Latest news as of 4/22/2026, 10:35:29 PM
Bleeping Computer
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]
The Register
Just what FOSS developers need – a flood of AI-discovered vulnerabilities Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as , "an AI model that can generate zero-day vulnerabilities."… Opinion The Reg put it
The Hacker News
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including
The Hacker News
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's
The Register
Four-week call for evidence intended to help shape laws aimed at devices linked to crime The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices.…
Bleeping Computer
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
The Hacker News
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant
The Register
Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today. 2025 was the year of AI experimentation. In 2026, the bills are coming due. AI adoption has moved from isolated pilots to autonomous, enterprise wide deployment, bringing with it a sophisticated new generation of security challenges.… Webinar Promo
The Hacker News
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro
Bleeping Computer
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]