Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push...

Adobe security advisory (AV26-353)

Microsoft security advisory – April 2026 monthly rollup (AV26-352)

The UK designated Xinbi Guarantee as an enabler of crypto scammers and human trafficking weeks ago. Telegram is still hosting it in plain sight.

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. [...]

Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their...

Fortinet security advisory (AV26-351)

The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. [...]

[Control systems] Schneider Electric security advisory (AV26-350)

With the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI...

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. [...]

The social engineering campaign spiked last month and has targeted dozens of organizations since May 2025, according to ReliaQuest. The post Black Basta’s playbook lives on as former affiliates...

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity...

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram,...

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized...

Internal emails obtained by WIRED reveal how a conservative legal group with a direct line into FCC chairman Brendan Carr’s office built the case against Jimmy Kimmel and his employees.

During his two years as the chief information security officer for the Department of Homeland Security, Hemant Baidwan said he has a lot to be proud of. He led the development of a DHS...

Cybersecurity is an increasingly important component of public health preparedness as state cybersecurity policy intersects with public health agency responsibilities. Public health agencies rely...

Last July, OpenAI CEO Sam Altman told viral podcaster Theo Von that it’s “screwed up” that conversations with an AI helper aren’t afforded the same legal protections as conversations with a human...

SAP security advisory – April 2026 monthly rollup (AV26-349)

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these...

Drawing on lessons from the Iran war, a study shows how Russia could force Lithuania into capitulation in 90 days with no soldiers crossing the border. Drafted by the Baltic Defense Initiative, a...

Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. [...]

Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]

Why didn’t China’s rise trigger containment sooner? For three decades, Beijing’s economic weight expanded dramatically, its military modernized at speed, and its diplomatic footprint widened...

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with...

AI isn’t creating new classes of vulnerabilities, according to research from Wiz – but it is expanding the range of where well-known risks can appear. Analysis from the cloud security firm found...

[Control systems] Siemens security advisory (AV26-347)

Samsung mobile security advisory (AV26-348)

OpenAI is requiring all macOS users to update their OpenAI apps after a supply chain attack compromised a third-party developer library and exposed certificates used to verify the authenticity of...