Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal…
Over 100 Malicious Chrome Extensions Steal Google Tokens, Hijack Telegram Sessions, and Inject Ads
Security researchers at Socket have identified over 100 malicious extensions in the Chrome Web Store that are part of a coordinated campaign. Thank you for being a Ghacks reader. The post Over 100 Malicious Chrome Extensions Steal Google Tokens, Hijack…
Banks Test Systems After Anthropic Mythos Warning
US Treasury seeks access to latest Claude model, Wall Street banks carry out tests after Anthropic warns of security risks This article has been indexed from Silicon UK Read the original article: Banks Test Systems After Anthropic Mythos Warning
ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa patched vulnerabilities. The post ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Ransomware drama, faked Ledger app, Treasury wants Mythos
Ransomware rivals turn on each other Fake Ledger app drains millions in crypto US Treasury wants access to Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-ransomware-drama-faked-ledger-app-treasury-wants-mythos/ Huge thanks to our sponsor, Conveyor Your trust center was a great start. But if…
EU flags four porn sites for failing to protect minors
The European Commission has preliminarily found Pornhub, Stripchat, XNXX, and XVideos in breach of the Digital Services Act for failing to keep minors from accessing… The post EU flags four porn sites for failing to protect minors appeared first on…
Texas Man Charged With Molotov Attack On Altman Home
Daniel Moreno-Gama, 20, arraigned in San Francisco after allegedly attempting to set fire to Altman’s home, battering OpenAI headquarters This article has been indexed from Silicon UK Read the original article: Texas Man Charged With Molotov Attack On Altman Home
FUNNULL Scam Network Resurfaces With 175+ Rotating Domains Worldwide
FUNNULL-Linked Triad Nexus has quietly rebuilt its scam infrastructure, now rotating through more than 175 CNAME domains to keep a sprawling global fraud and brand‑impersonation network online. Following U.S. Treasury sanctions in May 2025 against FUNNULL Technology Inc., a core…
Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
Microsoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors are already exploiting this weakness in…
Zero Trust for Nonhuman Workload Access: A Primer
6 min readZero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house. The post…
IT Security News Hourly Summary 2026-04-15 09h : 9 posts
9 posts were published in the last hour 6:32 : Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions 6:32 : OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis 6:32 : 25,000+ Endpoints Exposed by…
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
Ivanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unauthorized access to corporate…
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
OpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providing verified security professionals with advanced…
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers on Anthropic’s Claude Mythos,…
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers
Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that purpose. The…
Fortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
Fortinet has recently released a comprehensive security update, patching 11 newly identified vulnerabilities across several of its core enterprise products. The security flaws affect critical infrastructure components, including FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager. Addressing these vulnerabilities is paramount for organizations…
JanaWare Ransomware Hits Turkish Users via Customized Adwind RAT
A new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict activity to Turkish systems, signaling a focused and…
How to improve the SOC analyst experience — and why it matters
<p>Security Operations Center analysts stand on the front lines between their organizations and countless cyberthreats. How effectively an analyst reacts to any given security alert could mean the difference between a contained, minor incident and a full-on data breach.</p> <p>Too…
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive use of AI accelerates defenders – those responsible for keeping…
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting…
Microsoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-Day
Microsoft has released its highly anticipated April 2026 Patch Tuesday security updates, addressing a massive 168 vulnerabilities across its vast product portfolio. According to recent cybersecurity news reports, this comprehensive update includes a patch for one actively exploited zero-day vulnerability…
Dragon Boss Solutions Supply Chain Attack Exposes 25,000+ Endpoints
Early on Sunday, 22 March 2025, what initially appeared to be routine adware suddenly escalated into a serious supply chain risk across managed environments. Seemingly benign executables, signed by Dragon Boss Solutions LLC, were using a built-in update mechanism to…
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub…