SAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure. Related: RSAC 2026’s full agenda The dominant undercurrent is already unmistakable: AI hasn’t just arrived in cybersecurity. It has split…
Category: Government & Policy
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Are nations ready to be the cybersecurity insurers of last resort?
A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (JLR) should have happened in the first place. Speaking at an event hosted…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
7,500+ Magento sites defaced in global hacking campaign
Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento sites, targeting e-commerce platforms, global brands, and government services. According to cybersecurity firm Netcraft, attackers placed plaintext defacement files across more than 15,000 hostnames, directly compromising affected infrastructure.…
AI, Apps, Cybersecurity, Global Security News, Government & Policy, Risk Management, Russia
FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps
Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday. The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies…
AI, Apps, Funding, Global Security News, Government & Policy, Risk Management
Trump’s federal AI policy framework aims to undercut state laws
US President Donald Trump’s administration today released its National Policy Framework for Artificial Intelligence: Legislative Recommendations, a document that reads less like the AI safety blueprints that states are increasingly adopting and more like a playbook for asserting federal control over AI governance. It is part of a coordinated push with congressional allies, most notably…
AI, Global Security News, Government & Policy
Trio sentenced for facilitating North Korean IT worker scheme from their homes
Three American men were sentenced Friday for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said. The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities…
AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge
Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from exploit kits like Coruna and DarkSword. These attacks use malicious web content to trigger infection chains that can steal sensitive data. Users are…
AI, china, Global Security News, Government & Policy, malware, Network Security
Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators
DoJ disrupted IoT botnets’ C2 infrastructure with global partners, targeting operators behind AISURU, Kimwolf, JackSkid, and others. The U.S. DoJ disrupted command-and-control infrastructure used by several IoT botnets, including AISURU, Kimwolf, JackSkid, and Mossad. The operation involved authorities from Canada and Germany, along with major tech companies, to target botnet operators and weaken their global…
AI, Apps, china, Europe, Global Security News, Government & Policy, Network Security, Russia
Data Centers Are Military Targets Now
In retaliation for the ongoing U.S.–Israeli war, Iran responded with a novel form of counterattack. For the first time in military history, private sector data centers came under deliberate attack. In an era when companies known for e-commerce, social networks, and search engines have also become close collaborators with militaries, is bombing their servers fair…
AI, china, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The espionage reality: Your infrastructure is already in the collection path
Threat actors have always sought advantage over their targets. Recently we’ve seen two efforts designed for long-term intelligence gain. This activity surfaced right where you would expect inside the enterprise. Enterprises now sit directly in the adversary’s collection path. They don’t have to be the target; they are on the board and in play because…
AI, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
North Carolina tech worker found guilty of insider attack netting $2.5M ransom
A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive employee and…
AI, Global Security News, Government & Policy, Network Security
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a…
AI, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
That cheap KVM device could expose your network to remote compromise
Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The flaws are particularly concerning given the growing presence of such devices in business environments, whether deployed intentionally by IT administrators and managed service providers or introduced as shadow IT. KVM-over-IP…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security
Can Zero Trust survive the AI era?
For the past decade, cybersecurity experts in the federal government have argued that trust, or a lack of it, was key to developing effective security policies for agency systems and data. But today, cybercriminals and state-sponsored hackers are using artificial intelligence to develop and launch cyberattacks more quickly and efficiently. Governments and businesses are facing…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revealed. The vulnerability in question is CVE-2026-20131, a remotely exploitable deserialization flaw in Cisco Secure Firewall Management Center (FMC) Software which was given a maximum…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware
News alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacks
AUSTIN, Texas, Mar. 19, 2026, CyberNewswire—SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase…
AI, china, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s
China is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by the US in 2024. Post-quantum cryptography deals with algorithms that can protect data from the threat proposed by future quantum computers, which are expected…
AI, APAC, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
9 Best Next-Generation Firewall (NGFW) Solutions in 2026
This guide is for IT leaders, network administrators, and security teams evaluating next-generation firewalls (NGFWs), and it covers how they work, key features, and what to look for in 2026 solutions. NGFWs have evolved beyond traditional firewalls to deliver deep packet inspection, application awareness, and integrated threat prevention, helping organizations defend against increasingly sophisticated attacks.…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Data Security, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management
Top 25 Cybersecurity Companies in 2026
This guide is for IT leaders, security professionals, and decision-makers looking to explore leading cybersecurity companies in 2026 and evaluate vendors across key areas of modern security. Cybersecurity has become one of the most critical priorities for organizations operating in today’s world. As businesses adopt cloud computing, remote work, artificial intelligence (AI), and increasingly complex…
AI, Exploits, Global Security News, Government & Policy, Russia
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
Hackers part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. […]
AI, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Russia
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine.…
AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
DarkSword emerges as powerful iOS exploit tool in global attacks
DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables…
AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that…
AI, Europe, Global Security News, Government & Policy, Risk Management, Russia
Russia establishes Vienna as key western spy hub targeting NATO
Russia uses Vienna as its largest Western spy hub, monitoring NATO and other sensitive communications via diplomatic sites and satellite dishes. Western intelligence reports that Russia has transformed Vienna into its largest Western spy hub, steadily expanding surveillance over the past two years. Using diplomatic compounds and rooftop satellite clusters, Russia monitors sensitive communications across…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iran war set to hit global IT spending, IDC warns
The conflict in the Middle East threatens to weigh heavily on the global economy, with soaring oil prices expected to dampen GDP growth and prompt businesses and consumers to reduce technology spending, according to analysts at IDC. The key question – and one with few answers – is how long the fighting will continue. The…
AI, APAC, Apps, Compliance, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic ban heralds new era of supply chain risk — with no clear playbook
The Trump administration’s decision to ban AI company Anthropic from Pentagon assets and other government systems as a “supply chain risk” could force CISOs into a position few have faced before: preparing to identify, isolate, and potentially remove a specific AI technology from across their organizations without a clear understanding of where it resides or…
Cybersecurity, Exploits, Global Security News, Government & Policy
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows – CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting
AI, Compliance, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Cisco’s latest vulnerability spree has a more troubling pattern underneath
Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor’s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild. Attackers exploited a pair of these defects…
AI, Exploits, Global Security News, Government & Policy
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […]
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management
6 Best Digital Forensics Tools Used in 2026
This guide is for security professionals, IT teams, and investigators evaluating the best digital forensics tools in 2026, covering top platforms and how they support modern investigations. As cyber incidents, insider threats, and legal disputes become more complex, organizations need reliable tools to collect, analyze, and preserve digital evidence across endpoints, networks, and cloud environments.…
AI, china, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, privacy
U.S. robotics companies want federal help to keep Chinese robots out of America’s networks
Executives at top U.S. robotics companies asked Congress for federal dollars, new legislation and a simpler regulatory field, arguing the support is necessary to adapt to the AI era and compete with their well-oiled, state-funded Chinese competitors. The U.S. robotics sector, estimated at $50 billion in value, includes world famous companies like Boston Dynamics. The…
AI, china, Global Security News, Government & Policy, Risk Management
The UK may require AI-generated content to be labeled
The United Kingdom is may introduce labeling requirements for AI-generated content as part of a broader review of copyright law, Reuters reports. The aim is to make it easier for consumers to identify material created by AI and protect them against threats such as deepfakes and disinformation. At the same time, the government emphasized that…
AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, malware, Network Security
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
Amazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device, which was disclosed by Cisco on March 4, 2026. After Cisco’s disclosure, Amazon threat…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Protect Your Privacy: Best Secure Messaging Apps in 2026
Think your messages are private? Think again. Someone could be reading them. Someone could be listening to your calls. From public Wi-Fi to fake login pages, attackers have countless ways to slip between you and the person you’re communicating with, without you ever knowing. Without a trusted messaging app, you’re leaving the door wide open.…
AI, Exploits, Global Security News, Government & Policy, Russia
Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools
Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends. iVerify, Lookout and Google collaborated on the research published Wednesday, a follow-up to earlier revelations about a similar exploit kit, Coruna. While…
AI, Compliance, Cybersecurity, Data Security, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Top 7 Full Disk Encryption Software Solutions in 2026
This guide is for IT teams, security leaders, and businesses evaluating the best full disk encryption solutions in 2026, covering how they work and why they matter for protecting sensitive data. Full disk encryption serves as a critical first line of defense by securing hard drives, external storage, and endpoints against unauthorized access. As cyber…
AI, Global Security News, Government & Policy
SideWinder Espionage Campaign Expands Across Southeast Asia
The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access.
AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, privacy, Risk Management
Top 10 Governance, Risk & Compliance (GRC) Tools in 2026
This guide is for compliance leaders, risk managers, and IT teams seeking the best governance, risk, and compliance (GRC) tools in 2026, covering top platforms, key features, and selection considerations. These tools simplify the complexity of governance by equipping your team with the resources needed to manage evolving regulations, reduce risk, and control costs more…
AI, Compliance, Global Security News, Government & Policy
Polygraf AI launches Desktop Overlay for real-time AI behavior control in enterprise operations
Polygraf AI has announced the launch of its Desktop Overlay, a new product designed to provide continuous, real-time guidance for compliance operations and data protection directly at the user interface level, as a personal compliance assistant. Built for highly regulated and government agencies, the Desktop Overlay runs at the edge and preemptively warns users of…
AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Can you prove the person on the other side is real?
In my role, I spend a lot of time thinking about what “trust” means when money, grief and identity collide. By 2026, the real competition in our space won’t be who automates fastest or offers the most AI features. It will be who can still tell a legitimate executor, beneficiary or family representative from a…
AI, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Cybersecurity and privacy priorities for 2026: The legal risk map
Escalating cybersecurity threats and growing privacy concerns lurk around every corner these days. Evolving technology and mounting regulations continue to present both the perils and solutions. All players — public and private, organizations and individuals alike — are to conquer the next quest in this realm. In the most recent Annual Litigation Trends Survey by…
AI, Europe, Global Security News, Government & Policy, Politics, Risk Management, Russia
Tracking the Iran War: A Month of Escalation and Regional Impact
Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Resecurity (USA) released a strategic intelligence update on the war in Iran, covering nearly a month of military conflict. The conflict has shifted global attention and resources, placing other ongoing conflicts like Russia-Ukraine, Israel-Gaza, and…
AI, Global Security News, Government & Policy
Cybercriminals scale up, government sector hit hardest
Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December 31, 2025, and reflects a broad mix of sectors and attack types. Top sectors targeted…
AI, china, Cybersecurity, Global Security News, Government & Policy, Risk Management
CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors
The U.S. government shouldn’t rigidly stick to traditional designations about which agency takes the lead on engaging with critical infrastructure sectors, the acting director of the Cybersecurity and Infrastructure Security Agency said Tuesday. Sector risk management agency designations have long governed which agency is at the forefront of government efforts to protect each of the…
AI, APAC, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management, Russia
Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says
National Cyber Director Sean Cairncross said Tuesday that the Trump administration isn’t aspiring to enlist the private sector to conduct offensive cyber operations, but instead to help the government by keeping them abreast of the threats they’re facing. The recently-released national cyber strategy talks about incentivizing companies to disrupt the networks of adversaries. “I’m not…
AI, Apps, Cybersecurity, Data Breaches, Data Security, Endpoint, Global Security News, Government & Policy, Risk Management
It’s time to get serious about post-quantum security. Here’s where to start.
After decades of development, quantum computing is now becoming increasingly available for advanced scientific and commercial use. The potential marvels range from accelerating drug discovery and materials science, to optimizing complex logistics and financial modeling. But there’s a paradox to this trend: Quantum computing also poses a growing threat to data security. The risk is…
AI, Exploits, Global Security News, Government & Policy
CISA flags Wing FTP Server flaw as actively exploited in attacks
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. […]
Global Security News, Government & Policy
UK’s Companies House confirms security flaw exposed business data
Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025. […]
AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign
Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President Arndt Freytag von Loringhoven. The official reported being contacted by someone posing as Signal support…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Attackers are exploiting AI faster than defenders can keep up, new report warns
Cybersecurity is entering “a new phase” as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyberattacks and other threats, according to a new report released Monday. The report, authored by federal contractor Booz Allen Hamilton, concludes that threat actors have adopted AI more quickly than governments and private…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Washington is right: Cybercrime is organized crime. Now we need to shut down the business model
The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration is echoing what the cybersecurity industry has been shouting for years: cyber-enabled fraud is a product of transnational organized crime. That distinction matters because organized crime requires an…
AI, Apps, Compliance, Global Security News, Government & Policy, Network Security, Risk Management
MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves
I ran an experiment this week that I did not expect to be instructive, and it was. Related: How ChatGPT is becoming Microsoft Office The setup was simple. I had been working through a spontaneous personal essay — about cognitive overload, AI, and the specific anxiety of not knowing whether a memory lapse is a…
AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations,…
Global Security News, Government & Policy
Trump Administration Set to Receive $10 Billion Fee for Brokering TikTok Deal
Investors in the social-media platform’s U.S. business agreed to give the government several multibillion-dollar payments, sources say.
AI, Data Breaches, Europe, Global Security News, Government & Policy, Russia
Hackers targeted Poland’s National Centre for Nuclear Research
Hackers targeted Poland’s National Centre for Nuclear Research, but security systems detected and blocked the attack before any damage. The National Centre for Nuclear Research in Poland reported a cyberattack on its IT infrastructure. The intrusion attempt was quickly detected by security systems, allowing staff to secure the targeted systems and prevent any operational impact.…
AI, Exploits, Global Security News, Government & Policy, Risk Management
DoW Anthropic Dispute Spotlights AI Supply Chain Risk
The decision by the U.S. Department of War to label Anthropic a supply chain risk has sparked a wider debate across the sector about how organizations should approach artificial intelligence deployment, what they can manage, and the best practices needed to minimize security risks. When AI is deeply embedded in workflows, its absence is clear…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
AI Facial Recognition Error Jails Tennessee Grandmother for Months
A Tennessee grandmother spent nearly six months in jail after a facial recognition system incorrectly identified her as a suspect in a bank fraud investigation in North Dakota, more than 1,200 miles from her home. The case is drawing renewed scrutiny around the risks of relying heavily on artificial intelligence in criminal investigations. “I’ve never…
AI, Global Security News, Government & Policy, Network Security, Risk Management
Cyber criminals too are working from home… your home
The FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has posted guidance on its website. Residential proxies are used by cybercriminals to reroute traffic between individuals and the websites they visit to make it appear to originate elsewhere? By taking…
AI, Global Security News, Government & Policy, Network Security, Risk Management
Cyber criminals too are working from home… your home
The FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has posted guidance on its website. Residential proxies are used by cybercriminals to reroute traffic between individuals and the websites they visit to make it appear to originate elsewhere? By taking…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The cyber perimeter was never dead. We just abandoned it.
Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it. The FBI’s Winter SHIELD effort is the operational side of…
AI, Apps, Global Security News, Government & Policy, Risk Management, Russia
How AI is changing your mind
Humanity is diving headlong into a global experiment. More than 1 billion people have a new and unprecedented source of information and cognitive guidance: artificial intelligence (AI) trained on trillions of words. So, how exactly are AI chatbots affecting our minds, thoughts, beliefs and opinions? Scientists are scrambling to find out — and reports that…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Politics, Russia
Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict
A cyberattack that an Iranian hacking group said it carried out against medical device manufacturer Stryker might mark Tehran’s first significant cyber action since the start of the joint U.S.-Israel conflict. But even that may have been a happy accident for Iranian hackers in what has been a low buzz of activity during that timeframe,…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Network Security
Iran-Linked Hacktivists Claim Wiper Attack on Stryker Systems
A cyberattack has disrupted global operations at medical technology manufacturer Stryker, forcing employees in multiple countries offline and cutting access to core corporate systems. The incident, which began March 11, triggered widespread outages across the company’s Microsoft environment and left staff temporarily unable to access internal applications and devices. “When a company the size of…
Global Security News, Government & Policy
Your Signal account is safe – unless you fall for this trick
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts – with government officials and journalists among those being targeted. Read more in my article on the Hot for Security blog.
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, privacy
How not to steal $46 million from the US government
A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it – and…
AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management
Resumés with malicious ISO attachments are circulating, says Aryaka
Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails. The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It’s delivered through recruitment channels, and hosted on…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, Network Security
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day…
Global Security News, Government & Policy
INC Ransomware Group Holds Healthcare Hostage in Oceania
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
AI, Global Security News, Government & Policy, malware, Network Security
Pro-Palestinian hacktivist group Handala targets Stryker in global disruption
Pro-Palestinian hacktivist group Handala claims a cyberattack on Stryker, alleging it wiped 200,000 systems and disrupted global operations. Pro-Palestinian hacktivist group Handala claims responsibility for a disruptive cyberattack against medical technology firm Stryker. “Medical technology giant Stryker is experiencing a global outage across its systems after a cyberattack early Wednesday. Staff and contractors report that…
AI, Global Security News, Government & Policy, Risk Management
Anthropic announces think tank to examine AI’s effect on economy and society
Fresh from battling the US Department of Defense (DoD) over AI guardrails, Anthropic has returned this week with a new initiative: the company is founding a think tank, the Anthropic Institute, “to confront the most significant challenges that powerful AI will pose to our societies.” Headed by Anthropic co-founder Jack Clark, who will take up…
AI, Apps, Global Security News, Government & Policy, malware
BeatBanker malware targets Android users with banking Trojan and crypto miner
BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
CISA orders feds to patch n8n RCE flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. […]
AI, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security
Did cybersecurity recently have its Gatling gun moment?
On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of kinetic battles. The later named “Siege of Petersburg,” was the first recorded instance of the Gatling gun being used in battle.…
AI, Global Security News, Government & Policy
YouTube draws a line on deepfakes involving politicians and journalists
With deepfakes becoming more common, YouTube has expanded access to its AI-driven likeness detection system to a pilot group of government officials, journalists and political candidates. The step follows an earlier rollout of the tool to creators in the company’s Partner Program. AI video tools are easy to access, and the content they produce keeps…
AI, Compliance, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
If consequences matter, they should apply to vendors, too
Washington has rediscovered consequences. Just not consistently. The March 6 executive order rests on a simple, correct idea: cyber-enabled fraud persists because it is profitable, scalable, and too often tolerated. So the government’s answer is to raise the cost. More coordination. More disruption. More prosecutions. More diplomatic pressure on the states that shelter these operations.…
AI, APAC, Apps, Compliance, Global Security News, Government & Policy, privacy, Risk Management
Microsoft seeks a stay on DoD’s effective ban on Anthropic offerings
Microsoft is urging a federal court in California to temporarily pause the US Department of Defense’s (DoD) effective ban on Anthropic’s AI offerings, arguing that the government’s “supply chain risk” label could have significant knock-on effects for its own defense technology business. In a filing backing Anthropic’s request for emergency relief, the company said the…
AI, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
12 ways attackers abuse cloud services to hack your enterprise
Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic. Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists. The shift from “living off the land” to “living off the…
AI, Global Security News, Government & Policy
Middle East Conflict Highlights Cloud Resilience Gaps
Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.
AI, Apps, Cloud Security, Compliance, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management
AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications
In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only fully featured, independently operated sovereign cloud…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
Attackers exploit FortiGate devices to access sensitive network information
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Russia
APT28 conducts long-term espionage on Ukrainian forces using custom malware
APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on…
Global Security News, Government & Policy
Macquarie Technology Group secures A$200m investment from National Reconstruction Fund Corporation
Macquarie Technology Group Limited (ASX: MAQ) (the “Company”) announced that it has secured a A$200m hybrid investment from National Reconstruction Fund Corporation (NRFC). The NRFC is a sovereign investor established by the Australian Government to invest in Australian businesses to support nationally significant technological innovation, digital infrastructure, defence, and national security. It works to transform…
Global Security News, Government & Policy
Ping Identity Advances Regional Trust with PROTECTED-Level IRAP Assessment
COMPANY NEWS: Strengthens Support for Australian Government and Regulated Enterprises
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector
ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams. Key Takeaways OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…
AI, Cybersecurity, Data Breaches, Endpoint, Europe, Global Security News, Government & Policy, Risk Management
No, it’s not ‘unnecessarily burdensome’ to control your own data
According to a recent report, the State Department sent a cable urging U.S. diplomats to oppose international data sovereignty regulations like GDPR, characterizing these guardrails as “unnecessarily burdensome.” In the cable, the State Department claims that data sovereignty regulations “disrupt global data flows, increase costs and cybersecurity risks, limit Artificial Intelligence (AI) and cloud services, and…
AI, Cybersecurity, Europe, Global Security News, Government & Policy, Politics, Risk Management
Anthropic’s US gov’t lawsuit says federal action “unprecedented and unlawful”
Anthropic on Monday fought back against the US federal government’s determination that it is a supply chain risk, suing the feds and arguing to a California federal judge that the government is being inconsistent and contradictory. “The Constitution confers on Anthropic the right to express its views—both publicly and to the government—about the limitations of…
AI, Global Security News, Government & Policy, Russia
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. […]
AI, Apps, Global Security News, Government & Policy
FBI alert: scammers target zoning permit applicants
The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that…
AI, Cybersecurity, Europe, Funding, Global Security News, Government & Policy, Risk Management
CVE program funding secured, easing fears of repeat crisis
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that eliminates the looming expiration that triggered panic across the security community in 2025. According to sources, the program appears to have moved from a discretionary funding item to a…
AI, Global Security News, Government & Policy
LogicMonitor expands New Zealand investment with new regional infrastructure and ecosystem growth
COMPANY NEWS: LogicMonitor®, the AI-first platform for Autonomous IT, has strengthened its commitment to New Zealand with an expanded investment program to support the country’s rapidly growing digital economy. As organisations across enterprise, government, agribusiness, telecommunications, and managed services accelerate their adoption of cloud and AI, LogicMonitor is deepening its regional presence to meet rising demand for modern, intelligent IT operations.
AI, Exploits, Global Security News, Government & Policy, Russia
Russian hackers crack into officials’ Signal and WhatsApp accounts
Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies warned. They believe journalists and other people who attract attention from Moscow may also be affected. Investigators reported attackers attempt to trick users into revealing verification codes and PINs that protect…
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Russia-linked hackers target Signal, WhatsApp of officials globally
Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive…
AI, Global Security News, Government & Policy, Network Security, privacy
Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
Last week, two related RFCs were published: RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings RFC 9849: TLS Encrypted Client Hello These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the early implementers and proponents, has been in use for a while. Amidst an increased concern about threats to privacy…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia
Security Leaders Warn of Cyber Risks Tied to Iran Conflict
The escalating confrontation between the United States and Iran is raising concerns among cybersecurity agencies and security leaders, who have warned businesses to be on alert for a potential increase in cyberattacks from the region. Governments warn of increased cyber activity linked to Iran conflict Official warnings from cybersecurity centers in the United States, the…
AI, Global Security News, Government & Policy
No more soft play, President Trump warns in new cyber strategy
The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining U.S. leadership in cyberspace. The seven-page cyber strategy commits to a coordinated, government-wide response to cyber threats that extends beyond cyberspace and relies on close cooperation with allies, industry, and academia. “This strategy builds on President…
AI, Global Security News, Government & Policy, Risk Management
OpenAI robotics chief quits over Pentagon deal
OpenAI’s head of robotics, Caitlin Kalinowski, has resigned over the company’s contract with the US Department of War, saying key safeguards around domestic surveillance and autonomous weapons were not adequately reviewed before the agreement was signed. “Surveillance of Americans without judicial oversight and lethal autonomy without human authorization are lines that deserved more deliberation than…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy
We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.
Flights canceled. Emergency rooms shut down. Centuries-old companies shuttered. Ransomware and other similar cyberattacks have become so routine that even those serious human and economic consequences are often overlooked or easily forgotten. This lack of focus is dangerous. As former leaders of FBI and CISA cyber units, we’ve seen cybercrime ripple through communities – disrupting…
Europe, Funding, Global Security News, Government & Policy
Augur lands $15 million funding to strengthen critical infrastructure security
Augur has announced a $15 million seed round led by Plural, with participation from First Kind, SNR, Flix, and Tiny VC. The funding will support the deployment of Augur’s technology as governments, operators, and venue owners across Europe face rising security threats to vulnerable public spaces and critical national infrastructure. The changing threat landscape The…