“Your shipment has arrived” email hides remote access software
An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers…
Month: April 2026
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
Ravie LakshmananApr 17, 2026Vulnerability Management The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures…
Finance regulators to address AI risks after MPs say they are ‘not doing enough’
UK financial services regulators are taking action to reduce the risks posed by the use of artificial intelligence (AI) in the finance sector. The Bank…
CVE-2026-33032 Enables Full Nginx Server Takeover Risk
A critical vulnerability identified as CVE-2026-33032 is drawing urgent attention from the cybersecurity community due to its role in enabling a full-scale Nginx server takeover. The flaw affects nginx-ui,…
Gemini Ad Safety Targets Surge In AI-Generated Scam Ads
Google has shared new details on how its Gemini ad safety systems are being used to detect and block harmful ads, as online scams continue…
White House to give US agencies Anthropic Mythos access
The US government is planning to make a version of Anthropic’s frontier AI model Mythos available to major federal agencies amid concerns that the tool…
Cursor AI Vulnerability Exposed Developer Devices
A vulnerability chain in Cursor AI could have allowed attackers to hijack developer machines via prompts hidden in malicious repositories, Straiker discovered. Dubbed NomShub, the…
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog Pierluigi Paganini April 17, 2026 The U.S. Cybersecurity and Infrastructure Security…
Supply chain dependencies: Have you checked your blind spot?
Some cyber business risks only show up when you take a closer look. Supply chain blind spots are a perfect example. Behind these essential third-party…
Australia’s data centre capital: what it means for security and infrastructure planning
By Mike Fisher* The news that NSW aims to make itself a world-class data centre capital has major implications for architects, builders, facility managers, security…
Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten
Security wiederum ist wie Qualität kein fertiges Produkt, sondern (wie bereits angemerkt) eine fortlaufende Disziplin. Sicherheit als eine Praxis zu betrachten, die ständig verfeinert werden…
Your Staging Site Is More Important than You Think
A third-party security researcher recently found a vulnerability in our staging environment. That’s not a fun sentence to write, even when the person finding it…