Latest Cybersecurity News and Articles
07 April 2026
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
07 April 2026
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed
07 April 2026
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.
07 April 2026
The startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle.
The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek.
07 April 2026
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system.
The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
07 April 2026
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances.
The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024.
"
07 April 2026
A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update.
The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek.
07 April 2026
By targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards.
The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek.
07 April 2026
Join the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline.
The post Webinar Today: Why Automated Pentesting Alone Is Not Enough appeared first on SecurityWeek.
07 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 7, 2026 – Listen to the podcast SoundCloud knows music… and cybersecurity. Late last year, the giant music streaming and sharing platform suffered a data breach that reportedly affected approximately 20
The post The Sound Of Cybersecurity From RSAC Conference 2026 appeared first on Cybercrime Magazine.
07 April 2026
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet.
"A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already
07 April 2026
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing.
According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These "dark
07 April 2026
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
07 April 2026
Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.
07 April 2026
Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges.
The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek.
07 April 2026
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential
07 April 2026
The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access.
The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek.
07 April 2026
Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations.
The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek.
07 April 2026
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host.
The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge.
GPUBreach goes a step further than GPUHammer, demonstrating for the first time that
07 April 2026
The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure.
The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek.