Latest Cybersecurity News and Articles
08 April 2026
The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses.
The post FBI: Cybercrime Losses Neared $21 Billion in 2025 appeared first on SecurityWeek.
08 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 8, 2026 – Watch the YouTube video Why did Cybercrime Magazine meet up with Charlie Thomas, CEO at Mitiga, at RSAC Conference 2026? Because attackers will get in. Cloud, SaaS, AI, and identity
The post Yesterday’s Cybersecurity Won’t Work For Next Generation Cloud Attacks appeared first on Cybercrime Magazine.
08 April 2026
Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.
The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption appeared first on SecurityWeek.
08 April 2026
Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities.
The post Evasive Masjesu DDoS Botnet Targets IoT Devices appeared first on SecurityWeek.
08 April 2026
The Fragmented State of Modern Enterprise Identity
Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.
The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
08 April 2026
The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution.
The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
08 April 2026
The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks.
The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek.
08 April 2026
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities.
The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&
08 April 2026
A data breach has lead to the exposure of sensitive LAPD records.
08 April 2026
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.
"The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated
08 April 2026
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday.
"These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial
07 April 2026
Federal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting.
The post Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks appeared first on SecurityWeek.
07 April 2026
New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.
The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek.
07 April 2026
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
07 April 2026
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed
07 April 2026
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.
07 April 2026
The startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle.
The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek.
07 April 2026
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system.
The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
07 April 2026
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances.
The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024.
"
07 April 2026
A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update.
The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek.