FBI Atlanta and Indonesian National Police dismantle W3LLSTORE phishing market linked to $20M fraud, seizing domains and detaining developer.
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia
Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
Exploits, Global Security News
Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google…
Global Security News
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
Exploits, Global Security News
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described…
Global Security News
Over 4,732 Messages, He Fell In Love With an AI Chatbot. Now He’s Dead.
AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
AI, Global Security News, malware, Russia
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat…
Global Security News
FBI Recovers Deleted Signal Messages Through iPhone Notifications
Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals.
AI, Global Security News
How to Switch AI Chatbots—and Why You Might Want To
Your chatbot has a file on you. Here’s how to access, edit and migrate your AI’s memories.
Global Security News
Over 20,000 crypto fraud victims identified in international crackdown
An international law enforcement action led by the U.K.’s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. […]
Global Security News
Google Chrome Update Disrupts Infostealer Cookie Theft
Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows.
AI, Endpoint, Exploits, Global Security News, malware
CVE-2026-39987: Marimo RCE exploited in hours after disclosure
A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS score of 9.3) was exploited just 10 hours after disclosure (On April 8, 2026). Sysdig Threat Research Team observed exploitation of the Marimo flaw within 9…
Cybersecurity, Global Security News
Key Difference Between an App Developer vs Web Developer
In this post, I will talk about the key difference between an app developer vs web developer. App development is the process where app developers are hired to carry forward the idea and proceed with the development of the mobile apps. Whereas, LA app developers are known for implementing complex APIs and building versatile mobile…
Global Security News
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023
AI, Global Security News
ChatGPT rolls out new $100 Pro subscription to challenge Claude
OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude’s pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. […]
AI, Data Breaches, Global Security News
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims access to Rockstar Games Snowflake data via Anodot breach, threatening a data leak on April 14 if ransom demands are not met.
AI, Global Security News
White House Races to Head Off Threats From Powerful AI Tools
Group led by National Cyber Director Sean Cairncross aims to identify security vulnerabilities before models from Anthropic, OpenAI are released.
AI, Compliance, Europe, Global Security News, privacy, Risk Management
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
Google has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light of recent concerns surrounding WhatsApp’s encryption methods,” said Gartner analyst Avivah Litan. “Google’s approach offers verifiable customer-managed keys and…
AI, Compliance, Europe, Global Security News, privacy, Risk Management
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
Google has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light of recent concerns surrounding WhatsApp’s encryption methods,” said Gartner analyst Avivah Litan. “Google’s approach offers verifiable customer-managed keys and…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic’s Project Glasswing Signals Potential AI-Driven Shift in Cybersecurity
Anthropic’s Project Glasswing highlights how advanced AI models may rival top human experts in finding and exploiting software vulnerabilities. Early claims from the company suggest these models, like Claude Mythos Preview, can operate at large scale and find vulnerabilities faster. However, security leaders share mixed views on the claims. “Mythos appears to materially change the…
Global Security News
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Android banking trojan linked to Cambodia scam compounds uses forced labour to target users in 21 countries, bypassing security to steal funds.
Data Breaches, Global Security News
Hims Breach Exposes the Most Sensitive Kinds of PHI
Threat actors breached the telehealth brand, and now they may know who’s bald, overweight, and impotent. What could they do with that information?
AI, Apps, china, Cybersecurity, Global Security News, Government & Policy, Network Security, Russia
Commerce setting up new AI export regime to push adoption of ‘American AI’ abroad
The Department of Commerce is putting together a catalog of AI tools that will be given special export status by the federal government to be sold abroad. The department issued a call for proposals to participating companies in the Federal Register, looking to create a “menu of priority AI export packages that the U.S. Government…
Cybersecurity, Global Security News
Your Next Breach Will Look Like Business as Usual
These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks.
AI, Endpoint, Exploits, Global Security News, Network Security
Old Docker authorization bypass pops up despite previous patch
Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated…
AI, Global Security News
Sam Altman’s Home Attacked With Molotov Cocktail, Suspect Taken Into Custody
The individual allegedly made threats at OpenAI’s San Francisco headquarters, company says.
AI, Apps, Compliance, Europe, Global Security News
Survey: Governance Gaps Threaten MSP AI Revenue Opportunity
For managed service providers, AI represents a $276 billion opportunity. The problem? More than half of them can’t get their customers ready for it. That’s the headline finding from new research published this week by AvePoint and analyst firm Omdia, which surveyed 333 MSPs across North America, Europe, and Asia-Pacific on what’s actually blocking AI…
AI, Global Security News, malware
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.
Global Security News
A Fiery Re-Entry Awaits the Artemis Astronauts
Plus, experts offer innovation predictions and drone fleets are coming to schools.
AI, Global Security News, Network Security
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. […]
Global Security News
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
AI, APAC, Global Security News, privacy
Apple unveiled a new high-end market opportunity this week
Though I reviewed Apple’s recently-introduced MacBook Neo, M5 MacBook Air, and M5 Max MacBook Pro, I didn’t look at Apple’s new displays. But it is noteworthy that even these products open up new opportunities for the company. That’s because Apple this week gained FDA clearance for the Medical Imaging Calibration feature introduced in the Studio Display XDR. Just as the affordable MacBook Neo opens…
AI, Global Security News
AI and cryptocurrency scams are costing Americans billions, FBI reports
The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog.
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Bringing Rust to the Pixel Baseband
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is…
Global Security News
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
AI, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
How AI Is Reshaping Cybersecurity Careers — Not Replacing Them
Artificial intelligence (AI) is rapidly transforming cybersecurity roles, but not in the way many expected. Rather than just eliminating jobs, AI is redefining how cybersecurity professionals work, shifting the focus from manual task execution to higher-level decision-making and analysis. The work of security professionals “becomes less about processing and more about applying strong judgment, logic,…
AI, Exploits, Global Security News, Russia
Hacker Unknown now known, named on Europol’s most-wanted list
German police have pinned a name to one of the world’s most notorious hackers. Danii Shchukin operated under the names of UNKN or Unknown and GandCrab and was, according to German police, the leader of one of the largest globally active ransomware groups, known as GandCrab/Revi. Shchukin is known to have been operating since 2019.…
AI, Europe, Exploits, Global Security News
Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic…
Exploits, Global Security News
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. […]
AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape in 2026
Major Threats & Vulnerabilities Zero-Day and Critical Exploits A new zero-day vulnerability in Adobe Acrobat Reader is being actively exploited through malicious PDFs. Attackers can steal data and compromise systems, with no patch currently available. Security teams are urged to block untrusted PDFs, disable JavaScript, and use sandboxing with outbound traffic monitoring. The Fortinet EMS…
Global Security News, Government & Policy
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
AI, Global Security News, malware
ClickFix campaign delivers Mac malware via fake Apple page
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a social engineering technique that cons victims into running malicious commands on their own machine, usually…
AI, Cybersecurity, Global Security News
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine. The technique has been discovered in an Open VSX extension named “specstudio.code-wakatime-activity-tracker,” which masquerades as WakaTime, a
AI, Data Breaches, Global Security News, Government & Policy
Hungarian government email passwords exposed ahead of election
When voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian government email accounts are circulating online, many of them associated with national security. These…
AI, Data Breaches, Global Security News, Government & Policy
Hungarian government email passwords exposed ahead of election
When voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian government email accounts are circulating online, many of them associated with national security. These…
AI, Global Security News
iTWire TV: Your AI agents are already inside the building, and nobody knows who they report to – but Okta does
Okta’s Ariel Kadyshevitch says visibility is the single most important thing a CISO can do right now to get non-human identities under control, and his company is building the tools to make it happen.
AI, Global Security News
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. […]
AI, china, Data Breaches, Global Security News, Network Security, Risk Management
Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub
Threat actors are claiming responsibility for what could be one of the largest data breaches in China’s history — allegedly stealing more than 10 petabytes of data from a key national supercomputing facility tied to scientific and defense research. “The reports that hackers with the alias of FlamingChina stole 10 petabytes of data containing Chinese…
AI, Cybersecurity, Global Security News
Structured Data: Enhancing Your Site’s SEO
In this post, I will talk about structured data for enhancing your site’s SEO. Imagine walking into a huge library looking for one specific book. You could browse every aisle and flip through dozens of covers, or you could simply look it up in the system and find it in seconds. That’s exactly what structured…
AI, Cybersecurity, Global Security News
Common Mistakes to Avoid When Using Walk-Through Metal Detectors
Discover the most common mistakes when using walk-through metal detectors and learn how to improve security, accuracy, and performance with expert tips. In an age where security threats are becoming increasingly sophisticated, walk-through metal detectors have evolved into a frontline defense tool across airports, offices, public venues, and high-security zones. While these systems are designed…
AI, Global Security News
Your AI agents are already inside the building, and nobody knows who they report to – but Okta does
Okta’s Ariel Kadyshevitch says visibility is the single most important thing a CISO can do right now to get non-human identities under control, and his company is building the tools to make it happen.
Global Security News
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensitive data.
AI, Global Security News
Microsoft adds hidden feature flags to Windows Insider builds
Microsoft Windows Insider members will soon have an easy way to select which new features they test. Until now, Windows Insiders have had to wait for Microsoft to randomly assign them news features for testing through its Controlled Feature Rollout program or enable the features themselves through third-party software such as ViVeTool. The new Windows…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Meta moves fast toward a world where AI builds the software
Meta Platforms is reportedly pulling top software engineers from across the company into a newly created AI unit on a mandatory basis, with the stated goal of eventually having autonomous agents perform the bulk of the work of building, testing, and shipping its products, and human engineers serving only to monitor them. The development was…
Global Security News
Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Global Security News
Microsoft: Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees’ salary payments after hijacking their accounts in payroll pirate attacks. […]
AI, Global Security News
PC sales rise in Q1 despite memory shortage — IDC
In the first quarter of 2026, 65.6 million PCs were sold worldwide, according to data released this week by IDC. That represents a 2.5% increase compared to the same quarter a year ago. The research firm attributed the increase to customers moving to buy PCs now ahead of expected significant price hikes. The fact that…
AI, APAC, Cybersecurity, Exploits, Global Security News, Network Security
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
Anthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade. Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The researcher behind the work, Naveen Sunkavally,…
AI, Global Security News
Poisoned “Office 365” search results lead to stolen paychecks
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks as Storm-2755, begins by poisoning search engine results and running malicious ads against generic queries…
AI, Global Security News, Government & Policy, malware
UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected…
Global Security News
Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies
Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie
AI, Global Security News, Network Security
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s
AI, Global Security News
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. […]
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
AI, Compliance, Global Security News
Gmail’s end-to-end encryption comes to mobile, no extra apps required
Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for Enterprise Plus users with the Assured Controls or Assured Controls Plus add-on. Composing a E2EE message…
Global Security News
WSJ Readers Share Their Top Tips for Switching to an EV
They highlight hidden costs, the importance of buying used, and better ways to charge,
Global Security News
Meta Banks on AI to Clear the Smoke of Social-Media Lawsuits
While the tech giant has the means to fight in court, ongoing legal battles could temper a long-term recovery in its shares.
AI, Global Security News, malware
To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory…
AI, APAC, Compliance, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Politics, Risk Management
The cyber winners and losers in Trump’s 2027 budget
Federal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions. According to the Office of Management and Budget (OMB) crosscut tables released with Trump’s budget, civilian federal cybersecurity spending is expected to fall from $12.455 billion in 2026…
Global Security News
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.
AI, Apps, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
CMMC compliance in the age of AI
Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) is handled, why specific safeguards were selected and whether those safeguards operate consistently under scrutiny from assessors,…
AI, Apps, Exploits, Global Security News, Risk Management
EngageLab SDK flaw opens door to private data on 50M Android devices
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…
AI, Global Security News, Network Security, privacy
Little Snitch for Linux shows what your apps are connecting to
Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool.…
AI, Global Security News, Risk Management
Apiiro CLI turns AI coding assistants into full-stack security engineers
The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt enrichment. It installs in seconds on macOS, Linux, and Windows via brew, direct download, or RPM.…
Cybersecurity, Data Breaches, Global Security News
11 Password Management Mistakes You Should Avoid
Today, we will show you the 11 password management mistakes you should avoid. We all know the importance of keeping our passwords safe. According to the 2019 Verizon Data Breach Investigations Report (DBIR), passwords are still a major security challenge. The data showed that 80% of hacking-related data breaches involved passwords. It isn’t easy to…
AI, Global Security News
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. “This project represents a significant
AI, Global Security News
April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities associated with it and realized it was good precursor to some themes at RSAC this year.…
AI, Cybersecurity, Data Breaches, Global Security News
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth $3.6M from its wallets after a March 23 intrusion. Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depot, on March 23, stole login credentials, and drained about 50.9 BTC worth $3.6M from company wallets. Bitcoin Depot told the SEC that a hacker…
AI, Apps, china, Europe, Global Security News
Google’s new AI app is a glimpse of the future
I don’t know about you, but I spend a lot of time offline. And not by choice. That’s why I love new tools that work offline like the great one Google just launched. I know, I’m an outlier. As a full-time digital nomad who travels constantly, I have unusual connectivity problems. Right now, I’m living…
AI, Global Security News
This problem might not need a solution: customer-service bots that code for free
Why bother paying for your own generative AI (genAI) tokens when you can have the computations done for free using a competitor’s AI-powered customer service bot? That question is at the heart of a CIO.com report that explores the trend and various ways to block it. It’s possible the best response to this kind of…
AI, Global Security News, malware
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV’s on VirusTotal[1]. The file is pretty big (10MB) and contains a copy of the AsmDB project lib[2]. The purpose is unknown.…
AI, Global Security News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across…
AI, Global Security News
What vibe hunting gets right about AI threat hunting, and where it breaks down
In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI scans datasets for anomalous patterns and surfaces potential threats. Taylor draws a firm line on responsibility: analysts must be able…
AI, Global Security News, privacy
Health insurance lead sites sell personal data within seconds of form submission
Lead generation websites that offer health insurance quotes collect sensitive personal data and sell it to multiple buyers within seconds of a user clicking submit. A study by researchers at UC Davis, Stanford University, and Maastricht University mapped this process across 105 health insurance lead generation sites and monitored what happened to the data over…
Global Security News, Network Security, privacy
Product showcase: Session, a messenger without phone numbers or metadata
Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as long as there is a reliable data connection. Privacy and metadata concerns With the growth…
AI, Cybersecurity, Exploits, Global Security News, Risk Management, Venture
News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk
AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable in our environment right now? •What should we proactively fix? The platform monitors thousands of threat sources,…
AI, Global Security News
New infosec products of the week: April 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Advenica, Intruder, Mallory, and Secureframe. Mallory brings contextual threat intelligence to security operations Mallory is launching an AI-native threat intelligence platform that monitors thousands of threat sources, contextualizes them against your actual attack surface, and puts that intelligence to work…
AI, Global Security News
ADLINK Unveils Next-Generation Edge AI Platforms Powered by NVIDIA Jetson Thor and NVIDIA IGX Thor to Accelerate Physical AI
ADLINK Technology Inc, a global leader in edge computing, announced its next-generation Edge AI platforms, the DLAP-IGX Series, featuring NVIDIA IGX T7000. ADLINK sees strong potential for the NVIDIA IGX Thor platform to drive the next generation of safe, high-performance AI at the edge—particularly in industrial robotics and the humanoid market. Compared with NVIDIA IGX…
AI, Exploits, Global Security News, malware, Risk Management
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting computers to gather…
AI, Global Security News
MCA Australia opens its major summer exhibition Data Dreams: Art and AI, part of the Sydney International Art Series 2025–26
Who holds the power behind the algorithm? Can machines dream? What does it mean to be human in an age of AI? A groundbreaking exhibition which asks how artificial intelligence is transforming the way we live, think and create.
Global Security News
DataBench to collaborate with the First Person Cooperative
DataBench Founder and CEO David Christmas has agreed to form a partnership with First Person Cooperative, the San Francisco-based architects of the ‘First Person Initiative,’ an international multi stakeholder collaboration whose goal is to solve one of the oldest and hardest problems on the internet: how to prove you are a unique person online with…
AI, Global Security News, Government & Policy, malware
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. […]
Global Security News
As Pharmacists Step Up to Full Scope and Women’s Health, Modentity Clears the Path
The Australian Pharmacy Professional Conference (APP2026) has shone a spotlight on a defining shift for the profession: the expansion of pharmacists into full scope clinical services, including women’s health, UTI prescribing, oral contraceptive management, and extended immunisation programs. But as pharmacists are asked to do more than ever before, the industry is confronting a critical…
Global Security News
As Pharmacists Step Up to Full Scope and Women’s Health, Modentity Clears the Path
The Australian Pharmacy Professional Conference (APP2026) has shone a spotlight on a defining shift for the profession: the expansion of pharmacists into full scope clinical services, including women’s health, UTI prescribing, oral contraceptive management, and extended immunisation programs. But as pharmacists are asked to do more than ever before, the industry is confronting a critical…
AI, Global Security News
TGS Awards Hyperscale Cloud Migration Contract to Tape Ark
TGS, a global provider of subsurface data and energy intelligence, has awarded a contract to Tape Ark to migrate approximately 40 petabytes of seismic and subsurface data into a cloud environment. The program represents one of the largest cloud-migration initiatives of its kind within the energy sector.
Global Security News
New VENOM phishing attacks steal senior executives’ Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. […]
Europe, Global Security News
Zayo Europe Joins GNM-IX
GNM announces that Zayo Europe has joined GNM-IX, further strengthening the pan-European interconnection ecosystem.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs
The fallout and potential exposure from Iran’s state-backed targeting of U.S. critical infrastructure extends to more than 5,200 internet-connected devices, researchers at Censys said in a threat intelligence brief Wednesday. Of the programmable logic controllers manufactured by Rockwell Automation/Allen-Bradley that Censys identified as potentially exposed to Iranian government attackers, nearly 3,900, or about 3 out…
AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy
Why is the timeline to quantum-proof everything constantly shrinking?
When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…