Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760,…

Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Ravie LakshmananApr 20, 2026Cybersecurity / Hacking Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to…

Why Most AI Deployments Stall After the Demo

The Hacker NewsApr 20, 2026Artificial Intelligence / Privacy The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs…

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Ravie LakshmananApr 20, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a…

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to…

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Ravie LakshmananApr 20, 2026Cloud Security / Data Breach Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to “certain” internal Vercel systems. The incident stemmed from the…

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Ravie LakshmananApr 18, 2026Money Laundering / Regulatory Compliance Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s suspending operations after it blamed Western intelligence agencies for a $13.74…

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Ravie LakshmananApr 18, 2026IoT Security / Vulnerability Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard…

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Ravie LakshmananApr 17, 2026Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of…

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended…