OpenAI has introduced GPT-5.4-Cyber, a purpose-built variant of GPT-5.4 tuned to assist vetted security professionals with tasks previously reserved for specialized analysts. Rather than a general consumer release, this model is designed to lower refusal rates for legitimate cybersecurity workflows: binary reverse engineering, vulnerability scanning, malware analysis and exploit research. The announcement frames the model as a defensive accelerant —
Microsoft Patch Tuesday — April 2026: 168 Vulnerabilities Fixed, Including an Actively Exploited SharePoint Zero-Day
Microsoft’s April 2026 Patch Tuesday delivers a heavy set of fixes: 168 vulnerabilities across Windows, Office, Azure components and developer tools. The release includes one confirmed actively exploited zero-day in SharePoint Server (CVE-2026-32201) and a publicly disclosed elevation-of-privilege flaw in Microsoft Defender (CVE-2026-33825). Beyond those high-visibility issues, eight vulnerabilities are rated Critical — most of them Remote Code Execution (RCE)
Google brings “Skills” to Chrome so Gemini prompts are instantly reusable
Chrome is getting another nudge toward becoming the home for Google’s AI toolbox. This spring Google introduced “Skills,” a way to save Gemini prompts inside the browser so common queries and workflows can be retriggered with a click. Rather than retyping or copy‑pasting a prompt each time you want Gemini to perform a task, Skills let you store and reuse
Synology SSL VPN Client Flaws Let Remote Attackers Read Files and Expose PINs — Patch Now
Synology has released a security advisory addressing two important vulnerabilities in its SSL VPN Client that could allow remote attackers to access sensitive files and expose locally stored PINs. Both flaws require user interaction—specifically, visiting a crafted web page while the vulnerable client is running—but their consequences range from quietly reading configuration files and certificates to enabling interception of VPN
Micropatches for Windows Shell Bypass (CVE-2026-21510): What 0patch Fixed and Why It Matters
Microsoft released fixes earlier this year for CVE-2026-21510, a security feature bypass in Windows Explorer that let specially crafted shortcut (LNK) files execute a remotely hosted DLL without the usual security warning. Researchers observed exploitation in the wild and uploaded a sample to malware repositories, enabling vendors and defenders to reproduce the issue and protect legacy systems that no longer
OpenAI Acquires Hiro Finance to Bolster AI Financial Planning
OpenAI has officially confirmed the acquisition of Hiro Finance, an AI-powered personal finance startup founded by serial entrepreneur Ethan Bloch. The deal, which follows Hiro’s recent launch of a specialized financial modeling tool, marks a strategic move by OpenAI to deepen its expertise in high-stakes mathematical accuracy and consumer fintech. Backed by heavyweights like Ribbit Capital and General Catalyst, Hiro