Month: April 2026

 Multiple vulnerabilities in the CODESYS Control runtime, one of the world’s most widely adopted software-based programmable logic controller (Soft PLC) platforms. According to Nozomi Networks Labs researchers, by chaining these…

[[{"value":"The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first…

 In the modern enterprise, the network is the ultimate source of ground truth. As organizations accelerate their digital transformation and adopt complex, cloud-native security architectures, the traditional perimeter has dissolved.…

 The fast16 malware is a recently exposed sabotage‑capable threat designed to target extremely high‑value environments and ultra‑expensive systems with precision. It does not behave like common commodity malware that aims…

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to

 A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered…

 A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise…

 The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift…

 A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before developers issued a full patch.…

 PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. The research was presented…

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for…

 Anthropic’s “Project Deal” has demonstrated that AI agents can autonomously negotiate and close real-world transactions, but the experiment also surfaced a quiet, troubling asymmetry: not all AI representations are created…

 OpenAI has announced a new Bio Bug Bounty program for GPT-5.5 as part of its efforts to improve safety controls for advanced AI systems and to address misuse in biology.…

[[{"value":"Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks appeared first on SecurityWeek."}]] Read More  

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper