A 15-year-old vulnerability in OpenSSH has been discovered that could allow attackers to gain full root shell access to servers by exploiting a simple comma in certificate principal names. The bug, tracked as CVE-2026-35414, works because OpenSSH mistakenly treats the comma as a list separator, turning a low-privilege identity into a root credential, and the attack doesn't trigger authentication failures in logs, making it nearly impossible to detect through normal monitoring. The flaw was patched in OpenSSH version 10.3 in early April, and security experts say organizations should update immediately.

Security researchers at Akamai have discovered that Microsoft's February patch for a Windows SmartScreen vulnerability was incomplete, creating a new zero-click flaw that allows attackers to steal credentials without any user interaction. The original vulnerability, CVE-2026-21510, was exploited by Russia's APT28 hacking group in attacks targeting Ukraine and EU countries, using weaponized shortcut files to bypass Windows security features. Microsoft has since patched the new vulnerability, CVE-2026-32202, in its April updates, but the incident highlights how incomplete patches can inadvertently create new security risks.

Cybersecurity researchers have discovered 73 malicious Visual Studio Code extensions on the official marketplace that were delivering GlassWorm v2 malware to unsuspecting developers. The fake extensions posed as legitimate tools to trick users into downloading them, highlighting ongoing security concerns with third-party software repositories. This discovery underscores the growing threat of supply chain attacks targeting developer tools and environments.

PhantomCore, a threat actor group, has been actively exploiting security vulnerabilities in TrueConf, a video conferencing platform, to infiltrate Russian networks. The attacks leverage flaws in the software to gain unauthorized access and establish a foothold within targeted systems. Security researchers have identified this campaign as a significant threat to organizations using the compromised platform, particularly those operating within Russia.

A new report from Zscaler ThreatLabz reveals that artificial intelligence has dramatically accelerated vulnerability discovery, collapsing the window for human response and making VPNs a particularly fast pathway for attackers. The report warns that while AI tools like Mythos have fundamentally changed the speed of threat detection, most security teams haven't adapted their remediation processes to keep pace with these AI-driven attacks.

Security researchers have uncovered Fast16 malware targeting systems through VPN vulnerabilities, as detailed in Zscaler's 2026 VPN Risk Report. The report highlights how AI-powered attacks have dramatically shortened the time between initial access and full breach, with remote access tools now representing one of the fastest attack vectors. Meanwhile, Georgetown University is promoting its online Master's program in Cybersecurity Risk Management as organizations seek professionals who can defend against these evolving threats.

Checkmarx has confirmed that data from its GitHub repository was posted on the dark web following a cyberattack on March 23rd. The application security company is investigating the breach, which appears to have exposed source code and potentially sensitive information stored in the repository. This incident highlights ongoing concerns about the security of software development platforms and supply chain risks, as Checkmarx ironically specializes in helping other companies identify security vulnerabilities in their code.

While some experts worry that advanced AI models could pose an existential threat to cybersecurity, Ari Herbert-Voss suggests this concern may actually present an opportunity. The debate centers on whether frontier language models will fundamentally undermine digital security or whether they can be harnessed to strengthen defensive capabilities. This reflects the broader tension in the tech community about how to approach increasingly powerful AI systems in the cybersecurity domain.

Cybersecurity researchers have discovered a malware framework called "fast16" that dates back to 2005, making it five years older than Stuxnet, the notorious cyberweapon previously thought to be among the earliest sophisticated state-sponsored malware. This finding is rewriting the timeline of advanced cyber sabotage operations and suggesting that nation-state actors were developing complex offensive cyber capabilities much earlier than previously understood.

Security researchers have uncovered a serious architectural weakness in Windows' Remote Procedure Call mechanism dubbed PhantomRPC, which enables attackers to escalate their privileges on affected systems. The vulnerability stems from how Windows handles connections to unavailable RPC services, with researchers identifying five distinct exploit paths that take advantage of this flaw. The security issue remains unpatched, potentially leaving Windows systems exposed to privilege escalation attacks.