The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […]
Category: Global Security News
AI, Apps, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
CISOs step up to the security workforce challenge
A robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap at their organization, with almost 60% citing critical or significant…
AI, china, Global Security News
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many refugees and defectors. ESET researchers tied the operation to ScarCruft,…
AI, Apps, Endpoint, Global Security News
Maker of AI Targeting System for Drones Faces Protests for Shipments to Israeli Military
A company in Portland, Oregon, that specializes in AI targeting for drones has made significant shipments of materials to military contractors in Israel, according to cargo data reviewed by The Intercept. The shipments raise the possibility thaat a boutique Pacific Northwest tech firm has helped the Israeli military attack people in places like Gaza, Lebanon,…
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
Global Security News
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
Data Breaches, Global Security News
Trellix Reveals Unauthorized Access to Source Code
Security vendor Trellix has suffered a breach involving unauthorized access
Cybersecurity, Global Security News, Network Security
Cyber Security Management vs Traditional IT Security Approaches
We will compare cyber security management vs traditional IT security approaches in this post. The digital world has changed so much in the last decade that the methods used to protect it have required a total structural overhaul. In the early days of office networks, security was a set of digital locks managed by the…
AI, Global Security News
Meta adds proof-based security to encrypted backups
Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on the company’s HSM-based Backup Key Vault, which provides end-to-end encrypted backups for WhatsApp and Messenger. The system protects…
AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy
Educational tech firm Instructure data breach may have impacted 9,000 schools
Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS). The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external…
Exploits, Global Security News
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/
AI, Global Security News
OpenAI and Yubico Partner to Bring Custom Phishing-Resistant YubiKeys to OpenAI Users
OpenAI and Yubico Partner to Bring Custom Phishing-Resistant YubiKeys to OpenAI Users. Security coverage from iTWire.
AI, Global Security News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26…
Global Security News
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years to identify the authors of anonymous code samples, sometimes with surprising accuracy. A team at the…
AI, Global Security News, Risk Management
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code…
AI, Global Security News
IBM CEO Says AI Triggers Need for New Operating Models
Arvind Krishna says the key to unlocking returns on AI is less about technology alone than a wholesale shift in the way companies approach their workflows.
Cybersecurity, Global Security News
Cybersecurity Tips From Squid Game TV Series [MUST READ]
This post will show you essential Squid Game cybersecurity tips to learn. Netflix’s Squid Game took the world by storm, captivating audiences with its brutal depiction of 456 debt-ridden individuals competing in deadly children’s games for a massive cash prize. Beyond its gripping storyline, the series offers profound cybersecurity lessons that mirror today’s digital threats.…
AI, Cybersecurity, Global Security News
Cybersecurity jobs available right now: May 5, 2026
Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies and detections, and integrate Armis with other tools to improve monitoring and reduce false…
AI, Europe, Global Security News, Risk Management
SAS’ John Carey on Partnerships and Human-Centric AI
As data and AI company SAS hits its 50th anniversary, the organization is meeting the moment by continuing to strengthen partnerships while positioning itself around human-centric, responsible AI. During SAS Innovate 2026, Channel Insider sat down with John Carey, VP, Global Channels, SAS, to discuss partnerships, lessons learned, and the future of AI adoption. How…
AI, Global Security News, Risk Management
DXC Launches OASIS for AI-Driven Managed Services
DXC Technology is tackling a problem that most IT teams already face. Their environments are often a mix of different systems, tools, and data that don’t fully connect. DXC just introduced OASIS, a platform designed to sit across all of it and coordinate how everything runs in real time. The goal here is to connect…
Global Security News
ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Global Security News
Ahead of Race to IPO, OpenAI Discussed Spinning Out Robotics, Hardware Divisions
The company is considering an Alphabet-like structure for its portfolio of products, though no discussions are currently active.
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
The Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times, the Wall Street Journal, and Axios. The conversations center on systems capable of facilitating cyberattacks, particularly models that could help users identify and exploit software vulnerabilities. Officials are considering…
AI, Global Security News, malware
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads.
AI, Global Security News
Introducing the Sophos Security Services Retainer
Prevent more. Respond faster. Spend smarter. Categories: Products & Services Tags: incident response, Security Services Retainer
Exploits, Global Security News
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. […]
AI, Cybersecurity, Exploits, Global Security News
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
Attackers are actively exploiting a Linux vulnerability in the wild, and researchers warn that the fallout could be broad — anyone with authenticated local access can leverage it to gain total control of a system. But the story behind CVE-2026-31431 is almost as interesting as the bug itself. Theori, the company that discovered the bug,…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
MOVEit automation flaws could enable full system compromise
Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…
AI, Global Security News
White House Officials Discuss Assessing AI Models That Pose Security Risks
The aim is to protect consumers and businesses from potential cyberattacks by AI models prematurely released.
AI, Global Security News
Anthropic and FIS Are Building an AI Agent to Help Banks Police Financial Crimes
The AI giant struck a partnership with financial software provider FIS to develop new tools for banks.
AI, Global Security News
RMM Tools Fuel Stealthy Phishing Campaign
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.
AI, Global Security News
SEC Settles Lawsuit Against Elon Musk Over Twitter Share Purchases
The case had alleged that Musk failed to timely disclose his buildup of ownership in the social media platform he renamed X.
AI, Global Security News
Palantir Beats Forecasts With $1.63 Billion Sales Quarter
U.S. military used company’s software in Iran war and Venezuela raid, and private-sector business has grown quickly.
AI, Global Security News
Amazon SES increasingly abused in phishing to evade detection
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. […]
AI, Apps, Compliance, Global Security News, Risk Management
Agentic AI and the Evolution of Code Security in Modern Development
The rise of agentic artificial intelligence (AI) is fundamentally reshaping how software is developed, tested, and secured. In a recent discussion with Jeremy Katz, VP of Code Security at Sonar, key insights emerged about how AI-driven workflows are accelerating development while introducing new security challenges that organizations must address. Agentic Workflows in Modern Development Agentic…
AI, Exploits, Global Security News
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there’s been zero-day activity for at least a month.
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South…
AI, APAC, Apps, Endpoint, Global Security News, Network Security, Risk Management
Securing open proxies in your AWS environment
This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs. An open proxy is a server that forwards traffic on behalf of internet users without requiring authentication. While proxies can support legitimate use cases such as load balancing or…
AI, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft Defender Flags DigiCert Certificates as Malware
A recent Microsoft Defender update incorrectly flagged legitimate DigiCert root certificates as malware, triggering widespread alerts. In some cases, it also removed trusted certificates from Windows systems, causing disruption. “Earlier today we determined false positive alerts were mistakenly triggered and updated the alert logic,” Microsoft said, as reported by BleepingComputer. Inside the DigiCert False Positive…
AI, Global Security News
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares…
AI, Global Security News
Microsoft now has more than 20M paying Copilot users
Microsoft CEO Satya Nadella last week announced that the company now has more than 20 million enterprise users paying for Microsoft Copilot, according to TechCrunch. That’s up 33% from the 15 million paying customers Microsoft claimed in January. The AI assistant is now directly integrated in programs such as Word, Excel, and Outlook and Microsoft…
AI, Global Security News
AI is more accurate than doctors in emergency diagnoses — study
A new study from Harvard Medical School indicates that AI can outperform doctors in initial assessments in emergency care, according to The Guardian. The study, published in the journal Science, compared AI tools with doctors in triage situations — the process in which patients are sorted and prioritized, and where quick decisions must be made…
Global Security News
Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. […]
AI, Apps, Global Security News, Risk Management
Start small, but start now: How to bring AI into your small business
Small and medium-sized businesses recognize the transformative nature of AI, with two-thirds of respondents in a recent ASUS survey agreeing AI is creating a significant evolution in business practices, and some even calling it “generational.” The question, then, is how best to realize AI’s potential. For SMBs, following a simple, three-pronged strategy is a good…
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
Summary The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems. OX Security tracked roughly 1,800 GitHub repositories created…
Global Security News
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The
AI, Cybersecurity, Data Breaches, Global Security News
Trellix discloses data breach after source code repository hack
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. […]
AI, Global Security News, privacy, Risk Management
A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory
A 19-year-old woman is suing the makers of a dating app, alleging they took a video she posted online, repurposed it without her consent into an advertisement for the app, then used geofencing to target that ad to people in her area. According to the lawsuit filed Apr. 28 in Tennessee and an interview with…
Global Security News
SpaceX Wants to Blast Data Centers Into Orbit. Here’s What It May Take.
We asked an engineer to break down the biggest technical hurdles and costly barriers to putting data centers in space.
Global Security News
The Roomba Guy’s Second Act: A Robot You’ll Want to Snuggle
The inventor behind the world-famous robot vacuum is now designing robots that form an emotional bond with their owners.
AI, Europe, Global Security News, Risk Management
Apple is preparing to spend, but not necessarily on AI
Apple last week nixed its long-held “net cash neutral” target, a move analysts see as giving the company more flexibility to make massive infrastructure investments or acquisitions. Naturally, as AI is the only thing that seems to matter in tech these days, commentators rushed to speculate on potential acquisition targets in the AI space. The thing…
Global Security News
Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities
Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security.
AI, Exploits, Global Security News
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an…
AI, Global Security News
DShield Honeypot Update, (Mon, May 4th)
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major changes: Compatibility with Ubuntu 26.04 / new versions of Raspberry Pi OS Ubuntu released version 26.04 LTS about a week ago. It will pretty…
Data Breaches, Global Security News
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted…
AI, Apps, Global Security News
Penske Logistics launches platform for real-time supply chain visibility
Penske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pressure to drive greater operational efficiency in the face of rising fuel costs, evolving regulations and…
AI, Data Breaches, Global Security News, malware
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…
Exploits, Global Security News
They don’t hack, they borrow: How fraudsters target credit unions
Fraudsters aren’t hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. […]
AI, Endpoint, Global Security News
Operant AI Endpoint Protector secures AI agents and MCP tools
Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend against threats across every AI tool, coding agent, and Model Context Protocol (MCP)-connected workflow used by employees, directly at the endpoint where most consequential AI activity takes place.…
AI, Global Security News, Network Security, Risk Management
April AI News Showed Enterprise Pressure Moving to Partners
The AI conversation shifted noticeably in April. Less hype, more pressure. Companies are now dealing with what it actually takes to deploy AI at scale (costs, security risks, talent gaps), and the industry is responding with bigger investments and more structured approaches. Here’s a clear look at the biggest AI stories that shaped April. Managed…
AI, Endpoint, Global Security News, Risk Management
Owl IRD enables one-way forensic data transfer for incident response teams
Owl Cyber Defense has announced the launch of its Incident Response Diode (IRD), a pocket-sized protocol filtering diode (PFD) designed for incident response and forensics teams. The Owl IRD was developed to help users securely move evidence from compromised endpoints into trusted analysis environments without adding risk. The Owl IRD will be made available to…
Data Breaches, Exploits, Global Security News, malware
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks. “Sorry” ransomware Attackers have taken advantage of CVE-2026-41940 to mass-exploit vulnerable internet-facing cPanel instances to breach servers, deface websites and…
AI, Global Security News
Blend Autopilot MCP brings AI agent orchestration to lending platforms
Blend Labs has announced the launch of Autopilot MCP, a server built on the Model Context Protocol, an emerging open standard for AI agent connectivity, that gives authorized agents secure, programmatic access to the Blend platform. For lenders and partners, Autopilot MCP introduces a new category of capability: the ability to build and deploy AI…
Apps, Global Security News
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. […]
Data Breaches, Global Security News
Webinar: Why MSPs must rethink security and backup strategies
Security breaches don’t just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. […]
AI, Global Security News
10 quick productivity tips for Microsoft 365 mobile apps
Most of us work with Word, Excel, PowerPoint, and other Microsoft 365 apps primarily on a computer, via the desktop or web apps. While you’re on the go, the mobile versions of these apps are handy for reviewing documents, spreadsheets, presentations, or other Office files, and you can use them to do minor editing. But…
Cybersecurity, Global Security News
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to drive U.S. innovation and global competitiveness, and the small business community is central to…
Global Security News
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
Team Cymru’s Stephen Campbell warned that small US defense contractors are not well prepared to face cyber intrusions through edge devices
AI, Global Security News
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to…
AI, china, Global Security News, malware, Russia
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.…
AI, Cybersecurity, Global Security News, Government & Policy, Risk Management
Security agencies draw red lines around agentic AI deployments
With prompt injection and other attack pathways consistently surfacing across agentic AI deployments, security watchdogs have stepped in, collectively, to draw some hard boundaries. A joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) and international partners has called for tighter control over permissions, stronger monitoring, and a more deliberate rollout strategy, urging…
Global Security News
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read more in my article on the Hot for Security blog.
china, Global Security News, malware
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware.
AI, Exploits, Global Security News
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. […]
Global Security News
How Dark Reading Lifted Off the Launchpad in 2006
Twenty years ago, this media brand didn’t have a print edition to attract eyeballs and sponsors. Top-notch content and editorial talent did the heavy lifting.
AI, Cybersecurity, Global Security News
Two cybersecurity pros get prison time for helping ransomware gang
Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce, or the movement of any article or commodity in commerce, by extortion. According to court documents, Ryan Goldberg, Kevin Martin,…
AI, Global Security News
What’s Next in the Elon Musk Megatrial Against OpenAI and Sam Altman
Musk testified for nearly three days last week in a case that would oust Altman and unwind OpenAI’s for-profit conversion
Compliance, Global Security News
Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations
Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks.
AI, Apps, Global Security News
Microsoft confirms April Windows updates cause backup failures
Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. […]
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Recently, Xint Code researchers warned of a serious Linux…
AI, APAC, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management, Russia
Why data centers now belong on the critical infrastructure list
Missile and drone attacks that took out cloud data centers in the Middle East underscored a critical vulnerability in the modern economy: reliance on digital infrastructure that sustains competitive advantage and operational continuity for corporations, nations, and militaries. The outages and downstream disruption were a preview of a new form of strategic and operational risk.…
AI, Global Security News
7 Key Features That Make Secure Browsers Safer
Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks.
AI, Global Security News
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues that might otherwise be missed. Admins can enable it in the admin console. Access for Claude Team and…
AI, Global Security News, Risk Management
I Let AI Look at My Breasts—and I’m Glad I Did
In an exclusive book excerpt, Joanna Stern explains how new technology could improve the odds for women like herself who have an elevated risk of cancer.
Exploits, Global Security News, Government & Policy
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel. The activity, detected by Ctrl-Alt-Intel on May 2, 2026,…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
The fake IT worker problem CISOs can’t ignore
Hiring fake IT workers has been a growing problem in recent years — but it’s often a problem very few want to admit to. From Fortune 500 companies down to smaller organizations, remote hiring practices have been exploited to grant trusted access to individuals who are not who they claim to be creating an insider…
AI, Apps, Compliance, Global Security News, Government & Policy
Introducing Wallarm Middle East Cloud: Built for Data Residency Compliance
As API and AI adoption grows across the Middle East, so do the expectations around how data is handled. For many organizations operating in this region, it’s not just about securing applications. It’s about doing it in a way that keeps data in-country and aligned with local requirements. Today, we’re introducing the Wallarm Middle East…
AI, Compliance, Data Security, Global Security News, Network Security, Risk Management
How CISOs should utilize data security posture management to inform risk
Every CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren’t there. That tension is especially sharp when it comes to data security posture management (DSPM). Not every organization can afford, or even needs, the gold standard of DSPM deployment. Full-featured…
AI, Data Breaches, Global Security News, Government & Policy, Network Security
15-year-old detained over massive data breach at French government agency
French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal forums by a hacker known as “breach3d,“ the Paris Prosecutor’s Office said in a press release.…
AI, Global Security News, Government & Policy
OpenAI To Extend Cyber Program to Government Agencies
OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels
Global Security News
AWS Solutions in Healthcare: A 2026 Guide for CTOs and Technical Decision Makers
AWS Solutions in Healthcare: A 2026 Guide for CTOs and Technical Decision Makers. Health coverage from iTWire.
Global Security News
Azure SQL vs SQL Server: Which One Should You Choose for Your Next Project?
Azure SQL vs SQL Server: Which One Should You Choose for Your Next Project?. Cloud coverage from iTWire.
AI, Global Security News
Lens Agents brings policy control to AI across cloud and desktop
Lens by Mirantis has announced Lens Agents, a governed platform for running AI agents across enterprise systems, giving organizations a unified, policy-driven way to run, secure, and scale AI agents across desktop and cloud environments. Available in early access, Lens Agents enables organizations to connect any AI agent, including desktop tools like Claude, Cursor, and…
AI, Compliance, Cybersecurity, Global Security News
Relying on LLMs is nearly impossible when AI vendors keep changing things
Over the years, enterprise IT execs have gotten frighteningly comfortable having little control or visibility over mission-critical apps, from SaaS to cloud and even cybersecurity. But generative AI (genAI) and agentic systems are taking that problem to a new extreme, with vendors able to dumb down a system IT is paying billions for without so…
AI, Global Security News
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Bluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along…
AI, Global Security News
Brush shell 0.4.0 tightens script safety, widens platform support
Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version 0.4.0 brings more than 200 merged pull requests representing several months of development. Bash features filled in…
AI, Global Security News
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership…
AI, Global Security News, Network Security
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under the PipeLab project, addresses this exposure by inserting an enforcement layer…
AI, Exploits, Global Security News, Risk Management
Spotting third-party cyber risk before attackers do
In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one centered on resilience, meaning keeping operations running when vendors or partners get hit. Wheatman…