How Push Notifications Can Betray Your Privacy (and What to Do About It)
Push notifications travel through Apple or Google servers before reaching a device, exposing message content and metadata to the platform providers. Law‑enforcement can compel these companies to hand over notification data, and forensic tools can recover deleted notifications from a phone’s internal storage. Secure‑messaging apps like Signal and WhatsApp now offer granular notification controls to limit what appears on lock screens. Adjusting OS‑wide and app‑specific settings can mitigate the privacy risks inherent in push‑based alerts.
Cyber Incidents’ “Long Tail” Impact on Shareholder Value
A new ISS STOXX and ISS‑Corporate study of 176 cyber events in Russell 3000 firms shows that companies hit by significant breaches underperform the market by roughly 5% over a three‑year horizon. The underperformance persists for more than a year, indicating a...
Piodata SecureX USB Flash Drive with Enterprise-Grade Security
Piodata unveiled SecureX, a USB flash drive that combines AES‑256 encryption with biometric authentication and cross‑platform compatibility. The device supports PCs, Macs, iOS, and Android, and is Apple MFi‑certified for seamless iPhone and iPad use. Its proprietary Trust Circle technology...
Regulators Confront AI-Driven Cyber Risk After Anthropic Warning
British regulators—including the Bank of England, FCA and NCSC—are urgently assessing Anthropic’s new AI model Claude Mythos Preview after it flagged thousands of serious software vulnerabilities. The model, released as a gated research project called Glasswing, has prompted parallel concern...
Sweden Reports Cyberattack Attempt on Heating Plant Amid Rising Energy Threats
Sweden’s civil defense ministry confirmed that a pro‑Russian group attempted a cyberattack on a western heating plant in 2025, but the intrusion was stopped. The operation is tied to Russian intelligence and mirrors a wave of sabotage that has hit...
The Data Sovereignty Vise: Two Governments, One Compliance Trap, No Safe Harbor
China’s State Council rolled out two sweeping regulations in April 2024—Decree 834 on industrial and supply‑chain security and Decree 835 on countering foreign extraterritorial jurisdiction—both effective immediately and without a transition period. The rules clash directly with the U.S. Department of Justice’s Data...
Timely Takes Podcast: J.T. Ho’s Latest “Fast Five”
Cleary Gottlieb’s J.T. Ho hosts the latest Timely Takes podcast, delivering a monthly briefing on securities and governance trends. The episode covers five hot topics: prediction‑market considerations for public companies, board‑level cybersecurity guidance amid cyber‑warfare, the 2026 CISO AI Risk...
Smashing Security Podcast #463: This AI Company Leaked Its Own Code. It’s Also Built Something Terrifying
In the Smashing Security #463 episode, host Graham Cluley and guest Tanya Janca discuss Anthropic’s accidental leak of the Claude Code CLI source via a mis‑published source‑map and the company’s new AI model, Mythos, which can autonomously discover and chain...
Five Carriers Got Breached. They Wouldn't Insure Themselves
Over the past year ransomware group Scattered Spider breached five major insurers—Beacon Mutual, Farmers, Erie, Philadelphia Insurance Companies, and Aflac—by exploiting help‑desk social engineering, incomplete multi‑factor authentication, and weak endpoint monitoring. Those same control failures are now non‑negotiable requirements in...
Copy of Trump’s Cyber Strategy Is a Strong Playbook, but It’s All in the Execution
The White House released a new National Cyber Strategy that structures U.S. cyber policy into six pillars, ranging from offensive capabilities to workforce development. While the document names Russia and China as top adversaries and outlines modernizing steps like zero‑trust...
DefenseClaw, MAESTRO, and the Security Boundary Agentic AI Has Been Missing
DefenseClaw is an open‑source security control plane built for the OpenClaw autonomous AI agent. It centralizes asset scanning, AI Bill of Materials generation, policy enforcement, and optional NVIDIA OpenShell sandboxing to protect both supply‑chain and runtime operations. By integrating Cisco...
NTT Scale Academy: Quantum Startup Incubator
NTT Research unveiled Scale Academy, a startup incubator aimed at turning its lab discoveries into market‑ready products. Its first offering, SaltGrain, is a zero‑trust data security suite built on attribute‑based encryption originally proposed by Sahai and Waters. The suite provides...
U.S. CISA Adds Microsoft SharePoint Server, and Microsoft Office Excel Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog: CVE‑2009‑0238, a remote‑code‑execution bug in Excel, and CVE‑2026‑32201, a spoofing/XSS issue in SharePoint Server. The Excel vulnerability carries a CVSS...
Effective Defense Against Hacks at the Edge
PQShield unveiled its MicroCore IP, a post‑quantum security suite that fits within as little as 5 KB of SRAM for edge‑device IoT applications. The offering covers secure boot, post‑quantum TLS, and side‑channel‑resistant cryptography, all deliverable as software‑only updates or with optional...
How the Enterprise Supply Chain Has Created a Global Attack Surface
Enterprises are increasingly exposed to cyber threats through their expanding global supplier ecosystems. Third‑ and fourth‑party vendors, cloud services, and offshore teams now form a sprawling attack surface that extends far beyond traditional network perimeters. Geopolitical tensions, such as the...
