Tag: software
-
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. First seen on cyberscoop.com Jump to article: cyberscoop.com/nist-narrows-cve-analysis-nvd/
-
Check Point Research enttarnt betrügerische Anzeigen für PlaystationJubiläumsedition
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies Ltd. veröffentlicht sein ‘Brand Phishing Ranking” für das erste Quartal 2026 und deckt darin Betrugsversuche mit Sonys Playstation 5 sowie mit vermeintlichen Software-Downloads und Login-Masken von Microsoft auf. Die neuesten Ergebnisse zeigen zudem, dass Microsoft weiterhin die am häufigsten imitierte Marke war und in…
-
Ransomware-Bedrohungen und KI-Transformation verschieben Fokus von Recovery hin zu Resilienz
Der neue ‘Veeam Data Trust and Resilience Report” von Veeam Software stellt fest, dass 90 Prozent der Sicherheitsverantwortlichen davon überzeugt sind, Daten schnell wiederherstellen zu können. Allerdings schaffen es letztlich nur 28 Prozent, die Daten nach einem Ransomware-Angriff auch tatsächlich vollständig wiederherzustellen. Veeam hat den ‘Data Trust and Resilience Report 2026″ veröffentlicht, der eine wachsende…
-
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. First seen on hackread.com Jump to article: hackread.com/openai-gpt-5-4-cyber-boost-defensive-cybersecurity/
-
UK financial regulators rush to assess risks of Anthropic AI model
Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model
-
Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/claude-opus-4-7-released/
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Commvault has a Ctrl+Z for rogue AI agents
The company’s new software keeps an eye on your agents and backs up data. First seen on theregister.com Jump to article: www.theregister.com/2026/04/14/commvault_has_a_ctrlz_for/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Kubernetes Is Eating Production: Why Usage Keeps Climbing Into 2026
<div cla Kubernetes isn’t just up in 2026; it’s becoming the default foundation for production software and AI. The latest CNCF Annual Cloud Native Survey shows that Kubernetes is now the backbone of production infrastructure, with 82% of container users running Kubernetes in production and 94% either running, piloting, or evaluating it. At this point,…
-
Keine Entwarnung trotz Rückgang der Cyber-Angriffe in Deutschland um zwölf Prozent
Check Point Research (CPR), die Sicherheitsforschung-sabteilung von Check Point Software Technologies, hat in seinem seinen Monthly-Cyber-Threat-Report für März 2026 erstmals seit langem einen großflächigen Rückgang der Cyberangriffe beobachtet. Global waren Unternehmen durchschnittlich 1995 Cyber-Angriffe pro Woche ausgesetzt, fünf Prozent weniger als im Vorjahreszeitraum. In der DACH-Region spiegelt sich dieser Trend verstärkt wider: In Deutschland sanken…
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
Janela RAT Spreads via Fake MSI Installers, Malicious Extensions
Janela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers host MSI installation files disguised as legitimate software installers. Unsuspecting users in Chile, Colombia, and Mexico the campaign’s primary targets are lured into downloading these…
-
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
Tags: attack, cyber, cybersecurity, exploit, flaw, hacker, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. The vulnerability poses a significant risk to organizations relying on outdated versions of the software for internal collaboration, as it…
-
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, microsoft, software, sql, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to First seen on thehackernews.com…
-
Claude Mythos Could Flood Vendors With Fixes They Deferred
Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them. Former Microsoft CIO Jim DuBois and IDC’s Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog. First seen on…
-
OpenAI’s Mac apps need updates thanks to the Axios hack
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-axios-supply-chain-attack/
-
OpenAI’s Mac apps needs an update thanks to the Axios hack
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-axios-supply-chain-attack/
-
France Tees Up Big Public Sector Move Away From US Tech
European Governments Grow Suspicious of Silicon Valley. French abandonment of American software for open-source alternatives continues apace, with all government ministries now facing a fall deadline for outlining plans to reduce their dependence on U.S. tech. France must regain control of our digital destiny, said public action minister David Amiel. First seen on govinfosecurity.com Jump…
-
On Anthropic’s Mythos Preview and Project Glasswing
The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of public domain and proprietary software, with the…
-
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever
Tags: access, ai, control, cybersecurity, data-breach, detection, firewall, flaw, identity, malware, network, software, threat, training, zero-trustThe incidentIn cybersecurity, the most important lessons rarely come from theory, but reality.A recent incident involving an experimental AI agent in the Alibaba ecosystem is one of those moments that forces us to pause and rethink some of our core assumptions. During what should have been just model training, the Alibaba AI agent began behaving…

