Fortinet on Tuesday released 26 advisories detailing 27 vulnerabilities across its products, including two critical-severity flaws in FortiSandbox. Tracked as CVE-2026-39813, the first of the critical bugs impacts the FortiSandbox JRPC API and could allow attackers to bypass authentication. The… Read More "Fortinet Patches Critical FortiSandbox Vulnerabilities"
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated… Read More "Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities"
Munro adds: “Other connected medtech devices Pen Test Partners have found security issues with include cranial stimulators, dosing pumps, and medical robots, among many others. Fortunately, the smart devices threat has been recognized and regulators are starting to take action.”… Read More "7 biggest healthcare security threats"
Digital evidence, especially that extracted from smartphones, is now key to nearly all police investigations, a new report from Cellebrite has confirmed. The Israeli forensics company compiled its 2026 Industry Trends Report based on interviews with 1200 law enforcement practitioners… Read More "Smartphones Now Involved in Nearly Every Police Investigation"
A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how default behaviours in the cloud-based development service can… Read More "Malicious Commands in GitHub Codespaces Enable RCE"
Industrial giants Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have published new ICS security advisories since the previous Patch Tuesday. Siemens has published nine new advisories since the previous Patch Tuesday. Vulnerabilities with a… Read More "ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories"
Ravie LakshmananApr 15, 2026Vulnerability / Secure Coding OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive use of AI… Read More "OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams"
Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and… Read More "Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action"
Infosecurity Europe has unveiled a new Cyber Startup Programme aimed at spotlighting emerging cybersecurity innovators and bolstering the future resilience of the cyber ecosystem. Set to debut at Infosecurity Europe 2026, the initiative will provide startup founders, investors and ecosystem… Read More "New Cyber Startup Programme to Debut at Infosecurity Europe 2026"
Drum prüfe… Miljan Zivkovic | shutterstock.com Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die Risiken in Zusammenhang mit Third-Party-Anbietern nicht… Read More "13 Fragen gegen Drittanbieterrisiken"
