Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Ravie LakshmananApr 20, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context...
Hacking
Category Added in a WPeMatico Campaign
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment...
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Ravie LakshmananApr 20, 2026Cloud Security / Data Breach Web infrastructure provider Vercel has disclosed a security breach that allows bad...
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Ravie LakshmananApr 18, 2026IoT Security / Vulnerability Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link...
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Ravie LakshmananApr 17, 2026Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws...
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud,...
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
Ravie LakshmananApr 17, 2026Vulnerability Management The National Institute of Standards and Technology (NIST) has announced changes to the way it...
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
Ravie LakshmananApr 17, 2026DDoS / Cybercrime An international law enforcement operation has taken down 53 domains and arrested four people...
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Ravie LakshmananApr 17, 2026Vulnerability / Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active...
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Ravie LakshmananApr 16, 2026Botnet / Cryptomining Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in...
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
Ravie LakshmananApr 16, 2026Hacking News / Cybersecurity News You know that feeling when you open your feed on a Thursday morning...
![[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6vJpO9kksCQDpSksNkqDFNUCbXD70dMGYqI6P9S_XPMY5d8BR8PVdrsVQP1ZJO_-nzL6eQShM3Cap9heQ5kAglsPjfxwIcXPSsf_cfgUVnGQ2XzIWVOuo7JhxMjnHYDN6r9KlQ6LqZJisRZkjatnWChuzUkSlXRa1hFseUPq28PZ5gjGR7L2WzTFdZ3fM/s1600/ghost.jpg)
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
Mohit KumarApr 16, 2026Artificial Intelligence / Enterprise Security In 2024, compromised service accounts and forgotten API keys were behind 68%...
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Ravie LakshmananApr 16, 2026Vulnerability / Network Security Cisco has announced patches to address four critical security flaws impacting Identity Services...
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
The Hacker NewsApr 16, 2026Data Privacy / Compliance A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a...
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
Ravie LakshmananApr 16, 2026Application Security / Threat Intelligence A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform...
