The order is a slimmed-down version of the one Trump shelved last month and asks AI companies to give the administration access to powerful models 30 days before public release.
Tag: last
AI, Exploits, Global Security News
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs…
AI, Cybersecurity, Global Security News, Network Security
Cisco Live 2026 Preview: AI, Security, and Partner Changes
Ahead of its annual North American conference in Las Vegas, Cisco has spent the last few months rolling out a steady stream of AI-focused announcements touching nearly every corner of its business, from networking and cybersecurity to certifications and channel programs. Recent earnings report shows record revenue due to AI infrastructure demand The company’s latest…
AI, Data Breaches, Exploits, Global Security News
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. Earbud sensors can authenticate users by their heartbeat, study…
AI, Global Security News
Weekly Update 505
Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made, and I posited that groups like this often go…
Data Breaches, Global Security News
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
EnterpriseClaw wants to bring governance to the OpenClaw era
Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly. Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since. Automation Anywhere Tuesday rolled…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Attackers couldn’t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday. The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects…
Global Security News
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. […]
AI, Global Security News, malware
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. […]
Exploits, Global Security News
Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote code execution, all achievable by sending a specially crafted HTTP request to a…
AI, Cybersecurity, Exploits, Global Security News, Network Security
Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet…
AI, Exploits, Global Security News, Network Security
Meet Fragnesia, the third Linux kernel vulnerability in a month
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by…
Global Security News, Network Security, Risk Management
The hidden smart fridge risks that emerge years after purchase
Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide, and the findings reach further than the kitchen. The study examines three current models on the…
AI, Data Breaches, Exploits, Global Security News
Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workplace apps, including Gmail, Microsoft Teams, Zoom, Slack, and Notion,…
AI, Global Security News
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […]
AI, Global Security News
SSL.com rotates their root certificate today, (Tue, May 5th)
I just got an email from SSL.com last night, they are rotating out their root certificate today (May 5,2026). This is normal, business as usual stuff for a CA, but certificates get used for all kinds of things, and sometimes they aren’t used like they should be, so sometimes hiccups happen. If you are using…
AI, Global Security News
Microsoft now has more than 20M paying Copilot users
Microsoft CEO Satya Nadella last week announced that the company now has more than 20 million enterprise users paying for Microsoft Copilot, according to TechCrunch. That’s up 33% from the 15 million paying customers Microsoft claimed in January. The AI assistant is now directly integrated in programs such as Word, Excel, and Outlook and Microsoft…
AI, Europe, Global Security News, Risk Management
Apple is preparing to spend, but not necessarily on AI
Apple last week nixed its long-held “net cash neutral” target, a move analysts see as giving the company more flexibility to make massive infrastructure investments or acquisitions. Naturally, as AI is the only thing that seems to matter in tech these days, commentators rushed to speculate on potential acquisition targets in the AI space. The thing…
AI, Global Security News
What’s Next in the Elon Musk Megatrial Against OpenAI and Sam Altman
Musk testified for nearly three days last week in a case that would oust Altman and unwind OpenAI’s for-profit conversion
AI, Exploits, Global Security News
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model…
Cybersecurity, Global Security News
Name That Toon: Mark of (Security) Progress
Feeling creative? Have something to say about the last 20 years of cybersecurity? Our editors will award the best cybersecurity-related caption with a $20 gift card.
Global Security News
Elon Musk’s Tesla Compensation Last Year Surpassed $158 Billion
Shareholders approved the compensation last year to encourage Musk to spend time at the company.
AI, Compliance, Global Security News, Risk Management
Adaptive Security Leadership in an Expanding Threat Surface
Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…
Global Security News, malware
Vidar Rises to Top of Chaotic Infostealer Market
The malware has filled the gap created by last year’s law enforcement takedowns of Lumma and Rhadamanthys.
Global Security News
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
In our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can function without an issuance process. This blog post explores what it takes…
AI, Data Breaches, Global Security News, Network Security
Medtronic confirms breach after hackers claim 9 million records theft
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.” […]
AI, Data Breaches, Global Security News, malware
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific…
AI, Global Security News
AI Phishing Is No. 1 With a Bullet for Cyberattackers
In the last six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.
AI, Global Security News
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that…
Global Security News
Your old phone is worth more than you think, and a $262 billion market knows it
Somewhere between your last phone upgrade and the drawer where your old one now sits, a quarter-trillion-dollar market is humming along. The circular tech economy, the business of refurbishing, reselling and redistributing pre-owned devices, has quietly grown into one of the most consequential shifts in global electronics.
AI, Global Security News, malware
New Lotus data wiper used against Venezuelan energy, utility firms
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. […]
AI, Cybersecurity, Data Breaches, Exploits, Global Security News
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing
AI, Exploits, Global Security News
Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Bringing governance and visibility to machine and AI identities In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a…
AI, Global Security News
Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits
Google shipped Android 17 Beta 4 on April 16, marking the last scheduled beta in the Android 17 release cycle. The build targets app compatibility testing and platform stability ahead of the final release, and it carries several behavior changes that developers need to account for before the stable version ships. Supported Pixel devices can…
AI, china, Global Security News, Network Security
We’re only seeing the tip of the chip-smuggling iceberg
Last year, Nvidia CEO Jensen Huang repeatedly denied that China was obtaining America’s most advanced chips. ‘There’s no evidence of any AI chip diversion,’ he said, dismissing such reports on another occasion as ‘tall tales.’ Federal prosecutors would beg to differ. They’ve charged six men over the past three weeks with smuggling billions of dollars’…
AI, Global Security News, malware
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our…
AI, Apps, Global Security News, Risk Management
Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the “EncystPHP” web shell. Fortinet wrote about…
Exploits, Global Security News, Network Security
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026
Exploits, Global Security News
Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google…
AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy
Why is the timeline to quantum-proof everything constantly shrinking?
When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…
AI, Apps, Global Security News
The top priority for Adobe’s next CEO? Prepping for the ‘age of agents’
Adobe’s Shantanu Narayen announced plans to step down as CEO last month after 18 years leading software vendor through several periods of tech change from the arrival of the cloud, mobile computing, and the early days of artificial intelligence. For whomever is tapped next for the top job — the search is expected to…
AI, Global Security News
Meta Announces New AI Model in Major Test of Company’s Ambitions
The disappointment of last model’s release more than a year ago led to an expensive overhaul of the company’s AI operations.
AI, Data Breaches, Global Security News
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. […]
Global Security News
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building “a functioning operational presence inside the Drift ecosystem.” […]
AI, Exploits, Global Security News
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A joint paper from the…
Global Security News
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
Most UK manufacturers compromised last year suffered financial loss, says ESET
AI, Europe, Global Security News, Government & Policy, Network Security, Risk Management
Microsoft facing CMA probe of its business software portfolio
The regulatory body which last year accused Microsoft of inflating its office software’s license prices when it was run on rival cloud platforms to make those platforms less appealing, said Tuesday it will conduct a further investigation into the company’s entire business software ecosystem. The probe by the UK’s Competition and Markets Authority (CMA), scheduled…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Politics, Risk Management
The external pressures redefining cybersecurity risk
Over the last four years, I’ve watched organizations get blindsided by threats that originated in a third-party network. More than 35% of data breaches are caused by a compromised vendor or partner, not by any failure in the organization’s controls. While many organizations know that the biggest threats to their security come from forces entirely…
AI, Global Security News, Network Security
Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST updates its DNS security guidance for the first time in over a decade DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management
AI regulations are already out of date — IT leaders need to think ahead
Most AI regulations passed in the last few years are already irrelevant, but enterprises should think ahead with rudimentary governance plans for quicker compliance, said legal experts in two panel discussions at Nvidia’s GTC trade show last week. Current AI regulations target frontier models, high-risk models, and transparency. They typically focus on LLMs and the…
Global Security News
OpenAI Set to Discontinue Sora Video Platform App
The app, released last year, allowed people to insert themselves into famous movie scenes, among other functions.
AI, Global Security News
Apple goes global with key MDM tools and services for business
As it steadily grows its share in business markets, Apple has at last introduced its very useful collection of services for small and mid-sized businesses (SMBs), Apple Business Essentials, outside the US; except it’s not called Apple Business Essentials, and much of it will be free. First introduced November 2021 following the company’s acquisition of Fleetsmith, Business Essentials is…
AI, Global Security News
Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
So, I’ve been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review (/security-review) some of my python scripts. He found more than I’d like to admit, so I checked in a bunch of updates. In reviewing his suggestions, he was right, I made…
AI, Apps, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management
Why US companies must be ready for quantum by 2030: A practical roadmap
Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the usual suspects: TLS on the edge, our VPN and the certificates on laptops. Then we pulled up a dependency map and the…
AI, Cybersecurity, Exploits, Global Security News
Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how…
AI, Global Security News
I.T. is Eighty, an Ageing Boomer
The digital computing machine is at the end of a Rogers’ innovation curve. Is “AI” just a last hurrah?
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Are nations ready to be the cybersecurity insurers of last resort?
A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (JLR) should have happened in the first place. Speaking at an event hosted…
AI, Global Security News
Armis Research Reveals Australia Experiencing the Highest Volume of Cyberwarfare Attacks of Any Country Globally
GUEST RESEARCH: A rising number (72%, up from 56% last year) of Australian respondents have had to report an act of cyberwarfare to authorities, the most of any country surveyed for this report 77% of Australian IT professionals believe the ability of nation-states to harness AI for cyber operations will widen the gap between attackers…
AI, Global Security News
Average Number of Daily API Attacks Up 113% Annually
Akamai says 87% of organizations suffered an API-related security incident last year
Global Security News
Stryker attack wiped tens of thousands of devices, no malware needed
Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. […]
AI, Cybersecurity, Global Security News, malware
Week in review: AiTM phishing kit used to hijack AWS accounts, year-long malware campaign targets HR
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning expertise into opportunity for women in cybersecurity Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women…
AI, Global Security News, Risk Management
Apple says its upcoming 50th birthday treat is you
So soon after Apple’s big product launches last week, Apple CEO Tim Cook shared a letter to mark the upcoming 50th anniversary since the founding of Apple on April 1, 1976. It is strange to see Apple grapple with the concept of an anniversary. It isn’t usually a company that does this, as it tends to focus on…
AI, Global Security News, malware, Network Security
PhantomRaven returns to npm with 88 bad packages
Last year’s “PhantomRaven” supply-chain campaign is back, with security researchers uncovering 88 new malicious packages in what they describe as the second, third, and fourth waves of the operation. According to Endor Labs findings, the newly discovered packages were published between November 2025 and February 2026, with 81 of them still available on npm along…
AI, Global Security News, Network Security, privacy, Venture
The best Android keyboard apps for on-the-go productivity
Quick: When was the last time you thought about the keyboard app on your phone? If you’re like most people, the answer is probably somewhere between “a ridiculously long time ago” and “never.” And it’s no wonder: Keyboard apps are easy to forget! You install one — or stick with whatever came loaded on your…
AI, Global Security News, Government & Policy, Network Security, privacy
Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
Last week, two related RFCs were published: RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings RFC 9849: TLS Encrypted Client Hello These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the early implementers and proponents, has been in use for a while. Amidst an increased concern about threats to privacy…
AI, Apps, Global Security News, malware
Week in review: Weaponized OAuth redirection logic delivers malware, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution…
AI, china, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Russia
Zero-day exploits hit enterprises faster and harder
Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies such as security appliances, VPNs, networking devices, and enterprise software platforms. “Increased exploitation of security and networking…
AI, Apps, Exploits, Global Security News, malware
Week in review: Self-spreading npm malware hits developers, Cisco SD-WAN 0-day exploited since 2023
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Identity verification systems are struggling with synthetic fraud Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and…
AI, Global Security News
Ransomware payment rate drops to record low as attacks surge
The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. […]
AI, Global Security News
Ransomware payment rate drops to record low as attacks surge
The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. […]
AI, APAC, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
There’s a phrase that’s become gospel in cybersecurity: “Employees are the last line of defense.” We’ve built an entire industry around it. Billions of dollars in security awareness programs, mandatory simulations and user-reporting workflows across endpoints, applications and collaboration tools. All predicated on a premise that sounds reasonable until you examine what we’re actually asking.…
AI, Funding, Global Security News, Government & Policy, privacy
Microsoft undercuts its kinder, gentler image with big ICE contract
For at least the last six or so years, Microsoft has worked hard to portray itself as a kinder, gentler tech company, a stark contrast to other Big Tech behemoths like Meta, Google, Amazon, and — since Donald J. Trump’s election to the presidency in 2024 — Apple. Even The New York Times has noted…
Global Security News
Spitting Cash: ATM Jackpotting Attacks Surged in 2025
The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade.
AI, Global Security News, malware
Another day, another malicious JPEG, (Mon, Feb 23rd)
In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, I’ve not come across the malicious “MSI image” myself, but while I was going over malware samples that were caught by one of my customer’s e-mail proxies during last week, I found…
Global Security News
University of Mississippi Medical Center Still Offline After Ransomware Attack
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday
AI, Global Security News
Google launches Pixel 10a for AUD $849, which is $500 cheaper than Pixel 10 but with G4 chip
Google has announced the Pixel 10a officially, after some teasers in the last couple of weeks that came despite an embargo for the press, available to pre-order now – and on store shelves from March 5 in just a couple of weeks, but is the Pixel 9a a better deal for the budget conscious?
AI, Exploits, Global Security News
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help…
Global Security News, malware
FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money. […]
AI, Exploits, Global Security News, Risk Management
Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In this Help Net Security interview, Deneen DeFiore, VP and CISO at United Airlines, explains how the company approaches modernization without compromising safety-critical environments, why resilience and continuity matter as…
AI, Apps, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
The democratization of AI data poisoning and how to protect your organization
Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks. The assumption has been that poisoning the foundational model, the real brains behind AI systems, requires technical expertise, privileged access, or a coordinated threat group. That assumption no longer holds, and it marks a significant shift in how…
AI, Apple, Don't miss, Exploits, Global Security News, Hot stuff, News
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…
AI, Apps, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Global Group ransomware gang running new campaign using Windows shortcut files
When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees…
AI, Data Breaches, Exploits, Global Security News, Network Security
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said. “Prior to the breach, we…
AI, Apps, Data Breaches, Global Security News, Network Security, Security
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. […]
AI, Apps, Data Breaches, Global Security News, Network Security, Security
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. […]
AI, Apps, Europe, Global Security News, Government & Policy, Government, Industry, Laws and Regulations, Markets, Technology Industry
How the EU’s trade ‘bazooka’ could hit the US tech sector
When the Trump Administration threatened tariffs last month against countries looking to block any plan to annex Greenland, European leaders debated responding with the region’s trade “bazooka” – a retaliation mechanism that could target US tech firms selling into the European Union. The anti-coercion instrument, introduced in 2023 and so far unused, is designed to deter…
AI, Global Security News
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+
Pindrop warns of 1210% increase in AI-powered fraud last year
AI, Global Security News, privacy
Replit panics, and the AI that will kill you
Those of you who tuned in to last week’s episode (#428) will have heard the big news from my podcast pal Carole that she’s decided to move on from her co-hosting duties on the show. There have been some lovely messages of support sent through for Carole, and indeed for me too. Thank you very…
AI, APAC, china, chips, Cybersecurity, Enterprise, Europe, Funding, Global Security News, Government & Policy, Intel, Russia
Intel’s Fab Moves in Europe Could Change Chip Industry
For much of the last two decades, the microprocessor market has been defined by companies divorcing themselves from manufacturing to focus solely on design and sales. But since the pandemic, and now the war in Ukraine, it has become clear that this business model puts too much manufacturing capacity in Asia and creates huge supply…
AI, APAC, china, Cybersecurity, Europe, Funding, Global Security News, Government & Policy, Russia
Intel’s Fab Moves in Europe Could Change Chip Industry
For much of the last two decades, the microprocessor market has been defined by companies divorcing themselves from manufacturing to focus solely on design and sales. But since the pandemic, and now the war in Ukraine, it has become clear that this business model puts too much manufacturing capacity in Asia and creates huge supply…