NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities – Dark Reading
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. – Read More
North Korea Uses ClickFix to Target macOS Users’ Data – Dark Reading
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. – Read More
‘Harmless’ Global Adware Transforms Into an AV Killer – Dark Reading
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender. – Read More
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic – The Hacker News
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. “PowMix…
Data page – April 2026 – Law Gazette – Features
The latest data page figures, compiled by Moneyfacts, are now available. – Read More
Two-Factor Authentication Breaks Free from the Desktop – Dark Reading
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world. – Read More
Microsoft’s Original Windows Secure Boot Certificate Is Expiring – Dark Reading
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. – Read More
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories – The Hacker News
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that…
Microsoft’s Windows Recall still allows silent data extraction – CSO Online
Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly…
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment – The Hacker News
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee…
Behind the Mythos hype, Glasswing has just one confirmed CVE – CSO Online
Efforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the…
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution – The Hacker News
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any…
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks – The Hacker News
A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE…
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu – The Hacker News
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single…
Insurance carriers quietly back away from covering AI outputs – CSO Online
Several major insurance carriers have begun to back away from providing cybersecurity and other insurance to companies using AI to run internal processes, insiders say. While there’s no standard response…