Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross‑platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging…
“Pics or it didnt happen” – What BlueHammer tells us about Vulnerability Disclosure
Last week, reports circulated about an unpatched security vulnerability in Microsoft Windows. The “BlueHammer” 0-day vulnerability allows a normal user to gain system-level privileges. Microsoft allegedly refused to accept a report about the vulnerability—because video proof was missing. This article…
AI adoption is outpacing the safeguards around it
AI is becoming part of both professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are now tested in reasoning, safety, and real-world tasks, but the reliability of those measurements remains uncertain.…
Oracle Expands Fuel-Cell Deal With Bloom Energy
Oracle to buy up to 2.8 GW of fuel-cell power from Bloom Energy, as it seeks quicker roll-out of AI data centre infrastructure This article has been indexed from Silicon UK Read the original article: Oracle Expands Fuel-Cell Deal With…
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
Cybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. The vulnerability poses a significant…
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
The security defects allow attackers to escalate privileges and execute arbitrary code remotely. The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Organizations Warned…
Over Permissive and Proliferating, AI-Driven Browser Extensions Create Security Blindspots
How many browsers extensions do you have running? Most enterprise users have at least one and seven out of ten have seen an extension expand its permissions over the last 12 months—with AI extensions being the worst offenders…by sixfold. The…
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting…
Hackers Steal Healthcare Recruitment Data
Hackers claim to have stolen detailed data from Dublin-based healthcare recruitment platform, including background-check information This article has been indexed from Silicon UK Read the original article: Hackers Steal Healthcare Recruitment Data
The Treatment Was Successful. Unfortunately the Patient Died
Explore the debate between “Cyber Nirvana” and the “Vulnpocalypse” as AI tools like Anthropic’s Mythos threaten to collapse the traditional security model in a “supernova” event. The post The Treatment Was Successful. Unfortunately the Patient Died appeared first on Security…
Hackers Target Rockstar Ahead Of GTA VI Launch
Hackers say they plan to release stolen data after targeting Rockstar Games Snowflake instance, ahead of GTA VI launch this year This article has been indexed from Silicon UK Read the original article: Hackers Target Rockstar Ahead Of GTA VI…
OpenAI Suspends Stargate UK Plan
OpenAI signs lease for first permanent London office, after pausing plans for AI infrastructure project that was part of wider US investment This article has been indexed from Silicon UK Read the original article: OpenAI Suspends Stargate UK Plan
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
SAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service…
Fake Claude AI installer abuses DLL sideloading to deploy PlugX
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity…
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its…
Why Vulnerabilities Are Increasing in the AI Era?
The cybersecurity landscape is undergoing a fundamental transformation. Over the past few years, organizations have witnessed a sharp increase in reported vulnerabilities, with global disclosures crossing 20,000+ annually. While this surge may appear alarming, it does not necessarily indicate that…
Claude Mythos Preview’s capabilities, Anodot breached companies face extortion, wolfSSL flaw enables forged certificates
Claude Mythos Preview’s cyber capabilities Anodot hack leaves breached companies facing extortion wolfSSL library flaw enables forged certificate use Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-mythos-previews-capabilities-anodot-breached-companies-face-extortion-wolfssl-flaw-enables-forged-certificates/ Huge thanks to our sponsor, Conveyor Three tools to manage customer security reviews is two…
Artemis II Astronauts Return From Far Side Of Moon
Four astronauts become first humans to travel around Moon in more than 50 years, as NASA lays plans for surface landing This article has been indexed from Silicon UK Read the original article: Artemis II Astronauts Return From Far Side…
Okta Under Attack as Hackers Skip Phishing for Identity Systems
Hackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice‑based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization‑wide cloud data…
IT Security News Hourly Summary 2026-04-14 09h : 7 posts
7 posts were published in the last hour 6:9 : CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited 6:9 : APT41 Targets Linux Cloud Servers With New Winnti Backdoor 6:9 : Synology SSL VPN Client Vulnerability Enabled Remote…
CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet software. On April 13, 2026, CISA added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat actors…
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a…
Synology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive Files
Synology has recently released a crucial security update to fix two notable vulnerabilities in its SSL VPN Client utility. Tracked under the security advisory Synology-SA-26:05, these flaws could allow remote attackers to access sensitive system files and intercept secure network…
Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware
A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the…