Scamdemic: Over $1 Trillion Annually Lost To Online Fraud; AI Lends A Helping Hand appeared first on Cybercrime Magazine.
14 April 2026
Basic-Fit has reported that hackers have stolen names, dates of birth, and even bank account details.
The post Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members appeared first on SecurityWeek.
14 April 2026
3 quantum realities security leaders need to confront.
14 April 2026
The company has released 19 new security notes addressing flaws in over a dozen enterprise products.
The post SAP Patches Critical ABAP Vulnerability appeared first on SecurityWeek.
14 April 2026
The sprawling cybercrime operation abuses major providers to prevent takedowns and distance itself from sanctions.
The post Triad Nexus Evades Sanctions to Fuel Cybercrime appeared first on SecurityWeek.
14 April 2026
The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.
The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.
14 April 2026
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta.
"Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real
14 April 2026
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%.
The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than
14 April 2026
The company said in an SEC filing that an IDOR vulnerability affecting RCI Internet Services exposed contractor data.
The post Nightclub Giant RCI Hospitality Reports Data Breach appeared first on SecurityWeek.
14 April 2026
The security defects allow attackers to escalate privileges and execute arbitrary code remotely.
The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.
14 April 2026
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.
According to Socket, the extensions are published
14 April 2026
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
It relates to a case of unrestricted file upload that stems from improper validation of
14 April 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to