21+ hour, 14+ min ago  (719+ words) APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group's latest Winnti-family backdoor is a zero'detection ELF implant designed specifically for Linux workloads running on AWS, Google Cloud,…...

4+ hour, 29+ min ago  (367+ words) A critical zero-day spoofing vulnerability in Microsoft Share Point Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. Tracked as CVE-2026-32201, the flaw affects multiple versions of Share Point…...

21+ hour, 18+ min ago  (410+ words) The FBI Atlanta Field Office, working in a historic joint operation with Indonesian law enforcement, has successfully dismantled a massive global phishing network. The investigation targeted the notorious W3 LL phishing kit, a sophisticated toolset that enabled cybercriminals to bypass multi-factor…...

19+ hour, 20+ min ago  (618+ words) Threat actors have found a clever way to abuse a trusted productivity tool to deliver malware. By weaponizing Obsidian's Shell Commands community plugin, attackers are quietly executing malicious code on victims' machines " all without exploiting a single software vulnerability. The…...

12+ hour, 50+ min ago  (346+ words) Some CPE activities are pretty passive " webinars, conferences and online courses can check a box. An SRA Purple Team exercise is different. Analysts, engineers, incident responders and CISOs work together to test real, prioritized MITRE ATT&CK TTPs. Participants don't…...

3+ hour, 49+ min ago  (533+ words) GPT-5. 4-Cyber is a version of GPT-5. 4 specifically trained to lower the refusal boundary for legitimate cybersecurity work. The model enables security professionals to analyze compiled software for malware potential, identify vulnerabilities, and assess security robustness critically, without requiring access…...

14+ hour, 7+ min ago  (384+ words) Ivanti has released security updates addressing two medium-severity vulnerabilities in Ivanti Neurons for ITSM (N-ITSM), its on-premise IT service management platform. The flaws, if exploited, could allow remote authenticated attackers to retain unauthorized access or harvest session data from other…...

14+ hour, 27+ min ago  (205+ words) On April 13, 2026, the agency officially added flaws affecting Microsoft Exchange Server and the Windows Common Log File System (CLFS) Driver to its Known Exploited Vulnerabilities (KEV) catalog. According to CISA's latest threat intelligence update, threat actors are actively exploiting both…...

14+ hour, 33+ min ago  (365+ words) Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise. Virtual…...

18+ hour, 45+ min ago  (390+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet products. On April 13, 2026, the agency added a severe SQL injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms…...