News - Security Ticks

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast 2026-04-12 at 13:59 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Cloudflare announced it is targeting 2029 to complete post-quantum security […]

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast Read More »

ClickFix campaign delivers Mac malware via fake Apple page

Don't miss, Hot stuff, Jamf, macOS, Malware, News, social engineering / SecurityTicks

ClickFix campaign delivers Mac malware via fake Apple page 2026-04-10 at 17:22 By Zeljka Zorz Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a

ClickFix campaign delivers Mac malware via fake Apple page Read More »

Gmail’s end-to-end encryption comes to mobile, no extra apps required

Android, email security, Encryption, Gmail, Google, iOS, mobile devices, mobile security, News / SecurityTicks

Gmail’s end-to-end encryption comes to mobile, no extra apps required 2026-04-10 at 14:45 By Anamarija Pogorelec Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for

Gmail’s end-to-end encryption comes to mobile, no extra apps required Read More »

Poisoned “Office 365” search results lead to stolen paychecks

account hijacking, Canada, Don't miss, enterprise, Hot stuff, MFA, News, Office 365, phishing, SMBs / SecurityTicks

Poisoned “Office 365” search results lead to stolen paychecks 2026-04-10 at 14:45 By Zeljka Zorz A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks

Poisoned “Office 365” search results lead to stolen paychecks Read More »

To counter cookie theft, Chrome ships device-bound session credentials

browser, Chrome, cookies, credentials, Malware, News, online tracking, Privacy / SecurityTicks

To counter cookie theft, Chrome ships device-bound session credentials 2026-04-10 at 14:45 By Mirko Zorz Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials.

To counter cookie theft, Chrome ships device-bound session credentials Read More »

Little Snitch for Linux shows what your apps are connecting to

cybersecurity, Linux, network, network monitoring, News, open source, software / SecurityTicks

Little Snitch for Linux shows what your apps are connecting to 2026-04-10 at 11:48 By Mirko Zorz Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development,

Little Snitch for Linux shows what your apps are connecting to Read More »

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview

Adobe, apple, cybersecurity, Expert analysis, Google, Ivanti, Mozilla, News, Patch Tuesday / SecurityTicks

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview 2026-04-10 at 10:37 By Help Net Security I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview Read More »

Product showcase: Session, a messenger without phone numbers or metadata

communication, messaging, News, Privacy, Product showcase, Session / SecurityTicks

Product showcase: Session, a messenger without phone numbers or metadata 2026-04-10 at 08:57 By Anamarija Pogorelec Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks,

Product showcase: Session, a messenger without phone numbers or metadata Read More »

Health insurance lead sites sell personal data within seconds of form submission

data collection, Data leak, Don't miss, fcc, Features, healthcare, Hot stuff, Insurance, News, Privacy, research, spam / SecurityTicks

Health insurance lead sites sell personal data within seconds of form submission 2026-04-10 at 08:57 By Mirko Zorz Lead generation websites that offer health insurance quotes collect sensitive personal data and sell it to multiple buyers within seconds of a user clicking submit. A study by researchers at UC Davis, Stanford University, and Maastricht University

Health insurance lead sites sell personal data within seconds of form submission Read More »

What vibe hunting gets right about AI threat hunting, and where it breaks down

Artificial Intelligence, cybersecurity, Don't miss, Exaforce, Features, Hot stuff, LLMs, News, opinion, threat hunting / SecurityTicks

What vibe hunting gets right about AI threat hunting, and where it breaks down 2026-04-10 at 08:57 By Mirko Zorz In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI

What vibe hunting gets right about AI threat hunting, and where it breaks down Read More »

New infosec products of the week: April 10, 2026

Advenica, Intruder, Mallory, News, Secureframe, Trellix / SecurityTicks

New infosec products of the week: April 10, 2026 2026-04-10 at 08:57 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Advenica, Intruder, Mallory, and Secureframe. Mallory brings contextual threat intelligence to security operations Mallory is launching an AI-native threat intelligence platform that monitors thousands of

New infosec products of the week: April 10, 2026 Read More »

Claude Managed Agents bring execution and control to AI agent workflows

agentic AI, Anthropic, Artificial Intelligence, News / SecurityTicks

Claude Managed Agents bring execution and control to AI agent workflows 2026-04-09 at 17:32 By Anamarija Pogorelec Anthropic’s Claude Managed Agents are a suite of composable APIs for building and deploying cloud-hosted agents at scale, handling sandboxed code execution, checkpointing, credential management, scoped permissions, and end-to-end tracing for you. Developers can define tasks, tools, and

Claude Managed Agents bring execution and control to AI agent workflows Read More »

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs

data breach, News, Privacy / SecurityTicks

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs 2026-04-09 at 17:32 By Sinisa Markovic MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not safe for work (NSFW) content and engage in real-time conversations with AI-generated companions, often involving

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs Read More »

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

AI, Apache ActiveMQ, bug hunting, Don't miss, Horizon3.ai, Hot stuff, News, security update, vulnerability / SecurityTicks

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) 2026-04-09 at 16:17 By Zeljka Zorz In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) Read More »

Acrobat Reader zero-day exploited in the wild for many months

0-day, Adobe, Adobe Reader, Don't miss, exploit, Expmon, Hot stuff, News, PDF / SecurityTicks

Acrobat Reader zero-day exploited in the wild for many months 2026-04-09 at 15:44 By Zeljka Zorz Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based

Acrobat Reader zero-day exploited in the wild for many months Read More »

WhatsApp brings long-awaited privacy feature to filter who can reach you

messaging, Meta, News, Privacy, WhatsApp / SecurityTicks

WhatsApp brings long-awaited privacy feature to filter who can reach you 2026-04-09 at 14:24 By Sinisa Markovic After years of waiting, WhatsApp is set to roll out a username feature that will allow people to connect and communicate without sharing their phone numbers. This means more privacy and better control over phone number visibility by

WhatsApp brings long-awaited privacy feature to filter who can reach you Read More »

Meta’s Muse Spark takes AI a step closer to personal superintelligence

Artificial Intelligence, Meta, News / SecurityTicks

Meta’s Muse Spark takes AI a step closer to personal superintelligence 2026-04-09 at 12:01 By Anamarija Pogorelec Meta Superintelligence Labs has introduced Muse Spark, a natively multimodal reasoning model with support for tool use, visual chain of thought, and multi-agent orchestration. The release includes a Contemplating mode, which is rolling out gradually and orchestrates multiple

Meta’s Muse Spark takes AI a step closer to personal superintelligence Read More »

AI agent intent is a starting point, not a security strategy

agentic AI, Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, report, Token Security / SecurityTicks

AI agent intent is a starting point, not a security strategy 2026-04-09 at 08:53 By Mirko Zorz In this Help Net Security video, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains

AI agent intent is a starting point, not a security strategy Read More »

Asqav: Open-source SDK for AI agent governance

agentic AI, cybersecurity, Don't miss, GitHub, News, open source, software / SecurityTicks

Asqav: Open-source SDK for AI agent governance 2026-04-09 at 08:27 By Mirko Zorz AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each agent action

Asqav: Open-source SDK for AI agent governance Read More »

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure

Atlassian Jira, Cisco, GitHub, News, phishing, SaaS / SecurityTicks

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure 2026-04-09 at 08:27 By Sinisa Markovic Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure Read More »