Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
STATOpinion

Health care is not ready for the new era of AI-enabled cyberattacks

When health care infrastructure is attacked and held for ransom by hackers, patients become real casualties,” writes Andrea ...
Security Boulevard

Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI

See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
PC World

Windows is finally fixing a years-old security hole in April

Microsoft is implementing a new Windows kernel trust policy starting April 2026 that will only allow WHCP-certified drivers by default, addressing years-old security vulnerabilities from cross-signed ...
Opinion
Que.com on MSNOpinion

Ex-NSA chiefs warn society is numb to cybersecurity threats

In an era where headlines about data breaches, ransomware attacks, and spyware run rampant, it’s easy to become desensitized. Former ...
Bleeping Computer

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code ...
Business Wire

Veracode Expands Industry-Leading Fix with AI-Powered SCA Remediation to Combat Software Supply Chain Risk

SAN FRANCISCO--(BUSINESS WIRE)--RSA Conference (booth #435)--Veracode, the global leader in application risk management, today announced Veracode Fix for Software Composition Analysis (SCA), an ...
Forbes

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. The Microsoft Security Response Center has confirmed that a SQL Server elevation of ...
SiliconANGLE

OpenAI introduces Codex Security to help developers fix software vulnerabilities

OpenAI Group PBC today debuted Codex Security, a new tool in its Codex programming assistant that can help developers find and fix code vulnerabilities. The launch comes two weeks after Anthropic PBC ...