Tag: attack
-
UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft
A surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral movement methods. The attack chain begins with well-crafted phishing emails that appear to discuss humanitarian aid proposals. These emails typically…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It
Most ransomware discussions focus on encryption, downtime, and recovery. But the real story is what happens before any of that becomes visible. Recent reporting from Cyber Security News highlights how attackers are increasingly using “EDR killers” to quietly disable endpoint protection tools early in the attack chain. By the time ransomware is executed, the systems…
-
Hackers Are Targeting Critical Infrastructure to Cause Real-World Damage
Critical infrastructure was once considered too complex and isolated to be a primary cyber target. That assumption no longer holds. New reporting from Cyber Security News reveals that the Iran-linked CyberAv3ngers group is actively targeting water utilities, energy systems, and industrial controllers across the United States. What started as symbolic attacks has now evolved into…
-
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/
-
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/edr-killer-ecosystem-expansion-requires-stronger-byovd-defenses
-
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Security teams can’t test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax filing deadlines. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/test-networks-withstand-ddos-attacks-peak-loads
-
Microsoft’s massive Patch Tuesday: It’s raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more First seen on theregister.com Jump to article: www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Emulating the Persuasive NightSpire Ransomware
AttackIQ has released a new attack graph that emulates the behaviors of NightSpire Ransomware, a financially motivated ransomware and data extortion group that emerged in early 2025 and quickly evolved into a full double-extortion operation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/emulating-the-persuasive-nightspire-ransomware/
-
4 questions to ask before outsourcing MDR
2. Can your team separate real threats from noise?: Alert fatigue is one of the biggest barriers to effective security. Tools generate volumes of signals, but not all alerts represent real risk. When everything looks critical, teams either burn out or miss the alerts that matter most.MDR helps by applying human expertise and threat intelligence…
-
Meet us at IDSA Identity Day 2026
Our founder Simon Moffatt will be attending two sessions at this years Identity Defined Security Alliance Identity Day 2026. He will present a key note session entitled “Identity Attack Surface Management: Why Now” which uncovers what identity security is really trying to achieve. As we have more identities, more identities and a broader array of……
-
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/claude-mythos-test-attack-capabilities-limits/
-
The Iranian Conflict Leads to the Latest Attack on OT Production – ARIA Cybersecurity
<div cla CISA and the FBI warned that Iranian-backed cyber attackers are targeting Rockwell LOGIX® PLC deployments in Government, Energy and Water/Wastewater as well as other industries first back on March 20th 206. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-iranian-conflict-leads-to-the-latest-attack-on-ot-production-aria-cybersecurity/
-
Claude Mythos Changed Everything. Your APIs Are the First Target.
Tags: access, ai, api, attack, breach, ceo, crowdstrike, cyber, cybersecurity, data, endpoint, exploit, finance, flaw, infrastructure, threat, tool, update, vulnerability, zero-dayAnthropic just released Claude Mythos Preview. They did not make it publicly available. That decision alone should tell you everything you need to know about what this model can do. During internal testing, Mythos autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. It found a 27-year-old bug in OpenBSD.…
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
How AI is transforming threat detection
Tags: ai, attack, automation, best-practice, business, ceo, cisa, cve, cyber, data, detection, email, endpoint, framework, google, governance, group, incident response, intelligence, international, jobs, kev, malware, network, nist, organized, phishing, risk, skills, soc, switch, technology, threat, toolReducing alert fatigue: In alert triage, AI agents are reducing alert fatigue by clustering alert patterns and enabling risk-based prioritization, adds Dipto Chakravarty, chief product and technology officer at Black Duck.For example, natural language processing agents can summarize threat alerts at scale and correlate them with threat intel feeds such as CVE.org and the CISA KEV Catalog,…
-
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
Tags: attack, cyber, cybersecurity, exploit, flaw, hacker, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. The vulnerability poses a significant risk to organizations relying on outdated versions of the software for internal collaboration, as it…
-
Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready
In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/idan-habler-cisco-agentic-ai-memory-attacks/
-
Rockstar’s GTA Game Hacked, 78.6 Million Records Published Online
Rockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers executed a supply-chain attack through a third-party analytics platform, highlighting the escalating risk of integrated…
-
Anthropic’s Mythos signals a structural cybersecurity shift
Tags: access, ai, attack, business, ciso, control, corporate, cyber, cybersecurity, defense, exploit, governance, network, offense, risk, supply-chain, technology, updateClaude Mythos Preview is a step up: A separate analysis from the UK’s AI Security Institute (AISI) evaluated Mythos Preview itself.The evaluations involved both capture-the-flag (CTF) challenges and more complex ranges designed to simulate multi-step attack scenarios, where the model outperformed other AI systems.Mythos Preview came out on top in a 32-step corporate network attack…
-
Where Retail and Hospitality Fraud is Actually Happening Now (and What to Do About It)
As retail and hospitality security leaders gather in Austin, TX for the 2026 RH-ISAC Cybersecurity Summit, one inconvenient reality is coming into focus: the fraud gap is widening with automated attacks and human-driven abuse. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/where-retail-and-hospitality-fraud-is-actually-happening-now-and-what-to-do-about-it/
-
Best of the Worst: Five Attacks That Already Knew Your Name
<div cla TL;DR This week’s Attack of the Day posts revealed a clear shift from volume to precision. A phishing PDF auto-launched a credential harvest page the instant it opened, no click required. A QR code inside another PDF had the target’s email address pre-encoded in base64, so the landing page pre-filled the victim’s username…
-
Why Network Monitoring Alone Misses Application Attacks
Tags: application-security, attack, defense, detection, exploit, monitoring, network, tool, vulnerability, waf<div cla TL;DR Network security monitoring excels at traffic analysis and perimeter defense, yet research shows WAF alerts generate overwhelming noise with minimal correlation to actual exploit attempts. The gap exists because network tools operate at the packet level or network edge, while application attacks exploit vulnerabilities during code execution. Runtime application security through Application…
-
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect…
-
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-rotates-macos-certs-after-axios-attack-hit-code-signing-workflow/
-
Hacker group threatens to release Grand Theft Auto VI data in Rockstar Games attack
The group named ShinyHunters have accessed a third party server and have given the company a deadline of 14 April to enter ransom negotiations Rockstar Games, the studio behind Grand Theft Auto, has been the target of a cyberattack for the second time in three years. A hacker group called ShinyHunters said it would release…
-
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/