Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ Nearly half of UK businesses are still getting breached, and in many cases, the attacker’s big breakthrough is an employee clicking “sure,…
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Benchmarking AI Pentesting Tools: A Practical Comparison
We benchmarked 4 AI pentesting tools: Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed. The post Benchmarking AI Pentesting Tools: A Practical Comparison appeared first…
What type of ‘C2 on a sleep cycle’ do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
Just in time for the Trump-Xi summit Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.……
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Hackers Use Hidden QEMU Linux VMs to Evade Windows Security and Launch Stealth Attacks
Cybersecurity experts have uncovered a stealthy tactic where attackers bypass Windows defenses by running concealed Linux virtual machines using QEMU. Researchers warn that these hidden environments allow threat actors to maintain persistent access, steal sensitive data, and even deploy…
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security
OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in April 2026, the action plan outlines five…
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows…
Fast16 Malware
Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage ever…
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed…
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Australian Regulator Warns Banks Over AI Risks
Australian financial stability regulator warns financial organisations need to do more to keep up with risks from advanced AI tools This article has been indexed from Silicon UK Read the original article: Australian Regulator Warns Banks Over AI Risks
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
Extremely sensitive personal data from a European celebrity that appears to have been compiled using spyware was publicly accessible until a researcher flagged the exposure. This article has been indexed from Security Latest Read the original article: Exposed Data Illustrates…
Meta accused of violating DSA by failing to safeguard minors
The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed…
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully capable security analyst by giving it direct, correlated access to 27 intelligence tools spanning 21 external APIs all…
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense,” outlining a five-pillar strategy to equip trusted defenders with advanced AI capabilities while preventing adversarial misuse. Artificial intelligence…
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
European police arrested 10 suspects after dismantling Albanian scam call centers linked to a €50m ($58m) online investment fraud operation This article has been indexed from www.infosecurity-magazine.com Read the original article: Europol Busts Albanian Scam Call Centers in Major Online…
IT Security News Hourly Summary 2026-04-30 12h : 20 posts
20 posts were published in the last hour 9:36 : Anthropic Considers Funding Offers At $900bn Valuation 9:36 : Meta Shares Slump As It Boosts Capex Prediction 9:36 : Google Sells Custom AI Chips For First Time Amid Cloud Growth…
Anthropic Considers Funding Offers At $900bn Valuation
AI start-up reportedly mulls offers from investors that could give it higher valuation than ChatGPT maker OpenAI This article has been indexed from Silicon UK Read the original article: Anthropic Considers Funding Offers At $900bn Valuation
Meta Shares Slump As It Boosts Capex Prediction
Facebook parent Meta says spending on areas such as AI data centres to rise dramatically, as Iran war takes toll on user base This article has been indexed from Silicon UK Read the original article: Meta Shares Slump As It…
Google Sells Custom AI Chips For First Time Amid Cloud Growth
Google begins selling custom Tensor Processing Units to third-parties for first time, as cloud unit records record growth This article has been indexed from Silicon UK Read the original article: Google Sells Custom AI Chips For First Time Amid Cloud…
Amazon Cloud Growth Beats Expectations Amid AI Boom
Amazon sees higher-than-expected earnings and revenue, as cloud growth beats predictions and capital spending remains steady This article has been indexed from Silicon UK Read the original article: Amazon Cloud Growth Beats Expectations Amid AI Boom
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The…
What We Do in the Shadows: How CISOs Can Crack Down on Shadow AI
Shadow AI is spreading across enterprises as employees use AI tools without oversight, creating new data security and compliance risks. The post What We Do in the Shadows: How CISOs Can Crack Down on Shadow AI appeared first on Security…