New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk
A new ClickFix attack campaign uses fake CAPTCHA pages to trick users into running malicious commands. Learn how hackers use cmdkey and regsvr32 to maintain…
Month: April 2026
Users advised to drop passwords and make room for passkeys
In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in…
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software…
Wiz founder: Hack yourself with AI, before the bad guys do
Security leaders should be turning offensive AI cyber tools on their own systems before threat actors do, exploiting the innate defenders’ advantage to attain the…
University of Melbourne, RMIT build ties with AWS
Two Victorian universities have unveiled collaboration agreements with Amazon Web Services this week, powering digital infrastructure transformation and innovation initiatives. University of Melbourne signed a…
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader…
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
12-year-old Pack2TheRoot bug lets Linux users gain root privileges Pierluigi Paganini April 24, 2026 ‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651…
Scattered Spider co-conspirator pleads guilty
However, there are members of the Scattered Spider group still active: last year it branched out and attacked a number of other businesses, including Marks…
Another spyware maker caught distributing fake Android snooping apps
Yet another government spyware maker has been caught after its customers used fake Android apps to install its surveillance software on targets, according to a…
Dragos dismisses ZionSiphon narrative, says code flaws and weak ICS logic render OT malware operationally ineffective
Industrial cybersecurity firm Dragos on Thursday pushed back against alarm over ZionSiphon, a piece of malware purportedly designed to sabotage Israeli water desalination facilities, calling…
What Cybersecurity Leaders Must Prioritize in 2026
The challenges of 2025, tight budgets, rising AI anxiety, and increasingly organized cybercrime, didn’t go away. They matured. The threat landscape of 2026 is sharper,…
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. The…