Qualys Threat Research45 · 13d ago
Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace
Key Takeaways As organizations accelerate cloud adoption, security teams are under increasing pressure to gain unified visibility, prioritize risk effectively, and respond faster without adding complexity. We are excited to announce that Qualys VMDR (Vulnerability Management, Detection and Response) and Qualys TotalCloud™ CNAPP are now both available on the Oracle Cloud Marketplace. These Qualys listings enable joint customers to […]
Simon Willison45 · 2026-04-15 15:36
Quoting Kyle Kingsbury
I think we will see some people employed (though perhaps not explicitly) as meat shields : people who are accountable for ML systems under their supervision. The accountability may be purely internal, as when Meta hires human beings to review the decisions of automated moderation systems. It may be external, as when lawyers are penalized for submitting LLM lies to the court. It may involve formalized responsibility, like a Data Protection Officer. It may be convenient for a company to have th...
Rapid7 Blog40 · 2026-04-15 12:37
A Clearer Path from Prioritized Exposures to Remediation Progress
Security leaders know that reducing risk is not just about finding the right exposures, but helping the organization act on them before known issues turn into real incidents. That is often where remediation gets harder. Security teams may know which actions matter most, but progress can slow when infrastructure, cloud, endpoint, and IT teams do not have the context needed to execute. Teams need clear asset detail to scope the work, trusted status signals to validate remediation, and usable r...
The Hacker News28 · 2026-04-15 12:56
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "
The Register (Security)17 · 13d ago
Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?…
Security on TechRepublic17 · 13d ago
Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft
Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection. The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic .
The Hacker News13 · 13d ago
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
The Hacker News13 · 2026-04-15 11:30
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed
The Hacker News13 · 2026-04-15 04:30
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems
Cyber Kendra8 · 13d ago
How to Choose an ERP Consultant Without Creating Security Blind Spots
ERP projects are often described as technology initiatives. In reality, they are business-wide trust exercises. The moment a company starts replacing finance, operations, inventory, procurement, or customer data systems, it is not just buying software. It is handing a third party access to sensitive workflows, internal processes, and sometimes the most valuable data in the organization. That is why choosing the right ERP consultant is not just a delivery decision. It is also a security decisi...
8th Light8 · 2026-04-15 13:44
LLMs Are Proving That It Is Impossible to Automate Away the Human Experience
The Gap is Real If your accessibility process ends with a passing scan, your users with disabilities are likely encountering barriers you do not know about. Automated tools are useful. LLM-assisted auditing has raised the ceiling. Neither closes the gap between what a tool can verify and what a person actually experiences when navigating with a screen reader. The gap is real, it is measurable, and it has organizational consequences. I have spent years running every category of automated acces...
IEEE Spectrum6 · 2026-04-15 13:00
Crypto Faces Increased Threat From Quantum Attacks
The race to transition online security protocols to ones that can’t be cracked by a quantum computer is already on. The algorithms that are commonly used today to protect data online— RSA and elliptic curve cryptography —are uncrackable by supercomputers, but a large enough quantum computer would make quick work of them. There are algorithms secure enough to be out of reach for both classical and future quantum machines, called post-quantum cryptography, but transitioning to these is a work i...