April, 2026 - Security Ticks

Project Glasswing and open source software: The good, the bad, and the ugly

Project Glasswing and open source software: The good, the bad, and the ugly 2026-04-10 at 14:45 By Steven J. Vaughan-Nichols Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities […]

Project Glasswing and open source software: The good, the bad, and the ugly Read More »

Britain seeks views before it drops the hammer on signal jammers

Uncategorized / SecurityTicks

Britain seeks views before it drops the hammer on signal jammers 2026-04-10 at 14:45 By Connor Jones Four-week call for evidence intended to help shape laws aimed at devices linked to crime The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices.… This article is an excerpt

Britain seeks views before it drops the hammer on signal jammers Read More »

Britain’s biggest nuclear site skips competition, hands SAP £33M to start ERP switch

Uncategorized / SecurityTicks

Britain’s biggest nuclear site skips competition, hands SAP £33M to start ERP switch 2026-04-10 at 14:45 By Lindsay Clark Sellafield says sticking with German giant is only way off legacy ECC before support runs dry The government-owned company that runs the UK’s most important nuclear site has begun plans to replace its legacy SAP ERP

Britain’s biggest nuclear site skips competition, hands SAP £33M to start ERP switch Read More »

Poisoned “Office 365” search results lead to stolen paychecks

account hijacking, Canada, Don't miss, enterprise, Hot stuff, MFA, News, Office 365, phishing, SMBs / SecurityTicks

Poisoned “Office 365” search results lead to stolen paychecks 2026-04-10 at 14:45 By Zeljka Zorz A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks

Poisoned “Office 365” search results lead to stolen paychecks Read More »

Gmail’s end-to-end encryption comes to mobile, no extra apps required

Android, email security, Encryption, Gmail, Google, iOS, mobile devices, mobile security, News / SecurityTicks

Gmail’s end-to-end encryption comes to mobile, no extra apps required 2026-04-10 at 14:45 By Anamarija Pogorelec Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for

Gmail’s end-to-end encryption comes to mobile, no extra apps required Read More »

To counter cookie theft, Chrome ships device-bound session credentials

browser, Chrome, cookies, credentials, Malware, News, online tracking, Privacy / SecurityTicks

To counter cookie theft, Chrome ships device-bound session credentials 2026-04-10 at 14:45 By Mirko Zorz Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials.

To counter cookie theft, Chrome ships device-bound session credentials Read More »

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

Chrome, patches, Vulnerabilities, vulnerability / SecurityTicks

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 2026-04-10 at 14:45 By Eduard Kovacs The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers. The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek. This article is an excerpt from

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 Read More »

MITRE Releases Fight Fraud Framework

F3, Fight Fraud Framework, framework, fraud, Fraud & Identity Theft, MITRE / SecurityTicks

MITRE Releases Fight Fraud Framework 2026-04-10 at 14:45 By Ionut Arghire The document provides a behavior-based model of the tactics and techniques employed by fraudsters. The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

MITRE Releases Fight Fraud Framework Read More »

Critical Marimo Flaw Exploited Hours After Public Disclosure

exploited, Marimo, Vulnerabilities, vulnerability / SecurityTicks

Critical Marimo Flaw Exploited Hours After Public Disclosure 2026-04-10 at 14:45 By Ionut Arghire Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure Read More »

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

Uncategorized / SecurityTicks

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About 2026-04-10 at 14:45 By While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About Read More »

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Expert Perspective, Trend Micro Research : Network, Trend Micro Research : Ransomware / SecurityTicks

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 2026-04-10 at 12:11 By The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 Read More »

Fewer than 3 in 10 register for HMRC’s Making Tax Digital shake-up

Uncategorized / SecurityTicks

Fewer than 3 in 10 register for HMRC’s Making Tax Digital shake-up 2026-04-10 at 11:48 By Paul Kunert Most sole traders and landlords ignore marketing campaigns, though fines are coming Fewer than three-tenths of those required to sign up for quarterly software-based Making Tax Digital (MTD) reporting for the latest tax year that started this

Fewer than 3 in 10 register for HMRC’s Making Tax Digital shake-up Read More »

Little Snitch for Linux shows what your apps are connecting to

cybersecurity, Linux, network, network monitoring, News, open source, software / SecurityTicks

Little Snitch for Linux shows what your apps are connecting to 2026-04-10 at 11:48 By Mirko Zorz Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development,

Little Snitch for Linux shows what your apps are connecting to Read More »

Apiiro CLI turns AI coding assistants into full-stack security engineers

Apiiro, Industry news / SecurityTicks

Apiiro CLI turns AI coding assistants into full-stack security engineers 2026-04-10 at 11:48 By Industry News The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt

Apiiro CLI turns AI coding assistants into full-stack security engineers Read More »

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Uncategorized / SecurityTicks

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows 2026-04-10 at 11:16 By Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows Read More »

Google Rolls Out Cookie Theft Protections in Chrome

Chrome, DBSC, Google, Identity & Access, session cookies / SecurityTicks

Google Rolls Out Cookie Theft Protections in Chrome 2026-04-10 at 11:06 By Ionut Arghire New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Rolls Out Cookie Theft Protections in Chrome Read More »

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview

Adobe, apple, cybersecurity, Expert analysis, Google, Ivanti, Mozilla, News, Patch Tuesday / SecurityTicks

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview 2026-04-10 at 10:37 By Help Net Security I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview Read More »

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

Android, Cryptocurrency, EngageLab, Mobile & Wireless, SDK, Vulnerabilities, vulnerability / SecurityTicks

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users 2026-04-10 at 10:37 By Eduard Kovacs The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago. The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek. This article is an

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users Read More »

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Uncategorized / SecurityTicks

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers 2026-04-10 at 10:37 By Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers Read More »