Laura French

Nginx-ui MCP missing authentication flaw actively exploited

• aiml
• identity
• patchconfiguration-management
• vulnerability-management

Nginx-ui MCP missing authentication flaw actively exploited

Laura French April 16, 2026

Attackers on the same network can alter nginx configurations, leading to complete takeover.

Read More Read more about Nginx-ui MCP missing authentication flaw actively exploited

Black Basta-linked attacks target executives via Teams phishing

• application-security
• phishing
• ransomware
• threat-intelligence
• threat-management

Black Basta-linked attacks target executives via Teams phishing

Laura French April 15, 2026

Suspected former Black Basta affiliates impersonate help desks to deploy RMM software.

Read More Read more about Black Basta-linked attacks target executives via Teams phishing

OpenAI’s macOS app-signing process hit by axios supply chain attack

• aiml
• application-security
• generative-ai
• supply-chain

OpenAI’s macOS app-signing process hit by axios supply chain attack

Laura French April 13, 2026

The company is revoking and rotating certificates “out of an abundance of caution.”

Read More Read more about OpenAI’s macOS app-signing process hit by axios supply chain attack

AI browser extensions more likely to have known vulnerabilities, report says

• aiml
• data-security
• risk-assessmentsmanagement

AI browser extensions more likely to have known vulnerabilities, report says

Laura French April 13, 2026

AI extensions are also more likely to have cookie, scripting and tabs permissions.

Read More Read more about AI browser extensions more likely to have known vulnerabilities, report says

Linux Foundation leader impersonated in Slack phishing campaign

• phishing

Linux Foundation leader impersonated in Slack phishing campaign

Laura French April 10, 2026

The campaign targets open-source developers to steal credentials and deploy malware.

Read More Read more about Linux Foundation leader impersonated in Slack phishing campaign

Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

• aiml
• patchconfiguration-management
• vulnerability-management

Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

Laura French April 9, 2026

Anthropic launched “Project Glasswing” to restrict the availability of the new model to selected organizations.

Read More Read more about Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

Docker fixes AuthZ bypass bug that created containers with excessive privileges

• aiml
• patchconfiguration-management
• vulnerability-management

Docker fixes AuthZ bypass bug that created containers with excessive privileges

Laura French April 8, 2026

A crafted HTTP request can make restricted containers invisible to AuthZ plugins.

Read More Read more about Docker fixes AuthZ bypass bug that created containers with excessive privileges

North Korea recruits Iranian workers for IT job fraud

• identity
• threat-intelligence

North Korea recruits Iranian workers for IT job fraud

Laura French April 7, 2026

Internal records reveal how North Korean facilitators scout and coach workers.

Read More Read more about North Korea recruits Iranian workers for IT job fraud

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

• identity
• phishing
• ransomware

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Laura French April 3, 2026

The campaign leverages a newly-discovered phishing kit called VENOM.

Read More Read more about Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

• malware
• ransomware
• threat-intelligence
• threat-management

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Laura French April 1, 2026

The stealer persists on the victim’s machine and immediately exfiltrates data with no local staging.

Read More Read more about Venom Stealer MaaS handles attacks from ClickFix to crypto theft