The scarcity of Apple’s littlest Mac comes at a time of high interest from AI power users and a potential product refresh.
Category: AI
AI, Global Security News, Network Security
Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery
Liongard has announced the expansion of LiongardIQ with new capabilities spanning programmatic AI integration, conversational querying, enhanced network discovery, and deeper identity mapping, extending its system of authority for asset intelligence across the full IT stack. Without a trusted foundation of asset intelligence, automation runs on assumptions, AI agents query stale data, and security gaps…
AI, Global Security News, malware, Network Security
Inside ZionSiphon: politically driven malware aims at Israeli water systems
New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…
AI, Apps, Global Security News
Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control
For organizations that want to keep company data within their own systems and have more control over how AI is deployed, Mozilla is offering an alternative to externally hosted AI services with Thunderbolt, an open-source AI client designed for self-hosted use. Thunderbolt is available through a waitlist, with native applications for web, macOS, Windows, Linux,…
AI, Global Security News
Codex can now operate between apps. Where are the boundaries?
OpenAI is rolling out a major update to the Codex desktop app for users signed in with ChatGPT. Personalization features, including context-aware suggestions and memory, will roll out to Enterprise, Edu, and users in the EU and UK soon. Computer use is initially available on macOS and will expand to EU and UK users in…
AI, Global Security News
Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. […]
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-34197 is a critical flaw in Apache ActiveMQ caused by…
AI, Cybersecurity, Global Security News
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions. “CVEs that do not meet those criteria will still be…
AI, Apps, Global Security News
AI is finally delivering productivity — for remote employees
The productivity gains from AI are so great, companies can lay off thousands of employees and still get the same amount of work done — right? Or maybe it’s the opposite: despite all the hype, any supposed AI productivity boom is a mirage, causing employees, even developers, to experience heavier workloads. At the moment, the…
AI, Exploits, Global Security News
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. […]
AI, Global Security News
Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits
Google shipped Android 17 Beta 4 on April 16, marking the last scheduled beta in the Android 17 release cycle. The build targets app compatibility testing and platform stability ahead of the final release, and it carries several behavior changes that developers need to account for before the stable version ships. Supported Pixel devices can…
AI, Global Security News
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to
AI, Global Security News, Network Security
Apple AirTag tracking can be misled by replayed Bluetooth signals
Apple’s AirTag is designed to help users track lost items by relying on a vast network of nearby Apple devices. New research shows that this same system can be manipulated to display locations where an AirTag has never been. Relaying an AirTag’s BLE advertisments over the Internet injects false location reports into the Find My…
AI, Cybersecurity, Global Security News, Government & Policy, privacy, Risk Management
Social media bans might steer kids into riskier corners of the internet
Governments are moving to block children under 16 from social media in the name of safety. But once these measures move from policy to practice, they raise a harder question: what happens when protecting kids requires collecting more data than ever before and may put them at greater risk? Age checks spark debate over privacy…
AI, Global Security News
Workplace stress in 2026 is still worse than before the pandemic
Roughly 40% of employees worldwide said they experienced a lot of stress during the previous day, according to Gallup’s State of the Global Workplace 2026 report, a figure that has remained above pre-pandemic levels for several years. Daily anger stood at 22% globally, sadness at 23%, and loneliness at 22%. Together, these numbers point to…
AI, Global Security News
New infosec products of the week: April 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Axonius, Broadcom, Siemens, and Sitehop. Axonius updates Asset Cloud with AI, exposure management, and asset trust standard Axonius has expanded its Asset Cloud with AI-powered remediation in Axonius Exposures, added support for IoT and OT environments via Axonius Cyber-Physical Assets,…
AI, Cybersecurity, Global Security News, Risk Management
Anthropic’s latest model is deliberately less powerful than Mythos (and that’s the point)
Anthropic has today released a new, improved Claude model, Opus 4.7, but has deliberately built it to be less capable than the highly-anticipated Claude Mythos. Anthropic calls Opus 4.7 a “notable improvement” over Opus 4.6, offering advanced software engineering capabilities and improved visioning, memory, instruction-following, and financial analysis. However, the yet-to-be-released (and inadvertently leaked) Mythos…
AI, Europe, Funding, Global Security News, privacy, Risk Management
Google should share search data to break its monopoly, European Commission suggests
The European Commission this week requested, but did not order Google to allow third party search engines in Europe access to its search data as a means to comply with the Digital Markets Act (DMA), legislation the Commission describes as a law designed to “make the markets in the digital sector fairer and more contestable.” Google…
AI, Global Security News
Sam Altman’s Side Hustles Blur the Line Between OpenAI’s Interests and His Own
Ahead of a planned IPO, Altman’s personal investments remain opaque, making it hard to spot any conflicts.
AI, Global Security News, malware
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
Introduction This diary provides indicators from a Lumma Stealer infection that was followed by Sectop RAT (ArechClient2). I searched for cracked versions of popular copyright-protected software, and I downloaded the initial malware after following the results of one such search. This is a common distribution technique for various families of malware, and I often find…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, privacy, Risk Management
Here’s What Agentic AI Can Do With Have I Been Pwned’s APIs
I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencers, disinformation and ludicrous claims is some real “gold” – AI stuff that’s genuinely useful and makes a meaningful difference. This blog post cuts straight to the good stuff, specifically how…
AI, Exploits, Global Security News, Network Security, Risk Management
US nationals sentenced for aiding North Korea’s tech worker scheme
Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said. The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Admins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must upload a new identity provider (IdP) SAML certificate to Webex…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Admins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must upload a new identity provider (IdP) SAML certificate to Webex…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
RCE by design: MCP architectural choice haunts AI agent ecosystem
AI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the STDIO interface, with broad implications for the agent ecosystem, according to a new…
AI, Global Security News, Network Security
ImmuniWeb brings AI upgrades, post-quantum detection and more in Q1 2026
ImmuniWeb unveiled technical updates, new features and functionalities across all products available on the ImmuniWeb AI Platform. ImmuniWeb Discovery Launch of a dedicated Cyber Threat Intelligence (CTI) dashboard Advanced detection of exposed AI-related assets, services and software Enhanced detection of phishing websites thanks to finetuning of our AI models Better and faster detection of IoC…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
NIST cuts down CVE analysis amid vulnerability overload
Overwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in its National Vulnerability Database (NVD), the agency will focus on just the most critical CVEs, which…
AI, Exploits, Global Security News, Risk Management
Cisco fixed four critical flaws in Identity Services and Webex
Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting…
AI, Data Breaches, Global Security News, Network Security
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group, involved…
AI, Cybersecurity, Global Security News, Network Security
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. “PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos
AI, Apps, Global Security News, Government & Policy, Network Security, Venture
Reporter’s notebook: In Nepal and Sri Lanka, AI boom brings hope
The soap refill dispenser at a cafe in TRACE Expert City — a technology hub in Colombo, Sri Lanka — boldly declares that it was delivered by ”USAID, from the American people.” The device is a relic from the past, reflecting goodwill that once existed between the US and Sri Lanka. Now, as external aid…
AI, Global Security News, Network Security
Officials seize 53 DDoS-for-hire domains in ongoing crackdown
Authorities from 21 countries took down 53 domains and arrested four people allegedly involved in distributed denial-of-service operations used by more than 75,000 cybercriminals, Europol said Thursday. The globally coordinated effort dubbed “Operation PowerOFF” disrupted booter services and seized and dismantled infrastructure, including servers and databases, that supported the DDoS-for-hire services, officials said. Law enforcement…
AI, Global Security News
Introducing Canva AI 2.0: Reimagining how the world creates
We’ve always believed imagination is the most powerful force in the world. Now, for the first time, it’s also the starting point for creation. Powered by the world’s first foundation model built for creativity, say hello to Canva AI 2.0.
AI, Global Security News, Risk Management
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025,” the National Institute of Standards and Technology said. “We don’t…
AI, Global Security News
An Investor Dared Him to Quit School. Now He’s Building a $1.5 Billion AI Startup.
Matan Grinberg’s Factory, which offers autonomous coding tools, is competing with the likes of Anthropic, OpenAI and Cursor.
AI, Global Security News
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms
AI, Global Security News
NiCE Cognigy Named a Leader in Conversational AI by Independent Research Firm
COMPANY NEWS: NiCE received the highest possible scores in 10 criteria across current offering and strategy, with a score of4.5 out of 5 in the strategy category, and received above average customer feedback among evaluated vendors
AI, Global Security News
Reintroducing Figma Weave with 20+ new workflows for AI-native design
COMPANY NEWS: Customers like DoorDash, Lyft, and NVIDIA use Figma Weave for creative production on a visual canvas
AI, Global Security News
Sometimes changing the password on your email mailbox isn’t enough
Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog.
AI, Global Security News
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. […]
AI, Global Security News
Microsoft’s Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
AI, Cybersecurity, Global Security News
Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the kind of instruction fidelity that matters when a model is running tasks autonomously over multiple…
AI, Cybersecurity, Global Security News, malware
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts.
AI, Global Security News
GitLab Extends Agentic AI with New Automated Security Remediation, Pipeline Setup, and Delivery Analytics
COMPANY NEWS: Agentic SAST Vulnerability Resolution is now generally available, automatically generating ready-to-merge code fixes and helping resolve vulnerabilities before they reach production. Two new agents in GitLab Duo Agent Platform allow teams to stand up a running CI pipeline in minutes and get fast visual answers from live software lifecycle data, eliminating two of…
AI, Global Security News
As Agentic AI Adoption Accelerates, Rubrik Warns of Growing Security Gaps
GUEST RESEARCH: New research from Rubrik Zero Labs highlights a critical lack of identity governance as organisations race to adopt autonomous systems they cannot fully observe or restore.
AI, Global Security News
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. […]
AI, Global Security News
Most “AI SOCs” Are Just Faster Triage. That’s Not Enough.
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. […]
AI, Exploits, Global Security News, malware
AI platform n8n abused for stealthy phishing and malware delivery
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
AI, Global Security News
Constant Contact and Canva Expand Integration to Help Small Businesses Create and Connect
Small businesses and nonprofits can now design in Canva and let Constant Contact handle the rest — across email, TikTok, Instagram, Facebook, and LinkedIn
AI, Global Security News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television…
AI, Cybersecurity, Endpoint, Global Security News, Risk Management
OPSWAT, Emerson Partner on OT Cybersecurity Globally
OPSWAT, a cybersecurity company for critical infrastructure, and Emerson, a global automation company, have announced a global strategic reseller agreement that will bring OPSWAT’s industry-proven cybersecurity technologies to Emerson’s power and water industry customers. As the first initiative under this enterprise-wide agreement, Emerson will integrate OPSWAT’s scalable, secure operational technology (OT) patch management capabilities into…
AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management
Microsoft’s Windows Recall still allows silent data extraction
Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine
Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…
AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management
Microsoft’s Windows Recall still allows silent data extraction
Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…
AI, Global Security News
Villager Breeding and Professions for a Busy Server World
GUEST OPINION: A well-designed village setup saves you hours later. You get consistent trades, quick restocks, and fewer emergency fixes. This article breaks down villager breeding in Minecraft, explains villager professions, and shows how to keep the whole system running smoothly on a shared world.
AI, Data Breaches, Global Security News
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
AI, Cybersecurity, Exploits, Global Security News, Politics
Behind the Mythos hype, Glasswing has just one confirmed CVE
Efforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE. While Project Glasswing, the controlled access program for Mythos, promises a powerful offensive capability, gated…
AI, Global Security News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below – CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on…
AI, Apps, Global Security News
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
AI, Apps, Global Security News, privacy
Microsoft Teams cheat sheet: How to get started
If your organization uses Microsoft 365 (a.k.a. Office), chances are you’ve encountered Teams, at least for video meetings. But it’s capable of a lot more, providing an effective way for groups of people to collaborate on work and advance business objectives. Teams is, at its core, group chat software with videoconferencing capabilities and some interesting…
AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory
ANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside the victim’s browser using blob objects. The result is a phishing payload that lives entirely in memory, leaving little to no trace in logs, caches,…
AI, Global Security News, privacy
Tails 7.6.2 patches vulnerability that could expose saved files
The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian GNU/Linux, is aimed at users who want to preserve their online privacy and anonymity. The OS is installed on a dedicated USB stick and when plugged into a…
AI, Global Security News, Risk Management
Chip Maker TSMC Is More Bullish Than Ever on AI, Despite Iran War
The Taiwan company expects revenue to grow by more than 30% and played down the risk of war-related disruptions to the supply chain.
AI, Apps, Cybersecurity, Global Security News, Risk Management
Insurance carriers quietly back away from covering AI outputs
Several major insurance carriers have begun to back away from providing cybersecurity and other insurance to companies using AI to run internal processes, insiders say. While there’s no standard response to customer use of AI in the insurance market, many carriers are now quietly declining to write policies for claims related to AI-generated outputs in…
AI, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management
Ghost breaches: How AI-mediated narratives have become a new threat vector
A company wakes up to a news story claiming it has suffered a major data breach. The details are specific, technical and convincing. But the breach didn’t happen. No systems were compromised. No data was taken. A language model generated the entire story, filling in plausible details from scratch. And before the company can figure…
AI, Global Security News, Government & Policy
Two US nationals jailed over scheme that generated $5 million for the North Korean regime
Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government. Kejia Wang was sentenced to…
AI, Global Security News
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…
AI, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
The endless CISO reporting line debate — and what it says about cybersecurity leadership
It is difficult to understand why, in 2026, we are still debating the reporting line of the chief information security officer (CISO). It is one of the first topics I wrote about in 2015, and after more than two decades of high-profile cyber incidents, sustained regulatory pressure, massive technology investments and the steady elevation of…
AI, Global Security News
OpenAI updates Agents SDK, adds sandbox for safer code execution
OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update provides standardized infrastructure for OpenAI models, a model-native harness that lets agents work with files and tools on a computer, and native sandbox execution for running tasks safely. The new harness…
AI, Global Security News, Government & Policy, privacy, Risk Management
Anthropic tests user trust with ID and selfie checks for Claude
Anthropic announced identity verification for Claude using government ID and selfie checks, becoming the first major AI chatbot to do so, a move that may prove unpopular with users. Having built its reputation around privacy in the AI race, Anthropic risks undermining its positioning, as competitors such as OpenAI’s ChatGPT and Google’s Gemini do not…
AI, Global Security News
Microsoft: April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. […]
AI, Europe, Global Security News, Network Security, Russia
Sweden reports cyberattack attempt on heating plant amid rising energy threats
Sweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officials say the incident is part of a broader wave of attacks targeting critical…
AI, Global Security News, Government & Policy, malware
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April
AI, Endpoint, Global Security News, Risk Management
Command integrity breaks in the LLM routing layer
Systems that rely on LLM agents often send requests through intermediary routing services before reaching a model. These routers connect to different providers through a single endpoint and manage how requests are handled. This layer can influence what gets executed and what data is exposed. A recent study examined 28 paid routers and 400 free…
AI, Data Breaches, Global Security News
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.
AI, Apps, Global Security News, Risk Management
What the EU AI Act requires for AI agent logging
The EU AI Act is 144 pages long. The logging requirements that matter for AI agent developers sit across four articles that keep referencing each other. Here’s what they say, when the deadlines hit, and where the gaps are. Your agent is probably high-risk The Act doesn’t mention “AI agents” by name. What matters is…
AI, Global Security News, Network Security
Scale Computing Debuts Velocity Partner Program
Scale Computing, a provider of edge computing and network solutions, has announced the launch of a new next-generation partner program. Prioritizing speed, clarity, and partner execution The Scale Computing Velocity Partner Program was designed to replace traditional volume-based models and is engineered to help partners navigate the evolving virtualization and distributed IT markets by reducing…
AI, Europe, Global Security News
European AI spending set to hit $290 billion by 2029
European enterprises are committing serious money to AI, and the numbers are accelerating. According to IDC’s Worldwide AI and Generative AI Spending Guide, AI spending across Europe will reach $290 billion by 2029, growing at a compound annual growth rate of 33.7%. Organizations across the continent are moving AI out of proof-of-concept projects and into…
AI, Cloud Security, Cybersecurity, Data Breaches, Global Security News, Risk Management
Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht
Fehlerhaft konfigurierte Cloud-Dienste sorgen regelmäßig für Datenlecks – und schlimmeres. DC Studio | shutterstock.com Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues – eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity-…
AI, Cybersecurity, Global Security News, malware, Network Security
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. Security cameras are great at monitoring physical doors, but terrible at locking their own digital ones. Across the internet, thousands of unpatched DVRs sit publicly exposed, many guarded only by the…
AI, Global Security News
Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption
SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use.
AI, Cybersecurity, Global Security News
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake. Oh, and by the way,…
AI, APAC, Europe, Global Security News, Network Security, Politics, Risk Management
OpenAI pulls out of a second Stargate data center deal
In the space of one week, OpenAI has pulled out of two European Stargate data center deals, one in the UK and the second in Norway. Observers attribute the move to the company taking a more disciplined approach to its massive expenses, with OpenAI executives trying to make their books look better in a common…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
McGraw-Hill Confirms Data Exposure Tied to Salesforce Issue
McGraw-Hill has confirmed unauthorized access to a limited set of internal data following a reported Salesforce misconfiguration. The disclosure comes after an extortion threat that raised questions about the scale and sensitivity of the incident. “ShinyHunters has no shortage of options for potential follow-up campaigns. They can target instructors with convincingly branded messages, pivot into…
AI, Global Security News
Windows is getting stronger RDP file protections to fight phishing attacks
Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection is established, shows details about the remote system, and requires users to review any request to share…
AI, Global Security News, Government & Policy, malware
New AgingFly malware used in attacks on Ukraine govt, hospitals
A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. […]
AI, Global Security News, malware
Fake Claude AI Installer Targets Windows Users with PlugX Malware
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems.
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Critical nginx UI tool vulnerability opens web servers to full compromise
Security vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032, first appeared on the National Vulnerability Database (NVD) on March 30, the same day that threat intelligence companies…
AI, Global Security News, Network Security
Copado Puts AI Agents Inside DevOps Workflows
Copado just rolled out Agentia, a shiny new AI tool that adds automated agents into the day-to-day work of building, testing, and releasing software in Salesforce. How agentic AI is developing code and other time-intensive workloads That means the agents aren’t just suggesting things or answering questions; they’re actually writing code, running tests, diagnosing failures,…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said…
AI, Apps, Cybersecurity, Data Breaches, Data Security, Funding, Global Security News, Network Security, privacy, Risk Management, Venture
News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security
SUNNYVALE, Calif., Apr. 15, 2026 – NTT Research, Inc., a division of NTT (TYO:9432), today announced the launch of Scale Academy, a startup incubator responsible for bringing to market products and services based upon technologies studied within the labs of NTT Research and NTT R&D. NTT Research also revealed Scale Academy’s first product, SaltGrain, a zero-trust data security suite…
AI, Cybersecurity, Global Security News, malware
Cybersecurity Challenges Facing Small Businesses Today
In this post, I will talk about cybersecurity challenges facing small businesses today. Key Takeaways Small businesses are now primary targets for threat actors who view them as high-value, low-resistance gateways compared to heavily fortified enterprise organizations. The use of generative A and machine learning has allowed criminals to automate sophisticated phishing campaigns and malware…
AI, Global Security News
Navigating the Unique Security Risks of Asia’s Digital Supply Chain
Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.
AI, china, Cybersecurity, Global Security News, Risk Management, Russia
Executive orders likely ahead in next steps for national cyber strategy
National Cyber Director Sean Cairncross expects more executive orders coming from the White House as part of implementing the national cybersecurity strategy, he said Wednesday. Staffers on Capitol Hill and others in the cyber world have been awaiting the implementation guidance the Trump administration had proclaimed would come to accompany the strategy published last month.…
AI, Endpoint, Exploits, Global Security News, Network Security
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…
AI, Global Security News
For Its Next Act, Allbirds Makes an Unlikely Pivot From Shoes to AI
The company known for eco-friendly wool sneakers just raised $50 million for its next chapter: A head-spinning move to capitalize on the artificial-intelligence boom.
AI, Global Security News
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
AI, Global Security News
Forrester’s Top 10 Emerging Technologies For 2026: AI Is No Longer Confined To Digital Workflows
AI’s move into the physical world is already delivering tangible impact for consumers
AI, Cybersecurity, Global Security News
Report: Only 34% of Security Talent Plan to Stay in Their Roles
Only 34% of cybersecurity professionals plan to stay in their current roles, according to IANS and Artico Search’s recently released 2026 Cybersecurity Talent Report. The report outlines key insights on compensation, roles, and retention based on a survey of more than 500 security professionals. CISOs must rethink how to retain talent The report highlights declining…