News

Acrobat Reader zero-day exploited in the wild for many months

Acrobat Reader zero-day exploited in the wild for many months 2026-04-09 at 15:44 By Zeljka Zorz Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based […]

Acrobat Reader zero-day exploited in the wild for many months Read More »

WhatsApp brings long-awaited privacy feature to filter who can reach you

WhatsApp brings long-awaited privacy feature to filter who can reach you 2026-04-09 at 14:24 By Sinisa Markovic After years of waiting, WhatsApp is set to roll out a username feature that will allow people to connect and communicate without sharing their phone numbers. This means more privacy and better control over phone number visibility by

WhatsApp brings long-awaited privacy feature to filter who can reach you Read More »

Meta’s Muse Spark takes AI a step closer to personal superintelligence

Meta’s Muse Spark takes AI a step closer to personal superintelligence 2026-04-09 at 12:01 By Anamarija Pogorelec Meta Superintelligence Labs has introduced Muse Spark, a natively multimodal reasoning model with support for tool use, visual chain of thought, and multi-agent orchestration. The release includes a Contemplating mode, which is rolling out gradually and orchestrates multiple

Meta’s Muse Spark takes AI a step closer to personal superintelligence Read More »

AI agent intent is a starting point, not a security strategy

AI agent intent is a starting point, not a security strategy 2026-04-09 at 08:53 By Mirko Zorz In this Help Net Security video, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains

AI agent intent is a starting point, not a security strategy Read More »

Asqav: Open-source SDK for AI agent governance

Asqav: Open-source SDK for AI agent governance 2026-04-09 at 08:27 By Mirko Zorz AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each agent action

Asqav: Open-source SDK for AI agent governance Read More »

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure 2026-04-09 at 08:27 By Sinisa Markovic Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure Read More »

Prompt injection tags along as GenAI enters daily government use

Prompt injection tags along as GenAI enters daily government use 2026-04-09 at 08:27 By Sinisa Markovic Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt

Prompt injection tags along as GenAI enters daily government use Read More »

BlueHammer: Windows zero-day exploit leaked

BlueHammer: Windows zero-day exploit leaked 2026-04-08 at 23:29 By Zeljka Zorz A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit

BlueHammer: Windows zero-day exploit leaked Read More »

Social engineering attacks on open source developers are escalating

Social engineering attacks on open source developers are escalating 2026-04-08 at 15:45 By Zeljka Zorz North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the

Social engineering attacks on open source developers are escalating Read More »

Iranian cyber activity hits US energy, water, and government networks

Iranian cyber activity hits US energy, water, and government networks 2026-04-08 at 15:06 By Anamarija Pogorelec U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors

Iranian cyber activity hits US energy, water, and government networks Read More »

Chaos malware expands from routers to Linux cloud servers

Chaos malware expands from routers to Linux cloud servers 2026-04-08 at 12:47 By Mirko Zorz Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had

Chaos malware expands from routers to Linux cloud servers Read More »

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Flatpak 1.16.4 fixes sandbox escape and three other security flaws 2026-04-08 at 12:16 By Anamarija Pogorelec Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as

Flatpak 1.16.4 fixes sandbox escape and three other security flaws Read More »

What managing partners should ask AI vendors before signing any contract

What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and

What managing partners should ask AI vendors before signing any contract Read More »

6G network design puts AI at the center of spectrum, routing, and fault management

6G network design puts AI at the center of spectrum, routing, and fault management 2026-04-08 at 08:13 By Mirko Zorz Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks, expected to reach commercial development over the coming decade, are being designed with

6G network design puts AI at the center of spectrum, routing, and fault management Read More »

Cybercriminals move deeper into networks, hiding in edge infrastructure

Cybercriminals move deeper into networks, hiding in edge infrastructure 2026-04-08 at 08:12 By Sinisa Markovic Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, and GenAI speeds up how attackers assemble and rebuild their tooling. Lumen’s 2026 Threatscape Report describes

Cybercriminals move deeper into networks, hiding in edge infrastructure Read More »

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser 2026-04-08 at 08:12 By Anamarija Pogorelec Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser Read More »

Cybersecurity jobs available right now: April 8, 2026

Cybersecurity jobs available right now: April 8, 2026 2026-04-08 at 08:12 By Anamarija Pogorelec Application Security Engineer Liebherr Group | Germany | On-site – View job details As an Application Security Engineer, you will implement security testing tools such as SAST, DAST, and IAST, perform vulnerability assessments and penetration testing, and collaborate with developers to

Cybersecurity jobs available right now: April 8, 2026 Read More »

Cybercrime losses break the $20 billion mark

Cybercrime losses break the $20 billion mark 2026-04-07 at 22:03 By Sinisa Markovic Online crime continues to generate rising financial losses, with totals reaching $20.877 billion in 2025. The FBI’s Internet Crime Complaint Center (IC3) report shows a 26% increase in total reported losses from the previous year. (Source: FBI) More than one million complaints

Cybercrime losses break the $20 billion mark Read More »

Scroll to Top