Artemis Emerges From Stealth With $70 Million in Funding
New York‑based Artemis, a cybersecurity startup founded in 2025, announced it has emerged from stealth with a $70 million seed and Series A round. The company’s AI‑driven platform detects and contains threats across applications, users, machines and cloud workloads by building a dynamic data model that blends behavioral telemetry with business context. It retrieves data on demand to cut storage costs and can integrate with existing SIEMs, already seeing adoption in technology, banking and financial‑services firms. Backers include Brightmind, Felicis, First Round Capital, Lockstep, Theory VC, Two Sigma Ventures and angels.
Splunk Enterprise Update Patches Code Execution Vulnerability
Splunk released emergency patches for several critical flaws across its Enterprise, Cloud Platform, and MCP Server products. The most severe issue, CVE‑2026‑20204, allowed low‑privileged users to upload malicious files and achieve remote code execution due to improper handling of temporary...
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Security researchers disclosed a new prompt‑injection technique called “Comment and Control” that exploits AI‑driven code tools on GitHub. The method tricks Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent by embedding malicious prompts in pull‑request titles, issue...
Exploited Vulnerability Exposes Nginx Servers to Hacking
A critical vulnerability (CVE‑2026‑33032) in Nginx UI’s AI‑driven management console has been exploited in the wild, allowing unauthenticated attackers to take full control of servers. Pluto Security identified more than 2,600 internet‑exposed instances and demonstrated a proof‑of‑concept exploit. The flaw...
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Microsoft’s April 2026 Patch Tuesday delivered fixes for 165 vulnerabilities, highlighted by an exploited SharePoint Server zero‑day (CVE‑2026‑32201) rated “important” with a CVSS score of 6.5. The flaw enables network‑level spoofing and has been added to CISA’s Known Exploited Vulnerabilities list, prompting...
SAP Patches Critical ABAP Vulnerability
SAP released 20 new and updated security notes on April 14, 2026, including two critical CVEs. The most severe, CVE‑2026‑27681 (CVSS 9.9), is a SQL‑injection flaw in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution. SAP mitigated the issue...
Triad Nexus Evades Sanctions to Fuel Cybercrime
Triad Nexus, an illicit cyber‑crime network active since 2020, has generated over $200 million in losses through sophisticated cryptocurrency investment‑fraud known as pig‑butchering. After the U.S. sanctioned its primary CDN partner Funnull in 2025, the group adopted infrastructure‑laundering tactics, using front‑company...
Nightclub Giant RCI Hospitality Reports Data Breach
RCI Hospitality Holdings, a leading adult nightclub operator, disclosed a data breach affecting its independent contractors. The breach stemmed from an insecure direct object reference (IDOR) vulnerability on an IIS web server discovered on March 23, with unauthorized access beginning March 19....
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
OpenAI disclosed that a GitHub Actions workflow used for macOS app signing inadvertently downloaded a malicious version of the popular Axios JavaScript library, version 1.14.1, as part of a supply‑chain attack linked to North Korean group UNC1069. The compromised workflow...
Fake Claude Website Distributes PlugX RAT
Security researchers discovered a counterfeit Anthropic Claude website that offered a fake "pro" version of the LLM, but the download actually installed a trojanized MSI. The installer runs a VBScript dropper that places a signed G DATA updater in the startup...
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
The weekly SecurityWeek roundup highlighted several high‑profile cyber incidents, including a March 2026 attack on medical‑device maker Stryker that will shave earnings from its first‑quarter results, and a newly disclosed Windows zero‑day dubbed BlueHammer that gives attackers full SYSTEM privileges....
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks released patches for nearly three dozen vulnerabilities affecting its Junos OS and Junos OS Evolved platforms. The most critical flaw, CVE-2026-33784 (CVSS 9.8), involves a default password in the Support Insights Virtual Lightweight Collector that could be exploited...
Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
A CERT/CC advisory disclosed nine critical vulnerabilities (CVE‑2026‑5437 to CVE‑2026‑5445) in the open‑source Orthanc DICOM server, affecting versions up to 1.12.10. The flaws include out‑of‑bounds reads, decompression‑bombs, memory‑exhaustion bugs, and heap buffer overflows that can crash servers, leak image data,...
MITRE Releases Fight Fraud Framework
MITRE Corporation unveiled the Fight Fraud Framework (MITRE F3), a free, open‑source knowledge base that maps fraudsters’ tactics, techniques and procedures using a behavior‑based model. The framework extends the ATT&CK taxonomy with two fraud‑specific tactics—positioning and monetization—covering the full lifecycle from...
Critical Marimo Flaw Exploited Hours After Public Disclosure
Security firm Sysdig reported that a critical‑severity RCE flaw in the open‑source Python notebook Marimo (CVE‑2026‑39987, CVSS 9.3) was exploited less than ten hours after its public disclosure. The vulnerability stems from an unauthenticated WebSocket terminal endpoint that grants a full...
