Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

nucleus

The NVD Funding Crisis Was Bigger Than Mythos

Apr 9, 2026 By Scott Kuffer In Nucleus
Everyone is calling Claude Mythos a watershed moment. I’d like to offer a slightly different take. Not because the capability isn’t real, it is. But if Mythos is the moment that finally convinced your organization that rapid vulnerability discovery is an existential threat, you’ve been watching the wrong thing. We saw this coming. Vulnerability Management has been moving in this direction for years, and we built Nucleus with this trajectory in mind. What surprises me is the surprise.
Read Post
bitsight

The Future Is Cyber Risk Intelligence

Apr 9, 2026 By Jake Olcott In BitSight
Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.
Read Post

DarkSword: Known Threats. Known Protection. Complete Visibility.

Apr 9, 2026 By Lookout In Lookout
In moments. No warning. No trace. Total takeover. In March 2026, a new breed of mobile threat emerged: DarkSword. This sophisticated iOS exploit chain doesn’t need a phishing link or a malicious app download. Just one visit to a compromised website is enough to expose your entire enterprise. In this video, we dissect the DarkSword attack path—from the initial Safari iframe encounter to the kernel-level takeover—and show you how the threat disappears before most security teams even know it’s there.
View Video

What Is a Computer Virus? How It Spreads & How to Stop It | Avast

Apr 9, 2026 By Avast In Avast
You use your computer every day to work, shop, stream, and connect with the people and things you care about. But what exactly is a computer virus, and how does it manage to spread so fast? In this video, we explain what a computer virus is, how it attaches to files and programs you trust, and how it activates, copies itself, and spreads to other files and devices—just like a biological virus.
View Video
sophos

Adobe Reader zero-day vulnerability in active exploitation

Apr 9, 2026 By Sophos Counter Threat Unit Research Team In Sophos
On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code.
Read Post
sophos

We let OpenClaw loose on an internal network. Here's what it found

Apr 9, 2026 By Ross McKerchar In Sophos
Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks In my previous article on OpenClaw I wrote: “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” The Red Team here at Sophos took that as ‘challenge accepted’, s
Read Post
sophos

The vulnerability flood is here. Here's what it means - and how to prepare

Apr 9, 2026 By Ross McKerchar In Sophos
We can't control the pace of AI-driven vulnerability discovery, but we can control how fast we respond. Last week, Thomas Ptacek published a piece arguing that vulnerability research is cooked. His thesis: AI agents are about to drown us in a steady stream of validated, exploitable, high-severity vulnerabilities, faster than anyone can patch them. But from where I sit, the more urgent question isn't whether the flood is coming, but whether the infrastructure we depend on can absorb it.
Read Post
veracode

Spring 2026 Threat Research: Key Trends in Software Supply Chain Security

Apr 9, 2026 By Veracode Threat Research In Veracode
The software supply chain continues to face escalating threats, with malicious actors targeting developers and organizations at an unprecedented scale. In our Spring 2026 Threat Research Review, we analyze the latest trends, uncover alarming statistics, and highlight the evolving tactics used by attackers. From dependency injection attacks to the rise of typosquatting, this report provides a comprehensive look at the threats shaping the software ecosystem.
Read Post
Arctic Wolf

Frontier AI Models Mark a Turning Point for Cybersecurity

Apr 9, 2026 By Dan Schiappa In Arctic Wolf
This week Anthropic announced Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier AI model capable of autonomously discovering and developing exploits for zero-day vulnerabilities across major operating systems and web browsers. According to early details, the model has already identified thousands of critical vulnerabilities that traditional tools have missed for years.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.