Latest Internet & Cybersecurity News
Microsoft April 2026 Updates Fix Critical Vulnerabilities Including Exploited SharePoint Flaw
Microsoft released April 2026 Security Updates addressing multiple vulnerabilities, including CVE-2026-32201 in SharePoint Server, confirmed as actively exploited in the wild. Attackers could perform network spoofing or execute arbitrary code remotely without authentication.
JPCERT/CC urges immediate patching, especially for external-facing SharePoint deployments.
US Treasury and Fed Warn Bank CEOs on Cybersecurity Risks from Anthropic's New AI Model
On April 7, 2026, Treasury Secretary Scott Bessent and Fed Chair Jerome Powell met with major bank CEOs to discuss risks from Anthropic’s Claude Mythos AI model. The model could enable more frequent and destructive cyberattacks, leading to delayed public release via Project Glasswing to fix vulnerabilities.
Anthropic plans public reports on findings and AI-era security recommendations within 90 days.
Banco Rendimento in Brazil Suffers Cyberattack Disrupting Client Access
On April 21, 2026, a cyberattack hit Banco Rendimento, affecting client-access channels and some accounts at the SĂŁo Paulo-based FX and credit institution. The bank contained the incident, restored operations, and reported to authorities without disclosing client numbers or financial impact.
This follows 2025's R$1.5bn losses from eight incidents, prompting tighter Central Bank rules.
Microsoft Defender Zero-Day Vulnerability Exploited for System Privilege Escalation
A recent Microsoft Defender flaw is exploited as a zero-day, allowing attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The vulnerability was reported on April 23, 2026.
Organizations using Microsoft Defender should apply patches urgently to mitigate risks.
ENISA Releases Updated NCAF 2.0 for Government Cybersecurity Maturity Assessment
ENISA published NCAF 2.0 on April 23, 2026, to help EU governments evaluate and improve national cybersecurity strategies. The framework aligns with NIS2 Directive, identifies gaps, and promotes benchmarking and best practice sharing among member states.
It covers 20 strategic objectives including resilience, skills gaps, and international cooperation.
Global Campaign Targets Modbus PLCs with China-Geolocated Infrastructure
A global campaign targeting Modbus PLCs was discovered, involving infrastructure geolocated to China, reported on April 23, 2026. This threatens industrial control systems potentially leading to disruptions in critical infrastructure.
Organizations should scan for exposed PLCs and enhance network segmentation.
MIT Develops Ultra-Efficient Chip for Post-Quantum Security in Biomedical Devices
MIT researchers created a microchip on April 23, 2026, protecting wireless biomedical devices like pacemakers from quantum attacks using post-quantum cryptography. The needle-tip-sized ASIC is over 10x more energy-efficient and resists physical side-channel attacks.
It enables secure edge devices amid advancing quantum computing threats.
JPCERT Warns of Critical Adobe Acrobat and Reader Vulnerabilities
JPCERT issued warnings on April 23, 2026, about critical vulnerabilities in Adobe Acrobat and Reader enabling arbitrary code execution. Users should update immediately to prevent exploitation.
This adds to ongoing patch priorities alongside Microsoft fixes.
Brazil Central Bank Tightens Cybersecurity Rules After Sector Incidents
Following 2025's R$1.5bn losses from eight cyber incidents, Brazil's Central Bank enforced new intrusion testing rules, highlighted by the Banco Rendimento attack. Authorities are reviewing the incident for systemic vulnerabilities in payment systems.
This could influence future PSTI regulations.
Anthropic Delays AI Model Release to Address Cyber Vulnerabilities via Project Glasswing
Anthropic delayed Claude Mythos public release to collaborate on fixing software vulnerabilities with tech firms under Project Glasswing. The initiative acknowledges the model's potential to enhance both offensive and defensive cyber capabilities.
A 90-day report on fixes and recommendations is planned.