CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protected, and 58% said their organizations were unprepared to respond to a…
Category: Global Security News
AI, Compliance, Global Security News
Data discovery gaps that catch enterprises off guard
In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage, post-merger surprises where duplicated datasets slowed integration, and why synthetic data is overmarketed while…
Global Security News
Nvidia Introduces First PCs Designed for AI Agents
The chip giant will work with manufacturers including Dell, Lenovo and HP to make the laptops, designed to support agentic computing.
AI, Compliance, Cybersecurity, Global Security News, Risk Management
EU organizations buckle under rising compliance pressure
Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija Vojnović, Governance, Risk and Compliance Department Manager at Span, spoke with Help Net Security at…
AI, Global Security News
OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory
AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong field can override an agent’s instructions, pull out user data, or steer future tool calls,…
Global Security News
Nvidia Introduces First PCs Designed for AI Agents
The chips giant will work with manufacturers including Dell, Lenovo and HP to make the laptops, designed to support agentic computing.
AI, Global Security News, Risk Management
Governing shadow AI without killing innovation
In this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them otherwise, but they also need to do it safely. Snyder argues the pressure to move…
AI, Global Security News, privacy, Risk Management
145 AI laws passed in 2025 and privacy teams aren’t catching a break
145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI risks Of the 2,400 popular business software providers that advertised AI capabilities, 63.6% did…
Data Breaches, Global Security News
Weekly Update 506
I’m finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There’s the obvious criminality of it all, but then there’s also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance of victims on their dark web site, the speculation around payments…
AI, Cybersecurity, Global Security News, Risk Management
Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of business continuity, these awards spotlight the people and programmes that are turning…
Global Security News
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Global Security News, malware, Network Security
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
Introduction This diary provides indicators from an unidentified RAT infection on Wednesday 2026-05-27 that was followed by a malicious NetSupport Manager RAT package. This originated from the SmartApeSG ClickFix campaign. I still don’t know the name of the initial RAT, but it has consistently been generating encoded (not HTTPS/SSL/TLS) traffic to a command and control…
AI, Global Security News
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI’s Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here’s what we saw.
AI, Cybersecurity, Exploits, Global Security News, Network Security
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS…
Global Security News
YARA-X 1.17.0 Release, (Sun, May 31st)
YARA-X’s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Global Security News, Risk Management
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
AI, Europe, Exploits, Global Security News, malware, Network Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io RemotePE: The Lazarus RAT that lives…
AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Politics, privacy, Risk Management, Russia
Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and…
Global Security News
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. […]
AI, Global Security News
Tokenmaxxing Maxes Out
Plus, AI topples a 80 year-old math problem, the Brockmans sit for an interview and physical AI gets its due.
Global Security News, Network Security
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in…
Global Security News
The Messy Reality of Building an Empire in Space
Jeff Bezos and Elon Musk both faced challenges this past week in the race to make their sci-fi dreams a reality.
AI, Exploits, Global Security News
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs…
AI, Global Security News
The High-Stakes Hunt for the Next Amazon in the AI Haystack
With AI winners and losers changing places so quickly, it isn’t just about where to invest, but also when.
AI, Europe, Global Security News, Network Security
SoftBank to Plow $52 Billion Into French Data Centers
SoftBank is promising to spend at least $52 billion on building a network of massive data centers in France, helping advance Europe’s goal of tech independence with what would be the continent’s largest AI infrastructure project.
Data Breaches, Exploits, Global Security News, Network Security
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. […]
AI, Global Security News
Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users
Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.
AI, Data Breaches, Europe, Global Security News, Network Security
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers
Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedly stolen from Charter Communications after the company apparently refused to pay a ransom. Charter Communications is one of the largest telecommunications companies in the United States. It…
AI, Global Security News
New CIFSwitch Linux flaw gives root on multiple distributions
A newly discovered local privilege escalation vulnerability dubbed ‘CIFSwitch’ in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel’s key request mechanism, and gain root privileges. […]
AI, Exploits, Global Security News, malware, Risk Management, Russia
Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
Attackers are texting Signal users posing as Support, asking for backup recovery keys. Once obtained, they can decrypt the entire message history, not just future chats. A phishing campaign is currently targeting Signal users with text messages that impersonate Signal Support and ask them to hand over their backup recovery key. The message looks urgent,…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Botnet of 17 Million Devices Dismantled in the Netherlands
Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones. The action was carried out following…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Botnet of 17 Million Devices Dismantled in the Netherlands
Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones. The action was carried out following…
Cybersecurity, Global Security News
How To Remotely Access Corporate Data Securely Without A VPN
This post will show how to remotely access corporate data securely without a VPN. VPNs are one of the most common tools used for remote access. However, they are not the only solution for securely accessing corporate data. The VPN protocol is outdated and can be broken by hackers. And using a VPN is no…
Exploits, Global Security News, Network Security
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. “Authentication bypass vulnerabilities…
Global Security News
The Google Engineer Accused of Risking It All With an Insider Polymarket Bet
Michele Spagnuolo, the Google engineer accused of using company data to bet on Polymarket, had a long list of enviable accomplishments
AI, Global Security News
A Famous Math Problem Stumped Humans for 80 Years. AI Just Cracked It.
The math world is losing its mind over the new solution to an Erdős problem. This is what AI found, how we missed it—and why it matters.
Global Security News
Robotaxis Are Spreading Across the U.S.—and So Is the Backlash
As autonomous taxi services scale beyond Silicon Valley, new problems abound for cities.
AI, Apps, Global Security News, Government & Policy, malware, Network Security, Russia
Russia-aligned crime group Greyvibe extensively uses AI in attacks
Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the goal of intelligence gathering for the ongoing war. Dubbed Greyvibe by researchers from WithSecure,…
Global Security News
The Billionaire Coding Genius Making the Tough Decisions at OpenAI
After years in the shadow of better-known co-founders, Greg Brockman is stepping into the spotlight. He and his wife Anna are also Silicon Valley super-donors.
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity holes before patches were available, posted that he had tried to contact Microsoft officials…
AI, Exploits, Global Security News, Network Security, Risk Management
FIFA World Cup 2026: What Third-Party Domain Registrations Reveal About Emerging Risks
As excitement builds for the 2026 FIFA World Cup, cybercriminals and opportunistic domain registrants are also preparing for one of the world’s most watched sporting events. New research from CSC reveals a significant increase in third-party domain registrations containing FIFA-related keywords, highlighting how major global events create opportunities for fraud, brand abuse, and consumer deception.…
AI, Global Security News, Russia
AI helps Russian-speaking GreyVibe run five parallel attack chains on Ukrainian targets
Researchers say Russian-speaking group GreyVibe uses AI tools to scale cyberattacks on Ukraine.
Global Security News
Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet – SWN #585
AI, APAC, Compliance, Global Security News, Risk Management
Integris CEO on First Focus Acquisition, Global MSP Demand
Integris’ planned acquisition of First Focus is not just a geographic expansion play. According to founder and CEO Rashaad Bajwa, the deal gives the U.S.-based MSP a scaled platform in Australia and New Zealand at a time when SMB customers are beginning to ask harder questions about AI, data protection, and governance. First Focus expands…
Cybersecurity, Global Security News
Name That Toon: Mark of (Cybersecurity) Progress
As part of Dark Reading’s 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry’s last two decades.
AI, Data Security, Global Security News
Dell’s Partner Program Shifts to Strategic Customer Outcomes
Dell Technologies recently introduced new enhancements to its partner program, including rebates and incentives to enhance customer outcomes. Launching in August 2026, the partner program refresh centers on differentiated rebates for strategic solutions; focuses accounts on incentives; and recognizes impact from advisory and systems integrator co-sell. During Dell Technologies World 2026, Channel Insider spoke with…
AI, Endpoint, Global Security News, privacy, Risk Management
Dell Experts Discuss the Future of Deskside AI
During Dell Technologies World 2026, much of the conversation centered on AI use amid the rapid emergence of agentic AI. In a conversation with Marc Hammons, Senior Distinguished Engineer at Dell Technologies, and Charlie Walker, Head of Dell Pro Precision at Dell Technologies, both emphasized how unexpectedly strong the demand and experimentation around AI have…
Cybersecurity, Global Security News
Corporate Anonymity: How Modern Enterprises Obscure Their Digital Tracks from Competitors
In this post, I will talk about corporate anonymity and show you how modern enterprises obscure their digital tracks from competitors. Corporate anonymity is not about hiding illegal activity. For many enterprises, it is a practical layer of operational security. Competitive teams monitor hiring pages, ad libraries, public tests, landing pages, app behavior, supplier traces,…
Global Security News
Key Questions to Ask When Evaluating an Identity and Access Management Vendor
Global Security News
How to Build an AI Governance Framework for Identity
Global Security News
SAML: How It Works, Common Misconfigurations, and Security Implications
Global Security News
Why IAM Matters: Benefits, Challenges, and Common Pitfalls
Global Security News
How to Evaluate and Select Identity and Access Management Tools
Global Security News
Identity-based attacks: how they work and how to defend against them
Global Security News
Non-Human Identities Are Outgrowing Your Governance Model
AI, Apps, Global Security News
AI PCs Raise New Refresh Cycle Questions for Partners
AI PCs are becoming a bigger part of enterprise refresh conversations as Dell, HP, Lenovo, and other major PC makers position AI-enabled devices as the next phase of workplace computing. For channel partners and MSPs, the shift creates a new advisory challenge: helping customers determine when local AI processing justifies a hardware upgrade, when traditional…
AI, Global Security News, Government & Policy, malware, Network Security, Russia
Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes
GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian,…
AI, Apps, Global Security News, malware
ChatGPT share links abused to host fake outage pages to deliver malware
Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. […]
AI, Exploits, Global Security News
Tennessee man linked to 764 accused of series of crimes against children dating back to 2022
A Tennessee man accused of abusing and sexually exploiting children while actively participating in 764, a sprawling online nihilistic violent extremist collective affiliated with The Com, pleaded not guilty Thursday to a series of charges that could keep him locked up for 50 years. Zachary Sweeney has allegedly victimized multiple children, on numerous occasions grooming…
Global Security News, malware
Zapier security flaws could have exposed millions of user accounts
The flaws, disclosed by Token Security, did not require malware or insider access, only a free Zapier account.
AI, Global Security News
California AG sues 23andMe over 2023 breach exposing health data
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. […]
AI, Cybersecurity, Global Security News
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. “The chatgpt.com response renderer trusts Markdown links and Markdown
Global Security News
U.S. military personnel targeted using commercial location data
The U.S. Central Command acknowledged in a letter that hostile actors are purchasing commercial location data to track American servicemembers.
AI, Global Security News
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (CVE-2026-48027) resulting from recent supply chain attacks.
AI, Compliance, Europe, Global Security News, Government & Policy, malware, Risk Management
AI in the UK: Driving Innovation Without Expanding Cyber Risk
Written by Sean Tilley, Senior Sales Director EMEA at 11:11 Systems Artificial intelligence is no longer a future ambition for UK organisations. It is already shaping how decisions are made, how services are delivered, and how quickly businesses can respond to change. From automation and analytics to customer engagement and operational optimisation, AI is becoming an integral part of…
AI, Global Security News
GCHQ announces AI-powered cyber shield to protect UK infrastructure
GCHQ director Anne Keast-Butler revealed plans for a new national cyber defense capability that will integrate advanced AI into machine-speed cyber defense systems.
Global Security News
Google engineer charged with insider trading using confidential data
Michele Spagnuolo, 36, a Google security engineer since 2014, is accused of leveraging internal access to Google’s “Year in Search” data to make profitable trades on the Polymarket platform.
AI, Global Security News
New threat actor JINX-0164 targets crypto firms with macOS malware
The campaign, active since mid-2025, uses recruitment-themed social engineering to lure developers into downloading a Python-based infostealer and remote access trojan named AUDIOFIX.
Global Security News, malware
North Korean hackers Kimsuky target South Korea with new malware variants
Kimsuky, also known as Velvet Chollima, utilized spoofed security software installation pages and fake Webex meeting invitations to deliver malware.
Global Security News
Nearly 20 billion files exposed in misconfigured cloud buckets
The exposed files encompass a wide range, with 685,047 credential and key files, such as .env files and private keys, and nearly 1 million database dumps, including .sql and .bak files.
AI, Global Security News
FIFA domain registrations surge ahead of 2026 World Cup, signaling fraud risks
CSC analysts identified over 65,590 domains with “FIFA” registered between January 2022 and April 2026, none of which were registered by FIFA itself.
Global Security News
The Church and AI Meet at Last. Who Should You Believe?
In an age of artificial intelligence, which voice of authority carries more weight? A priest who’s advised the Vatican weighs in.
AI, Apps, Compliance, Europe, Global Security News
Open source Euro-Office productivity suite to launch June 9
The Euro-Office open source productivity app suite will be available with the first stable release of the software on June 9. Euro-Office was unveiled in March with the aim of providing a modern, open source alternative to Microsoft and Google software for European organizations increasingly wary of a dependence on US-based suppliers. Euro-Office consists of…
AI, Global Security News
DNS-AID will make AI agents easier to discover, says Linux Foundation
As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infrastructure we already have. The foundation is now inviting contributions to the…
AI, Cybersecurity, Europe, Funding, Global Security News, Government & Policy
Federal audit reveals NIST’s NVD is plagued by poor planning and duplication
A Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users. The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and…
AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management
AI Growth Exposes Gaps in Governance and Readiness
Artificial intelligence (AI) adoption continues to grow across industries, but new research from Veeam suggests many organizations are still working through the governance, security, and operational challenges associated with deploying AI at scale. The study, which surveyed 300 technology and business leaders across financial services, healthcare, government, manufacturing, and technology sectors, found that 95% of…
AI, APAC, Global Security News, Network Security
Meta considers becoming a hyperscaler
Meta has raised the possibility that it could be joining the likes of Amazon, Microsoft and Google in offering cloud services at some point in the future — although potential customers shouldn’t be adding the company to their suppliers list just yet. When asked about plans for offering such services at the company’s annual shareholders…
AI, china, Global Security News
Putin’s $26 Billion Longevity Push
Plus, why investors are betting on ‘physical AI’ and how China stuffed the Maextro S800 with gadgets.
AI, Cybersecurity, Global Security News, Government & Policy
Prison communication service Pay Tel exposed hundreds of thousands of driver’s licenses
Cybersecurity firm UpGuard discovered an unprotected Microsoft Azure server managed by Pay Tel containing at least 300,000 driver’s license scans and other government-issued identification documents.
AI, Global Security News
Orchid Security extends identity control plane for AI agents
The identity security startup introduced three new components: Agentic Enrichment, which maps AI agents to their origins and permissions; Agentic Observability, for monitoring agent access paths and delegation chains; and Agentic Guardrails, to enforce least privilege and maintain identity hygiene.
AI, Apps, Global Security News
AI hiring monoculture is delivering racial bias at scale
A research project examining AI-driven recruitment hires across the US has revealed a systemic racial bias. Researchers from Stanford University found a startling pattern of racial disparities when looking at the interview offers resulting from 4 million job applications submitted to 156 employers. The situation is aggravated by the “monoculture” in AI hiring software: More…
Global Security News
New FROST attack exploits browser features for website and app tracking
The FROST attack leverages the Origin Private File System (OPFS), a browser feature, to measure Solid-State Drive (SSD) access speeds.
AI, Apps, Global Security News
WWDC, Apple, and AI: Waiting for the gift
I will sit right down (waiting for the gift of sound and vision)And I will sing (waiting for the gift of sound and vision) — David Bowie Apple is planning to sponsor and present 14 AI research papers at the annual IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) in Denver next week, just days before it…
AI, Apps, Global Security News, Network Security
Certifiably random: Swiss researchers claim perfect random number source
Researchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotteries or blockchain applications, they say. They’re not the first to make the claim.…
AI, Global Security News
Cheap AI has changed the economics of hacking
AI has reduced the cost of hacking, but has the cost of mounting a defense dropped at the same rate?
AI, Apps, Global Security News, Network Security
Certifiably random: Swiss researchers claim perfect random number source
Researchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotteries or blockchain applications, they say. They’re not the first to make the claim.…
AI, Global Security News
Venture Capital Turns to Hardware Bets as AI Threatens Software Companies
Investors are betting big on infrastructure and “physical AI,” enticed by the prospect of new revenue opportunities.
AI, Exploits, Global Security News, Network Security
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
Global Security News
Asia’s Cyber Insurance Market Shows Signs of Life
The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.
Global Security News
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. […]
AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Carnival Data Breach Impacts Nearly 6 Million Customers
A data breach at Carnival Corporation has exposed the personal information of nearly six million individuals, showing the continued effectiveness of social engineering attacks against large enterprises. The company confirmed that threat actors gained access to portions of its network in Apr. 2026, resulting in the theft of customer data. “On April 14, 2026, the…
Global Security News
Dutch govt disrupts malware botnet with 17 million infected devices
Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. […]
Global Security News
Dutch police disrupts botnet composed of 17 million devices
The Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a report by a security researcher, and showed that the botnet consisted of at least 17…
AI, APAC, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, privacy, Risk Management
AI Threats, Data Breaches, and Supply Chain Risks Define This Week of May 2026 in Cybersecurity
Major Threats & Vulnerabilities Data Breaches and Credential Exposures The hacking group ShinyHunters claims responsibility for stealing over 42 million customer records from Charter Communications. The alleged breach, conducted through social engineering and Microsoft Entra compromise, is under investigation. Organizations are urged to review MFA enforcement and monitor SaaS environments for suspicious activity. Read more…
AI, Exploits, Global Security News
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.
AI, Global Security News
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
AI, Global Security News
Google Chrome adds session cookie theft protection for all users
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. […]
Apps, Global Security News
Cisco Secure Access and Microsoft Edge for Business Integration
Announcing the new integration between Cisco Secure Access and Microsoft Edge for Business, designed to enhance enterprise browser security and protect an organization’s applications and data.
AI, Global Security News
‘The Com’ Cyberattacks Support Violence & Sexploitation
Your organization’s security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.
Global Security News
‘Claude Code install’ search result leads to ClickFix infostealer attack
The attack leverages a polyglot file, heavy obfuscation and fileless execution to evade detection.