Latest Cybersecurity News and Articles
10 April 2026
Security experts share their thoughts on Claude Mythos and Project Glasswing with Security magazine.
10 April 2026
Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.
The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek.
10 April 2026
A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek.
10 April 2026
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine.
The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a
10 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 10, 2026 – Read the full story in BusinessWorld Cybercrime operates like a legitimate, profit-driven economy, writes Subhalakshmi Ganapathy, chief IT security evangelist at ManageEngine, in a BusinessWorld article. Organized groups mirror
The post Cybercrime Is An Industrialized Economy appeared first on Cybercrime Magazine.
10 April 2026
The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.
The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek.
10 April 2026
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.
The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek.
10 April 2026
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.
A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's
10 April 2026
The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.
The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.
10 April 2026
The document provides a behavior-based model of the tactics and techniques employed by fraudsters.
The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.
10 April 2026
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.
The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.
10 April 2026
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.
The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.
"This project represents a significant
10 April 2026
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.
10 April 2026
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig.
The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including
10 April 2026
The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago.
The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek.
10 April 2026
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor.
The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro
09 April 2026
Data has allegedly been stolen from a state-run Chinese supercomputer.
09 April 2026
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk.
"This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender
09 April 2026
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook.
"LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and
09 April 2026
RSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation.
The post Apple Intelligence AI Guardrails Bypassed in New Attack appeared first on SecurityWeek.