Tag: exploit
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign
Multiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors are disguising malicious payloads as legitimate installers for tools such as Proton VPN, OhmGraphite, Sidebar Diagnostics, Pachtop, and HardwareVisualizer. The files are hosted…
-
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
What are the real threat vectors for our organization?What’s actually exploitable in our environment right now?What should we proactively fix?The platform monitors thousands of threat sources, contextualizes them against a user’s actual attack surface, and puts that intelligence to work across hunt, detection, and exposure management use cases. One platform. Answers, not alerts.Modern teams receive…
-
Hackers Exploit n8n Webhooks to Spread Malware
A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
-
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
A security researcher operating under the alias >>Chaotic Eclipse<< has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerability. The uncoordinated release highlights an escalating conflict between independent security researchers and Microsoft's vulnerability disclosure programs. Public…
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
No reports of active exploitation (yet) First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/critical_fortinet_sandbox_bugs/
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA’s exploited list First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/excel_exploit/
-
Medium-severity flaw in Microsoft SharePoint exploited
The flaw should be taken seriously, despite its relatively low score, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/medium-severity-flaw-microsoft-sharepoint-exploitation/817559/
-
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA’s exploited list First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/excel_exploit/
-
Vorbereitung auf offensive KI: Neue Anforderungen an die Sicherheitsbewertung von IT”‘Infrastrukturen
Die rasante Entwicklung offensiver künstlicher Intelligenz verändert die Bedrohungslandschaft für Unternehmen grundlegend. Autonome Systeme sind inzwischen in der Lage, digitale Umgebungen selbstständig zu analysieren, Schwachstellen zu identifizieren und Exploits nahezu ohne menschliches Zutun zu entwickeln. Dadurch verkürzen sich Entwicklungs- und Angriffszyklen erheblich von ehemals Monaten auf teilweise nur noch wenige Tage. Klassische Sicherheitsansätze geraten… First…
-
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA’s exploited list First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/excel_exploit/
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…
-
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA’s exploited list First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/excel_exploit/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
AI platform n8n abused for stealthy phishing and malware delivery
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
-
Microsoft’s Windows Recall still allows silent data extraction
Exploitation risk: The barrier to weaponizing this technique is lower than Microsoft’s security messaging would suggest, Hagenah said.”They only need code running in the user’s context and a way to reuse the authorized Recall session,” he said. “That is a much lower bar than many people would assume from Microsoft’s security messaging.”While Recall’s limitation to…
-
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…
-
Behind the Mythos hype, Glasswing has just one confirmed CVE
Why is Glasswing still a big deal: VulnCheck’s findings reframe Glasswing’s capabilities. The limited number of directly attributable CVEs is just one way of measuring its impact. Industry observers are interpreting Mythos much differently.Melissa Bischoping, a SANS Technology Institute board member and senior Director of security and product research at Tanium, thinks Mythos potential lies…
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…