Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-15 08:00 PDT
- CISA flags Windows Task Host vulnerability as exploited in attacks
BleepingComputer • 2026-04-15 07:51 • www.bleepingcomputer.com
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. […]
https://www.bleepingcomputer.com/news/security/cisa-flags-windows-task-host-vulnerability-as-exploited-in-attacks/ - Rolling Networks: Securing the Transportation Sector
BleepingComputer • 2026-04-15 07:00 • www.bleepingcomputer.com
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA’s Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. […]
https://www.bleepingcomputer.com/news/security/rolling-networks-securing-the-transportation-sector/ - Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
The Hacker News • 2026-04-15 05:56 • thehackernews.com
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.
“
https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html - April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
The Hacker News • 2026-04-15 05:37 • thehackernews.com
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases.
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database
https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html - Threat landscape for industrial automation systems in Q4 2025
Securelist • 2026-04-15 05:30 • securelist.com
The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.
https://securelist.com/industrial-threat-report-q4-2025/119392/ - Microsoft: April updates trigger BitLocker key prompts on some servers
BleepingComputer • 2026-04-15 04:41 • www.bleepingcomputer.com
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-some-windows-servers-ask-for-bitlocker-key-after-april-updates/ - Deterministic + Agentic AI: The Architecture Exposure Validation Requires
The Hacker News • 2026-04-15 04:30 • thehackernews.com
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed
https://thehackernews.com/2026/04/deterministic-agentic-ai-architecture.html - 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Graham Cluley • 2026-04-15 04:05 • www.bitdefender.com
Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/malicious-chrome-extensions-steal-google-telegram-data - Defense in Depth, Medieval Style
Schneier on Security • 2026-04-15 03:47 • www.schneier.comThis article on the walls of Constantinople is fascinating.
The system comprised four defensive lines arranged in formidable layers:
- The brick-lined ditch, divided by bulkheads and often flooded, 1520 meters wide and up to 7 meters deep.
- A low breastwork, about 2 meters high, enabling defenders to fire freely from behind.
- The outer wall, 8 meters tall and 2.8 meters thick, with 82 projecting towers.
- The main wall—a towering 12 meters high and 5 meter…
https://www.schneier.com/blog/archives/2026/04/defense-in-depth-medieval-style.html - Microsoft fixes bug behind Windows Server 2025 automatic upgrades
BleepingComputer • 2026-04-15 03:24 • www.bleepingcomputer.com
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to “unexpectedly” upgrade to Windows Server 2025. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-server-2025-automatic-upgrades/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
