Ravie LakshmananApr 15, 2026Web Security / Vulnerability A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass… Read More "Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover"
Cyber resilience is a leadership responsibility Cyber resilience is increasingly framed as a leadership responsibility, with the associated governance identified as one of the top governance challenges currently faced by boards of directors. Many sources explicitly position boards as being… Read More "The need for a board-level definition of cyber resilience"
Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update round yesterday, including two zero-day vulnerabilities. One of these, CVE-2026-32201, is being actively exploited in the wild. It is described as a server… Read More "Microsoft Fixes Two Zero-Days in April Patch Tuesday"
A new, sophisticated remote access trojan (RAT) has been targeting Android users across Europe, fraud management and prevention company Cleafy warns. Dubbed Mirax, the threat has been promoted on underground forums since December 2025 and has been used in multiple… Read More "Mirax RAT Targeting Android Users in Europe"
CRIL analyzes a surge in an ongoing campaign to deliver MiningDropper — a modular Android malware framework – at scale. Executive Summary Cyble Research and Intelligence Labs (CRIL) has been monitoring a significant surge in the use of “MiningDropper”, a… Read More "A Global Android Malware Campaign"
Enterprise AI agents are supposed to streamline workflows. Instead, two fresh findings show they can just as easily streamline data exfiltration. Security researchers have uncovered prompt-injection vulnerabilities in both Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to execute… Read More "Copilot and Agentforce fall to form-based prompt injection tricks"
Security researchers have detected a “sharp rise” in brute-force attempts to hijack SonicWall and Fortinet devices, with the vast majority (88%) appearing to come from the Middle East. Barracuda said most of these attempts were unsuccessful as they were either… Read More "Researchers Spot Surge in Brute-Force Attacks from Middle East"
Ivanti on Tuesday updated Neurons for ITSM to resolve two medium-severity vulnerabilities affecting both on-premises and cloud deployments. The first bug, tracked as CVE-2026-4913 (CVSS score of 5.7), is described as the improper protection of an alternate path. According to… Read More "Two Vulnerabilities Patched in Ivanti Neurons for ITSM "
Technical analysis: Expert forensic review of audio and video content to determine whether the content has been manipulated and to generate forensic proof for stakeholders. Legal support: The ability to act once harmful content has been identified, including coordinating takedown… Read More "The deepfake dilemma: From financial fraud to reputational crisis"
AI companies like OpenAI and Anthropic should play a bigger role in software vulnerability disclosures in the future, according to a leader of the world’s largest vulnerability disclosure scheme. Speaking at the opening of VulnCon26 in Scottsdale, Arizona, on April… Read More "AI Companies To Play Bigger Role in CVE Program, Says CISA"
