Cyber Security News ®

⚠️ Windows 11 Emergency Update to Fix Installation Loop Issues | Source: https://lnkd.in/g5kkmiAY Microsoft just released an emergency out-of-band update to resolve a persistent installation failure affecting Windows 11 users. Released on March 31, 2026, update KB5086672 specifically targets systems running Windows 11 versions 25H2 and 24H2. This patch addresses a critical setup bug introduced in late March that prevented users from successfully applying recent system improvements and maintaining their security baselines. Users repeatedly faced error code 0x80073712, which abruptly halted the installation process and left systems unable to finalize the update. #windows11 #cybersecuritynews

🛡️ Google Now Allows You to Change Your @gmail.com Address in a Few Simple Steps | Source: https://lnkd.in/gSziR2aG Users with email addresses ending in @gmail.com can now replace their existing handle with a completely new @gmail.com address without losing their underlying account data. Previously, changing a primary Gmail username required creating a completely new Google Account. Users then had to rely on Google Takeout or manual forwarding protocols to migrate their existing data. This legacy process was inherently flawed and often resulted in fragmented digital identities. Transferring gigabytes of emails, Google Drive files, Google Photos, and Play Store purchases was time-consuming and prone to data loss. #Gmail #cybersecuritynews

🛡️ Notepad++ v8.9.3 Released, Addressing cURL Security Vulnerability and Crash Issues | Source: https://lnkd.in/gWGKDGSW Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities. The most notable security implementation in version 8.9.3 is the remediation of a vulnerability within the application’s auto-updater framework. The development team has updated the cURL component in WinGUp to version 8.19.0, mitigating a specific security issue, CVE-2025-14819. #cybersecuritynews

𝗠𝗮𝘀𝘁𝗲𝗿 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆! Learn 100+ Advanced Cybersecurity Courses Online With Life time access -> https://lnkd.in/gpvdaCSX Apply $170 Discount Coupon: CYBER2026 Grab a Discount Before It Disappears in 24 Hours!" Ethical Hackers Academy ® delivers over 100+ premium cybersecurity courses with labs for anyone looking to transition their careers to cybersecurity experts. Join Diamond Membership 360,000+ students from 150+ countries to get a lifetime learning experience. 𝐖𝐡𝐲 𝐃𝐢𝐚𝐦𝐨𝐧𝐝 𝐌𝐞𝐦𝐛𝐞𝐫𝐬𝐡𝐢𝐩 𝐟𝐫𝐨𝐦 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐀𝐜𝐚𝐝𝐞𝐦𝐲? The Diamond Membership offers continual learning opportunities to enhance your skills and prepare the way for you to become an esteemed expert in many prominent cybersecurity fields, as outlined below: Penetration Testing, VAPT, Security Auditing, Ethical Hacking, Malware analysis, bug bounty, Exploit Development, Kali Linux Training, Android Hacking, Vulnerability assessment, network Hacking, GDPR, Python Programming, Threat Analysis, Reverse Engineering, Cyber Forensics, IoT Security, SOC Operations Training, Web Hacking, 100+ Hacking Tools, and more. 𝐋𝐢𝐟𝐞 𝐓𝐢𝐦𝐞 𝐃𝐢𝐚𝐦𝐨𝐧𝐝 𝐌𝐞𝐦𝐛𝐞𝐫𝐬𝐡𝐢𝐩 𝐂𝐨𝐮𝐫𝐬𝐞𝐬 𝐓𝐡𝐚𝐭 𝐂𝐨𝐯𝐞𝐫𝐬: ✅ Penetration Testing ✅ Vulnerability Assessment ✅ Security Auditing ✅ Ethical Hacking ✅ Malware Analysis ✅ Bug Bounty ✅ Exploit Development ✅ Kali Linux Training ✅ Android Hacking ✅ Network Hacking ✅ GDPR ✅ Python Programming ✅ Threat Analysis ✅ Reverse Engineering ✅ Cyber Forensics ✅ IoT Security ✅ SOC operations training ✅ Web hacking ✅ Digital Forensics ✅ CompTIA ✅ CISSP ✅ AWS Security ✅ Docker Security ✅ Kubernetes Security ✅ Data Protection & Compliance ✅ Incident Response ✅ Cloud Penetration Testing ✅ Learn 100+ Hacking tools and more. 100+ 𝐂𝐨𝐮𝐫𝐬𝐞𝐬 𝐋𝐢𝐧𝐤𝐞𝐝 𝐖𝐢𝐭𝐡 𝐅𝐨𝐥𝐥𝐨𝐰𝐢𝐧𝐠 𝐉𝐨𝐛 𝐑𝐨𝐥𝐞𝐬 ✅ Network Penetration tester ✅ Web Penetration Tester ✅ Malware Analyst ✅Network Security Professionals ✅Network Admins ✅Security System Administrators ✅Vulnerability tester ✅Security researcher ✅Red Team member ✅Blue Team Member ✅SOC Analyst. ✅Security Auditor. ✅Security Engineer. ✅Security analyst (II) ✅Vulnerability assessment analyst ✅Network security operations ✅Application security vulnerability ✅Ethical hacker, Cyber Security Analyst ✅Security Manager. 𝐊𝐞𝐲 𝐇𝐢𝐠𝐡𝐥𝐢𝐠𝐡𝐭𝐬 ✅ 100+ Curated Courses and E-Degrees ✅ 3000+ hours of Training videos ✅ 20+ New Courses Added Every Year ✅ 1 E-Degree Added Every Year ✅  24/7 Unlimited Access ✅  Lifetime Subscription ✅  Lifetime Technical Support and Update ✅  Interactive Learning Modules ✅  Certifications with CPE Credits ✅ Complete Practical Training ✅  Practical labs and Setup Guide ✅  500+ Downloadable E-Book, materials

Today, depthfirst has announced an $𝟴𝟬 𝗺𝗶𝗹𝗹𝗶𝗼𝗻 𝗦𝗲𝗿𝗶𝗲𝘀 𝗕 𝗳𝘂𝗻𝗱𝗶𝗻𝗴 𝗿𝗼𝘂𝗻𝗱 led by Meritech Capital, coming less than 90 days after its Series A led by Accel. According to the company, depthfirst was founded on the belief that artificial intelligence is rapidly changing both software development and cybersecurity. As AI makes it significantly easier to write code, organizations are shipping more software than ever before. At the same time, AI is also making it easier for attackers to exploit vulnerabilities, increasing the risk of breaches across enterprises. 𝗛𝗲𝗿𝗲’𝘀 𝗵𝗼𝘄 𝗱𝗲𝗽𝘁𝗵𝗳𝗶𝗿𝘀𝘁 𝗮𝗶𝗺𝘀 𝘁𝗼 𝗮𝗱𝗱𝗿𝗲𝘀𝘀 𝘁𝗵𝗶𝘀 𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲: 𝟭. 𝗙𝗶𝗻𝗱𝘀 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗰𝗼𝗱𝗲: depthfirst’s AI agents scan the entire codebase to understand how systems work and identify potential vulnerabilities. 🔍 𝟮. 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 𝗹𝗶𝗸𝗲 𝗮 𝗿𝗲𝗮𝗹 𝗵𝗮𝗰𝗸𝗲𝗿: The platform attempts to exploit vulnerabilities just like a real attacker. If it can’t break it, it doesn’t flag it — ensuring teams only see real issues, not false positives. ⚡ 𝟯. 𝗙𝗶𝘅𝗲𝘀 𝗶𝘀𝘀𝘂𝗲𝘀 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆: When a real vulnerability is discovered, depthfirst rewrites the code and opens a pull request, allowing developers to approve fixes with a single click. 🚀 The company also noted that, despite long-standing skepticism around AI’s role in cybersecurity, it believes AI will fundamentally reshape both offensive and defensive security strategies. depthfirst stated that security companies must adapt to these changes or risk disruption, a shift that is increasingly reflected across the broader market. Since launching just a few months ago, depthfirst reports partnerships with Fortune 500 companies and fast-growing technology firms including Lovable, Supabase, and ClickUp. Alongside the funding announcement, depthfirst also introduced its first in-house security model, which the company claims outperforms frontier models while operating at a significantly lower cost. To support developers, the company is also releasing a free AI agent skill designed to scan codebases and identify vulnerabilities that attackers could exploit. The funding round includes participation from investors such as Forerunner, TheHousefund, BoxGroup, Liquid 2 Ventures, Alt Capital, Mantis Venture Capital, depthfirst says the new funding will help accelerate its mission to secure software in an AI-driven world. 🚀 #depthfirst #fund #cybersecurity #networksecurity #informationsecurity

🛡️ ChatGPT Vulnerability Let Attackers Silently Exfiltrate User Prompts & Sensitive Data | Source: https://lnkd.in/gq_dyR4z A critical vulnerability in ChatGPT’s architecture allowed attackers to extract this exact type of user data silently. By abusing a covert outbound channel in ChatGPT’s isolated code execution environment, attackers could extract chat history, uploaded files, and AI-generated outputs without triggering user alerts or consent prompts. OpenAI designed the Python-based Data Analysis environment as a secure sandbox, intentionally blocking direct outbound HTTP requests to prevent data leakage. Legitimate external API calls, known as GPT Actions, require explicit user consent through visible approval dialogs. #cybersecuritynews #vulnerabilitynews #chatGPT

🛡️Anthropic's Claude Code Source Code Reportedly Leaked Via Their npm Registry | Source: https://lnkd.in/gJ7b_Js9 Anthropic's proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on Anthropic's own cloud infrastructure. The published @ anthropic-ai/claude-code npm package reportedly contained a source map (.map) file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic's own R2 cloud storage bucket. The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code. #claudecode #cybersecuritynews

🛡️ Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs | Source: https://lnkd.in/gKfnkKd6 Anthropic’s Claude AI successfully discovered zero-day Remote Code Execution (RCE) flaws in both Vim and GNU Emacs. The discoveries highlight a massive paradigm shift in bug hunting, demonstrating that AI models can uncover critical vulnerabilities in legacy software with simple natural-language prompts. The ease with which Claude uncovered these RCE flaws has left professional bug hunters drawing comparisons to the early 2000s era of SQL injection, where trivial inputs could systematically compromise entire networks. #cybersecuritynews

🚨Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack | Source: https://lnkd.in/gQJpUSEJ A sophisticated supply chain attack has targeted Axios, one of the most heavily adopted HTTP clients within the JavaScript ecosystem, by introducing a malicious transitive dependency into the official npm registry. The compromise involves the unauthorized publication of new Axios versions that automatically pull in plain-crypto-js@4.2.1, a newly published package confirmed by automated malware detection systems to contain malicious code. Axios maintainers publish tagged releases on GitHub concurrently with their npm publishes. Axios 1.14.1 Axios 0.30.4 #cybersecuritynews

⚠️ Critical Fortinet FortiClient EMS Vulnerability Exploited in Attacks | Source: https://lnkd.in/geaiP_VH A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. In observed attacks, threat actors are bypassing security controls by smuggling malicious SQL statements through the Site header within an HTTP GET request. A recorded payload targeting the /api/v1/init_consts endpoint demonstrates attackers injecting commands such as Site: x'; SELECT pg_sleep(4)--. This specific attack was observed originating from the threat actor IP address 104.192.92[.]135. #cybersecuritynews #vulnerability