News

Prompt injection tags along as GenAI enters daily government use

Artificial Intelligence, Center for Internet Security, LLMs, News, report, survey, threat /

Prompt injection tags along as GenAI enters daily government use 2026-04-09 at 08:27 By Sinisa Markovic Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt […]

Prompt injection tags along as GenAI enters daily government use Read More »

BlueHammer: Windows zero-day exploit leaked

0-day, CYDERES, Don't miss, exploit, Hot stuff, News, PoC, Windows, Windows Defender, Windows Server /

BlueHammer: Windows zero-day exploit leaked 2026-04-08 at 23:29 By Zeljka Zorz A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit

BlueHammer: Windows zero-day exploit leaked Read More »

Social engineering attacks on open source developers are escalating

Don't miss, Hot stuff, LinkedIn, News, open source, OpenSSF, Slack, social engineering, Socket, software development /

Social engineering attacks on open source developers are escalating 2026-04-08 at 15:45 By Zeljka Zorz North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the

Social engineering attacks on open source developers are escalating Read More »

Iranian cyber activity hits US energy, water, and government networks

CISA, critical infrastructure, cybersecurity, energy sector, FBI, Government, News, NIST, NSA /

Iranian cyber activity hits US energy, water, and government networks 2026-04-08 at 15:06 By Anamarija Pogorelec U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors

Iranian cyber activity hits US energy, water, and government networks Read More »

Chaos malware expands from routers to Linux cloud servers

cloud security, cybercrime, Darktrace, DDoS, Don't miss, Linux, Malware, News /

Chaos malware expands from routers to Linux cloud servers 2026-04-08 at 12:47 By Mirko Zorz Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had

Chaos malware expands from routers to Linux cloud servers Read More »

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Linux, News, security update, software /

Flatpak 1.16.4 fixes sandbox escape and three other security flaws 2026-04-08 at 12:16 By Anamarija Pogorelec Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as

Flatpak 1.16.4 fixes sandbox escape and three other security flaws Read More »

What managing partners should ask AI vendors before signing any contract

Artificial Intelligence, CISO, cyber risk, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, privileged identity, Risk Management, security controls, strategy, Threat Intelligence /

What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and

What managing partners should ask AI vendors before signing any contract Read More »

6G network design puts AI at the center of spectrum, routing, and fault management

Artificial Intelligence, ETSI, machine learning, networking, News, research, wireless /

6G network design puts AI at the center of spectrum, routing, and fault management 2026-04-08 at 08:13 By Mirko Zorz Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks, expected to reach commercial development over the coming decade, are being designed with

6G network design puts AI at the center of spectrum, routing, and fault management Read More »

Cybercriminals move deeper into networks, hiding in edge infrastructure

cybercrime, Lumen, News, report, survey /

Cybercriminals move deeper into networks, hiding in edge infrastructure 2026-04-08 at 08:12 By Sinisa Markovic Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, and GenAI speeds up how attackers assemble and rebuild their tooling. Lumen’s 2026 Threatscape Report describes

Cybercriminals move deeper into networks, hiding in edge infrastructure Read More »

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser

Anthropic, Artificial Intelligence, automation, Don't miss, Hot stuff, News, vulnerability, vulnerability assessment /

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser 2026-04-08 at 08:12 By Anamarija Pogorelec Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser Read More »

Cybersecurity jobs available right now: April 8, 2026

cybersecurity jobs, News /

Cybersecurity jobs available right now: April 8, 2026 2026-04-08 at 08:12 By Anamarija Pogorelec Application Security Engineer Liebherr Group | Germany | On-site – View job details As an Application Security Engineer, you will implement security testing tools such as SAST, DAST, and IAST, perform vulnerability assessments and penetration testing, and collaborate with developers to

Cybersecurity jobs available right now: April 8, 2026 Read More »

Cybercrime losses break the $20 billion mark

Artificial Intelligence, Cryptocurrency, cybercrime, FBI, fraud, News, Ransomware, scams /

Cybercrime losses break the $20 billion mark 2026-04-07 at 22:03 By Sinisa Markovic Online crime continues to generate rising financial losses, with totals reaching $20.877 billion in 2025. The FBI’s Internet Crime Complaint Center (IC3) report shows a 26% increase in total reported losses from the previous year. (Source: FBI) More than one million complaints

Cybercrime losses break the $20 billion mark Read More »

LevelBlue Resilience Retainer Named 2026 SC Media Awards Europe Finalist for Best Incident Response Solution

DFIR, News, Spotlights /

LevelBlue Resilience Retainer Named 2026 SC Media Awards Europe Finalist for Best Incident Response Solution 2026-04-07 at 20:32 By LevelBlue is proud to share that we’ve been shortlisted as a finalist for the2026 SC Media Awards Europe for our recently launchedResilience Retainer, recognized in the Best Incident Response Solution category. This article is an excerpt from

LevelBlue Resilience Retainer Named 2026 SC Media Awards Europe Finalist for Best Incident Response Solution Read More »

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day

authentication, Cloudflare, Encryption, News, quantum computing /

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day 2026-04-07 at 20:31 By Mirko Zorz Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Read More »

Russian hackers hijack internet traffic using vulnerable routers

cyber espionage, EU, News, router, Russian Federation, UK /

Russian hackers hijack internet traffic using vulnerable routers 2026-04-07 at 19:18 By Sinisa Markovic The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic

Russian hackers hijack internet traffic using vulnerable routers Read More »

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

authentication, Microsoft, Microsoft Defender, News, phishing /

AI-enabled device code phishing campaign exploits OAuth flow for account takeover 2026-04-07 at 14:59 By Anamarija Pogorelec A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research

AI-enabled device code phishing campaign exploits OAuth flow for account takeover Read More »

GitHub Copilot CLI gets a second-opinion feature built on cross-model review

Artificial Intelligence, GitHub, Microsoft, News /

GitHub Copilot CLI gets a second-opinion feature built on cross-model review 2026-04-07 at 12:56 By Anamarija Pogorelec Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already

GitHub Copilot CLI gets a second-opinion feature built on cross-model review Read More »

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR

Compliance, cybersecurity, Data Protection, Don't miss, Drata, GDPR, HIPAA, ISO 27001, News, open source, regulation, Vanta /

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR 2026-04-07 at 12:01 By Anamarija Pogorelec Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR Read More »

Scroll to Top