Cyber Policy
164 articles
Government warnings, law enforcement actions, regulations, and policy moves.
MEDIUMCVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV
CISA added CVE-2026-9082 (CVSS 6.5) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against all supported Drupal Core versions.
HIGHCVE-2024-57728: SimpleHelp Path Traversal Lets Admins Upload
CISA adds CVE-2024-57728 to Known Exploited Vulnerabilities: SimpleHelp path traversal via zip slip allows admin users to upload arbitrary files and execute code. Due May 8, 2026.
HIGHCVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit
CISA adds CVE-2025-2749 to KEV catalog: Kentico Xperience path traversal lets authenticated Staging Sync Server upload arbitrary files. Due date for federal agencies: May 4, 2026.
HIGHGrafana GitHub Token Breach Lets Attacker Download Full Codebase
An attacker used a compromised GitHub token to download Grafana's entire private codebase. The company says no customer data was accessed and the incident involved an extortion...
HIGHAI Agents Automate Exploitation of Obscure Vulnerabilities
AI agents now discover and exploit obscure vulnerabilities autonomously, while AI-generated code floods pipelines with flaws. Defenders must adapt to agent-scale threats.
HIGHAI Hallucinations Exploit Human Trust in Critical Infrastructure
AI models produce confident but incorrect outputs that have led to misconfigured firewalls and pipeline valve errors, researchers warn.
INFORMATIONALAI Security Startup Funding Surpasses Acquisitions by $1B in 1Q26
Dark Reading reports AI security startup investments exceeded acquisition value by over $1 billion in 1Q26, signaling a widening 'valley of death' for maturing firms.
MEDIUMMalwarebytes Blocks Suspicious Yahoo Mail Redirects to Opaque Domains
Malwarebytes blocks background connections from Yahoo Mail to domains like cook.howduhtable.com — third-party infrastructure with poor reputation and opaque redirect chains.
MEDIUMNIST NVD Enrichment Change Creates CVSS Gap for 80% of CVEs
NIST now enriches only 15-20% of CVEs under new policy as of April 2026, leaving 80% without CVSS scores or product mappings.
HIGHOpenAI Breached in TanStack Supply Chain Attack
OpenAI says two employees' devices were compromised in the TeamPCP Mini Shai-Hulud campaign, forcing rotation of code-signing certificates across macOS, Windows, iOS, and Android.
CRITICALPwn2Own Berlin 2026: Researchers Earn $523K Hacking Windows 11, Edge
On day one of Pwn2Own Berlin 2026, researchers collected $523,000 for 24 zero-days, including a $175,000 Edge sandbox escape by Orange Tsai and three Windows 11 privilege...
UK to Shield Security Researchers in Computer Misuse Act Overhaul
UK government will rewrite the Computer Misuse Act 1990 to include a statutory defense for good-faith security research, ending years of legal uncertainty for vulnerability...
HIGHAI-Driven Attacks Compromise Systems in 73 Seconds, Outpacing Patching
Picus Security analysis shows AI-powered attackers exploit CVEs in ~10 hours and breach systems in 73 seconds, while patching still takes 24 hours.
INFORMATIONALCongress Probes 25 Food Retailers Over Surveillance Pricing
Rep. Frank Pallone launched an inquiry into 25 food retailers including Amazon, Walmart, and Target over use of personal data to set variable prices, citing FTC findings.
HIGHFoxconn Confirms Ransomware Attack on North American Factories
Nitrogen ransomware gang claims 8TB of stolen data from Foxconn's North American factories, including technical files from major tech clients.
CRITICALApple Patches Everything: 0-Days, RCS Encryption Rollout
Apple released emergency patches for two zero-days exploited in the wild alongside the beta rollout of end-to-end encrypted RCS messaging for iOS and macOS.
EU States Export Spyware to Abusive Regimes, HRW Report Finds
Human Rights Watch report documents EU surveillance tech sales to over two dozen nations with poor human rights records, citing Bulgaria as a top exporter.
CRITICALInstructure Pays Ransom to ShinyHunters After Canvas Breach
Instructure paid ShinyHunters after two Canvas intrusions stole data from 9,000 institutions. Congress launched an investigation into the ed-tech vendor's incident response.
HIGHInstructure Pays ShinyHunters to Halt 3.65TB Canvas Data Leak
ShinyHunters agreed to delete 3.65TB of stolen Canvas data after Instructure paid an undisclosed ransom. The breach affects thousands of schools and universities worldwide.
HIGHIvanti Patches Flaws in Secure Access Client, EPM, Xtraction, VTM
Ivanti disclosed vulnerabilities in Secure Access Client, Endpoint Manager, Xtraction, and Virtual Traffic Manager. No evidence of exploitation.
HIGHŠkoda Discloses Customer Data Breach After Online Shop Hack
Škoda Auto disclosed a data breach after attackers exploited a vulnerability in its e-commerce portal, stealing customer names, addresses, and password hashes.
HIGHMicrosoft Patches 120 Flaws in May 2026 Patch Tuesday Update
Microsoft's May 2026 Patch Tuesday fixes 120 vulnerabilities across Windows 11 25H2, 24H2, and 23H2. KB5089549 and KB5087420 include security fixes, Xbox mode, and batch file...
HIGHUK Fines South Staffordshire Water $1.3M for 2022 Breach
ICO fined South Staffordshire Water £963,900 after Cl0p ransomware gang leaked data of 663,887 customers — phishing attack went undetected for 20 months.
HIGHWest Pharma Hit by Ransomware, Systems Disrupted Globally
West Pharmaceutical Services took systems offline globally after a May 4 ransomware attack with data exfiltration. Unit 42 is investigating; ransom may have been paid.
HIGHActive Directory Password Resets Fail to Expel Attackers
Specops Software explains how cached credentials, Kerberos tickets, and ACL persistence let attackers survive password resets in AD and hybrid Entra ID environments.
MEDIUMFCC Delays Ban on Security Updates for Foreign-Made Routers to 2029
The FCC extended the deadline for banning software updates on foreign-made routers from March 2027 to January 2029, citing public interest concerns and industry pushback.
HIGHSailPoint Discloses GitHub Repo Breach via Third-Party App
SailPoint reported to the SEC that attackers accessed a subset of its GitHub repositories on April 20 via a third-party app vulnerability.
HIGHBraintrust Breach Exposes AI Provider API Keys, Urges Rotation
Braintrust disclosed a breach on May 4 where attackers accessed an AWS account, compromising AI provider API keys for firms like Box and Stripe. At least one customer affected.
Boost Security Raises $4M, Acquires SecureIQx and Korbit.ai
Boost Security raised $4M to expand its AI-native SDLC defense platform, acquiring SecureIQx for reachability analysis and Korbit.ai for code review.
INFORMATIONALUSB Drop Attack That Defined Social Engineering Turns 20
Steve Stasiukonis's 2006 USB drop test at a credit union — 15 of 20 drives plugged in by employees — became the blueprint for physical social engineering assessments still used…
HIGHEOL Open Source Blind Spots Hide 400K+ Unflagged CVEs
HeroDevs analysis: 5.4M EOL package versions across npm, PyPI, Maven evade SCA scanners; ~80% of CVEs on supported versions also affect unlisted EOL releases. Free scan offered.
HIGHPersistent OAuth Tokens: The Back Door Attackers Exploit
OAuth tokens with no expiration persist in Google and Microsoft tenants — attackers bypass MFA and perimeter controls.
HIGHShinyHunters Breaches Vimeo, Leaks 119K User Records
ShinyHunters leaked a 106GB archive of Vimeo data after breaching Anodot, exposing emails and names of 119,200 users. No credentials or payment info compromised.
HIGHStudent Hacked Taiwan High-Speed Rail TETRA System, Triggered
A 23-year-old student used SDR gear to clone TETRA radio parameters, sending a 'General Alarm' signal that halted 4 THSR trains for 48 minutes.
HIGHTrellix Source Code Breach Exposes Security Product Internals
Attackers stole source code from Trellix, exposing detection logic and control locations in its security products. The breach amplifies supply chain risks for enterprise customers.
Cisco Acquires Astrix Security for Non-Human Identity Protection
Cisco announced plans to acquire Astrix Security to address non-human identity risks in AI and machine workloads. The deal expands Cisco's identity security portfolio.
MEDIUMCyber Tax Raises Consumer Prices After Breaches, Podcast Warns
Malwarebytes Lock and Code podcast: Eva Velasquez details how small business cyberattacks create a 'cyber tax' that raises prices for all consumers — no sector immune.
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
SecurityWeek reports 33 cybersecurity M&A deals in April 2026, including acquisitions by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket.
HIGHInfrastructure Breach: Hackers Steal Student Data from Canvas Platform
Infrastructure confirmed hackers accessed Canvas user data — names, emails, student IDs, messages — from educational institutions.
HIGHInstructure Breach: Student Data Stolen, Services Disrupted
Instructure disclosed a breach where hackers stole names, emails, student IDs, and messages, and disrupted Canvas platform services. Data leak threats follow.
HIGHLoan Fraud Rings Exploit Credit Union Verification Gaps
Flare details how fraudsters bypass credit union loan verification using stolen identities and synthetic SSNs, costing institutions millions in chargebacks.
HIGHMedtronic Discloses Cyberattack on Corporate IT Systems
Medtronic reported unauthorized access to its corporate IT systems in a cyberattack, with no impact on medical devices or patient care operations. Data was compromised.
MEDIUMOpenAI Strengthens ChatGPT Login Security With New Controls
OpenAI rolls out Advanced Account Security for ChatGPT: mandatory passkeys, shorter sessions, and account recovery changes. Affects all users globally.
HIGHPolymarket Gamblers Threaten Journalist Over Event Verification
Polymarket gamblers threatened a journalist whose story was used to verify a real-world event for betting settlements, highlighting oracle manipulation risks on the prediction…
HIGHPro-Orbán Media Firm Mediaworks Breached by Ransomware Group
Ransomware group claims breach of Mediaworks, a pro-Orbán Hungarian media conglomerate. The firm confirmed unauthorized access and potential data exfiltration on Friday.
HIGHInstructure Data Breach: ShinyHunters Claims Theft
ShinyHunters claims to have stolen data from Instructure, the edtech firm behind Canvas LMS. Instructure confirms a breach involving unauthorized access to certain systems and…
MEDIUMMicrosoft Defender False Positives Flag DigiCert Certs as Trojans
Microsoft Defender is flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, triggering false-positive alerts and certificate removal on Windows systems.
HIGHInstructure Probes Cyber Incident Impacting Canvas Platform
Instructure, maker of the Canvas LMS used by over 30 million students, disclosed a cybersecurity incident and is investigating potential data exposure across its infrastructure.
HIGHTrellix Breach: Source Code Repository Compromised
Trellix confirmed attackers accessed a portion of its source code repository. The firm engaged forensic experts and notified law enforcement. No customer data impact disclosed.
HIGHAI Agents Wreck Production Databases Due to Poor Access Controls
Dark Reading reports AI agents are deleting production databases because organizations deploy agent integrations without proper security testing or access controls.
HIGHEx-Incident Responders Sentenced to 4 Years for Ransomware Attacks
Two cybersecurity incident responders who abused client access to deploy ransomware were sentenced to 4 years in prison — a rare case of responders turning attackers.
HIGHEx-Ransomware Negotiators Sentenced to 4 Years for BlackCat Attacks
Two former IR firm employees got 4 years each for laundering $18M+ in BlackCat ransom payments and advising attackers on negotiation tactics.
MEDIUMUK Cyber Agency Warns AI Will Trigger 'Patch Wave' of Urgent Fixes
NCSC warns organizations to brace for a surge of urgent patches as AI accelerates vulnerability discovery, raising exploitation risk. No specific CVEs cited.
HIGHChina-Linked SHADOW-EARTH-053 Hits Asian Govts, NATO State
Trend Micro tracks SHADOW-EARTH-053 targeting government and defense sectors across Asia and one NATO-aligned European state. Campaign uses custom backdoors and spear-phishing.
HIGHBHIS Pentest Data: Same Top Flaws Plague Orgs in 2025
Black Hills InfoSec's 2025 pentest analysis of 15 months of data shows the same top 10 vulnerabilities as 2022 — weak passwords, unpatched RDP, and misconfigured MFA remain…
HIGHBrazilian DDoS Firm Behind Botnet Attacks on ISPs
Brazilian anti-DDoS firm's infrastructure used to launch massive botnet attacks against rival ISPs. CEO claims breach by competitor caused the abuse.
HIGHCISA Details FCEB Agency Breach Response Lessons Learned
CISA's incident response at a U.S. federal agency uncovered gaps in EDR alert triage, credential hygiene, and network segmentation — three lessons for all defenders.
HIGHCISA, FBI Warn of LummaC2 Infostealer Targeting Orgs
CISA and FBI joint advisory details LummaC2 infostealer TTPs and IOCs: malware steals credentials, crypto wallets, and session data from compromised networks.
HIGHCISA, USCG Detail Cyber Hygiene Gaps Found in Critical Infrastructure
CISA and USCG found persistent weak configurations, unpatched systems, and credential reuse during a proactive threat hunt at a US critical infrastructure org.
HIGHFBI Warns Cybercriminals Driving $725M Cargo Theft Surge
FBI warns cargo theft losses hit $725M in US and Canada in 2025, driven by cybercriminals exploiting logistics IT systems to intercept shipments and redirect loads.
HIGHFrench Police Arrest 15-Year-Old in ANTS Data Breach Probe
French authorities detained a 15-year-old on April 25 for allegedly hacking ANTS, the national ID agency handling passports and driver's licenses.
HIGHInc Ransom Breach at Sandhills Medical Exposes 170K Records
Inc Ransom group breached Sandhills Medical in 2025; the South Carolina healthcare provider took nearly a year to disclose the incident, affecting 170,000 patients.
MEDIUMMoldova Health Agency Breach: Possible Data Theft Confirmed
Moldova's National Health Insurance Company reported a cyberattack that may have exposed limited personal data from its systems, weeks after initial compromise.
HIGHSMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks in ThreatsDay
Fake cell towers blast scam texts; OpenEMR flaws expose patient data; 600,000 Roblox accounts hacked via credential stuffing. A busy week in cyber threats.
INFORMATIONALTrump Cyber Ambassador Nominee Advances to Senate Vote
Adam Cassady, Trump's pick to lead the State Department's Bureau of Cyberspace and Digital Policy, cleared a Senate committee vote 17-5 and now heads to a full floor vote.
HIGHCISA Details Interlock Ransomware TTPs, IOCs in Joint Advisory
CISA and FBI released a joint advisory on Interlock ransomware, detailing TTPs, IOCs, and a shift from double extortion to data-theft-only attacks targeting healthcare and…
HIGHRussian GRU Targets Western Logistics, Tech Firms in Ukraine Aid
CISA warns Russian GRU hackers target Western logistics and tech firms supporting Ukraine aid since 2022.
CRITICALChrome 147, Firefox 150 Patch Critical Code Execution Flaws
Google and Mozilla ship Chrome 147 and Firefox 150 to fix critical and high-severity vulnerabilities enabling arbitrary code execution. Users urged to update immediately.
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
HIGHEU Accuses Meta of Breaching DSA Child Safety Rules
European Commission finds Meta violated Digital Services Act by failing to protect minors under 13 on Facebook and Instagram — risks not assessed or mitigated.
HIGHProject Zero Dusts Off 2017 VirtualBox Escape Draft With
Google Project Zero published a 2017 draft detailing CVE-2017-3558, a VirtualBox VM escape allowing host userspace compromise. No new exploit code released.
HIGHSwiss Police Arrest 10 Suspected Black Axe Cybercrime Members
Swiss and German police arrested 10 suspects tied to the Nigeria-linked Black Axe network, including a regional leader overseeing Southern Europe operations.
HIGHZero-Window Era: NDR Playbooks for Post-Mythos Exploits
Claude Mythos and Project Glasswing shrink exploit windows to near-zero. The Hacker News details NDR playbooks to contain AI-driven attacks before patching is possible.
HIGHCyber Command, NSA Chief Warns Foreign Adversaries Will Target US
Gen. Joshua Rudd told lawmakers foreign adversaries are likely to target the 2026 US midterm elections; Cyber Command is postured to safeguard the vote.
HIGHShinyHunters Breaches Medtronic, Steals 9M Records
ShinyHunters claims to have stolen 9 million records from medical device maker Medtronic, including personal information. The group threatens to leak the data.
MEDIUMUkraine Police Arrest Hackers Behind Roblox Account Theft Ring
Ukrainian police detained hackers suspected of stealing thousands of Roblox accounts containing valuable digital items and in-game currency purchased with real money from players…
MEDIUMVimeo Breach Tied to Anodot Vendor Hack, No Video Data Exposed
Vimeo attributed a security incident to a breach at analytics vendor Anodot; hackers accessed internal systems but not video content, logins, or payment data.
HIGHPro-Russia Hacktivists Target US Critical Infrastructure
CISA warns pro-Russia hacktivists are conducting opportunistic attacks against US and global critical infrastructure, targeting OT and IT systems with known exploits.
HIGHUS Charges 19-Year-Old Scattered Spider Hacker Arrested in Finland
A 19-year-old US-Estonian dual citizen arrested in Finland faces federal charges as a prolific Scattered Spider member linked to ransomware attacks on MGM Resorts and Caesars.
HIGHADT Breach: ShinyHunters Steals Data of 5.5 Million
ShinyHunters breached ADT, stealing personal data of 5.5 million individuals — names, emails, phone numbers, and addresses — from internal systems. No payment data compromised.
HIGHAI Assistants Reshape Security Priorities for Enterprises
Autonomous AI agents with file and service access are forcing organizations to rethink identity controls, data boundaries, and monitoring — Krebs reports on shifting attack…
HIGHCanada Arrests Three Over SMS Blaster Phishing Device
Three men arrested in Toronto for operating an SMS blaster that impersonated cell towers to send phishing texts targeting banking credentials in a multi-month campaign.
HIGHCheckmarx Confirms GitHub Data Leak After March 23 Supply Chain Attack
Checkmarx confirmed a cybercriminal group published GitHub repository data on the dark web, traced to a March 23 supply chain attack.
MEDIUMCrypto Launderer Gets 5 Years for $260M Cyber Theft Role
A California man received a 63-month prison sentence for laundering cryptocurrency stolen by a cybercriminal ring that defrauded victims of approximately $260 million.
HIGHDeepfake Voice Attacks Outpace Defenses, Bypass MFA
Adaptive Security finds 3 seconds of audio enough to clone a voice for fraud; deepfake calls tricked employees into wiring $243K in one case. No detection tool caught the attack.
INFORMATIONALESET: SMBs Gain Defensive Edge via Threat Research, MDR
ESET Threat Research Director Jean-Ian Boutin explains how SMBs leverage MDR and threat intel to detect intrusions faster, citing 3.5-day median dwell time reduction.
HIGHFTC: Social Media Scams Cost Americans $2.1B in 2025
FTC reports Americans lost over $2.1 billion to social media scams in 2025 — a 10x increase since 2020. Investment and romance scams dominate losses.
MEDIUMMobile App Permissions Still Expose Users to Privacy Risks
ESET analysis shows 1 in 3 Android apps request unnecessary permissions — location, camera, microphone — enabling data harvesting and surveillance. Users should audit permissions.
HIGHSilk Typhoon Hacker Extradited to US on Cyberespionage Charges
Chinese national extradited from Italy to US for alleged Silk Typhoon cyberespionage targeting US govt, defense contractors, and critical infrastructure.
HIGHUS Sanctions Cambodian Senator in Southeast Asia Cyberscam Crackdown
U.S. Treasury sanctioned Cambodian Senator Ly Yong Phat over alleged ties to human trafficking and cyberscam compounds.
HIGHVercel Breach via Context.ai OAuth Token Theft
Vercel disclosed a breach after stolen OAuth tokens from Context.ai enabled unauthorized access to internal systems via a connected app. No customer data exposed.
HIGHESET: Cloud VMs Expose Critical Security Gaps in Enterprise
ESET warns that misconfigured cloud VMs—overprivileged IAM roles, exposed management ports, and unpatched OS images—create systemic security gaps across enterprise environments.
MEDIUMESET: March 2026 Cyber Threats Show Resilience Gaps
ESET's Tony Anscombe warns that March 2026 attacks — including ransomware, supply chain compromises, and AI-driven phishing — reveal systemic gaps in organizational…
HIGHFeds Disrupt IoT Botnets Behind Record DDoS Attacks
US DOJ, Canada, and Germany dismantled four IoT botnets — Aisuru, Kimwolf, JackSkid, Mossad — compromising 3M+ devices, enabling record-breaking DDoS attacks.
HIGHItron Breach: Utility Firm Discloses Internal IT Network Intrusion
Itron disclosed a cybersecurity incident in an SEC 8-K filing: an unauthorized third party accessed internal IT systems.
HIGHIranian Handala Hack Breaches FBI Director Patel's Gmail
Iranian state-affiliated group Handala Hack breached FBI Director Patel's personal Gmail account, leaking personal photos and documents after the FBI seized the group's domains.
HIGHADT Breach Exposes Customer Data in Cyber Intrusion
ADT confirmed cybercriminals breached its systems on April 20, 2026, stealing a limited set of customer and prospect data. No financial info or credentials compromised.
CRITICALCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
HIGHCyberattackers Weaponize Voltage Fluctuations Against Power Grids
Dark Reading reports attackers are manipulating voltage to destabilize power grids — a growing cyber-physical threat vector targeting electricity infrastructure with no patch…
INFORMATIONALElastic Security Backs UK MoD Defence Cyber Marvel 2026 Exercise
Elastic Security Labs deployed AI-driven detection pipelines for the UK Ministry of Defence's Defence Cyber Marvel 2026 exercise, processing 1.2TB of telemetry across 50 simulated…
Locked Shields 2026: 41 Nations Train in Largest Cyber Defense
Locked Shields 2026 involved 41 nations in the largest live-fire cyber defense exercise, testing response to critical infrastructure attacks including power grid and telecom…
HIGHADT Confirms Breach as ShinyHunters Leaks Customer Data
ADT confirmed a data breach after ShinyHunters leaked 30,000+ customer records including names, emails, and account details from a compromised Salesforce instance.
HIGHAI Agent Authority Gap Creates New Enterprise Security Blind Spots
The Hacker News reports AI agents create a structural security gap: delegated actors lack continuous oversight, enabling lateral movement and privilege escalation without human…
HIGHAI-Powered Phishing Surges as Attackers Personalize Lures at Scale
Enterprises report a sharp rise in AI-generated phishing campaigns that craft personalized lures at scale, moving from broad sprays to 1-to-1 targeting in the last six months.
Copperhelm Raises $7M for Agentic Cloud Security Platform
Copperhelm, an Israel-based startup founded by ex-RSA and McAfee engineers, raised $7 million in seed funding for an agentic AI platform that autonomously hunts cloud…
HIGHDORA Mandates Credential Management as Financial Risk Control
EU's DORA Article 9 legally requires financial firms to enforce authentication and access controls. A breach at a UK bank shows the cost of non-compliance.
HIGHShadow AI and SaaS Expand Enterprise Attack Surface
Forgotten integrations, shadow IT, and unmanaged SaaS agents create new attack vectors. Dark Reading reports attackers exploit these gaps without sophisticated AI.
HIGHToronto Police Bust SMS Blaster Phishing Operation
Three men arrested in Canada's first SMS blaster case — device impersonated cell towers to send mass phishing messages and disrupt mobile networks in Toronto.
MEDIUMUS Vows Crackdown on Chinese Firms Exploiting American AI Models
Trump administration announces policy to penalize Chinese companies exploiting U.S. AI models via reverse engineering or unauthorized access, citing national security risks.
HIGHFIRESTARTER Backdoor Compromised Federal Cisco Firepower Device
CISA revealed FIRESTARTER backdoor compromised a federal Cisco Firepower device running ASA software in September 2025, surviving patching and enabling persistent remote access.
MEDIUMCyberattacks on Firms Cascade to Consumers, Malwarebytes Warns
Malwarebytes analysis shows corporate breaches expose customer PII, enable follow-on fraud, and inflate insurance premiums — affecting even unaffected individuals.
MEDIUMICE Admits Using Graphite Spyware for Surveillance
U.S. Immigration and Customs Enforcement (ICE) confirmed using spyware from Israeli firm Graphite, a tool capable of extracting data from encrypted messaging apps like WhatsApp…
HIGHRituals Cosmetics Breach Exposes Customer Membership Data
Attackers stole personal data from Rituals Cosmetics' My Rituals membership database — names, emails, addresses, and loyalty points. Number of affected customers undisclosed.
HIGHFrench Police Arrest Hacker Behind Dozens of Data Breaches
French authorities arrested a 20-year-old suspected of 48 data breaches targeting public institutions, sports federations, and private companies, seizing equipment and…
HIGHUK Cyber Agency Handles Four Major Incidents Weekly
The UK's NCSC reports handling four nationally significant cyber incidents per week, with most now attributed to hostile foreign states like China and Russia, up from two per week…
BreachLock Named in Gartner Market Guide for Adversarial Exposure Validation
BreachLock is named a representative vendor in Gartner's 2026 Market Guide for Adversarial Exposure Validation, a category focused on AI-driven, continuous security testing.
INFORMATIONALGrupo Seguritech Mexican Surveillance Firm Expands into US Market
Grupo Seguritech, a Mexican surveillance firm with a history of human rights allegations, is expanding its operations into the United States, raising data privacy and security concerns.
INFORMATIONALIPQS Combines Identity, Device, and Network Signals for Frictionless Fraud
IPQS details a 3-layer fraud detection strategy using identity, device, and network signals to block 99.5% of automated attacks without adding user friction for legitimate customers.
INFORMATIONALOfcom Investigates Telegram for CSAM Sharing and Encryption Non-Compliance
UK regulator Ofcom launches a formal investigation into Telegram over evidence of child sexual abuse material (CSAM) sharing and potential breaches of the Online Safety Act's encryption reporting rules.
HIGHBritish National Pleads Guilty to SIM Swapping, SMS Phishing for Crypto Theft
Tyler Robert Buchanan admitted to a U.S. conspiracy that stole over $1 million in cryptocurrency via SMS phishing, corporate network intrusions, and SIM swapping attacks targeting victims nationwide.
CRITICALCISA Warns Axios npm Package Compromised in Supply Chain Attack
CISA alerts that the Axios npm package, with over 60 million weekly downloads, was compromised in a supply chain attack, injecting malicious code into downstream applications.
INFORMATIONALFormer Ransomware Negotiator Pleads Guilty to BlackCat Attacks
Angelo Martino, a 41-year-old former employee of cybersecurity firm DigitalMint, pleads guilty to conspiring in BlackCat ransomware attacks against U.S. companies while working as a negotiator.
HIGHFrance Titres Data Breach Exposes Citizen Information for Sale
France Titres, the French government agency for ID documents, confirms a data breach after a threat actor offers to sell stolen citizen information, including names, addresses, and passport numbers.
HIGHDatto Warns Traditional Backups Fail to Maintain Business Operations During
Datto's 2026 report reveals 43% of businesses with backups still face over 24 hours of downtime after an attack, highlighting the critical gap between data backup and true business continuity and disaster recovery (BCDR).
INFORMATIONALNIST Abandons Comprehensive NVD Analysis for Risk-Based Prioritization
NIST will no longer analyze all 263,000+ annual CVE submissions, shifting to a risk-based model to prioritize high-impact flaws as submissions surge 263% since 2020.
INFORMATIONALSenate Extends Section 702 Surveillance Authority for 48 Hours
The U.S. Senate passed a 48-hour extension of Section 702 surveillance powers, averting a lapse after House chaos. The program, used by the NSA and FBI, collects foreign communications without a warrant.
HIGHScattered Spider Member Pleads Guilty to SIM Swapping, Crypto Theft
Tyler Buchanan, a UK member of the Scattered Spider cybercrime group, pleaded guilty to charges of conspiracy to commit wire fraud and computer hacking, admitting to SIM-swapping attacks that stole over $800,000 in cryptocurrency from victims.
HIGHFlorida Investigates ChatGPT Role in Campus Shooting Threat
Florida law enforcement is investigating how a student used ChatGPT to craft a threat of a campus shooting, part of a broader pattern where AI chatbots fail to block dangerous content.
CRITICALMicrosoft Office Excel Flaw Exploited in Active Attacks
CISA orders federal agencies to patch CVE-2009-0238, a 17-year-old Microsoft Office Excel remote code execution flaw, by April 28, 2026, due to active exploitation.
HIGHLos Angeles Police Department Reports 7.7 TB Data Breach
The Los Angeles Police Department reports a breach of 7.7 terabytes and 337,000 files from a city attorney's digital storage system, exposing sensitive law enforcement data.
HIGHApache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog
A high-severity flaw in Apache ActiveMQ Classic, CVE-2026-34197 (CVSS 8.8), is under active exploitation, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and mandate patching for federal agencies.
INFORMATIONALAxonius Expands Asset Cloud with AI Remediation and OT Security
Axonius has updated its Asset Cloud platform with AI-powered remediation for exposures, added IoT/OT asset management, and introduced an asset trust standard to quantify security posture.
INFORMATIONALGoogle Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025
Google announced new Android 17 privacy policies restricting contact and location data access, while its 2025 ad safety report details the blocking of 8.3 billion policy-violating ads and 24.9 million advertiser account suspensions.
INFORMATIONALNIST Limits CVE Enrichment Amid Overwhelming Surge in Submissions
NIST will no longer fully analyze all CVEs submitted to the National Vulnerability Database, citing a 263% increase in submissions that has overwhelmed its enrichment process, leaving security teams with less context.
MEDIUMSocial Media Age Bans May Increase Cybersecurity Risks for Children
Proposed bans on social media for children under 16 may inadvertently push them toward riskier, less-regulated platforms and necessitate invasive age-verification systems that create new data privacy and security threats.
INFORMATIONALU.S. Coast Guard Mandate Offers Blueprint for OT Security
New U.S. Coast Guard cybersecurity rules under the Maritime Transportation Security Act mandate third-party audits, OT-specific security plans, and dedicated personnel, providing a regulatory model for critical infrastructure.
MEDIUMWorkplace Stress Remains Elevated, Posing Persistent Insider Threat Risk
Global workforce stress, anger, and sadness remain significantly above pre-pandemic levels, creating a sustained environment conducive to insider threats and security lapses, according to Gallup's 2026 report.
MEDIUMDraftKings Credential Seller Sentenced to Prison for Continued Fraud
Kamerin Stokes, a participant in the 2022 DraftKings credential stuffing attack, has been sentenced to time served and three years of supervised release for continuing to sell stolen accounts after pleading guilty.
HIGHW3LL Phishing Platform Disrupted in International Law Enforcement Operation
A coordinated law enforcement operation has disrupted the W3LL phishing-as-a-service platform, which was used to target over 800,000 corporate Microsoft 365 accounts globally.
INFORMATIONALAI SOC Tools Criticized for Automating Triage, Not Reducing Analyst Workload
A new analysis argues most AI-powered security operations center tools merely accelerate alert triage without reducing the underlying workload for analysts, failing to deliver on promises of true automation.
INFORMATIONALETSI Warns EU Cybersecurity Act 2 Risks Fragmenting Global Standards
The European standards body ETSI warns that proposed EU legislation could ban its experts from developing global cybersecurity standards, risking fragmentation and weakening EU influence in international security governance.
INFORMATIONALNIST Overhauls National Vulnerability Database, Prioritizes High-Risk CVE
NIST will cease comprehensive analysis for all CVEs, shifting to enrich only the highest-risk vulnerabilities due to a 263% surge in submissions, fundamentally altering how the security community uses the NVD.
HIGHUnmanaged Non-Human Identities Fuel Majority of Cloud Breaches
A 2024 analysis reveals 68% of cloud breaches stem from compromised, orphaned non-human identities like service accounts and API keys, not phishing or weak passwords, highlighting a critical gap in automated credential lifecycle management.
INFORMATIONALWireless Broadband Alliance Publishes Wi-Fi Roaming Security Guidelines
The Wireless Broadband Alliance has released new security guidelines for public Wi-Fi roaming networks, aiming to standardize authentication and encryption practices to prevent credential theft and man-in-the-middle attacks.
MEDIUMAsia's Digital Supply Chain Poses Distinct Security Challenges
Asia's interconnected digital ecosystems, divergent regulatory regimes, and rapid AI adoption are creating unique and complex security risks for regional and global supply chains, according to a new analysis.
INFORMATIONALBitdefender Unifies Endpoint and Email Security in GravityZone Platform
Bitdefender has integrated continuous email threat protection into its GravityZone platform, combining endpoint detection and response (EDR) with email security to combat phishing, BEC, and ransomware.
HIGHCryptography Experts Warn Quantum Risk Management Must Begin Immediately
Cryptography experts warn that migrating to post-quantum cryptography will take years, urging organizations to begin quantum risk management now to protect encrypted data from future 'Q-Day' harvest-now, decrypt-later attacks.
INFORMATIONALENISA Official Warns of Fragile Global CVE Infrastructure Amid EU Regulatory
The head of ENISA's vulnerability services warns that recent CVE program funding instability exposed systemic fragility in global disclosure, as new EU regulations make coordinated disclosure a legal obligation for vendors and critical entities.
INFORMATIONALFISA Section 702 Reauthorization Debate Intensifies Amid Privacy and Security
The U.S. Congress is debating the reauthorization of FISA Section 702, a surveillance authority that allows warrantless collection of foreign communications but also sweeps in American data, pitting national security claims against privacy concerns.
HIGHMajor Tech Giants Ignore Legally Mandated Privacy Opt-Out Signals
A forensic audit finds Google, Microsoft, and Meta systematically ignore the Global Privacy Control signal, setting tracking cookies after users opt out, violating California privacy law.
HIGHCISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe
CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.
HIGHCISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.
INFORMATIONALZero Trust Architecture as a Critical Defense Against Credential-Based Attacks
Specops analysis details how an identity-first Zero Trust model counters the primary breach vector of stolen credentials by enforcing least privilege, device trust, and blocking lateral movement.
HIGHCSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit Timelines
The Cloud Security Alliance warns that AI models like Mythos are dramatically accelerating cyberattacks, collapsing the time between vulnerability discovery and weaponized exploit to near zero.
HIGHFBI Dismantles W3LL Phishing Kit, a $500 Service Behind $20M in Fraud
The FBI and Indonesian authorities dismantled the W3LL phishing-as-a-service platform, a $500 kit used to steal credentials and linked to over $20 million in attempted fraud.
MEDIUMAI Chatbots as Political Advisors Raise Security and Transparency Concerns
A U.S. Senator's use of an AI chatbot for policy consultation highlights emerging risks in AI-assisted governance, including data privacy, model integrity, and accountability gaps.
MEDIUMWhatsApp's End-to-End Encryption Claims Challenged as 'Major Consumer Fraud'
Telegram founder Pavel Durov alleges WhatsApp's default end-to-end encryption is misleading, as unencrypted cloud backups can expose billions of user messages.
HIGHInternational Operation Disrupts SIM Swap & BEC Schemes, Recovers $45M
A joint US, UK, and Canadian law enforcement operation disrupted multi-million dollar crypto theft schemes using SIM swapping and BEC, identifying over $45M in stolen assets and freezing $12M.
HIGHLAPD Data Breach Exposes 7.7 TB of Sensitive Files via Third-Party System
A data breach at a digital storage system used by the L.A. City Attorney's Office exposed 7.7 TB and over 337,000 files, including sensitive LAPD records. The incident stemmed from a third-party vendor's misconfiguration.
MEDIUMCloudflare Block Disrupts Docker Hub Access in Spain During Football Match
A Cloudflare IP block intended to prevent illegal football streaming inadvertently blocked access to Docker Hub and other services in Spain, highlighting collateral damage from blunt security measures.
INFORMATIONALFINRA Launches Intelligence Fusion Center to Counter Financial Cyber Threats
The Financial Industry Regulatory Authority has established a new intelligence hub to centralize analysis of cyber threats and fraud targeting broker-dealers and capital markets.
HIGHIranian Internet Outage Exceeds 1,000 Hours Amid State-Imposed Censorship
A state-directed internet blackout in Iran has surpassed 1,000 cumulative hours, marking a significant escalation in digital censorship and control tactics.
MEDIUMOrange Business Integrates AI into Enterprise Voice, Raises Security Questions
Orange Business is embedding generative AI into its enterprise voice platforms, a move that expands the attack surface and introduces novel data security and privacy risks.
HIGHAI-Powered Threat Actor Breaches Mexican Government, Exposes Citizen Data
A sophisticated attacker leveraged AI tools like Claude and ChatGPT to breach nine Mexican government agencies, exfiltrating hundreds of millions of citizen records in a multi-month campaign.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.