OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in April 2026, the action plan outlines five…
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows…
Fast16 Malware
Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage ever…
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed…
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Australian Regulator Warns Banks Over AI Risks
Australian financial stability regulator warns financial organisations need to do more to keep up with risks from advanced AI tools This article has been indexed from Silicon UK Read the original article: Australian Regulator Warns Banks Over AI Risks
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
Extremely sensitive personal data from a European celebrity that appears to have been compiled using spyware was publicly accessible until a researcher flagged the exposure. This article has been indexed from Security Latest Read the original article: Exposed Data Illustrates…
Meta accused of violating DSA by failing to safeguard minors
The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed…
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully capable security analyst by giving it direct, correlated access to 27 intelligence tools spanning 21 external APIs all…
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense,” outlining a five-pillar strategy to equip trusted defenders with advanced AI capabilities while preventing adversarial misuse. Artificial intelligence…
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
European police arrested 10 suspects after dismantling Albanian scam call centers linked to a €50m ($58m) online investment fraud operation This article has been indexed from www.infosecurity-magazine.com Read the original article: Europol Busts Albanian Scam Call Centers in Major Online…
IT Security News Hourly Summary 2026-04-30 12h : 20 posts
20 posts were published in the last hour 9:36 : Anthropic Considers Funding Offers At $900bn Valuation 9:36 : Meta Shares Slump As It Boosts Capex Prediction 9:36 : Google Sells Custom AI Chips For First Time Amid Cloud Growth…
Anthropic Considers Funding Offers At $900bn Valuation
AI start-up reportedly mulls offers from investors that could give it higher valuation than ChatGPT maker OpenAI This article has been indexed from Silicon UK Read the original article: Anthropic Considers Funding Offers At $900bn Valuation
Meta Shares Slump As It Boosts Capex Prediction
Facebook parent Meta says spending on areas such as AI data centres to rise dramatically, as Iran war takes toll on user base This article has been indexed from Silicon UK Read the original article: Meta Shares Slump As It…
Google Sells Custom AI Chips For First Time Amid Cloud Growth
Google begins selling custom Tensor Processing Units to third-parties for first time, as cloud unit records record growth This article has been indexed from Silicon UK Read the original article: Google Sells Custom AI Chips For First Time Amid Cloud…
Amazon Cloud Growth Beats Expectations Amid AI Boom
Amazon sees higher-than-expected earnings and revenue, as cloud growth beats predictions and capital spending remains steady This article has been indexed from Silicon UK Read the original article: Amazon Cloud Growth Beats Expectations Amid AI Boom
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The…
What We Do in the Shadows: How CISOs Can Crack Down on Shadow AI
Shadow AI is spreading across enterprises as employees use AI tools without oversight, creating new data security and compliance risks. The post What We Do in the Shadows: How CISOs Can Crack Down on Shadow AI appeared first on Security…
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and…
Cyber is the Number One Global “People Risk,” Says Marsh
Marsh’s 2026 People Risks survey finds cyber‑related challenges dominate, as cyber‑threat literacy tops risks and cyber and AI skills shortages rise This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber is the Number One Global “People Risk,”…
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism.…
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack…
Best AI security tools for exposure assessment in 2026
AI is transforming both attacks and defense. To avoid being outstripped by AI-powered adversaries, organizations need platforms that prioritize risk in real-time. Exposure management with AI is the next evolution in comprehensive cybersecurity. AI-powered exposure management, as embodied in continuous…
ProFTPD’s SQL Injection Vulnerability Enables Remote Code Execution Attacks
A critical SQL injection vulnerability in ProFTPD, one of the Internet’s most widely deployed FTP servers. Tracked as CVE-2026-42167, this flaw carries a CVSS severity score of 8.1 and affects the mod_sql extension. Depending on how the server is configured, attackers can exploit…