Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership with banks, alongside a wider set of protections covering app behavior, device theft, location data, and on-device AI…
Category: AI
AI, Compliance, Global Security News
AI is ready to take over Python programming, but not much else
Tests of how well 19 large language models (LLMs) complete and perform complicated multi-step tasks has shown that they are both error-prone and, in many cases, unreliable. The findings are contained a preprint paper, LLMs Corrupt Your Documents When You Delegate, written by Microsoft researchers Philippe Laban, Tobias Schnabel and Jennifer Neville based on a…
AI, Global Security News, Network Security
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
.. if “unproxyable” is a word that is .. I had a recent engagement where I had to look at the network traffic generated by a Windows executable. Unfortunately, it was all TLS, and all TLS1.3 to boot. So from a PCAP all I got was a whole lot of “yup, that’s encrypted”, and since…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…
AI, Global Security News
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
AI, Global Security News
Fedora Hummingbird brings the container security model to a Linux host OS
Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fedora Hummingbird, a container-based rolling Linux distribution delivered as an OCI image. “The Linux…
AI, Exploits, Global Security News, malware
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near…
AI, Apps, Exploits, Global Security News, malware, Network Security
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
AWS Security Agent full repository code scanning feature now available in preview
Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…
AI, Global Security News
Embattled Commissioner Makary to Leave FDA
Plus, Sam Altman testifies in Elon Musk’s OpenAI trial, and “Subway Takes” has what it takes.
AI, Global Security News
Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site.
AI, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
Major world economies spell out key elements of AI ‘ingredients list’
A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any…
AI, Apps, Exploits, Global Security News, Risk Management
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security
Hackers accessed BWH Hotels reservation system for months
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…
AI, Global Security News, Network Security
Webinar: Fixing the gaps in network incident response
IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. […]
AI, Global Security News
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. […]
AI, APAC, Apps, Exploits, Global Security News
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…
AI, Global Security News, malware
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…
AI, Global Security News, privacy, Risk Management
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it…
AI, Endpoint, Exploits, Global Security News, Risk Management
Extending Security to MCP Servers: Closing a Critical Gap
The Model Context Protocol (MCP) is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the time-consuming work of building APIs. Adoption has surged in recent…
AI, Apps, Endpoint, Global Security News, Network Security, privacy, Risk Management
Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws
More than one million internet-connected baby monitors and security cameras were reportedly exposed through multiple vulnerabilities tied to Meari Technology. The flaws potentially allowed attackers to access sensitive images, device data, and real-time household activity from around the world. “What makes this story especially frustrating is that it highlights one of the hardest problems in…
AI, Global Security News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free
AI, APAC, Exploits, Global Security News
Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.
AI, Global Security News
SAP unveils Autonomous Enterprise for AI-driven business operations
SAP introduced the Autonomous Enterprise to help enhance the world’s most critical business workflows, so that humans and AI work together to meet the accelerating demands of global business profitably, strategically and safely. “For the mission-critical processes of our customers, ‘almost right’ just isn’t good enough,” said Christian Klein, CEO of SAP SE. “By uniting…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture
What works against Mythos today is what worked against ransomware 5 years ago, and malware 10-15 years ago
Mythos completely changed the game, except, in most ways, it didn’t. It isn’t creating entirely new security problems, it simply makes existing problems much easier to exploit at scale. Yes, AI will increase breaches by making attacks faster and cheaper, but the way companies defend themselves hasn’t fundamentally changed. The organizations best prepared for AI-driven…
AI, Global Security News
OpenAI CEO Sam Altman Takes Stand in Elon Musk Megatrial
The trial centers around Musk’s donations to the AI lab when it was a non-profit and its conversion to a for-profit company.
AI, Apps, Exploits, Global Security News
WWDC: From NeXTStep for Apple to Apple’s next step for AI
As Apple heads toward next month’s Worldwide Developer Conference (WWDC), cast your mind back almost 30 years. That’s when something happened that arguably put events in motion that led to Apple becoming the company it is today. That was when Apple co-founder Steve Jobs returned to the top job at WWDC 1997 — the first such event…
AI, Global Security News
Nvidia Is Buying the Chip Supply Chain
Plus, OpenAI’s employee payouts and tech’s growing unemployment.
AI, Apps, Compliance, Data Breaches, Global Security News, Network Security, Risk Management
Banks Face a Growing AI Risk at the Database Layer
Financial institutions are rapidly deploying AI, but new research suggests many banks may be securing the wrong layer of the stack. Liquibase researchers warn that while organizations focus heavily on AI models and APIs, the database layer may be one of the most exposed parts of modern financial infrastructure. “Governance for agents has to move…
AI, Funding, Global Security News, Venture
Exaforce raises $125 million to respond to AI-powered attacks
Exaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-native security operations platform, deepen its real-time reasoning capabilities, and expand globally.…
AI, Exploits, Global Security News
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing…
AI, Global Security News, malware
ThreatDown ITDR prevents credential-based attacks
ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified…
AI, Apps, Compliance, Cybersecurity, Europe, Global Security News, Network Security
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach their full potential, customers need control over their data and choices for how and…
AI, Global Security News
OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up
AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Risk Management
FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread
The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it intends to stay in that role. Related: No easy AI security fixes I sat down…
AI, Global Security News
Amazon Quick authorization bypass let users reach blocked AI chat agents
Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in the user interface for a period earlier this year, and direct calls…
AI, Global Security News, Risk Management
Veeam Intelligent ResOps unifies data context and recovery
Veeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover precisely – without broad rollbacks when something happens. When insights are disconnected from recovery,…
AI, Global Security News
The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that…
AI, Global Security News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on…
AI, Global Security News
Mini Shai-Hulud Hits TanStack npm Packages
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
AI, Data Breaches, Global Security News, Risk Management
Instructure took a risky approach to recover stolen Canvas data
Instructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more than 30 million active users worldwide and serves more than 8,000 institutions. Although Instructure did not…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Palo Alto Networks Targets AI Identity Risks with Idira
Palo Alto Networks is expanding its identity security business with the launch of Idira, a platform designed to secure human users, machine identities, and autonomous AI agents as enterprises face growing identity-related cyber risk. The company also named Oracle veteran Sonny Singh to lead the business, signaling a broader push around identity security for AI-driven…
AI, Global Security News
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data.
AI, Apps, Cybersecurity, Endpoint, Global Security News, Risk Management
Huntress and Acrisure Launch Streamlined Cyber Insurance Program
Huntress has collaborated with Acrisure to launch a new cyber insurance program that gives businesses a faster, simpler path to protection against cybersecurity risks. The program offers eligible organizations access to unique Cyber or Tech Errors and Omissions (Tech E&O) insurance policies with no deductible, through a streamlined application process that reduces the complexity typically…
AI, Global Security News
Top Video Downloaders in 2026: Why Wondershare UniConverter Remains a Strong Choice
As video content continues to dominate entertainment, education, and social media platforms, more users are searching for reliable…
AI, Cybersecurity, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…
AI, Cybersecurity, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…
AI, Global Security News, Risk Management
Download: The IT and security field guide to AI adoption
Security and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of reducing workload, AI can introduce new risks and oversight burdens. This guide breaks down why AI adoption…
AI, Global Security News, Risk Management
Xurrent Intros MCP Server to Enhance AI Integration for ITOps
AI-powered service and operations management platform for corporate IT teams and enterprise MSPs, Xurrent, is launching its Model Context Protocol (MCP) server. This MCP standard enables Xurrent to act as a universal connector, enabling different AI models and digital agents to securely access Xurrent data and perform tasks within established workflows. AI models now connect…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ThreatDown Expands Into Identity Security With ITDR Platform
ThreatDown on Tuesday announced the launch of its new Identity Threat Detection and Response (ITDR) platform, designed to help organizations detect and respond to attacks targeting user identities and credentials after authentication. The California-based cybersecurity vendor said the product is built to monitor suspicious identity activity across hybrid environments, including Microsoft Entra ID, Okta, and…
AI, Endpoint, Global Security News
JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)
JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413 allows for privilege escalation, and may allow attackers to expose some parts of the TeamCity…
AI, Exploits, Global Security News
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
AI, Global Security News
LAFC Leveraging SAS to Scale Fan Experiences
At SAS Innovate 2026, Los Angeles Football Club (LAFC) discussed how the organization enabled it to streamline services and optimize its connection with its fans and community. Ryan Bishara, EVP, Revenue & Strategy, LAFC, spoke about the organization’s rapid growth and operational complexity, as well as its partnership with SAS. The evolution from new club…
AI, APAC, Compliance, Global Security News, Network Security
SonicWall Expands Security Platform With Cloud-Focused NSv XS
SonicWall is expanding its Gen 8 security platform beyond physical appliances with the launch of the NSv XS, a new virtual firewall designed for managed service providers (MSPs) and managed security service providers (MSSPs). Gen 8 security platform expands to virtual environments Announced Tuesday, the NSv XS brings SonicWall’s Gen 8 protections into cloud and…
AI, Global Security News, Risk Management
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT,…
AI, Global Security News, Russia
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Risk Management
Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor
Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. cPanel is a widely used web hosting control panel that lets users manage websites and servers through a…
AI, Apps, Global Security News, malware, Network Security
Fake Claude Code takes the IElevator to your browser secrets
Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Developers…
AI, Global Security News, malware
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A large-scale software supply-chain attack involving the “Shai-Hulud” malware has compromised hundreds of packages across open-source software ecosystems. […]
AI, Cloud Security, Cybersecurity, Endpoint, Global Security News, malware, Risk Management
ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows
Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident. ANY.RUN solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without…
AI, Global Security News, Network Security
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root
Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries,…
AI, Global Security News
Why Agentic AI Is Security’s Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
cPanel flaw exposes enterprises to hosting supply-chain risks
A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting…
AI, Data Breaches, Exploits, Global Security News
Škoda confirms unauthorized access to its online shop
Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the vulnerability, referred the incident to a specialized IT forensics team for technical analysis, and…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Developer workstations are the new beachhead
I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware operation using a Zig-compiled binary to silently infect every IDE on a developer’s…
AI, APAC, Cybersecurity, Endpoint, Funding, Global Security News, Network Security, Risk Management, Venture
AI is separating the companies built to scale from the ones built to sell
If you had time to walk the expo floor at this year’s RSA Conference, it was impossible to miss the shift in our industry. Artificial intelligence has moved from an emerging layer to the foundation of what powers cybersecurity companies. But from our vantage point as investors who work closely with founders and operators, the bigger…
AI, Global Security News, Network Security, Venture
Top Down Ventures Closes $28M MSP Software Founders Fund I
Top Down Ventures announced Tuesday that it has completed the final close of its Founders Fund I at $28 million, surpassing its original $25 million target. The Vancouver-based venture firm said the fund, which first closed in Oct. 2024 and finalized in April 2026, is the first institutional venture fund dedicated entirely to early-stage MSP…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
WannaCry, the ransomware attack that changed the history of cybersecurity
WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also…
AI, Apps, Compliance, Cybersecurity, Data Security, Exploits, Global Security News, privacy, Risk Management
CISOs step into the AI spotlight
Serving in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army, where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump into a foxhole and pick up a weapon,”…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Why patching SLAs should be the floor, not the strategy
I’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals closed in 14 days. Eighty-something on highs. The board…
AI, Global Security News
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities. How Daybreak identifies exploitable vulnerabilities Daybreak builds editable threat models from a company’s code repository, analyzes…
AI, Global Security News
South Staffordshire Water Fined £1m After Data Breach
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
AI, Data Breaches, Global Security News, Network Security
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized…
AI, Apps, Global Security News
Arm’s software chief sees human language as the new way to program
If you haven’t heard of Arm, you haven’t been paying attention to how ubiquitous the chipmaker has become. Arm’s processor designs power Macs, iPhones, and every other major smartphone line. Queries made through ChatGPT, Gemini, or Claude pass through an Arm-based chip at some point. For more than 40 years, Arm’s focus was on chip…
AI, Apps, Global Security News
Arm’s software chief sees human language as the new way to program
If you haven’t heard of Arm, you haven’t been paying attention to how ubiquitous the chipmaker has become. Arm’s processor designs power Macs, iPhones, and every other major smartphone line. Queries made through ChatGPT, Gemini, or Claude pass through an Arm-based chip at some point. For more than 40 years, Arm’s focus was on chip…
AI, Cybersecurity, Global Security News
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners…
AI, Apps, Global Security News, malware, Network Security
Android banking Trojan TrickMo evolves using TON network for C2
ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…
AI, Apps, Global Security News
HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual Studio Code and JetBrains IDEs that flags vulnerable packages and offers…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: May 12, 2026
Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineering and product teams to identify vulnerabilities early, support remediation efforts, and help ensure applications are secure by…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by…
AI, Endpoint, Exploits, Global Security News
Sophos Endpoint in action: Blocking a novel supply chain attack
How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack. Categories: Products & Services Tags: Endpoint, Sophos Endpoint, Exploits
AI, Global Security News, Risk Management
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
Seven things security teams can start doing today to reduce risk Categories: Threat Research Tags: AI, CISO, risk
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Pressure mounts on Canvas as data leak extortion deadline looms
Pressure is mounting on Instructure, the company behind Canvas, as cybercriminals threaten to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform. Widespread outages left schools, students and teachers temporarily unable to access critical data late last week after the company took Canvas…
AI, Data Breaches, Global Security News, Government & Policy
Welcoming the Bangladesh Government to Have I Been Pwned
Today, we welcome the 43rd government onboarded to Have I Been Pwned’s free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches. Bangladesh joins a growing list of national governments using HIBP to help protect their public sector…
AI, Exploits, Global Security News, Network Security, privacy
Apple Patches Everything, (Mon, May 11th)
Apple today released its typical feature update across it’s operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Updates are available for the “26” series of operating systems, as well as for the previous “18” version of iOS/iPadOS, and two versions back for macOS (version 14 and…
AI, Exploits, Global Security News
Google Says Hackers Used AI to Develop a Zero-Day Exploit
Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
IMF warns of the potential for AI attacks on global financial systems
The International Monetary Fund (IMF) is warning that AI could become a growing threat to global financial stability by making cyberattacks faster and more sophisticated. In a new analysis, the organization describes how new AI tools can help attackers identify and exploit security vulnerabilities in banks, payment systems, and cloud services in record time. According…
AI, Europe, Global Security News
The European Commission eyes rules to restrict US cloud services
The European Commission is considering new rules that could restrict the use of cloud services from other countries for sensitive public data within the EU, according to sources cited by CNBC. The proposal is expected to be part of the EU’s upcoming “Tech Sovereignty Package,” which is slated to be presented May 27. The idea…
AI, Cybersecurity, Data Security, Endpoint, Global Security News, Network Security
Best RMM Software for MSPs in 2026: Features & Pricing
Remote monitoring and management (RMM) software is an IT management solution that allows MSPs to remotely monitor, manage, and maintain client IT environments. They provide visibility into device health and performance, help teams identify and proactively address issues, and streamline day-to-day IT operations. The best RMM software platforms typically include core features such as remote…
AI, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
Claude Code MCP Attack Enables Persistent Token Theft
AI coding assistants are becoming deeply integrated with enterprise SaaS platforms, but new research shows those connections may introduce hard-to-detect credential theft risks. Researchers demonstrated a MitM attack targeting Anthropic’s Claude Code that abuses MCP integrations to steal OAuth tokens and maintain persistent access to connected SaaS platforms and APIs. “AI agents used for code…
AI, Apps, Endpoint, Global Security News, Risk Management
AI Is Reshaping Software Supply Chain Risk
Artificial intelligence is rapidly transforming how developers build software, but security controls are struggling to keep pace. According to Willem Delbare, co-founder and CEO of Aikido Security, AI-assisted development is fundamentally changing the software supply chain threat model by increasing automation around code generation, dependency selection, and tool installation. “As of 2025, 84% of developers…
AI, Global Security News
iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users
Apple is bringing long-awaited end-to-end encryption to Rich Communication Services (RCS) messaging between iPhone and Android users in iOS 26.5. The feature is launching in beta for iPhone users running iOS 26.5 on supported carriers and Android users using the latest version of Google Messages. “When RCS messages are end-to-end encrypted, they can’t be read…
AI, Cybersecurity, Global Security News
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the…
AI, Apps, Cybersecurity, Data Breaches, Global Security News
Identity security firm SailPoint discloses GitHub repository breach
SailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organizations manage and control user access to systems, applications, and sensitive data. SailPoint revealed a cybersecurity…
AI, Apps, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk
Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an…
AI, Apps, Compliance, Global Security News, Network Security
Complimentary virtual training: Get hands-on with AWS Security Services
If you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AWS security services in a single session. What to expect Each Security Activation Day…
AI, Exploits, Global Security News
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
News Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agents
DUBAI, United Arab Emirates, May 11, 2026, CyberNewswire—Dubai-founded OTT Cybersecurity LLC today announced acceptance into Anthropic’s Cyber Verification Program and unveiled the Agent Trust Protocol (ATP), an open cryptographic standard for AI agent identity, scope and action verification slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together…