Tag: software
-
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/
-
Decades-old Linux UI bug fixed by dev younger than the window manager
Kamila Szewczyk prefers old software, as back then people understood something could actually be finished First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/enlightenment_e16_bug_patched/
-
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities
-
Mythos and Cybersecurity
Tags: access, ai, apple, crowdstrike, cybersecurity, exploit, microsoft, service, software, vulnerabilityLast week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations”, Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical…
-
Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built
Explore the clash between “Vibe Coding” and modern software governance. Learn why high-speed AI generation demands stronger SBOM transparency and accountability in 2026. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/vibe-coding-vs-sbom-one-builds-fast-the-other-tells-you-what-you-just-built/
-
“Your shipment has arrived” email hides remote access software
This DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/your-shipment-has-arrived-email-hides-remote-access-software/
-
Facebook-Falle: Wie APT37-Hacker per Freundschaftsanfrage Malware verbreiten
Die nordkoreanische Hackergruppe APT37 nutzt Facebook-Profile für gezieltes Social Engineering. Wie Angreifer über manipulierte PDF-Software vollen Zugriff auf Nutzerdaten erlangen und welche Spionagetaktiken aktuell im Einsatz sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/facebook-hacker-malware
-
Claude Opus wrote a Chrome exploit for $2,283
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software First seen on theregister.com Jump to article: www.theregister.com/2026/04/17/claude_opus_wrote_chrome_exploit/
-
Anthropic Introduces Claude Opus 4.7 for Advanced Problem-Solving
Anthropic has officially launched Claude Opus 4.7, a major upgrade designed to tackle complex software engineering while introducing rigorous new cybersecurity safeguards. Released on April 16, 2026, this model brings enhanced problem-solving capabilities to developers and actively addresses the dual-use risks associated with artificial intelligence. The release ties directly into Anthropic’s recently announced Project Glasswing,…
-
Schatten-OT: Die unsichtbare Gefahr in Fabriken
Tags: softwareDie Hackerangriffe auf Industrieanlagen nehmen weiterhin zu. Unternehmen müssen daher aktiv gegen Schatten-OT vorgehen und blinde Flecken in ihrer Sicherheitsstrategie schließen. Doch Visibilität herzustellen ist nur der erste Schritt und das Fundament für eine holistische OT-Sicherheitsstrategie. Unter dem Begriff Schatten-IT fassen Fachleute Hard- und Software zusammen, die nicht durch die unternehmensinterne IT-Abteilung bereitgestellt, kuratiert… First…
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. First seen on cyberscoop.com Jump to article: cyberscoop.com/nist-narrows-cve-analysis-nvd/
-
Check Point Research enttarnt betrügerische Anzeigen für PlaystationJubiläumsedition
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies Ltd. veröffentlicht sein ‘Brand Phishing Ranking” für das erste Quartal 2026 und deckt darin Betrugsversuche mit Sonys Playstation 5 sowie mit vermeintlichen Software-Downloads und Login-Masken von Microsoft auf. Die neuesten Ergebnisse zeigen zudem, dass Microsoft weiterhin die am häufigsten imitierte Marke war und in…
-
Ransomware-Bedrohungen und KI-Transformation verschieben Fokus von Recovery hin zu Resilienz
Der neue ‘Veeam Data Trust and Resilience Report” von Veeam Software stellt fest, dass 90 Prozent der Sicherheitsverantwortlichen davon überzeugt sind, Daten schnell wiederherstellen zu können. Allerdings schaffen es letztlich nur 28 Prozent, die Daten nach einem Ransomware-Angriff auch tatsächlich vollständig wiederherzustellen. Veeam hat den ‘Data Trust and Resilience Report 2026″ veröffentlicht, der eine wachsende…
-
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. First seen on hackread.com Jump to article: hackread.com/openai-gpt-5-4-cyber-boost-defensive-cybersecurity/
-
UK financial regulators rush to assess risks of Anthropic AI model
Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model
-
Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/claude-opus-4-7-released/
-
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Commvault has a Ctrl+Z for rogue AI agents
The company’s new software keeps an eye on your agents and backs up data. First seen on theregister.com Jump to article: www.theregister.com/2026/04/14/commvault_has_a_ctrlz_for/