Latest Cybersecurity News and Articles
13 April 2026
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised.
"Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found
12 April 2026
The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution.
The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.
12 April 2026
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.
The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
12 April 2026
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations.
It has been described as
11 April 2026
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.
The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023
10 April 2026
Former Army employee indicted for allegedly sharing classified national defense information to unauthorized individuals.
10 April 2026
Security experts share their thoughts on Claude Mythos and Project Glasswing with Security magazine.
10 April 2026
Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.
The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek.
10 April 2026
A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek.
10 April 2026
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine.
The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a
10 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 10, 2026 – Read the full story in BusinessWorld Cybercrime operates like a legitimate, profit-driven economy, writes Subhalakshmi Ganapathy, chief IT security evangelist at ManageEngine, in a BusinessWorld article. Organized groups mirror
The post Cybercrime Is An Industrialized Economy appeared first on Cybercrime Magazine.
10 April 2026
The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.
The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek.
10 April 2026
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.
The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek.
10 April 2026
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.
A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's
10 April 2026
The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.
The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.
10 April 2026
The document provides a behavior-based model of the tactics and techniques employed by fraudsters.
The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.
10 April 2026
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.
The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.
10 April 2026
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.
The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.
"This project represents a significant
10 April 2026
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.
10 April 2026
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig.
The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including