April 2026 Patch Tuesday Forecast: Spring-Cleaning of a Preview
The April 2026 Patch Tuesday preview highlights AI’s growing role in security, but stresses the need for human oversight. Microsoft pulled the faulty Windows 11 24H2/25H2 preview (KB5079391) and re‑issued a clean out‑of‑band update (KB5086672), while also fixing Outlook Classic conflicts with Teams and Gmail/Yahoo sync. Microsoft retired the long‑standing SaRA tool, replacing it with the Get Help utility for Office troubleshooting. Google issued its fourth zero‑day Chrome update of the year, patching 21 CVEs, including the actively exploited CVE‑2026‑5281. The forecast predicts fewer Microsoft patches this month, with focus on OS and Office updates.
What Vibe Hunting Gets Right About AI Threat Hunting, and Where It Breaks Down
Vibe hunting flips traditional threat hunting by letting AI scan entire data sets and surface anomalous patterns, turning the hypothesis into an implicit output. Exaforce’s Aqsa Taylor stresses that analysts must still be able to explain any investigation path, otherwise...
Health Insurance Lead Sites Sell Personal Data Within Seconds of Form Submission
Researchers from UC Davis, Stanford and Maastricht mapped data flows on 105 health‑insurance lead sites, finding that personal and health information is harvested in real time and sold to dozens of buyers. Third‑party scripts capture keystrokes before form submission, and...
OPSWAT Adds Predictive AI Engine to MetaDefender for Pre-Execution Threat Detection
OPSWAT introduced Predictive Alin AI, its first proprietary AI‑driven threat detection engine, into the MetaDefender platform. The static‑analysis engine predicts malicious intent in milliseconds, delivering sub‑100‑ms inference while maintaining a tiny memory footprint. In internal tests the engine achieved 99.99%...
Intruder Expands Cloud Security with Agentless Container Image Scanning
Intruder introduced Container Image Scanning, an agent‑less service that automatically checks container images for vulnerabilities across AWS Elastic Container Registry, Google Artifact Registry and Azure Container Registry. The feature runs daily, prioritizing active tags and presenting findings alongside other attack‑surface...
Advenica’s File Scanner Kiosk Scans USB Media for Malware
Advenica introduced the File Scanner Kiosk, a dedicated appliance that scans USB drives for malware before they connect to corporate networks. The kiosk leverages multiple built‑in antivirus engines and features dual USB ports to handle source and destination media simultaneously....
AI Agent Intent Is a Starting Point, Not a Security Strategy
Token Security’s research reveals that 65% of agentic chatbots retain live access credentials despite never being used, and 51% of their external actions depend on hard‑coded keys. The study highlights how AI agents are treated as disposable experiments, creating orphaned...
Asqav: Open-Source SDK for AI Agent Governance
Asqav is an open‑source Python SDK that cryptographically signs every autonomous AI agent action using the quantum‑safe ML‑DSA‑65 algorithm and links entries in a tamper‑evident hash chain. The toolkit integrates with five popular agent frameworks—including LangChain and OpenAI Agents—and offers...
Phishers Sneak Through Using GitHub and Jira’s Own Mail Delivery Infrastructure
Security researchers at Cisco Talos have uncovered a new phishing vector that hijacks the native notification systems of SaaS platforms such as GitHub and Atlassian Jira. By embedding malicious text in commit summaries or Jira project fields, attackers trigger automatic...
Prompt Injection Tags Along as GenAI Enters Daily Government Use
State and territorial governments are now using generative AI (GenAI) in everyday workflows, with 82% of CIOs reporting daily usage—a jump from 53% a year earlier. As adoption expands, the Center for Internet Security warns that prompt injection—malicious instructions hidden...
Acronis MDR by TRU Brings 24/7 Managed Detection and Response to MSPs
Acronis unveiled Acronis MDR by Acronis TRU, a 24/7/365 managed detection and response service tailored for managed service providers. The offering combines endpoint detection, rapid threat containment, patch management, and built‑in business continuity in a single platform. MSPs can now deliver...
AI-Enabled Device Code Phishing Campaign Exploits OAuth Flow for Account Takeover
Microsoft Defender Security Research uncovered an AI‑enabled phishing campaign that weaponizes the OAuth Device Code Authentication flow to hijack organizational accounts. The attackers automate live device code generation, bypassing the standard 15‑minute expiration and multi‑factor authentication by decoupling the user’s...
GitHub Copilot CLI Gets a Second-Opinion Feature Built on Cross-Model Review
GitHub introduced Rubber Duck, a cross‑model review feature for Copilot CLI that pairs a primary Claude model with a GPT‑5.4 reviewer. The reviewer flags unsupported assumptions, missed edge cases, and conflicting implementation details, and can be triggered automatically at three...
Comp AI: The Open-Source Way to Get Compliant with SOC 2, ISO 27001, HIPAA and GDPR
Comp AI launches an open‑source compliance platform that automates SOC 2, ISO 27001, HIPAA and GDPR readiness. The tool combines an AI‑driven policy editor, automated evidence collection, and a device‑agent that monitors encryption, antivirus, password and screen‑lock settings. Core code is released...
OpenAI Opens Applications for an External AI Safety Research Fellowship
OpenAI announced the OpenAI Safety Fellowship, a paid program for external researchers to address AI safety and alignment challenges. The fellowship runs from September 14, 2026 to February 5, 2027, with applications due May 3 and notifications by July 25....
The Case for Fixing CWE Weakness Patterns Instead of Patching One Bug at a Time
CWE is transitioning from a background taxonomy to a core element of vulnerability disclosure, with a growing share of CVE records now including CNA‑provided CWE IDs. Precise, lower‑level CWE mappings are improving root‑cause visibility, enabling teams to target systemic weakness...
CISOs Grapple with AI Demands Within Flat Budgets
The 2026 RH‑ISAC CISO Benchmark reveals that security budgets in large organizations are inching upward, reaching 0.75 % of revenue, while overall IT spend climbs to 3.9 %. More than half of respondents expect modest 1‑10 % budget increases in 2026, but many...
Windows Security App Gets Secure Boot Certificate Status Indicators as 2026 Expiration Approaches
Microsoft has introduced Secure Boot certificate status indicators in the Windows Security app to help IT teams monitor the replacement of 2011‑issued certificates that expire in 2026. The indicators are delivered via Windows Update, but they are disabled by default...
Microsoft Releases Open-Source Toolkit to Govern Autonomous AI Agents
Microsoft unveiled the open‑source Agent Governance Toolkit, a seven‑package suite that adds policy, identity, compliance and reliability controls to autonomous AI agents. The toolkit runs in Python, TypeScript, Rust, Go and .NET, offering sub‑millisecond policy enforcement and cryptographic trust mechanisms....
Which Messaging App Takes the Most Limited Approach to Permissions on Android?
A recent analysis of Android versions of Messenger, Signal and Telegram reveals stark differences in permission requests and data handling. Messenger requests the most permissions (87 total, 24 dangerous), while Telegram requests the fewest (71 total) but the highest number...
OpenSSH 10.3 Patches Five Security Bugs and Drops Legacy Rekeying Support
OpenSSH 10.3 introduces five security patches and a suite of new features while removing legacy rekeying support. The update fixes a shell‑injection flaw in user‑name handling, a certificate‑principal matching bug, and an ECDSA algorithm enforcement issue. It also changes certificate behavior...
North Korean Hackers Linked to Axios Npm Supply Chain Compromise
On March 31, 2026, attackers compromised a maintainer’s npm account and published two malicious versions of the popular Axios HTTP client library. The backdoored packages contained a hidden dependency that executed a post‑install script, downloading the WAVESHAPER.V2 remote‑access trojan targeting...
CIS Benchmarks March 2026 Update
The Center for Internet Security released its March 2026 benchmark update, refreshing dozens of hardening guides across Windows, Linux, cloud, and database platforms. Highlights include Windows 11 Enterprise (v5.0.0) with nine new settings, Windows Server 2022/2025 revisions, and a minor OCI Foundations tweak....
Egnyte Expands Content Cloud with AI Governance and Built-In Assistant
Egnyte has launched AI Safeguards, a governance layer that lets IT and compliance teams define who and what can be processed by AI within the Egnyte Content Cloud. The same release adds an AI Assistant that works natively inside the...
Mimecast Makes Enterprise Email Security Deployable in Minutes
Mimecast introduced an API‑based email security solution that integrates directly with Microsoft 365, delivering full Secure Email Gateway protection without any MX record changes. The service can be activated within minutes, offering deep URL inspection, sandboxing, AI‑driven BEC detection, and automated...
Malware Detectors Trained on One Dataset Often Stumble on Another
Researchers at the Polytechnic of Porto evaluated machine‑learning static malware detectors across six public Windows PE datasets and four external collections. Models achieved high‑90s AUC and F1 scores on in‑distribution data, but performance fell sharply on external sets, especially the...
New Bitdefender Assessment Helps Organizations Identify and Eliminate Hidden Internal Attack Paths
Bitdefender launched a complimentary Internal Attack Surface Assessment to help enterprises pinpoint hidden internal cyber risks tied to excessive user access and shadow IT. The service leverages the GravityZone PHASR platform to deliver data‑driven visibility down to the individual user...
Download: 2026 SANS Identity Threats & Defenses Survey
The 2026 SANS Identity Threats & Defenses Survey reveals that 55% of organizations suffered an identity‑related breach in the past year. MFA fatigue contributed to 26% of those attacks, indicating user weariness with multi‑factor prompts. The report details how threat...
SystemRescue 13 Updates Its Kernel to Linux 6.18 LTS, Adds New Recovery Tools
SystemRescue released version 13.00, upgrading its core to the Linux 6.18.20 long‑term support kernel. The update also refreshes storage utilities, including Bcachefs 1.37.3 and GParted 1.8.1, and adds new command‑line tools such as yq and the C‑based iotop‑c. HiDPI display...
Why Risk Alone Doesn’t Get You to Yes
Security leaders often present technically sound risk briefings, yet executives delay action because risk data alone doesn’t compel decisions. The gap lies in translating exposure into business‑focused consequences that align with revenue, compliance, and operational goals. Executives need clear, stakeholder‑specific...
ShipSec Studio Brings Open-Source Workflow Orchestration to Security Operations
ShipSec AI has launched ShipSec Studio, an open‑source security workflow automation platform that replaces ad‑hoc scripts with a dedicated orchestration layer. The visual, no‑code builder lets operators chain tools like Subfinder, Nuclei and TruffleHog into automated pipelines, compiling them into...
Don’t Count on Government Guidance After a Smart Home Breach
Researchers examined government cybersecurity guidance across 11 countries for smart homes and found that most advice concentrates on prevention—such as regular updates and changing default credentials—while post‑breach support is minimal. Reporting mechanisms exist but are generic and not tailored to...
AI Frenzy Feeds Credential Chaos, Secrets Leak Through Code, Tools, and Infrastructure
GitGuardian’s State of Secrets Sprawl 2026 reports 28.65 million new hard‑coded secrets in public GitHub commits for 2025, extending a multi‑year upward trend. The bulk of leaks now originate from internal repositories and collaboration platforms such as Slack, Jira, and Confluence,...
Tails 7.6 Ships Automatic Tor Bridge Retrieval and a New Password Manager
Tails 7.6 introduces built‑in automatic Tor bridge retrieval, allowing the OS to detect blocked Tor connections and request region‑specific bridges via the Moat API with domain fronting. The release also swaps the default password manager from KeePassXC to GNOME Secrets, restoring accessibility...
Mission to Smuggle $170 Million Worth of AI Tech to China Collapsed for Three Men
In October 2023, Tommy Shad English posed as a Thailand‑based buyer and ordered 750 servers—valued at roughly $170 million and containing 600 export‑controlled AI chips—intended for China. After paying over $20 million, the scheme unraveled when the chip maker could not verify...
DataBahn Brings AI-Driven Intelligence Into the Security Pipeline
DataBahn.ai unveiled Autonomous In‑Stream Data Intelligence (AIDI), an AI‑native model that interprets, validates, and acts on security telemetry as it flows through the pipeline. The accompanying DataBahn Agent Farm deploys specialized AI agents to automate connector creation, asset mapping, and...
Vorlon Adds Forensics and Response to Secure AI Agents
Vorlon introduced two new products—the AI Agent Flight Recorder and the AI Agent Action Center—to give enterprises forensic visibility and coordinated response for AI‑driven workloads. A 2026 Vorlon survey found 99.4% of U.S. organizations suffered at least one SaaS or...
DigiCert Document Trust Manager Enhancements Improve Document Security and Compliance
DigiCert has upgraded its Document Trust Manager to counter AI‑driven document fraud by centralising signing key management and workflow visibility. The enhancements add unified monitoring, a secure certificate repository with MFA, and pre‑integrated support for DocuSign, Adobe Sign and other...
Gemini Picks up Criminal Activity Buried in Dark Web Noise
Google has launched a dark‑web intelligence feature within Google Threat Intelligence, powered by its Gemini AI model. The service scans millions of dark‑web events daily and automatically builds a profile of an organization’s operations, adjusting as business parameters change. By...
Akamai Brand Guardian Detects and Removes AI-Driven Brand Impersonation
Akamai launched Brand Guardian, an AI‑driven evolution of its Brand Protector service, to automatically detect and remove fraudulent websites that impersonate brands. Scammers now use generative AI to create convincing fake digital assets in seconds, outpacing manual detection methods. Brand...
Njordium AI Blocks Fake Invoices and Fraudulent Payments
Njordium Cyber Group unveiled an AI‑driven Fraud Detection Module integrated into its new Vendor Management System, instantly flagging fake invoices, phantom services and abnormal pricing. The self‑learning engine extracts data from PDFs, OCR scans, Excel, XML and email, routing high‑confidence...
Microsoft Hands Entra ID Users New Option for MFA
Microsoft has made External MFA for Entra ID generally available, leveraging the OpenID Connect standard to let organizations integrate third‑party MFA solutions while retaining Conditional Access controls. The feature appears as an external authentication method that admins can assign to...
Anthropic Trims Action Approval Loop, Lets Claude Code Make the Call
Anthropic introduced Auto mode for Claude Code, allowing the AI to approve routine file writes and shell commands without constant user confirmation. The feature, initially limited to Team plans and requiring admin enablement, runs on the latest Claude Sonnet 4.6...
Codenotary Introduces AgentX for Autonomous Linux Infrastructure Security
Codenotary unveiled AgentX, an autonomous platform that uses coordinated AI agents to manage, secure, and protect large‑scale Linux infrastructure across cloud and on‑premises environments. The solution automates configuration reviews, policy enforcement, and remediation while preserving full administrator control through zero‑trust...
The AI Safety Conversation Is Focused on the Wrong Layer
Enterprises are grappling with fragmented identity systems that were designed for human users, but AI agents operate at machine speed, exposing critical security gaps. Ev Kontsevoy, CEO of Teleport, argues that the real problem is the lack of a unified...
Mimecast Expands Incydr with Runtime Data Security for AI and Human Risk
Mimecast announced a major upgrade to its Incydr platform, adding runtime data security that monitors both human users and AI agents across endpoints, browsers, SaaS apps, and email. The new features provide unified visibility, shadow‑AI detection, adaptive risk scoring and...
Novee Introduces Autonomous AI Red Teaming to Hunt LLM Vulnerabilities
Novee unveiled an autonomous AI red‑team agent designed to probe large language model (LLM) applications for security flaws. The platform continuously simulates sophisticated attack scenarios such as prompt injection, jailbreaks, and data exfiltration, delivering detailed vulnerability assessments and remediation guidance....
Detectify Uncovers Hidden Assets and Risks Across Entire IP Ranges
Detectify has introduced IP Range Scanning, a service that continuously discovers and monitors entire CIDR blocks to surface forgotten assets and hidden risks. The tool goes beyond traditional domain‑focused scanners by detecting services on non‑standard ports and exposing high‑risk databases...
32% of Top-Exploited Vulnerabilities Are over a Decade Old
Cisco Talos’s 2025 Year in Review shows exploitation timelines are compressing: newly disclosed flaws like React2Shell are weaponized within weeks, while 32% of the top‑targeted vulnerabilities are over a decade old, exemplified by the lingering abuse of Log4Shell. Attackers favor...
Microsoft Details AI Prompt Abuse Techniques Targeting AI Assistants
Microsoft released a detailed guide on AI prompt abuse, outlining how crafted inputs can manipulate large language models to bypass safety controls and expose sensitive data. The guide categorizes attacks into direct prompt overrides, extractive abuse, and indirect injection via...
