OpenAI is enhancing its cybersecurity efforts by expanding its Trusted Access for Cyber (TAC) program, which now aims to provide thousands of verified cybersecurity professionals with prioritized access to advanced AI tools. This expansion includes the introduction of GPT-5.4-Cyber, a specialized version of their AI designed to assist in identifying and addressing vulnerabilities in critical software. The initiative focuses on empowering defenders who are responsible for protecting software systems from potential attacks. By equipping these professionals with better resources, OpenAI hopes to improve the speed and effectiveness of vulnerability management. This move is significant as it addresses the ongoing challenge of staying ahead of attackers in the cybersecurity landscape.
Articles tagged "Critical"
Found 548 articles
SCM feed for Latest
The Office of Personnel Management (OPM) in the United States is actively recruiting cybersecurity specialists to bolster security across various federal agencies. This initiative is part of the US Tech Force program, which aims to enhance the government’s cybersecurity capabilities amid increasing threats. The hiring effort underscores the ongoing need for skilled professionals in the face of persistent cyber challenges that affect national security and the protection of sensitive data. By expanding its workforce in this critical area, OPM is taking steps to better defend against potential cyberattacks that could target federal infrastructure. This move is particularly relevant as agencies seek to improve their defenses and respond more effectively to evolving cybersecurity threats.
Hackread – Cybersecurity News, Data Breaches, AI and More
A serious vulnerability identified as CVE-2026-5194 has been found in wolfSSL, affecting a vast array of devices, including Internet of Things (IoT) devices, routers, and military systems. This flaw allows attackers to forge digital identities, which poses a significant risk to the security of billions of devices globally. Users and organizations utilizing wolfSSL should promptly update to version 5.9.1 to mitigate this risk. The widespread impact of this vulnerability emphasizes the importance of regular software updates to maintain security across various platforms. Failure to address this issue could lead to unauthorized access and potential exploitation of sensitive systems.
SCM feed for Latest
The UK has successfully disrupted a Russian intelligence operation aimed at subsea cables, which are crucial for global communications. This operation involved Russian vessels from the Main Directorate of Deep Sea Research (GUGI), known for monitoring important offshore infrastructure. The UK authorities did not disclose specific details about the timing or methods of the disruption but emphasized the importance of protecting critical infrastructure from foreign interference. This incident raises concerns about the security of undersea cables, as they are vital for internet connectivity and economic stability. It also highlights ongoing tensions between the UK and Russia regarding cybersecurity and espionage activities.
A recent analysis by OX Security examined 216 million security findings from 250 organizations over a span of 90 days. The report revealed that while the overall number of security alerts increased by 52% compared to the previous year, the number of critical risks surged by almost 400%. This alarming trend is largely attributed to the rapid growth of AI-assisted development, which is outpacing the ability to manage high-impact vulnerabilities. As organizations adopt more AI technologies, they need to be vigilant about the increasing density of these vulnerabilities, which could lead to significant security breaches if not addressed promptly. Companies must prioritize their security measures to keep up with this accelerating risk landscape.
Security Affairs
CVE-2025-0520A serious vulnerability has been discovered in ShowDoc, an online tool used by IT teams for document sharing and collaboration. This flaw, identified as CVE-2025-0520, allows attackers to execute remote code on unpatched servers, posing a significant risk to organizations that have not updated their systems. With a CVSS score of 9.4, this remote code execution vulnerability is currently being exploited in the wild, meaning that attackers are actively taking advantage of it. Companies using ShowDoc need to prioritize patching their servers to protect against potential breaches and unauthorized access to sensitive information. Failing to address this issue could lead to severe consequences for affected organizations.
Security experts are sounding alarms about a potential surge of AI-related vulnerabilities following the launch of Anthropic's Claude Mythos. In a new report from the Cloud Security Alliance (CSA), they warn that this advanced AI model could introduce new weaknesses that attackers might exploit. The paper suggests that Chief Information Security Officers (CISOs) should brace for a wave of security challenges as the technology becomes more widely adopted. This situation is critical because organizations may not be fully prepared to address the unique risks associated with AI systems, which could lead to significant breaches or data leaks. Companies need to proactively evaluate their security measures and develop strategies to mitigate these emerging threats.
SCM feed for Latest
A recent survey by the SANS Institute revealed that 92% of organizations do not regularly rotate machine credentials, which are essential for securing non-human identities, such as those used by automated systems and AI. As these non-human identities expand rapidly, the lack of effective governance measures leaves companies vulnerable to potential breaches. The survey suggests that many enterprises have outdated practices that fail to keep pace with the growing complexity of their IT environments. This oversight could allow malicious actors to exploit these weaknesses and gain unauthorized access to critical infrastructure. The findings emphasize the urgent need for organizations to reassess their security protocols and implement regular credential management practices to mitigate risks.
SCM feed for Latest
A cyberattack has reportedly compromised the hydraulic pump system responsible for protecting Venice's iconic Piazza San Marco from flooding. Hackers claim to have gained access to this critical system, raising concerns about the safety of the area, especially given Venice's vulnerability to rising water levels. While the extent of the damage and the attackers' motives remain unclear, this incident underscores the potential risks associated with municipal infrastructure becoming targets for cyber threats. Authorities are likely assessing the situation to ensure the flood protection measures can continue functioning effectively during high tide events. The implications of this breach could affect not only the local population but also tourism and the preservation of cultural heritage in Venice.
SCM feed for Latest
A serious vulnerability, known as CVE-2026-39987, has been discovered in all versions of Marimo prior to 0.23.0, earning a high CVSS score of 9.3. This flaw allows attackers to potentially exploit systems running affected versions of the software, raising significant security concerns for users. Researchers noted that the vulnerability was actively exploited within hours of its disclosure, indicating a swift response from malicious actors. Users of Marimo are urged to update to version 0.23.0 or later to protect their systems from potential attacks. This incident emphasizes the critical need for timely software updates in response to newly identified vulnerabilities.
BleepingComputer
A serious vulnerability in Marimo software has come to light, allowing attackers to execute remote code without needing authentication. This flaw is currently being exploited to steal user credentials, making it a pressing issue for organizations using this software. The nature of the vulnerability means that it could potentially affect a wide range of users and systems that rely on Marimo. Companies need to act quickly to protect their data and systems from unauthorized access. Immediate action is essential to mitigate the risk posed by this vulnerability as attackers are actively targeting it.
Censys researchers have identified 5,219 Rockwell PLCs (Programmable Logic Controllers) that are exposed to potential attacks, with the majority located in the United States. This warning comes after U.S. agencies, including the FBI, CISA, and NSA, reported that Iranian-linked advanced persistent threat groups are actively exploiting these internet-connected devices. The attacks target operational technology across various critical infrastructure sectors, raising concerns about national security. Experts are urging organizations to secure these devices or disconnect them from the internet to prevent potential breaches. The situation underscores the need for better security measures in industrial control systems, especially as cyber threats continue to evolve.
Security Affairs
CVE-2026-39987A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.
SCM feed for Latest
The U.S. Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection has announced a new initiative aimed at sharing cyber threat intelligence with cryptocurrency firms. This program is designed to help these companies better identify, prevent, and respond to cyber threats, especially as attacks on the crypto sector grow more frequent and sophisticated. The initiative comes in response to increasing concerns over security vulnerabilities in the cryptocurrency market, which has become a prime target for cybercriminals. By providing free intelligence resources, the Treasury hopes to strengthen the security posture of these firms and protect consumers. This move reflects a broader recognition of the need for enhanced security measures in the rapidly evolving digital currency landscape.
Iranian-linked hackers have targeted U.S. critical infrastructure by exploiting vulnerabilities in nearly 4,000 internet-connected programmable logic controllers (PLCs) made by Rockwell Automation. These devices are essential for controlling various industrial processes, making them prime targets for cyberattacks that could disrupt operations. The exposure of these PLCs raises significant concerns about the security of critical infrastructure, as successful attacks could lead to severe disruptions in industries such as manufacturing and energy. Researchers are urging companies using these devices to take immediate action to strengthen their cybersecurity measures and protect against potential intrusions. This incident serves as a reminder of the ongoing risks posed by state-sponsored cyber activities and the need for enhanced defenses in industrial environments.