A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any…
Global Security News
It’s Patch Tuesday for Microsoft and Not a Zero-Day In Sight
It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
AI, Apps, Exploits, Global Security News, Risk Management
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting…
Global Security News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
Global Security News
UK fines water supplier $1.3M for exposing data of 664k customers
The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. […]
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security
Hackers accessed BWH Hotels reservation system for months
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…
AI, Global Security News, Network Security
Webinar: Fixing the gaps in network incident response
IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. […]
AI, Global Security News
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. […]
Exploits, Global Security News
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than others. Patches to prioritize For Satnam Narang, senior staff research engineer at Tenable, the four critical…
Global Security News
Microsoft releases Windows 10 KB5087544 extended security update
Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. […]
AI, APAC, Apps, Exploits, Global Security News
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…
Global Security News
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. […]
Global Security News
Windows 11 KB5089549 & KB5087420 cumulative updates released
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
Global Security News
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft’s May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. […]
AI, Global Security News, malware
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…
Data Breaches, Global Security News
Škoda warns of customer data breach after online shop hack
Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. […]
Global Security News, privacy
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. […]
AI, Global Security News, privacy, Risk Management
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it…
AI, Endpoint, Exploits, Global Security News, Risk Management
Extending Security to MCP Servers: Closing a Critical Gap
The Model Context Protocol (MCP) is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the time-consuming work of building APIs. Adoption has surged in recent…
AI, Apps, Endpoint, Global Security News, Network Security, privacy, Risk Management
Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws
More than one million internet-connected baby monitors and security cameras were reportedly exposed through multiple vulnerabilities tied to Meari Technology. The flaws potentially allowed attackers to access sensitive images, device data, and real-time household activity from around the world. “What makes this story especially frustrating is that it highlights one of the hardest problems in…
AI, Global Security News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free
AI, APAC, Exploits, Global Security News
Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.
AI, Global Security News
SAP unveils Autonomous Enterprise for AI-driven business operations
SAP introduced the Autonomous Enterprise to help enhance the world’s most critical business workflows, so that humans and AI work together to meet the accelerating demands of global business profitably, strategically and safely. “For the mission-critical processes of our customers, ‘almost right’ just isn’t good enough,” said Christian Klein, CEO of SAP SE. “By uniting…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture
What works against Mythos today is what worked against ransomware 5 years ago, and malware 10-15 years ago
Mythos completely changed the game, except, in most ways, it didn’t. It isn’t creating entirely new security problems, it simply makes existing problems much easier to exploit at scale. Yes, AI will increase breaches by making attacks faster and cheaper, but the way companies defend themselves hasn’t fundamentally changed. The organizations best prepared for AI-driven…
AI, Global Security News
OpenAI CEO Sam Altman Takes Stand in Elon Musk Megatrial
The trial centers around Musk’s donations to the AI lab when it was a non-profit and its conversion to a for-profit company.
AI, Apps, Exploits, Global Security News
WWDC: From NeXTStep for Apple to Apple’s next step for AI
As Apple heads toward next month’s Worldwide Developer Conference (WWDC), cast your mind back almost 30 years. That’s when something happened that arguably put events in motion that led to Apple becoming the company it is today. That was when Apple co-founder Steve Jobs returned to the top job at WWDC 1997 — the first such event…
Global Security News
SpaceX, Google in Talks to Explore Data Centers in Orbit
A deal between the two tech titans would give a boost to SpaceX’s business ahead of a historic public listing.
AI, Global Security News
Nvidia Is Buying the Chip Supply Chain
Plus, OpenAI’s employee payouts and tech’s growing unemployment.
AI, Apps, Compliance, Data Breaches, Global Security News, Network Security, Risk Management
Banks Face a Growing AI Risk at the Database Layer
Financial institutions are rapidly deploying AI, but new research suggests many banks may be securing the wrong layer of the stack. Liquibase researchers warn that while organizations focus heavily on AI models and APIs, the database layer may be one of the most exposed parts of modern financial infrastructure. “Governance for agents has to move…
AI, Funding, Global Security News, Venture
Exaforce raises $125 million to respond to AI-powered attacks
Exaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-native security operations platform, deepen its real-time reasoning capabilities, and expand globally.…
Global Security News
Data Centers in Space: A Pipe Dream, or AI’s Next Big Thing?
A big part of the challenge is producing and launching scores of the devices without breaking the bank.
AI, Exploits, Global Security News
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing…
AI, Global Security News, malware
ThreatDown ITDR prevents credential-based attacks
ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified…
AI, Apps, Compliance, Cybersecurity, Europe, Global Security News, Network Security
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach their full potential, customers need control over their data and choices for how and…
AI, Global Security News
OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up
AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Risk Management
FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread
The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it intends to stay in that role. Related: No easy AI security fixes I sat down…
AI, Global Security News
Amazon Quick authorization bypass let users reach blocked AI chat agents
Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in the user interface for a period earlier this year, and direct calls…
AI, Global Security News, Risk Management
Veeam Intelligent ResOps unifies data context and recovery
Veeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover precisely – without broad rollbacks when something happens. When insights are disconnected from recovery,…
AI, Global Security News
The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that…
AI, Global Security News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on…
AI, Global Security News
Mini Shai-Hulud Hits TanStack npm Packages
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
AI, Data Breaches, Global Security News, Risk Management
Instructure took a risky approach to recover stolen Canvas data
Instructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more than 30 million active users worldwide and serves more than 8,000 institutions. Although Instructure did not…
AI, Global Security News
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Palo Alto Networks Targets AI Identity Risks with Idira
Palo Alto Networks is expanding its identity security business with the launch of Idira, a platform designed to secure human users, machine identities, and autonomous AI agents as enterprises face growing identity-related cyber risk. The company also named Oracle veteran Sonny Singh to lead the business, signaling a broader push around identity security for AI-driven…
Global Security News, privacy
General Motors to pay $12.75 million over driver data sales
General Motors has agreed to a $12.75 million settlement with California over allegations that it unlawfully sold drivers’ location and behavioral data to brokers, marking the largest penalty in the history of the state’s Consumer Privacy Act. Prosecutors say GM made approximately $20 million nationwide from the sales. “General Motors sold the data of California…
AI, Apps, Cybersecurity, Endpoint, Global Security News, Risk Management
Huntress and Acrisure Launch Streamlined Cyber Insurance Program
Huntress has collaborated with Acrisure to launch a new cyber insurance program that gives businesses a faster, simpler path to protection against cybersecurity risks. The program offers eligible organizations access to unique Cyber or Tech Errors and Omissions (Tech E&O) insurance policies with no deductible, through a streamlined application process that reduces the complexity typically…
AI, Global Security News
Top Video Downloaders in 2026: Why Wondershare UniConverter Remains a Strong Choice
As video content continues to dominate entertainment, education, and social media platforms, more users are searching for reliable…
AI, Cybersecurity, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…
AI, Cybersecurity, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to secure software…
AI, Global Security News, Risk Management
Download: The IT and security field guide to AI adoption
Security and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of reducing workload, AI can introduce new risks and oversight burdens. This guide breaks down why AI adoption…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ThreatDown Expands Into Identity Security With ITDR Platform
ThreatDown on Tuesday announced the launch of its new Identity Threat Detection and Response (ITDR) platform, designed to help organizations detect and respond to attacks targeting user identities and credentials after authentication. The California-based cybersecurity vendor said the product is built to monitor suspicious identity activity across hybrid environments, including Microsoft Entra ID, Okta, and…
AI, Global Security News, Risk Management
Xurrent Intros MCP Server to Enhance AI Integration for ITOps
AI-powered service and operations management platform for corporate IT teams and enterprise MSPs, Xurrent, is launching its Model Context Protocol (MCP) server. This MCP standard enables Xurrent to act as a universal connector, enabling different AI models and digital agents to securely access Xurrent data and perform tasks within established workflows. AI models now connect…
Global Security News
End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android
Apple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5
Cybersecurity, Global Security News, Network Security
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. “TrickMo relies on a runtime-loaded APK (dex.module),
AI, Endpoint, Global Security News
JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)
JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413 allows for privilege escalation, and may allow attackers to expose some parts of the TeamCity…
Global Security News, Risk Management
20 Leaders Who Built the CISO Era: 2 Decades of Change
As part of Dark Reading’s 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
AI, APAC, Compliance, Global Security News, Network Security
SonicWall Expands Security Platform With Cloud-Focused NSv XS
SonicWall is expanding its Gen 8 security platform beyond physical appliances with the launch of the NSv XS, a new virtual firewall designed for managed service providers (MSPs) and managed security service providers (MSSPs). Gen 8 security platform expands to virtual environments Announced Tuesday, the NSv XS brings SonicWall’s Gen 8 protections into cloud and…
AI, Global Security News
LAFC Leveraging SAS to Scale Fan Experiences
At SAS Innovate 2026, Los Angeles Football Club (LAFC) discussed how the organization enabled it to streamline services and optimize its connection with its fans and community. Ryan Bishara, EVP, Revenue & Strategy, LAFC, spoke about the organization’s rapid growth and operational complexity, as well as its partnership with SAS. The evolution from new club…
AI, Exploits, Global Security News
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
AI, Global Security News, Risk Management
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT,…
AI, Global Security News, Russia
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Risk Management
Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor
Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. cPanel is a widely used web hosting control panel that lets users manage websites and servers through a…
AI, Apps, Global Security News, malware, Network Security
Fake Claude Code takes the IElevator to your browser secrets
Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Developers…
AI, Global Security News, malware
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A large-scale software supply-chain attack involving the “Shai-Hulud” malware has compromised hundreds of packages across open-source software ecosystems. […]
Global Security News
Citrix moves secure access to a flexible, credit-based consumption model
Citrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-size-fits-all licensing with a flexible consumption model. Customers purchase a shared pool of Flex credits and allocate them based…
AI, Cloud Security, Cybersecurity, Endpoint, Global Security News, malware, Risk Management
ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows
Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident. ANY.RUN solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without…
Global Security News
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. […]
AI, Global Security News, Network Security
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root
Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries,…
AI, Global Security News
Why Agentic AI Is Security’s Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
cPanel flaw exposes enterprises to hosting supply-chain risks
A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting…
AI, Data Breaches, Exploits, Global Security News
Škoda confirms unauthorized access to its online shop
Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the vulnerability, referred the incident to a specialized IT forensics team for technical analysis, and…
AI, Global Security News, Network Security, Venture
Top Down Ventures Closes $28M MSP Software Founders Fund I
Top Down Ventures announced Tuesday that it has completed the final close of its Founders Fund I at $28 million, surpassing its original $25 million target. The Vancouver-based venture firm said the fund, which first closed in Oct. 2024 and finalized in April 2026, is the first institutional venture fund dedicated entirely to early-stage MSP…
AI, APAC, Cybersecurity, Endpoint, Funding, Global Security News, Network Security, Risk Management, Venture
AI is separating the companies built to scale from the ones built to sell
If you had time to walk the expo floor at this year’s RSA Conference, it was impossible to miss the shift in our industry. Artificial intelligence has moved from an emerging layer to the foundation of what powers cybersecurity companies. But from our vantage point as investors who work closely with founders and operators, the bigger…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Developer workstations are the new beachhead
I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware operation using a Zig-compiled binary to silently infect every IDE on a developer’s…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
WannaCry, the ransomware attack that changed the history of cybersecurity
WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also…
Global Security News, malware
Malicious Hugging Face Repository Typosquats OpenAI
HiddenLayer reveals infostealer malware in a Hugging Face repository
Data Breaches, Global Security News
Instructure reaches ‘agreement’ with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]
AI, Apps, Compliance, Cybersecurity, Data Security, Exploits, Global Security News, privacy, Risk Management
CISOs step into the AI spotlight
Serving in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army, where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump into a foxhole and pick up a weapon,”…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Why patching SLAs should be the floor, not the strategy
I’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals closed in 14 days. Eighty-something on highs. The board…
AI, Global Security News
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities. How Daybreak identifies exploitable vulnerabilities Daybreak builds editable threat models from a company’s code repository, analyzes…
AI, Global Security News
South Staffordshire Water Fined £1m After Data Breach
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
AI, Data Breaches, Global Security News, Network Security
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized…
AI, Apps, Global Security News
Arm’s software chief sees human language as the new way to program
If you haven’t heard of Arm, you haven’t been paying attention to how ubiquitous the chipmaker has become. Arm’s processor designs power Macs, iPhones, and every other major smartphone line. Queries made through ChatGPT, Gemini, or Claude pass through an Arm-based chip at some point. For more than 40 years, Arm’s focus was on chip…
AI, Apps, Global Security News
Arm’s software chief sees human language as the new way to program
If you haven’t heard of Arm, you haven’t been paying attention to how ubiquitous the chipmaker has become. Arm’s processor designs power Macs, iPhones, and every other major smartphone line. Queries made through ChatGPT, Gemini, or Claude pass through an Arm-based chip at some point. For more than 40 years, Arm’s focus was on chip…
AI, Cybersecurity, Global Security News
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners…
AI, Apps, Global Security News, malware, Network Security
Android banking Trojan TrickMo evolves using TON network for C2
ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…
Global Security News
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android…
AI, Apps, Global Security News
HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual Studio Code and JetBrains IDEs that flags vulnerable packages and offers…
Global Security News, Network Security, Risk Management
The hidden smart fridge risks that emerge years after purchase
Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide, and the findings reach further than the kitchen. The study examines three current models on the…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: May 12, 2026
Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineering and product teams to identify vulnerabilities early, support remediation efforts, and help ensure applications are secure by…
Global Security News
Sam Altman’s Business Dealings Under GOP Scrutiny Ahead of OpenAI’s IPO
The Republican-led House Oversight Committee says it is investigating, and six GOP state attorneys general are calling for SEC review after a WSJ article.
Global Security News
ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
APAC, Global Security News
Elon Musk’s Grok Is Losing Ground in AI Race
Adoption by business and consumer users has slowed as parent SpaceX rents out spare computing capacity to rival Anthropic.
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by…
AI, Global Security News, Risk Management
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
Seven things security teams can start doing today to reduce risk Categories: Threat Research Tags: AI, CISO, risk
AI, Endpoint, Exploits, Global Security News
Sophos Endpoint in action: Blocking a novel supply chain attack
How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack. Categories: Products & Services Tags: Endpoint, Sophos Endpoint, Exploits
Global Security News
The State of Identity Security 2026: Identity is the new perimeter
Discover the causes and consequences of identity threats based on a survey of 5,000 organizations across 17 countries. Categories: Products & Services Tags: identity, Identity Security, Ransomware
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Pressure mounts on Canvas as data leak extortion deadline looms
Pressure is mounting on Instructure, the company behind Canvas, as cybercriminals threaten to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform. Widespread outages left schools, students and teachers temporarily unable to access critical data late last week after the company took Canvas…