Cyber Security – Page 8 – Simply Secure Group

New Windows Shell 0-Click Vulnerability Exploited to Bypass Defender SmartScreen

A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group. Microsoft confirmed active exploitation of the flaw and released a fix as part of its April 2026 Patch Tuesday update. According to CERT-UA, the APT28 threat actor, also known […]

AI Coding Agent Powered by Claude Opus 4.6 Deletes Production Database in 9 Seconds

A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production database and all volume-level backups of PocketOS, a SaaS platform serving car rental businesses nationwide, in a single unauthorized API call on Friday, April 25, 2026, triggering a 30-hour operational crisis for the startup and its customers. The incident began […]

Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data

A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT professionals. The vulnerability CVE-2026-3008, which could allow a remote attacker to crash the application or extract sensitive memory address information from affected systems. The vulnerability is a string injection flaw located within the FindInFiles […]

North Korean Hackers Attacking Drug Companies to Deploy Malware Via Weaponized Excel Files

North Korean state-sponsored hackers from the Kimsuky group have launched a targeted campaign against prescription pharmaceutical companies, using a cleverly disguised malware file named White Life Science ERP Specification. The attack uses a fake Excel document to trick employees into running malicious code, giving attackers silent access to the victim’s system. This campaign shows how […]

Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges

A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The flaw enables a threat actor to create a Windows junction, a type of filesystem symbolic […]

73 Open VSX Sleeper Extensions Linked to GlassWorm Activate New Malware Campaign

The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift in how threat actors distribute malware to software developers. This activity follows a major wave discovered in March 2026, where researchers documented 72 malicious Open […]

Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools

A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before developers issued a full patch. Security researchers confirmed the flaw allowed threat actors to inject an invalid MWEB (MimbleWimble Extension Block) transaction into unpatched nodes, triggering a cascade of network […]

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. The research was presented by Kaspersky application security specialist Haidar Kabibo at Black Hat Asia 2026 on April 24 and details five distinct exploitation paths, none of which have […]

CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for cybercriminals because they provide direct pathways into corporate networks. When compromised, these platforms allow threat actors to bypass traditional security perimeters and launch devastating secondary […]

GPT5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities

OpenAI has announced a new Bio Bug Bounty program for GPT-5.5 as part of its efforts to improve safety controls for advanced AI systems and to address misuse in biology. The initiative invites qualified researchers to test whether GPT-5.5 can be universally jailbroken to bypass biosecurity protections. The program is focused on one specific challenge: […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.