Tag: software
-
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository.In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release.…
-
The Time Is Now to Prepare for CRA Enforcement
Tags: cyber, cybersecurity, Hardware, international, law, network, resilience, software, supply-chain<div cla When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we’ve seen anywhere in the world with implications for how organizations build, ship, and maintain software. It establishes cybersecurity requirements for hardware and software products sold within the European Union or…
-
Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations
Infrastructure intelligence firm Infrawatch has exposed a globally distributed SIM Farm-as-a-Service ecosystem powered by a single Belarus-based software platform called ProxySmart, identifying 87 exposed control panels across 17 countries and at least 94 physical phone-farm locations. A SIM farm is a physical rack of smartphones or 4G/5G USB modems, each loaded with active SIM cards…
-
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/progress-waf-bypass-cve-2026-21876/
-
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Tags: softwareInfrawatch says ProxySmart platform enables SIM farm activity at “industrial scale” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-proxysmart-software-90/
-
Airbus Acquires Quarkslab to Counter AI Reverse Engineering
French Vendor’s QShield Offering Protects Edge Systems From Reverse Engineering. Aircraft manufacturer Airbus plans to acquire 100-person French cybersecurity vendor Quarkslab to strengthen sovereign European defenses by protecting aerospace and defense software, data and edge systems from AI-driven reverse engineering and exploitation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/airbus-acquires-quarkslab-to-counter-ai-reverse-engineering-a-31474
-
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
Tags: ai, apache, cybersecurity, defense, exploit, flaw, infrastructure, LLM, software, tool, update, vulnerabilityCSO. “In a world where an LLM can help an attacker weaponize a bug the second it’s announced, taking 12 days to patch is essentially a suicide note for your network”.Vulnerable are versions of ActiveMQ and ActiveMQ Broker before 5.19.4, and 6.0 to before 6.2.3; this means the flaw could have been exploited for over…
-
Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox
The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition. First seen on wired.com Jump to article: www.wired.com/story/mozilla-used-anthropics-mythos-to-find-271-bugs-in-firefox/
-
Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition
<div cla Software supply chain security is maturing. The practitioners leading that charge deserve more than a customer portal. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/sonatype-innovate-real-peer-connections-real-product-influence-real-recognition/
-
Why identity is the driving force behind digital transformation
Who they are and what they are up to.The project they are working on.Which environment should they use?Using this information, the system can determine which resource someone needs, when they need it and how to use it. The principle behind it is ‘never trust, always verify’. With it, errors that normally occur are reduced, less…
-
AI-Driven Exploitation Could Shrink Defenders’ Patch Window
AI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead, they demonstrate the reasoning ability of full-spectrum security researchers. According to recent findings from Unit 42,…
-
CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a severe software supply chain compromise affecting the widely used Axios node package manager (npm). Axios is a highly popular JavaScript library that developers rely on to handle HTTP requests in both Node.js and browser environments. Because of its massive global adoption…
-
Palantir’s NHS future in doubt as ministers eye contract break
£330M deal leaves service with no ownership of software built to connect trusts to the platform First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/palantir_nhs_break_clause/
-
Kein Word, kein ChatGPT, kein Google: Was passiert, wenn man eine Woche auf europäische Software setzt
First seen on t3n.de Jump to article: t3n.de/news/kein-word-kein-chatgpt-kein-google-1728129/
-
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/
-
Decades-old Linux UI bug fixed by dev younger than the window manager
Kamila Szewczyk prefers old software, as back then people understood something could actually be finished First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/enlightenment_e16_bug_patched/
-
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities
-
Mythos and Cybersecurity
Tags: access, ai, apple, crowdstrike, cybersecurity, exploit, microsoft, service, software, vulnerabilityLast week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations”, Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical…
-
Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built
Explore the clash between “Vibe Coding” and modern software governance. Learn why high-speed AI generation demands stronger SBOM transparency and accountability in 2026. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/vibe-coding-vs-sbom-one-builds-fast-the-other-tells-you-what-you-just-built/
-
“Your shipment has arrived” email hides remote access software
This DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/your-shipment-has-arrived-email-hides-remote-access-software/
-
Facebook-Falle: Wie APT37-Hacker per Freundschaftsanfrage Malware verbreiten
Die nordkoreanische Hackergruppe APT37 nutzt Facebook-Profile für gezieltes Social Engineering. Wie Angreifer über manipulierte PDF-Software vollen Zugriff auf Nutzerdaten erlangen und welche Spionagetaktiken aktuell im Einsatz sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/facebook-hacker-malware
-
Claude Opus wrote a Chrome exploit for $2,283
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software First seen on theregister.com Jump to article: www.theregister.com/2026/04/17/claude_opus_wrote_chrome_exploit/
-
Anthropic Introduces Claude Opus 4.7 for Advanced Problem-Solving
Anthropic has officially launched Claude Opus 4.7, a major upgrade designed to tackle complex software engineering while introducing rigorous new cybersecurity safeguards. Released on April 16, 2026, this model brings enhanced problem-solving capabilities to developers and actively addresses the dual-use risks associated with artificial intelligence. The release ties directly into Anthropic’s recently announced Project Glasswing,…
-
Schatten-OT: Die unsichtbare Gefahr in Fabriken
Tags: softwareDie Hackerangriffe auf Industrieanlagen nehmen weiterhin zu. Unternehmen müssen daher aktiv gegen Schatten-OT vorgehen und blinde Flecken in ihrer Sicherheitsstrategie schließen. Doch Visibilität herzustellen ist nur der erste Schritt und das Fundament für eine holistische OT-Sicherheitsstrategie. Unter dem Begriff Schatten-IT fassen Fachleute Hard- und Software zusammen, die nicht durch die unternehmensinterne IT-Abteilung bereitgestellt, kuratiert… First…
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…

