Latest Cybersecurity News and Articles
23 April 2026
360 Digital Security Group claims to have uncovered 1,000 vulnerabilities using AI, including at the Tianfu Cup hacking contest.
The post Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos appeared first on SecurityWeek.
23 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 23, 2026 – Watch the YouTube video Keeper Security is transforming cybersecurity for people and organizations around the world. The company’s next-generation privileged access management solution deploys in minutes and seamlessly integrates
The post Keeper Security: The Identity Security Platform For Humans, Machines, And AI Agents appeared first on Cybercrime Magazine.
23 April 2026
Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly.
Well, that world is already here.
Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your
23 April 2026
Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert network indicators.
23 April 2026
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
23 April 2026
Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it
23 April 2026
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
23 April 2026
The company will hire new talent and expand operations across the US and other allied countries.
The post Rilian Raises $17.5 Million for AI-Native Security Orchestration appeared first on SecurityWeek.
23 April 2026
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.
Mythos Preview, the model that led to Project Glasswing, found
23 April 2026
New analysis from Abnormal AI reveals how attackers have abandoned technical exploits to weaponize routine workflows and internal trust.
The post The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface appeared first on SecurityWeek.
23 April 2026
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses.
The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek.
23 April 2026
Palo Alto Networks has developed Zealot, a multi-agent penetration testing PoC capable of reconnaissance, exploitation, and exfiltration.
The post AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers appeared first on SecurityWeek.
23 April 2026
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper.
"The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal," Slovakian cybersecurity company ESET said in a report shared with The Hacker
23 April 2026
Apple rolled out the security patches for dozens of iPhone and iPad models and generations.
The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek.
23 April 2026
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems.
The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests to the Vercel network and environment
23 April 2026
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.
The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.
"Notifications marked for deletion could be unexpectedly retained on the device,"
23 April 2026
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.
The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
22 April 2026
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository.
In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The
22 April 2026
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.
The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data
22 April 2026
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.
"The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter