The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.
Category: AI
AI, Compliance, Endpoint, Exploits, Global Security News, malware
Apple vs. social engineering: Terminal paste trap blocked
Echoing concerns from other security experts, Orange Cyberdefense (OC) recently warned that employees have become the biggest security threat faced by business. Now, in the latest illustration of its ongoing security response, Apple is putting new protections in place in macOS 26.4 that should help – but employee education remains critical as hackers turn to complex, multi-stage, social engineering…
AI, Global Security News
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […]
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language models that can be exploited by bad actors. The latest discovery comes from browser security firm LayerX, involving a bug in the Chrome extension for Anthropic’s Claude AI model that…
AI, Endpoint, Exploits, Global Security News, Network Security
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. […]
AI, Data Breaches, Exploits, Global Security News
Claude in Chrome is taking orders from the wrong extensions
Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be abused to inject scripts that can potentially hijack the assistant’s capabilities and manipulate browsing…
AI, Exploits, Global Security News
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora,…
AI, Global Security News, malware
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
AI, Global Security News, Network Security
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,”
AI, Data Breaches, Global Security News
Zara data breach exposed personal information of 197,000 people
Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. […]
AI, Endpoint, Exploits, Global Security News
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the company said in a security advisory published on Thursday. About CVE-2026-6973 CVE-2026-6973 is caused…
AI, Global Security News
Google is turning Android Studio into a policy watchdog
Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android Studio will receive tailored insights. By leveraging SDK Index, a searchable list of Android SDKs…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Your CTEM program is probably ignoring MCP. Here’s how to fix it
Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures that security teams lack adequate tooling…
AI, Global Security News, Government & Policy
Helping North Korean IT remote workers is becoming a fast track to prison
Two U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government. Although Matthew Issac Knoot of Nashville, Tennessee, and Erick Ntekereze Prince of New York were sentenced in separate cases, both…
AI, Global Security News
Sri Lanka makes 37 arrests as it raids another scam centre
You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article on the…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Pen tests show AI security flaws far more severe than legacy software bugs
Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found…
AI, Global Security News
PCPJack Campaign Boots TeamPCP Off Compromised Machines
SentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP member
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Your refresh plan has a CVE blind spot
The conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happened. But COVID hit, and there were supply chain constraints…
AI, Cybersecurity, Exploits, Global Security News, Russia
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP…
AI, Apps, Global Security News
Snyk integrates Claude to advance AI-native application security
Snyk has announced it is leveraging Anthropic’s Claude models to advance software security. Snyk has integrated Claude into the Snyk AI Security Platform, enabling automated vulnerability discovery, prioritization, and developer-ready fixes across code, dependencies, containers, and AI-generated artifacts. The threat driving that integration is real and accelerating. It’s a challenge that JPMorganChase’s Global Technology Leadership…
AI, Global Security News
Avantra’s new AI can diagnose SAP failures in seconds
Avantra launched Avantra 26, an advancement in AI-driven operations, strengthening native integration with SAP Cloud ALM, and delivering automated visibility across SAP Business Technology Platform (BTP). Avantra also announced Avantra AIR Root Cause Analyzer, an AI-powered intelligence engine that automatically investigates SAP incidents and surfaces a structured diagnosis the moment an issue is detected. Available…
AI, Global Security News
Securonix launches AI threat research agent and ThreatWatch validation tool
Securonix announced the Securonix Threat Research Agent and ThreatWatch for ThreatQ, expanding how security teams research threats, validate exposure, and turn intelligence into documented action. Built on the ThreatQ platform and connected to Securonix security operations workflows, the new capabilities help teams generate role-specific intelligence, validate emerging threats against historical telemetry, and deliver explainable findings…
AI, Apps, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
April 2026 Leadership Recap: New CEOs and Promotions Start Q2
We’re at the start of Q2 of 2026, as hard as that is to believe – and with that comes new appointments to company leadership and promotions across the channel. Organizations such as Syspro, Kiteworks, Coro, and Paessler have all made significant updates to their executive benches to enhance their strategies. Read more about the…
AI, Cybersecurity, Global Security News
OpenAI tunes GPT-5.5-Cyber for more permissive security workflows
OpenAI is rolling out GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program. Trusted Access for Cyber is OpenAI’s identity and trust-based access framework for cybersecurity users, designed to give verified defenders broader access to GPT-5.5’s cybersecurity capabilities for defensive…
AI, Global Security News, Network Security
CDW Q1 Sales Rise, but Margin Concerns Hit Shares
CDW delivered stronger-than-expected sales growth in the first quarter of 2026, but shrinking margins and investor worries over profitability overshadowed the company’s gains, sending shares tumbling nearly 20% on Wednesday. CDW reports stronger sales and AI demand The IT solutions provider reported rising demand for infrastructure hardware and AI-related technology projects as businesses ramped up…
AI, Data Breaches, Exploits, Global Security News
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as “Dirty Frag,” this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag,…
AI, Global Security News
New Linux ‘Dirty Frag’ zero-day gives root on all major distros
A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. […]
AI, china, Cybersecurity, Europe, Exploits, Funding, Global Security News, Network Security, Risk Management, Russia
AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy
The Pentagon is integrating AI into military operations, transforming cybersecurity, targeting, and command systems into a unified warfare architecture. May 2026 marks a turning point in the evolution of modern warfare: the convergence of artificial intelligence, cybersecurity, and conventional military power is no longer theoretical. It is becoming an operational reality. The Pentagon has signed…
AI, Cloud Security, Global Security News
Transilience AI unveils Security Operating System for cloud remediation
Transilience AI has announced the general availability of its Full Stack Security Operating System for the cloud, platform designed to solve one of enterprise security’s most persistent challenges: bridging the gap between detection and remediation. New platform replaces fragmented tool sprawl with an agent-powered, human-guided second brain, moving security posture from Detected to Eliminated. Cloud…
AI, Global Security News
Object First Fleet Manager simplifies distributed backup storage
Object First released Object First Fleet Manager, a cloud-based service that simplifies the management of distributed Ootbi backup storage deployments for Veeam Software environments. Built for enterprises and service providers with distributed backup storage infrastructures, Fleet Manager is available to Ootbi users with active support contracts at no additional cost. As backup infrastructure becomes more…
AI, Apps, china, Global Security News, privacy
AI clones: the good, the bad, and the ugly
AI is capable of mimicking a real person. It’s clear this capability exists, and the ethics of using AI for this purpose are often very clear. But increasingly, new applications are leading to ethically murky results. The good For example, the CEO of a company, or a politician, could choose to create a clone using…
AI, Global Security News
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
Project Glasswing. This is one of three major security industry changes I’ll cover today. The Anthropic Mythos vulnerability discovery model has already proven to be game changing in its ability to identify new vulnerabilities in software. Many of these vulnerabilities have existed for 10 to 15 years without human discovery. In a recent announcement from…
AI, Global Security News, privacy, Risk Management
Mental health apps are collecting more than emotional conversations
People use mental health apps to talk about depression, trauma and suicidal thoughts in moments they may not share with anyone else. Many users likely assume those conversations carry protections similar to therapy sessions. In reality, mental health apps operate without the same confidentiality and privacy standards that govern licensed therapists. A new academic study…
AI, Exploits, Global Security News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was…
AI, Global Security News
Product showcase: NetGuard open-source firewall for Android
NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all internet traffic through itself. NetGuard can be used without root access, although it…
AI, Endpoint, Global Security News
New infosec products of the week: May 8, 2026
Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend…
AI, Data Breaches, Global Security News, Government & Policy
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.…
AI, Exploits, Global Security News, Network Security
Palo Alto Networks firewall flaw has been exploited for several weeks
Palo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer. The vulnerability, CVE-2026-0300, is located in the User-ID Authentication Portal (also known as the Captive Portal) and allows attackers to execute…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
ShinyHunters Extorts Universities in New Instructure Canvas Hack
Students across the United States were locked out of coursework, quizzes, and grades during finals week after threat actors defaced hundreds of Canvas login portals in a ShinyHunters-linked extortion campaign. The disruption impacted colleges, universities, and school districts worldwide, underscoring the growing cybersecurity risks facing cloud-based education platforms. “ShinyHunters has breached Instructure (again). Instead of…
AI, Exploits, Global Security News
Become a millionaire by bug hunting on Android
Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased, bringing the maximum reward to $1.5 million. However, reports indicate that you must find…
AI, Global Security News
AI Is Distorting Practically Everything About the Economy
It makes growth look better and the job market look worse. Maybe an AI investment bust wouldn’t hurt so much after all.
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings…
AI, Data Breaches, Exploits, Global Security News
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. […]
AI, Global Security News
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. […]
AI, china, Cybersecurity, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Ivanti customers confront yet another actively exploited zero-day
Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products. Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager…
AI, Global Security News
Hackers Use Fake Claude AI Site to Infect Users With New Beagle Malware
Researchers have discovered a new malvertising campaign using a fake Claude AI website to plant a new, undocumented backdoor named Beagle on user devices.
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
A critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama is one of the most popular frameworks for running AI models on local hardware. The flaw…
AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a month. After exploiting the flaw, attackers deployed tunneling tools such as EarthWorm and ReverseSocks5, used stolen credentials…
AI, Data Breaches, Global Security News, privacy
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this…
AI, Data Breaches, Global Security News, privacy
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this…
AI, Cybersecurity, Funding, Global Security News, Government & Policy
Trump officials are steering a cybersecurity scholarship program toward AI
The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered. In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program…
AI, APAC, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture
ICYMI: April 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, identity and access management, threat intelligence, data protection, and multicloud operations.…
AI, Apps, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Inside the World of Laptop Farms: How They Help Foreign Remote Workers Look U.S.-Based to Earn More Money
The expansion of remote work fundamentally altered enterprise security models. Organizations that once relied on tightly controlled office environments suddenly began shipping pre-configured corporate laptops to workers they would never physically meet. VPN enrollment, SaaS identity platforms, remote onboarding systems, and cloud collaboration tools rapidly became the new trust perimeter. Criminal organizations and state-sponsored operators…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warns customers…
AI, Global Security News, malware
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. […]
AI, APAC, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
Best MSP Certifications to Grow Services in 2026
To stay ahead in today’s competitive channel landscape, managed service providers (MSPs) need relevant certifications that validate their expertise and strengthen their credibility across key areas such as cybersecurity, cloud services, and artificial intelligence (AI). With the growing number of role-based and vendor-specific certifications available in 2026, choosing the right ones to expand your service…
AI, Cybersecurity, Global Security News
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting
AI, Global Security News
SAS’ Alyssa Farrell on Data Management, Quantum, and AI Positioning
During SAS’s Innovate 2026 event recently, SAS announced it would refresh its SAS Data Management portfolio, a cloud-native offering built on the SAS Viya data and AI platform. Among the new and expanded capabilities are AI-ready data management, governance by design, agentic AI and copilots, and cloud-native analytics acceleration. “A modern data platform is not…
AI, Cybersecurity, Global Security News
ASUS Report: AI Adoption Rises as SMBs Seek Competitive Advantage
Forty-seven percent of small and medium-sized businesses (SMBs) reported readiness to adopt AI technology, while 68% of early adopters said they have already seen gains in productivity and efficiency. This is according to ASUS’ recently published 2026 Future of Small Business Report: Harnessing the Potential of AI PCs, which examines how SMBs across the US…
AI, Cloud Security, Compliance, Global Security News, privacy, Risk Management
AWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) Region
Amazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards that are broadly applicable across industries within the country. These certifications further demonstrate that AWS services meet nationally recognized…
AI, Global Security News
What Mozilla learned running an AI security bug hunting pipeline on Firefox
Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and 150.0.1. Over 100 people contributed code to get those patches out. The bugs spanned a wide range of…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
Deepfakes Are Exposing Gaps in Cyber Insurance Policies
Deepfakes are creating new cybersecurity risks that many organizations — and their cyber insurance policies — may not be fully prepared to address. As attackers increasingly use AI-generated voice, video, and identity impersonation in fraud and ransomware attacks, cybersecurity experts warn businesses must reassess both security strategies and cyber insurance coverage. During a recent Channel…
AI, Compliance, Europe, Global Security News, Politics, Risk Management
EU lawmakers strike provisional deal to soften AI Act
European Union member states and the European Parliament agreed early Thursday to push back the toughest deadlines under the bloc’s AI Act, giving enterprises more time to prepare for high-risk compliance. Under the provisional deal between negotiators for the European Parliament and European Council, high-risk AI systems will face new deadlines of Dec. 2, 2027…
AI, Global Security News
SpaceX Tees Up Massive Spending Ahead of IPO
A chip-manufacturing complex, AI satellites, and space facilities add to a pricey project list at Elon Musk’s company.
AI, Data Security, Global Security News, Network Security
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CloudZ RAT Abuses Windows Phone Link to Steal OTPs
A malware campaign is exploiting a built-in Windows feature to intercept sensitive data — without ever touching the victim’s phone. Cisco Talos researchers identified the CloudZ remote access trojan (RAT) using a custom plugin to monitor Microsoft’s Phone Link application and potentially capture SMS-based one-time passwords (OTPs). “MFA bypass is becoming a bigger and bigger…
AI, Data Breaches, Global Security News, Network Security
World Password Day 2026: Passwords Still Matter (Whether We Like It or Not)
World Password Day 2026: Passwords Still Matter (Whether We Like It or Not) Every year, World Password Day comes around and we all pretend we’ve moved beyond passwords. We haven’t. Passwords are still everywhere. Still fragile. Still one of the easiest ways into an environment. And despite all the talk about passkeys and passwordless futures,…
AI, Global Security News
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack
AI, Exploits, Global Security News, Network Security
Cisco patches high-severity flaws enabling SSRF, code execution attacks
Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server‑side request forgery (SSRF), or denial‑of‑service attacks. Two notable flaws, CVE‑2026‑20034 and CVE‑2026‑20035, impact Cisco…
AI, Global Security News
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Your security controls aren’t failing, they’re missing where most of today’s work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. […]
AI, Global Security News
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
AI, Global Security News
Fitness Bands Are Losing Screens—and Gaining Fans
No-display health trackers, including the Oura Ring, Whoop band and the new Google Fitbit Air, offer more continuous monitoring than smartwatches.
AI, Apps, Global Security News, Network Security
American duo sentenced for hosting laptop farms for North Korean IT workers
Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday. Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Risk Management
World Password Day 2026: Why Strong Passwords Alone Are No Longer Enough
Every year, World Password Day reminds individuals and organizations to create stronger passwords, avoid password reuse, and enable multi-factor authentication (MFA). While these practices remain important, new research from Proton suggests that traditional password security advice is no longer enough to protect modern businesses from cyber threats. Key Takeaways Despite 92% of small businesses investing…
AI, Global Security News, Network Security
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets
20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets. Federal prosecutors said Ferro participated in a criminal network active between late 2023 and early 2025. Members of the group, based…
AI, Cybersecurity, Data Breaches, Global Security News
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches
The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on…
AI, Global Security News
Americans sentenced for running ‘laptop farms’ for North Korea
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. […]
AI, Global Security News
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you run it. AI coding assistants that work from the command line have inherited that convention, and a new…
AI, Global Security News
World’s First AI-Driven Cyberattack Couldn’t Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
AI, Compliance, Cybersecurity, Global Security News, Risk Management
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models. Researchers now say AI may be able to automate much of that work, though security experts remain divided over whether the problem really requires…
AI, Cybersecurity, Global Security News
Google Chrome Accused of Silently Installing 4GB AI Model on User Devices
Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent.
AI, Data Security, Exploits, Global Security News, privacy
WWDC 2026: How Apple can take a great leap in AI
Apple’s Worldwide Developer Conference (WWDC) takes place in just a few weeks. Everyone expects the company to explain its approach to AI deployment on its platforms. With that in mind, here’s what several months of speculation suggest Apple will announce, though the details remain to be disclosed. Apple is investing billions of dollars in these plans; R&D spending…
AI, Global Security News, Risk Management
Why Outdated Maintenance Software Is a Growing Ransomware Risk
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.
AI, Global Security News
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Critical Palo Alto Networks software bug hits exposed firewalls
Palo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, the company said in a security advisory. PAN-OS is the software that runs all Palo…
AI, Global Security News
Day Zero Readiness: The Operational Gaps That Break Incident Response
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do. That distinction matters far more than many organizations realize. In…
AI, Global Security News
Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes.
AI, Exploits, Global Security News, malware, Risk Management
From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks
A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devices running Android Debug Bridge (ADB) and using them for large‑scale DDoS attacks. Hunt.io discovered the bot on an unsecured server, it includes 21 flood techniques…
AI, Global Security News
Fake Claude AI website delivers new ‘Beagle’ Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. […]
AI, Global Security News, Government & Policy, Politics
One House Democrat is pressing Commerce on the government’s spyware use
A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several…
AI, Apps, Global Security News
Node.js 26 ships with Temporal API enabled by default
Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in some applications. Temporal API ready for production code Temporal, a date and time API designed…
AI, Global Security News, Venture
Facial recognition arrives at the gates of Disney’s magic kingdom
Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is intended to streamline re-entry procedures and help prevent fraud. According to the company, certain entrance lanes use cameras to capture an image linked to a guest’s ticket or pass and compare it with…
AI, Exploits, Global Security News
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 million downloads before the store removed them.…
AI, APAC, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
CISOs: Align cyber risk communication with boardroom psychology
By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction at that point. The challenge is less about sounding…
AI, Global Security News
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down
AI, Global Security News
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform
AI, Cybersecurity, Global Security News, malware
AI Software Leak Lets Scammers Add Malware and Steal Data and Your Money
AI Leak Fuels Malware Scams. Company source code is proprietary and typically held as top secret. However, a recent software leak accident by Anthropic has led to a cascade of nefarious behaviours by hackers. Anthropic is the well-known creator of Claude AI, and the accidental leak of the source code has allowed scammers to create…
AI, Compliance, Global Security News
Kloudfuse 4.0 delivers AI-governed observability and scalable workload isolation
Kloudfuse has announced the general availability of Kloudfuse 4.0. The release helps enterprises meet rising compliance requirements, adopt AI-driven observability with production-grade governance, and scale their observability infrastructure without platform bottlenecks, while keeping every byte of telemetry data inside their own cloud environment. Kloudfuse 4.0 addresses three converging pressures: the FIPS 140-2 sunset on September…
AI, Global Security News
Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releases
Red Hat has announced the upcoming general availability of Red Hat Enterprise Linux 10.2 and 9.8. Building on the innovation of Red Hat Enterprise Linux 10, the latest versions help address security threats, speed AI innovation and minimize operational drift. What Red Hat announced Red Hat Enterprise Linux 10.2 and 9.8 provide a strategic and…
AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management
Ten years later, has the GDPR fulfilled its purpose?
This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation, which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This regulation replaced Directive 95/46/EC with the clear purpose of unifying data…