Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Infosecurity Magazine 08.04.2026 15:10
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
Samsung verteilt April-Update: Kritische Schwachstellen gefährden Galaxy-Geräte
Heise Security 08.04.2026 12:48
Samsung schließt mit dem April-Sicherheitsupdate 47 Lücken auf Galaxy-Smartphones. 14 davon sind kritisch, vier weitere als hoch eingestufte betreffen Exynos.
KI-Tools: Nvidia rüstet DALI und Triton Inference Server gegen mögliche Attacken
Heise Security 08.04.2026 12:41
Mehrere Sicherheitslücken in Nvidia DALI und Triton Inference Server gefährden Systeme. Sicherheitspatches stehen zum Download bereit.
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
CSO Online 08.04.2026 12:24
Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems.
The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-in connector for an application’s AI agent to talk to external tools via MCP servers.
(g+) Windows: Der Update-Guide für Secure Boot
Golem 08.04.2026 12:15
Die Secure-Boot-Zertifikate laufen bald aus und müssen getauscht werden. Unser Leitfaden zeigt, welche To-dos auf Admins zukommen. Eine Anleitung von Holger Voges (Windows, Verschlüsselung)
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
CSO Online 08.04.2026 12:03
As the US and Iran agreed to a ceasefire on Tuesday, six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers at critical infrastructure facilities in the US.
The attacks, which the agencies linked to escalating hostilities between Iran and the US and Israel, targeted Rockwell Automation and Allen-Bradley PLCs at water and wastewater, energy, and government facilities, including local municipalities, and have been active since at least March 2026, according to the advisory, co-authored by the FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command’s Cyber National Mission Force, and published on Tuesday.
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
Infosecurity Magazine 08.04.2026 11:30
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
Jetzt updaten! Angreifer attackieren Low-Coding-Tool Flowise
Heise Security 08.04.2026 08:51
Unbekannte Angreifer nutzen derzeit eine kritische Sicherheitslücke mit Höchstwertung in Flowise aus. Ein Sicherheitspatch ist verfügbar.
Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets
Infosecurity Magazine 08.04.2026 08:15
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
ComfyUI-Server: Angreifer machen Instanzen zu Kryptominer-Proxy-Botnet
Heise Security 08.04.2026 07:14
Mehr als 1000 ComfyUI-Server stehen offen im Internet. Angreifer missbrauchen Fehlkonfigurationen, um Instanzen zu Botnet hinzuzufügen.