The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains.
The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.
Foxconn Confirms North American Factories Hit by Cyberattack
The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents.
The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek.
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”.
The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
More than 500 packages were pushed during the attack, but the target appears to have been RubyGems itself rather than users.
The post Hundreds of Malicious Packages Force RubyGems to Suspend Registrations appeared first on SecurityWeek.
Microsoft Patches 137 Vulnerabilities
Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence.
The post Microsoft Patches 137 Vulnerabilities appeared first on SecurityWeek.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign.
The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek.
Google Detects First AI-Generated Zero-Day Exploit
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group.
The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek.
SailPoint Discloses GitHub Repository Hack
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments.
The post SailPoint Discloses GitHub Repository Hack appeared first on SecurityWeek.
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released.
The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek.
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.
The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
