ADT Confirms Major Breach by ShinyHunters, Critical OpenSSH Flaw Disclosed, and AI-Driven Threats Reshape Cybersecurity Landscape

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

A critical remote code execution vulnerability, CVE-2026-35414, has been discovered in OpenSSH, affecting versions released over the last 15 years. The flaw, which carries a CVSS score of 8.1, resides in the parsing of SSH certificate principal names. An attac...

Utility Tech Giant Itron Discloses Breach of Internal IT Network

Itron, a major American technology provider for energy and water utilities, has disclosed a cybersecurity incident in an SEC filing. The company reported on April 13, 2026, that an unauthorized third party had gained access to a segment of its internal IT syst...

Trigona Ransomware Evolves, Using Custom Exfiltration Tool for Stealthier Data Theft

Affiliates of the Trigona ransomware group are increasing their sophistication by using a custom-built data exfiltration tool named 'uploader_client.exe'. This move, identified by Symantec's Threat Hunter Team, marks a tactical shift from using common, easily-...

Hackers Impersonate IT on Microsoft Teams to Deploy 'SNOW' Malware

A newly identified threat actor, UNC6692, is conducting sophisticated attacks using a novel social engineering vector. As detailed by Google's Mandiant group, the attackers first create a distraction by flooding a target's inbox with spam emails. They then con...

State CISO Confidence Plummets as AI Threats Rise and Budgets Fall, Survey Finds

Confidence among U.S. state chief information security officers (CISOs) has dropped dramatically, according to the 2026 NASCIO-Deloitte Cybersecurity Study. Only 26% of state CISOs feel 'extremely' or 'very' confident in their ability to protect state systems,...

US Cracks Down on Southeast Asia Cyberscam Networks, Sanctions Cambodian Senator

The U.S. government has launched a major, multi-agency crackdown on transnational cyberscam networks operating from Southeast Asia. The initiative, described as a 'new theater of war' against Chinese organized crime, involves sanctions, criminal charges, and a...

Cyber Sovereignty and Supply Chain Risk Become Top Concerns for Critical Infrastructure

Amid rising geopolitical tensions, the concepts of cyber sovereignty and supply chain security have become paramount for critical infrastructure operators. The recognition that any third-party vendor can be a weak link exploited by adversaries is driving a str...

Critical Unauthenticated Path Traversal Flaw Found in CrowdStrike LogScale

CrowdStrike has patched a critical, unauthenticated path traversal vulnerability, CVE-2026-40050, in its self-hosted LogScale (formerly Humio) log management platform. The vulnerability, discovered internally by CrowdStrike, could allow a remote, unauthenticat...

Microsoft's April Patch Tuesday Fixes 164 Flaws, Including Actively Exploited SharePoint Zero-Day

Update:This update provides a more comprehensive overview of Microsoft's April 2026 Patch Tuesday. It clarifies that a total of 247 CVEs were addressed when including third-party components, alongside 163 Microsoft-specific CVEs. A detailed breakdown by vulnerability...

UK's NCSC Unveils 'SilentGlass' Hardware to Block Malware via HDMI and DisplayPort

Update:Further analysis of NCSC's SilentGlass reveals specific technical mechanisms it employs to secure display connections. The device physically severs data-carrying pins beyond video/audio, preventing Hot Plug Detect (HPD) exploitation and I2C/DDC bus hijacking....