GTA 6 Hackers Give Rockstar a Deadline to Pay for Stolen Data
Rockstar Games has been pressured by the ShinyHunters ransomware group to pay a ransom by April 14 2026 for data stolen in a third‑party breach. The attackers accessed authentication tokens through a compromised cloud‑cost monitoring tool, allowing them to infiltrate Rockstar’s Snowflake environment. Rockstar says the exposed information is limited and poses no risk to its player base, but the group threatens to leak or sell the data. The incident arrives as GTA 6’s November 2026 launch approaches, raising concerns over potential marketing fallout.
Are AI Agents Your Next Security Nightmare?
In 2026 autonomous AI agents have moved beyond chatbots to proactive systems that can plan, reason, and execute actions across corporate networks. Incidents like the OpenClaw shadow‑AI deployments expose thousands of instances without authentication, highlighting the danger of ungoverned agents....
Los Angeles Data Breach Exposes LAPD Personnel and Litigation Records
In late March, ransomware group WorldLeaks claimed to have exfiltrated roughly 7.7 TB of data from the Los Angeles City Attorney’s office, including 340,000 files of LAPD personnel, internal affairs, litigation, and medical records. The data was stored on an unsecured...
FBI Classifies Suspected Chinese Breach of Wiretap Surveillance System as ‘Major Incident’
The FBI announced that a suspected Chinese state‑sponsored intrusion compromised its Digital Collection System Network (DCSNet), the internal platform that manages pen‑register and trap‑and‑trace wiretap data. The breach, achieved through a commercial ISP vendor, was classified as a “major incident”...
AWS Security Digest #256 - TY Mythos
AWS inadvertently pushed a test IAM managed policy into production, a slip caught by IAM Trail. The incident coincides with the first Mythos‑reported vulnerability appearing in AWS security bulletin 2026‑015, highlighting AI‑driven code‑scanning efforts under Project Glasswing. Research disclosed critical flaws in...
How Claude Mythos Preview Found Thousands of Zero-Day Vulnerabilities and Why the Health Tech Sector’s Absence From Project Glasswing Should...
On April 7, 2026 Anthropic unveiled Claude Mythos Preview, an AI model that autonomously discovered thousands of zero‑day vulnerabilities across major operating systems and browsers. The company kept the model private and launched Project Glasswing, a defensive coalition of 40+...
Iran-Linked Group Handala Claims to Have Breached Three Major UAE Organizations
Handala, an Iran‑linked hacktivist group believed to be a front for Void Manticore, claimed a massive cyberattack on three UAE agencies—Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority. The group alleges it destroyed six petabytes of data...
CPUID Watering Hole Attack Spreads STX RAT Malware
Threat actors compromised the CPUID website between April 9‑10, 2026, swapping legitimate CPU‑Z and HWMonitor download links with malicious installers for roughly six hours. The trojanized files contained a malicious DLL that used DLL sideloading to deliver the STX remote‑access trojan,...
Token Is All You Need: Finding 0days with LLMs and Agentic AI
The blog details how large language models (LLMs) have transformed zero‑day discovery from a niche skill into a scalable service. By using the "Carlini Loop"—a file‑by‑file prompting technique—Anthropic, OpenAI and open‑source projects have uncovered hundreds of high‑severity bugs in heavily...
CESNET, Ribbon Achieve PoC in Quantum-Secured Optical Networking
Ribbon Communications announced the successful completion of a quantum key distribution (QKD) proof‑of‑concept with CESNET, the Czech Republic’s national academic network. The test used Ribbon’s Apollo optical platform to deliver Layer‑1 encryption with virtually zero latency, proving quantum‑secured transmission can...
OpenAI Pulls the Plug on macOS Signatures Following a Supply Chain Incident
OpenAI disclosed a supply‑chain attack that compromised the Axios library used in its macOS app‑signing workflow on March 31, 2026. The breach gave attackers access to the certificate used to sign ChatGPT Desktop, Codex, Codex‑cli and Atlas, prompting OpenAI to revoke and...
Last Week Ignite - 4/12/2026
Anthropic introduced Project Glasswing, releasing the Claude Mythos Preview—a frontier AI model designed to scan and harden critical software—for a closed group of launch partners on April 7. The company explicitly stated that Mythos will not be made broadly available, signaling a...
Linux Out-Of-Bounds Access Fixed For Unprivileged Users With Specially Crafted Certs
A three‑year‑old out‑of‑bounds read in the Linux kernel’s X.509 certificate parser could be triggered by an unprivileged user submitting a specially crafted certificate via the keyrings API. The flaw, present since the 6.4 release in 2023, risked kernel crashes, denial‑of‑service...
AI Only Has to Beat 3/10
The author argues that the prevailing myth of AI as a super‑intelligent threat is misplaced. Most companies and their cybersecurity postures operate at roughly a 3‑out‑of‑10 effectiveness level, while current AI tools sit around a 5‑to‑6 rating. Because AI can...
Hackers Claim Control over Venice San Marco Anti-Flood Pumps
Hackers claiming to be the "Infrastructure Destruction Squad" breached the operational technology controlling Venice’s San Marco flood‑gate system in late March, asserting they could disable defenses and flood the historic piazza. The group posted screenshots of control panels on Telegram...
Nessus Essentials: Complete Guide for Security Professionals (2026)
Tenable’s free Nessus Essentials provides the same scanning engine and full plugin library as its paid versions, but restricts users to 16 IP addresses per activation and omits compliance, content‑audit, live‑update, virtual appliance, and agent capabilities. The rebranding removed the...
Day 156: Building Your Security Command Center - SIEM Implementation
The post walks security leaders through building a Security Information and Event Management (SIEM) platform tailored for a financial services firm handling millions of transactions daily. It outlines how raw logs—from user logins to network traffic—are normalized, correlated, and scored...
Motherboard Updates Suddenly Become Mandatory: Secure Boot Certificates Are Forcing Manufacturers and Users to Take Action Before June 2026
Microsoft will retire the 2011 Secure Boot certificates in June 2026 (with additional expirations in October), replacing them with 2023 versions. OEMs such as ASUS and MSI have already warned that BIOS updates must include the new KEK and DB...
Pete Recommends – Weekly Highlights on Cyber Security Issues, April 11, 2026
Cybercriminals are now embedding emojis in malicious communications to sidestep keyword‑based detection, while AI‑driven phishing campaigns target IRS filings and job seekers using tools like Google’s AppSheet. A Flashpoint report highlights the rise of emoji‑laden scams, and the FBI notes...
“The FTC Does Not Have Our Backs, that Much Is Clear”
The FTC reached a settlement with Match Group’s OKCupid over the app’s undisclosed sharing of user photos with facial‑recognition firm Clarifai. The agreement imposes a permanent ban on misrepresenting data practices but carries no monetary penalty, despite executives holding financial...
Small Models Also Found the Vulnerabilities that Mythos Found
Researchers tested a suite of inexpensive, open‑weight language models on the same code snippets Anthropic highlighted for its Mythos system. All eight small models flagged Mythos's flagship FreeBSD exploit, including a 3.6 billion‑parameter model that costs roughly $0.11 per million tokens....
"Catch Me If You Can": DT Using AI to Kill Deepfakes
Telecom voice networks are being overrun by fraud, with more than half of global calls now deepfakes, scams or extortion attempts, and the rate exceeds 60% in Mexico. This crisis has driven users to ignore unknown calls and rely on...
OpenAI MYTHOS, Gemini Agents & Anthropic’s New Strategy Explained
OpenAI unveiled MYTHOS, a restricted AI model built on GPT‑5.3 Codex aimed at cybersecurity and available only to vetted partners. The same Codex platform is being reshaped into a “super app” that bundles chat, automation, native image/video rendering, background task...
Claude Mythos Preview Just Dropped. And It's Sort of Scary.
Anthropic unveiled Claude Mythos, an AI‑driven tool that discovers and exploits zero‑day vulnerabilities across Windows, macOS, Linux, Chrome and Safari. The service claims to complete penetration testing in hours for $99, versus traditional engagements that cost $5K‑$50K and take weeks....
Fordham 33 (Report 2): Top 5 Takeaways: Data Governance, Privacy, & Cybersecurity in an AI World
The Fordham Law data governance session highlighted how AI is upending traditional data‑management practices, demanding full traceability and new vendor oversight. Panelists compared stark regulatory splits, noting the EU’s aggressive AI legislation versus Japan’s relaxed consent rules for training data....
Five Slices of Swiss Cheese Between Your Agent and Everyone Else
The blog applies James Reason’s Swiss‑cheese safety model to AI‑agent platforms, arguing that a single security layer is insufficient when agents can execute arbitrary code. KiloClaw implements five independent tenant‑isolation slices—authentication, application, network, process, and storage—each built on distinct technologies...
0.03% of XRP Quantum Vulnerable vs 33% of BTC
New research, citing Google’s recent quantum‑computing paper, finds that only 0.03% of XRP’s circulating supply is vulnerable to a quantum attack, compared with roughly 33% of Bitcoin. The breakthrough reduces the qubit threshold for breaking Bitcoin’s ECC‑256 encryption to under...
MediStreams Achieves Clean SOC 2 Type II Certification, Strengthening Security in Healthcare Revenue Cycle Management and Payment Automation
MediStreams announced it has received a clean SOC 2 Type II audit for the full 2025 calendar year, covering Security, Availability, and Processing Integrity. The unqualified opinion was issued by independent CPA firm Aprio LLP after a year‑long assessment of its payment‑posting...
What “Lilith” Actually Is
Lilith is an open‑source C++ remote administration tool designed for hands‑on learning of RAT architecture and command‑and‑control techniques. The project requires solid C++ skills, Windows internals knowledge, and a sandboxed virtual lab to compile and run safely. By building the...
CryptoNext Security First in EU With Full NIST Quantum-Safe Certification
CryptoNext Security became the first European Union company to achieve full NIST quantum‑safe certification, confirming its implementation of the three standardized post‑quantum algorithms—CRYSTALS‑Kyber, CRYSTALS‑Dilithium and Falcon—within ProvenRun’s ProvenHSM hardware security module. The NIST CAVP validation extends beyond software, proving hardware‑level...
Ransomware Attack on ChipSoft Knocks EHR Services Offline Across Hospitals in the Netherlands and Belgium
Dutch health‑IT firm ChipSoft confirmed a ransomware breach on April 7 that forced its flagship HiX electronic health‑record platform offline in the Netherlands and Belgium. The attack prompted the Dutch CERT (Z‑CERT) to shut down patient portals, HiX Mobile and the...
Big Tech, Big Exposure: Data From Over 3.5 Million Accounts Handed to US Authorities
Proton’s new research shows Google, Apple and Meta have handed over data from over 3.5 million user accounts to U.S. authorities in the past decade, a 770 % increase since transparency reporting began. In the first half of 2025 alone, more than...
Catalogic Software Delivers Full NDMP Web Management and Advanced Encryption Controls with DPX 4.15
Catalogic Software unveiled DPX 4.15, its latest all‑in‑one backup and recovery platform, adding full NDMP management through a web interface, tag‑based VMware backup policies, and KMIP‑compliant key management for vStor. The release also encrypts data before it is sent to cloud...
Telia Norway Stops over 8 Mln Scam Calls to Mobile Lines in Q1
Telia Norway reported that it blocked 8.4 million fraudulent calls from reaching mobile users in Q1 2026, potentially preventing roughly NOK 250 million (about $27.5 million) in losses. The telecom operator highlighted a surge in targeted SMS‑based attacks known as spearfishing, which aim at extracting...
AI Voice Scams, Airline Fee Hacks and the Apps Keeping You Hooked
The Rich on Tech weekend show highlighted three pressing tech trends: AI‑generated voice scams are becoming more convincing as bots outnumber humans online, allowing fraudsters to clone personal voices from brief recordings. Airline travel costs are climbing, with checked‑bag fees...
JSON Web Tokens Explained: The Authentication Pattern Behind Every Modern API
JSON Web Tokens (JWT) have become the de‑facto standard for stateless authentication in modern APIs. By embedding user identifiers and permission claims directly in a signed token, servers can verify identity without consulting a central session store. This eliminates the...
Warning: CPUID Suspected of Being a Virus; Suspicious HWMonitor Downloads Raise Alarms
On April 10 2026 users downloading CPUID’s HWMonitor 1.63 encountered an unexpected installer named HWiNFO_Monitor_Setup.exe, which triggered Windows Defender warnings and displayed Russian‑language dialogs. Community reports on Reddit confirm the mismatch between the advertised hwmonitor_1.63.exe file and the received executable, suggesting a tampered...
Meta’s New AI Asked for My Raw Health Data and Gave Me Terrible Advice
Meta’s Superintelligence Labs unveiled Muse Spark, a generative AI model that invites users to paste raw health data such as lab results or fitness‑tracker readings. The bot promises trend analysis and visualizations, but early testing showed it offering vague or incorrect...
Tesla Hits FSD Hackers with Surprise Move
Tesla has begun remotely disabling Full Self‑Driving (FSD) on vehicles fitted with third‑party CAN‑bus hacks that unlock the feature in markets where it is not approved. The crackdown, announced in early April, targets owners in Europe, China, Japan, South Korea...
Why Backup Automation Is Critical for Agency Hosting
Digital agencies face site failures that can cost revenue, SEO rankings, and reputation. Manual backups are error‑prone; automated backups provide reliable, frequent snapshots with retention. A modern system should deliver daily backups, 30‑day history, one‑click restores, and client‑visible reporting. Implementing...
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
Mallory announced an AI‑native threat‑intelligence platform that translates global adversary data into prioritized, actionable cases for enterprise security teams. The solution monitors thousands of threat sources, maps them to a company’s actual attack surface, and delivers real‑time answers rather than...
‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online
Bellingcat uncovered nearly 800 compromised email‑password pairs belonging to 12 of Hungary’s 13 ministries, exposing senior officials in defence, foreign affairs and interior ministries. The breaches, traced through the Darkside breach database, reveal simple passwords like "Password" and "1234567" as...
Did Your IT Department Tell You About What Happened in AI This Week?
Anthropic unveiled Mythos, an AI model that identified tens of thousands of hidden vulnerabilities across banks, hospitals, operating systems and browsers, prompting a coordinated warning to twelve leading tech firms through Project Glasswing. Simultaneously, the company launched Claude Managed Agents,...
On Microsoft’s Lousy Cloud Security
In late 2024, federal cybersecurity evaluators warned that Microsoft’s Government Community Cloud High (GCC High) lacked detailed security documentation, describing the offering as “a pile of shit.” Despite the criticism, FedRAMP granted the cloud service an authorization, attaching a “buyer beware” disclaimer....
Certes Launches V7 Platform with Quantum-Safe Encryption Across Hybrid Cloud and Edge Environments
Certes has unveiled version 7 of its Data Protection and Risk Mitigation platform, extending post‑quantum cryptography to hybrid‑cloud, edge and AI workloads. The update introduces per‑flow quantum‑safe encryption and cryptographic micro‑segmentation that can be deployed in days without rewriting legacy applications....
The Alleged Breach of China’s National Supercomputing Center Can Have Serious Geopolitical Consequences
A hacker group called FlamingChina claims to have exfiltrated more than 10 petabytes of classified military, aerospace and scientific data from China’s National Supercomputing Center in Tianjin. The breach allegedly lasted six months, using a compromised VPN and a botnet to...
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
Keeper Security has upgraded its Remote Browser Isolation (RBI) within KeeperPAM, adding multi‑tab browsing, full JavaScript support, and administrator‑controlled file uploads. The enhancements also extend KeeperAI‑powered session monitoring to RBI, enabling real‑time anomaly detection across privileged sessions. These changes aim...
Voltage Fault Injection: The Physical Hack That Breaks Open-Source Bitcoin Hardware.
The post reveals that voltage fault injection—a laboratory‑grade physical attack—can compromise 100% open‑source Bitcoin hardware wallets by directly manipulating silicon to bypass PIN protection. Even devices with transparent firmware like Trezor or Blockstream Jade are vulnerable when an adversary gains...
When Your Legal Tech Vendor Gets Breached: DocketWise Incident Exposes 116,666 Immigration Records and a Profession’s Blind Spot
DocketWise, a cloud‑based immigration case‑management platform, suffered a supply‑chain breach that exposed the personal records of 116,666 individuals, including Social Security numbers, passports, medical data and attorney‑client communications. The intrusion began in September 2025, was detected in October, confirmed in...
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
A recent comparative study scanned the internet for Modbus‑exposed industrial control system (ICS) devices and identified 179 likely live units, with the United States accounting for 57 of them. The research highlights that many of these devices run legacy protocols...