#sentry-bob
#sentry-bob

Careers

CISO Conversations: Ross McKerchar, CISO at Sophos

fromWIRED

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

fromBoston.com

Healthcare

Services at Brockton hospital return to normal more than a week after cyberattack

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

fromTechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Careers

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Healthcare

fromBoston.com

Services at Brockton hospital return to normal more than a week after cyberattack

A Brockton hospital resumed normal operations after a cybersecurity incident caused temporary service shutdowns and diverted ambulances.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

Information security

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

fromTechCrunch

Information security

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Information security

The company's biggest security hole lived in the breakroom

Privacy professionals

fromTechRepublic

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

fromTechCrunch

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.

EU data protection

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Healthcare

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.

EU data protection

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

more#ransomware

London startup

One year on from the M&S cyber attack: What did we learn? | Computer Weekly

Marks & Spencer experienced a significant cyber attack in April 2025, disrupting services and highlighting vulnerabilities in third-party tech suppliers.

Software development

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

#microsoft

fromThe Verge

Privacy technologies

Microsoft faces fresh Windows Recall security concerns

Information security

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Information security

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

Privacy technologies

fromThe Verge

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

more#microsoft

DevOps

fromAzure DevOps Blog

One-click security scanning and org-wide alert triage come to Advanced Security - Azure DevOps Blog

New capabilities in Azure DevOps simplify application security with one-click CodeQL setup and a unified alerts experience for security teams.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

EU data protection

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

#phishing

11 hours ago

Information security

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Information security

Attackers are targeting developers via Slack and Google Sites

11 hours ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

#nist

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

more#nist

Artificial intelligence

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

#software-supply-chain

DevOps

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

fromDevOps.com

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

DevOps

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

fromDevOps.com

more#software-supply-chain

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

ZionSiphon Malware Targets ICS in Water Facilities

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

fromTechRepublic

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Information security

AI agents on GitHub leak API keys via prompt injection

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

more#ai-security

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

fromTNW | Apps

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

fromArs Technica

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

fromFinbold

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock's connectivity makes it powerful but also exposes it to multiple attack vectors that can compromise enterprise data.

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Security teams struggle to connect isolated tool data into coherent attack paths; CSMA platforms unify security tools to discover and prioritize viable threats to critical assets.

CISA Flags Year-Old Wing FTP Vulnerability as Exploited

CISA warns that a year-old Wing FTP vulnerability (CVE-2025-47813) is being exploited in the wild, disclosing server installation paths that attackers can use to exploit critical remote code execution flaws.

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

CISA added CVE-2025-47813, a medium-severity information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.

Critical N8n Vulnerabilities Allowed Server Takeover

Two critical vulnerabilities in n8n allowed unauthenticated remote code execution and sandbox escape, potentially exposing all stored credentials including AWS keys, passwords, OAuth tokens, and API keys.

fromZDNET

The biggest AI threats come from within - 12 ways to defend your organization

AI simultaneously strengthens cybersecurity defenses and empowers cybercriminals, creating an ongoing arms race between defenders and attackers.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

Critical FreeScout Vulnerability Leads to Full Server Compromise

A critical zero-click RCE vulnerability in FreeScout bypasses previous patches using zero-width space characters, enabling unauthenticated remote code execution through malicious emails.

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

BeyondTrust Remote Support has a critical vulnerability

Unauthenticated remote-code-execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access enables full system compromise; affected versions require urgent patching or upgrades.

Skeleton Key campaign exploits trusted RMM tools

Attackers hijack legitimate remote monitoring and management (RMM) tools, using stolen credentials and signed enterprise software to maintain stealthy persistent backdoors.

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.