ZionSiphon malware designed to sabotage water treatment systems  - A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations.

+2 from  bleepingcomputer

 Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face  - Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces.

+7 from  bleepingcomputer

 European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program  - The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE

+1 from  infosecurity-magazine

 Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying  - A hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake....

 CISA flags Windows Task Host vulnerability as exploited in attacks  - CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges.

+3 from  bleepingcomputer

 Crypto Faces Increased Threat from Quantum Attacks  - “Quantum safe” cryptography techniques are still under development

 OpenAI Updates Apps After North Korean Axios Hack  - OpenAI to require macOS users to update apps after hack of Axios tool by North Korean attackers affects authentication mechanism

 Microsoft adds Windows protections for malicious Remote Desktop files  - Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default.

+6 from  bleepingcomputer

 CISA Adds One Known Exploited Vulnerability to Catalog

 APK Malformation Found in Thousands of Android Malware Samples  - APK malformation tactic now appears in over 3000 Android malware samples evading static analysis

+5 from  infosecurity-magazine

 n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails  - Threat actors have been observed weaponizing n8n , a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers...

+2 from  thehackernews

 中央网信办：建设造福人民的法治化网络空间

+2 from  cac.cn

 New AgingFly malware used in attacks on Ukraine govt, hospitals  - A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.

+3 from  bleepingcomputer

 Booking.com Customers Hit By Scams After Data Breach  - Travel reservation giant warns of heightened risks for customers after confirming users' booking data stolen by hackers

+1 from  silicon.co.uk

 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users  - Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point. Read more in my article on the Hot for Security...

 Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities  - Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated...

+1 from  thehackernews

 German banks examine risks of Anthropic's Mythos with authorities  - German banks and national authorities are examining risks around Anthropic's new artificial intelligence model, an official said on Thursday, amid concerns that it could fuel cyberattacks.

 Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic  - Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection...

+5 from  thehackernews

 News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security  - SUNNYVALE, Calif., Apr. 15, 2026 – NTT Research, Inc. , a division of NTT (TYO:9432), today announced the launch of Scale Academy , a startup incubator responsible for bringing to market products and services based upon technologies studied within the labs of NTT Research and NTT R&D. NTT Research also...

 Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest  - Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest.

 Threat landscape for industrial automation systems in Q4 2025  - The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.

 Critical Nginx-ui MCP Flaw Actively Exploited in the Wild  - Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8

+4 from  infosecurity-magazine

 CISA Adds Two Known Exploited Vulnerabilities to Catalog

 Patch Tuesday, April 2026 Edition  - Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “ BlueHammer .” Separately, Google Chrome fixed its fourth...