Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. “An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an
AI, Compliance, Global Security News, Government & Policy, Network Security
Introducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance Workbook
November 20, 2025: Date this information was first published. We’re pleased to announce the availability of the latest sample security baseline from Landing Zone Accelerator on AWS (LZA)—the Universal Configuration. Developed from years of field experience with highly regulated customers including governments across the world, and in consultation with AWS Partners and industry experts, the…
AI, Global Security News
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. […]
AI, Data Breaches, Global Security News, malware, Network Security, Risk Management, Russia
Qilin ransomware group claims the hack of German political party Die Linke
Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its…
AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in TrueConf Client, tracked as CVE-2026-3502 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. TrueConf is a videoconferencing platform often used in secure, offline…
AI, Global Security News, malware
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.
Global Security News
This Engineer Wants to Make Computer Chips on the Moon
Atsuyoshi Koike, the public face of Japan’s effort to muscle back into the semiconductor industry it used to dominate, first needs to prove he can make them on earth.
Global Security News
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. […]
AI, Endpoint, Exploits, Global Security News
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient…
AI, Cybersecurity, Global Security News
Basic Tips To Ensure Online Safety
This post will show you basic tips to ensure online safety. Increased online activity brings with it a necessity for improved online safety practices. Nowadays, many of us rely on the internet for all sorts of things. Communication, banking, entertainment, and career progression often depend on how well we use the internet. But some of…
Global Security News, Risk Management
I Uploaded My Blood Work to AI. Am I Oversharing?
When you connect medical records and health data to a chatbot, you get results. But you must understand the risks.
AI, Global Security News
The Smarter Way to Cash In on Meta’s Vision for Smartglasses
EssilorLuxottica makes the AI-enabled Ray-Bans that are growing more popular with consumers.
AI, Cybersecurity, Data Breaches, Europe, Global Security News, malware, Network Security, Risk Management
European Commission breach exposed data of 30 EU entities, CERT-EU says
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…
GeekGuyBlog
Inconsistent Privacy Labels Don’t Tell Users What They Are Getting
Discover how inconsistent privacy labels leave mobile app users confused about data collection practices and what it means for their online safety.
Global Security News, Venture
These AI Whiz Kids Dropped Out of College and Got Investors to Pay Their Bills
Venture capitalists are stepping in to cover expenses like rent while dropouts from Harvard to Stanford chase their startup dreams.
Global Security News, privacy
Inconsistent Privacy Labels Don’t Tell Users What They Are Getting
Data privacy labels are a great idea for mobile apps, but the current versions just aren’t good enough.
Global Security News
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […]
Global Security News
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […]
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
RSAC 2026: Rethinking Trust in Agentic AI Security
Ahead of RSAC 2026, a conversation with David Brauchler, Technical Director and Head of AI/ML Security at NCC Group, highlighted a growing concern: many organizations are fundamentally unprepared to secure AI-powered systems. As enterprises rapidly adopt agentic AI, traditional security assumptions are breaking down, exposing critical gaps in how risk is understood and managed. The…
Global Security News
Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience.
Global Security News
OpenAI’s Top Executive Fidji Simo To Take Medical Leave from Company
The maker of ChatGPT announced several other organizational changes ahead of its expected IPO.
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Security lapse lets researchers view React2Shell hackers’ dashboard
An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
A core infrastructure engineer pleads guilty to federal charges in insider attack
When Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, and scheduling unauthorized tasks on the domain controller. After he shut down key systems and accounts, he sent…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
A core infrastructure engineer pleads guilty to federal charges in insider attack
When Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, and scheduling unauthorized tasks on the domain controller. After he shut down key systems and accounts, he sent…
AI, Global Security News
AI Trainer Mercor Offers to Pay People for Prior Work—Work Employers Might Own
AI models from the tech giants constantly need new training data. This $10 billion startup is on the hunt for fresh resources.
Data Breaches, Global Security News
Hims & Hers warns of data breach after Zendesk support ticket breach
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. […]
AI, china, Europe, Global Security News, Government & Policy
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. “This TA416 activity included multiple
AI, Exploits, Global Security News
Google patches fourth Chrome zero-day so far this year
Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281, the company acknowledged that an exploit for it already exists in the wild. According to the report in NIST’s National Vulnerability Database, the vulnerability in Dawn, the implementation of WebGPU used by Chrome, allowed a remote…
AI, Global Security News
AI chatbot use can hinder students’ knowledge retention
Students who use AI tools extensively may struggle with knowledge retention, according to new research. Brazilian social scientist Andre Barcaui looked at two groups of students, one using ChatGPT as a study aid and the other using more traditional methods, before giving them a surprise test after 45 days. He found that those who had…
AI, APAC, Apps, Funding, Global Security News
Internet Bug Bounty program hits pause on payouts
Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team. HackerOne, which administers the program, has said that it is “pausing submissions” while it contemplates ways in which open source security can be handled more effectively. The Internet Bug Bounty program, funded by a number…
Global Security News
Apple Breaks Precedent, Patches DarkSword for iOS 18
Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool.
AI, Global Security News
North Korean Hackers Abuse GitHub to Spy on South Korean Firms
Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies. Discover how North Korean…
AI, Exploits, Global Security News, Risk Management
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code. The vulnerability, revealed by AI security company Adversa, is that if Claude Code is presented with a command composed of more than 50 subcommands, then for subcommands after the 50th it will…
AI, Global Security News
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. […]
AI, china, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security
Trump budget proposal would cut hundreds of millions more from CISA
President Donald Trump’s fiscal 2027 budget would slash the Cybersecurity and Infrastructure Security Agency’s total by $707 million, according to a summary released Friday, which would deeply chop down an agency that already took a big hit in Trump’s first year. Another budget document suggests a smaller — but still substantial — hit of $361…
AI, Global Security News, privacy
Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’
Sen. Ron Wyden, D-Ore., warned Social Security Administration chief Frank Bisignano that any follow-through on President Donald Trump’s executive order creating a new database of U.S. voters using agency data would be viewed by Democrats as a conscious choice on the part of SSA officials to participate in “blatant voter suppression.” “Facilitating Donald Trump’s directive…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Cisco 2026 State of Wireless Report: AI Wireless Threats Grow as Security Gaps Widen
Wireless networks are becoming a prime target for attackers — and many organizations aren’t prepared to keep up. Cisco’s 2026 State of Wireless report warns that as enterprises scale AI, IoT, and high-bandwidth applications, wireless environments are expanding faster than security defenses can adapt. “AI-generated attacks are the leading driver of increased wireless security risk,”…
AI, Data Breaches, Europe, Exploits, Global Security News, malware, Network Security
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner. The attack on the AWS cloud infrastructure hosting the Europa.eu web hub on March 24 resulted in the theft of 350 GB of…
AI, Global Security News
Would You Let AI Day Trade Your Money?
Plus, a college kid used cat memes to hunt a cyberweapon and new jobs are being created by AI.
Global Security News
I Looked Inside the First iPhone and Saw 50 Years of Apple History
Apple showed me hidden prototypes and rare archival materials that even Tim Cook hadn’t known about. They tell the story of America’s most iconic company.
AI, Apps, Compliance, Cybersecurity, Global Security News
How AWS KMS and AWS Encryption SDK overcome symmetric encryption bounds
If you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys. This post explains how AWS Key Management Service (AWS KMS) and the AWS Encryption SDK handle Advanced Encryption Standard in Galois Counter Mode’s (AES-GCM) encryption limits or bounds automatically by using derived key…
AI, APAC, Exploits, Global Security News, Politics
Apple leans into the component crisis storm
What does a well-managed company do in a tough business environment? It works to separate obstacle from opportunity, and then exploits its advantages, scale, and timing to turn the former into the latter. Apple’s history is full of examples of this kind, from the 150 calls a young Steve Jobs made cold-calling investors to Apple’s recent move to…
Global Security News
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. “Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
AI, Data Breaches, Global Security News
AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.
AI, Data Breaches, Global Security News
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.
AI, Cybersecurity, Global Security News
Managing Brand Drift: A Framework for Multi-Channel Batch Asset Production
In this post, I will talk about managing brand drift and discuss the framework for Multi-Channel batch asset production. The primary challenge for creative teams today is no longer just generating a high-quality image; it is generating a hundred high-quality images that all feel like they belong to the same campaign. When an asset moves…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week
Major Threats & Vulnerabilities High-Severity Flaws A newly disclosed Cisco IMC vulnerability (CVSS 9.8) allows unauthenticated attackers to gain full administrative access to UCS servers. Cisco has issued patches, and while no active exploitation has been observed, immediate updates are strongly advised. In another critical discovery, a GIGABYTE Control Center flaw enables remote code execution…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Armis State of Cyberwarfare Report: AI-Powered Cyber Attacks Accelerate Worldwide
Cyberwarfare has entered a new phase — and it’s moving faster than many organizations can defend against. The 2026 State of Cyberwarfare report from Armis warns that AI-driven attacks, geopolitical tensions, and expanding digital dependencies are converging to create a constant, high-pressure threat environment for enterprises worldwide. “Modern businesses find themselves in the crosshairs of…
AI, Global Security News
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. […]
AI, Cybersecurity, Exploits, Funding, Global Security News
North Korea–linked hackers drain $285M from Drift in sophisticated attack
Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attack likely linked to North Korea. Threat actors used durable nonce accounts to pre-sign and delay transactions, while also compromising multisig approvals…
Global Security News, Russia
AI Future: The Leading International AI and Web3 Forum to Take Place in April
Moscow, Russia, 3rd April 2026, CyberNewswire
Global Security News
Picking Up ‘Skull Vibrations’? Could Be XR Headset Authentication
“Skull vibration harmonics generated by vital signs” can be used to sign in to VR, AR, and MR headsets, according to emerging research.
AI, Global Security News, malware, Russia
CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access
CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kaspersky researchers uncovered a Telegram-based campaign promoting a previously unknown malware sold as a MaaS with three subscription tiers. The Trojan offers a wide range of features, including RAT capabilities, data theft, keylogging,…
AI, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
TeamPCP Supply Chain Campaign: Update 006 – CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 005 covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz’s post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM’s release resumption after Mandiant’s forensic audit.…
AI, Cybersecurity, Global Security News, Risk Management
Is AI Driving Tech Layoffs or Masking Deeper Cuts?
Oracle’s latest round of layoffs is intensifying a broader question across the tech sector: Is artificial intelligence actually replacing workers, or simply being used to justify long-anticipated cost cuts? Oracle cuts jobs as AI spending reshapes cost structure In Oracle’s case, the company has added hundreds of billions to its books through AI investments. As…
AI, Global Security News, Government & Policy
What Is Digitization vs Digitalization vs Digital Transformation?
In today’s digital landscape, the terms “digitization,” “digitalization,” and “digital transformation” are often used interchangeably, leading to confusion about their distinct meanings and business implications. While these three concepts are interconnected, each represents a unique approach to leveraging technology to drive organizational change and growth. Understanding the nuances between them is crucial for companies seeking…
AI, Apps, Compliance, Cybersecurity, Europe, Global Security News, Government & Policy, Network Security, Risk Management, Venture
March 2026 Leadership Moves: Google Cloud Partner Chief Departs & More
As the first quarter of 2026 comes to a close, organizations around the channel have made significant moves to their leadership teams. Key figures have been appointed, promoted, or departed from their positions to make way for new faces. Take a look around at some of the signature moves that enterprises have made as they…
AI, Global Security News
Source Code Leaks Highlight Lack of Supply Chain Oversight
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
AI, Global Security News
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled with vulnerabilities Cisco Integrated Management Controller is a built-in hardware management system used in Cisco servers. It allows…
AI, Global Security News
ServiceNow CEO Builds New Business Model Around AI
Bill McDermott envisions a ‘control tower’ for companies as AI moves beyond intelligence to execution.
Global Security News
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.
Global Security News
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device security > Secure Boot. Updated 2023 certificates are being delivered automatically through Windows Update to consumer devices and some…
AI, Global Security News
Microsoft still working to fix Exchange Online mailbox access issues
Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. […]
AI, Global Security News
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of…
Data Breaches, Global Security News
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack surface, and most organizations are underprepared for it. Cynomi’s new guide, Securing the Modern Perimeter: The Rise of…
Cybersecurity, Funding, Global Security News
5 Affordable Enterprise Internet Scalability Solutions in South Carolina Compared
In this post, I will show you 5 affordable enterprise Internet scalability solutions in South Carolina. South Carolina’s connectivity boom is here. Armed with $551.5 million in new BEAD funding, fiber crews are wiring Columbia, Charleston, and the Upstate according to the state’s broadband map release. For the first time, midsize firms can buy enterprise-grade…
Cybersecurity, Exploits, Global Security News, malware
Claude Code source leak exploited to spread malware
A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used as lure On March 31, 2026, Anthropic accidentally exposed online the source code of…
AI, Cybersecurity, Data Breaches, Global Security News
6 Best Bitcoin Vulnerability Scanners & Blockchain Security Tools Compared
In this post, I will talk about the 6 best Bitcoin vulnerability scanners & blockchain security tools. Last year, North Korean hackers siphoned $2 billion in cryptocurrency—about sixty percent of all reported thefts in 2025—with a single $1.5 billion exchange breach leading the spree. Google’s Quantum AI team estimates a quantum computer will break Bitcoin’s…
Global Security News
Nigerian romance scammer jailed after being caught out by fellow fraudster
A Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings – until he accidentally tried the same trick on a fellow scammer, who told him to “learn how to do a clean job.” The recovered chat logs helped put him behind bars for 15 years. Read more…
Cybersecurity, Global Security News, malware
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
AI, Global Security News
Man admits to locking thousands of Windows devices in extortion plot
A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. […]
AI, Apps, Cybersecurity, Endpoint, Global Security News, Risk Management
12 cyber industry trends revealed at RSAC 2026
The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train. Nevertheless, it was an eventful week. There were fleets of vehicles — Escalades, Rivians, trucks but curiously, no Teslas — strewn with vendor names and tag lines, and you couldn’t walk anywhere near Howard Street in…
AI, Global Security News
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. “Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the&
AI, Global Security News
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
Global Security News
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. […]
AI, Data Breaches, Global Security News, malware
Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies
Iran-linked hackers claim to have breached Israeli air defence contractor PSK Wind, which develops command and control systems. Pro-Iran Handala group announced on April 2 that it breached PSK Wind Technologies, an Israeli engineering and IT firm specializing in integrated systems for defense and critical communications, including command and control solutions. Handala appears as a…
AI, Global Security News
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coincides with a 200% increase in web traffic since the March 24 LiteLLM supply chain attack that compromised an estimated 36% of all cloud environments. LiteLLM was the victim of a supply chain attack in…
AI, Apps, Global Security News, Government & Policy
Why AI lies, cheats and steals
You can’t trust AI. Even an information-obsessed, tech-savvy person such as yourself might be forgiven for believing that AI chatbots are on a smooth path of improvement with each passing month. But when it comes to their trustworthiness, that belief is dead wrong. New research by the UK government-backed Centre for Long-Term Resilience (CLTR) found…
AI, Data Breaches, Europe, Global Security News
Trivy supply chain attack enabled European Commission cloud breach
CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses,…
Cybersecurity, Data Breaches, Europe, Global Security News
CERT-EU: European Commission hack exposes data of 30 EU entities
The European Union’s Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. […]
AI, APAC, Apps, Compliance, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Microsoft 365 explained: Office 365, rebranded and expanded
Microsoft 365 arrived to much fanfare at its launch in July 2017, with Microsoft CEO Satya Nadella promising a “fundamental departure” in how the company thinks about product creation. Nearly nine years later, Microsoft 365 has become Microsoft’s core brand for workplace productivity software, having largely replaced the Office 365 branding long associated with the…
AI, Global Security News
Microsoft releases open-source toolkit to govern autonomous AI agents
AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to deploy. The governance infrastructure to match that autonomy has lagged behind. Microsoft released the Agent…
GeekGuyBlog
The Future of AI in Cybersecurity
Discover how AI is transforming cybersecurity, enhancing threat detection, and shaping the future of digital defense strategies.
GeekGuyBlog
Hasbro Cybersecurity Breach: Understanding the Implications
Discover the implications of Hasbro’s recent cybersecurity breach and how it affects consumer data and the company’s operations.
GeekGuyBlog
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
Discover key insights from RSAC 2026 on how AI, geopolitics, and cybersecurity are shaping our future and the need for global collaboration.
Global Security News, privacy, Risk Management
Which messaging app takes the most limited approach to permissions on Android?
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that differences in permissions, background activity, and system exposure shape how much data each app can access and how often it communicates. Permissions define…
AI, Global Security News
Click, wait, repeat: Digital trust erodes one login at a time
Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time they influence how people judge the systems they rely on. The 2026 Thales Digital Trust Index reflects that…
AI, Global Security News, Risk Management
New infosec products of the month: March 2026
Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI, Stellar Cyber, Teleport, and Vicarius. Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk Beazley Security has announced its Exposure Management product, which delivers continuous, automated discovery and…
china, Global Security News
Under the Skin of America’s Humanoid Robots: Chinese Technology
Tesla and others turn to suppliers in China for components in an industry seen as strategic by both Washington and Beijing.
Global Security News
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Compliance, Global Security News, Network Security, Risk Management
Microsoft builds its own AI stack to help wean it from its reliance on OpenAI
Microsoft seems to be meeting OpenAI on its own turf, even as it continues its strategic partnership with the AI darling, with the release of three in-house, commercially-available AI models. MAI-Transcribe-1 (for speech transcription), MAI-Voice-1 (for voice generation), and MAI-Image-2 (for image creation) are now available on Microsoft Foundry and the MAI Playground. These new…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
Cloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The security vendor positioned EmDash as a far more secure site building tool that avoids the extensive cybersecurity problems with WordPress plugins. But the Cloudflare claims go far beyond cybersecurity issues. The vendor is arguing that the very nature of…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
Cloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The security vendor positioned EmDash as a far more secure site building tool that avoids the extensive cybersecurity problems with WordPress plugins. But the Cloudflare claims go far beyond cybersecurity issues. The vendor is arguing that the very nature of…
Global Security News
The College Student—and His Cat Meme—Who Hunted the World’s Biggest Cyberweapon
A flurry of powerful attacks had internet experts baffled. Benjamin Brundage had a few tricks to help solve the mystery.
Global Security News, Network Security
A Sneaky Back Door Lets Hackers Into Your Home. Here’s How to Protect Yourself.
A few tips can help you steer clear of so-called residential proxy networks, which have been used to wreak havoc online around the world.
AI, Global Security News
Why OpenAI Decided to Buy TBPN, Tech’s Hottest News Show
The tech company’s surprise purchase of the web program underscores its efforts to help shape the narrative about AI.
AI, Global Security News
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.
Global Security News
Sophos named a 2026 Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response
Third consecutive time being named a Customers’ Choice for MDR Categories: Products & Services Tags: Gartner, Gartner Peer Insights, MDR, Sophos MDR, Third-Party Reviews
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Cisco fixes critical IMC auth bypass present in many products
Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives administrators remote control over servers even when the main OS is shut down. The vulnerability,…
Global Security News
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, attempts to do exactly that, sharing benchmark results for Backblaze B2, AWS S3, Cloudflare R2, and Wasabi Object Storage across US-East and EU-Central regions, and including results where Backblaze’s own rate limits affected the…