Month: April 2026

[[{"value":"The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified. The post Malicious AI Prompt Injection Attacks Increasing, but Sophistication…

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible

 North Korean state-sponsored hackers from the Kimsuky group have launched a targeted campaign against prescription pharmaceutical companies, using a cleverly disguised malware file named White Life Science ERP Specification. The…

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly

[[{"value":"Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. The post Energy and Water Management Firm Itron Hacked appeared first on…

 A new and more capable version of the ClickFix attack has been spotted in the wild, and it works a little differently from what security teams have seen before. Instead…

[[{"value":"The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access. The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’…

 Microsoft has acknowledged a service degradation affecting Outlook.com, with users reporting difficulties accessing the platform as of Monday, April 27, 2026. The company’s official Microsoft 365 Status account on X…

[[{"value":"A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek."}]] Read More  

 Microsoft has officially released a new Group Policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices, a move that signals a…

[[{"value":"U.S. officials have announced a sweeping crackdown on Southeast Asian cyberscam operations as part of what U.S. Attorney Jeanine Pirro characterized Friday as a “new theater of war” launched by…

 A suspicious executable named Vibing.exe on the Microsoft Store has sparked major privacy and security alarms among cybersecurity researchers. Marketed as an interface to the “AI-native world” by the elusive…

 Vidar, one of the most active information-stealing malware families, has taken on a new shape in 2026. Researchers have found that its latest version now conceals second-stage payloads inside JPEG…