90% of Firms Plan PQC Funding, Sectigo Offers Low-Risk Path
Sectigo has added Private PQC to its Certificate Manager, letting enterprises test post‑quantum TLS certificates directly in live PKI workflows. The move responds to a survey showing 90% of firms plan to fund PQC projects within the next 12 months, while Google and Cloudflare have pushed their migration targets to 2029. Private PQC integrates ML‑DSA algorithms and a virtual HSM, offering policy‑based approvals and visibility without disrupting existing infrastructure. The feature is positioned as a low‑risk bridge toward full quantum‑resistant digital trust.
BTQ, Daou Data Partner on Post-Quantum Security
BTQ Technologies and Daou Data have teamed up to embed hardware‑rooted post‑quantum cryptography into Korea’s payment gateways and value‑added networks. The collaboration builds on BTQ’s prior investment in Keypair, enabling faster integration of dedicated cryptographic modules. By securing key generation...
Blog 113a. Is Your Email Stealing Your Identity?
Email has become the primary digital identity anchor, governing password resets, financial approvals, SaaS access, and enterprise workflows. Traditional phishing defenses focused on spotting suspicious sender addresses, but that model is now obsolete. Modern attackers compromise the legitimate account itself,...
Only 16% of Businesses Are Fully Compliant with NIS2 Despite 2024 Compliance Deadline
A CyberSmart survey of 670 leaders across eight European countries found that only 16% feel fully compliant with the EU’s NIS2 directive, despite the October 2024 transposition deadline having passed. Budget constraints (20%) and lack of implementation guidance (16%) are the...
Claude Mythos Is Everyone’s Problem
Anthropic has unveiled Claude Mythos Preview, an AI model that can locate thousands of software vulnerabilities across major operating systems and browsers. The tool is being offered exclusively to a consortium that includes Apple, Microsoft, Google and Nvidia for internal...
PHP Composer Flaws Enable Remote Command Execution via Perforce VCS
Two high‑severity command‑injection flaws were discovered in PHP Composer’s Perforce VCS driver (CVE‑2026‑40176 and CVE‑2026‑40261). The vulnerabilities allow attackers to inject shell commands via malicious composer.json files or crafted source references, potentially executing code with the user’s privileges. Composer versions...
Europe Shouldn’t “Move Fast and Break Things” With Fundamental Rights
The European Union is considering the Digital Omnibus, a package that would simplify its digital rules but also roll back key safeguards in the GDPR, ePrivacy and the upcoming AI Act. The proposals would narrow the definition of personal data,...
The Digital Omnibus Reopens the EU Data Acquis Before It Has Even Been Tested
The European Union’s Digital Omnibus proposal folds the Data Governance Act, Open Data Directive and other recent statutes into the 2023 Data Act, turning it into the central hub for data access, reuse and governance. While marketed as simplification, critics...
Major Crypto Exchanges Including Coinbase and Binance Are Racing to Access Anthropic’s Mythos Model to Defend Against AI-Powered Attacks
Major crypto exchanges are scrambling to secure Anthropic’s new Mythos AI model to protect against AI‑driven attacks. Coinbase’s CSO confirmed close talks with Anthropic, while Binance is already testing Mythos alongside its own tools. Fireblocks reported that Claude Opus 4.6 exposed...
Intent-Based Access Control(IBAC) for Coding Agents
Coding agents such as Claude Code, Gemini CLI, Cline, and OpenClaw are expanding beyond developer use into HR, marketing, security, and finance, exposing a hidden security gap. Traditional human‑centric access controls cannot reliably interpret natural‑language prompts issued to autonomous agents....
Fraudulent Cryptocurrency App in Mac App Store Stole $9.5 Million From 50-Some Users
April 2026 saw a cascade of high‑profile crypto security breaches, starting with a counterfeit Ledger wallet app on Apple’s App Store that siphoned $9.5 million from roughly 50 users. Within the same month, Bitcoin Depot’s ATM network lost $3.67 million, Hyperbridge’s bridge contract...
ZeroTier Named Cyber Security Solution of the Year 2026
ZeroTier was named Cyber Security Solution of the Year 2026 by The Cyber Security Review. The award highlights its software‑defined networking platform that secures AI‑driven traffic and meets NIST/NSA CNSA 2.0 post‑quantum standards. CEO Andrew Gault said the honor validates ZeroTier’s...
Building a CUI Enclave in Fintech: A Practical Guide to CMMC Compliance
Fintech firms handling Controlled Unclassified Information (CUI) are increasingly required to isolate that data in hardened digital enclaves to meet Cybersecurity Maturity Model Certification (CMMC) standards. The latest CMMC 2.0 condenses the original five levels into three, with Level 2 aligning...
Hardening the Silicon: Why Analog Anti-Tamper IP Is the New Security Baseline
Analog anti‑tamper IP is emerging as a baseline for hardware security as billions of IoT and automotive SoCs face increasingly sophisticated physical attacks. Hackers now employ fault injection, glitching, side‑channel, and micro‑probing techniques that can bypass software‑only protections and compromise...
Comcast Agrees to $117 Million Settlement Over 2023 Data Breach
Comcast has agreed to a proposed $117.5 million settlement to resolve a class‑action lawsuit stemming from a data breach in October 2023. The breach exposed customers’ personal information after a third‑party gained unauthorized access. The settlement fund will pay claimants for documented...
EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
The Electronic Frontier Foundation filed complaints with the California and New York attorneys general accusing Google of violating its promise to notify users before handing over data to law‑enforcement agencies. The complaint centers on Amandla Thomas‑Johnson, whose ICE subpoena was...
Your Accountant Handles Your Books. Let CyberFin Handle Your Cybersecurity
CyberFin urges insurance agencies to treat cybersecurity like accounting or HR by delegating it to specialists. The firm provides a managed security service that monitors firewalls, endpoints and a security operations center, and offers a free cyber assessment to pinpoint...
LMT's Security System Blocks over 2 Mln Spam Calls in First 2 Months
Latvian telecom operator LMT reported that its Call Firewall solution blocked more than 2.3 million spam calls in the first two months since rollout. The system, part of a broader industry initiative to curb fraudulent calls, saw a sharp spike in...
![Defense & Aerospace Daily Podcast [Apr 14, 2026] Lewis & Montgomery on Iranian Cyber Ops](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://hixhlmpcokxhartfkpyi.supabase.co/storage/v1/object/public/images/thumbnails/ae2ebbedad9b2864804d6077c9daa6e9.webp)
Defense & Aerospace Daily Podcast [Apr 14, 2026] Lewis & Montgomery on Iranian Cyber Ops
Dr. Jim Lewis and Mark Montgomery warned that Iran’s cyber operations are intensifying against U.S. targets, exploiting gaps created by recent cuts to the federal cyber workforce and a partial DHS shutdown. They contrasted Iran’s capabilities with those of Russia...
Cloud Storage Security Announces the Official Launch of DataDefender, a Novel DSPM Platform Focused on Data Stored in the Cloud
Cloud Storage Security launched DataDefender, an AI‑driven Data Security Posture Management (DSPM) platform that classifies and monitors cloud‑stored data in real time. The solution spotlights sensitive information across AWS environments, flagging misconfigurations, insider threats, and external attacks while supporting compliance...
The Veto Is Gone: Hungary’s Election Upends EU-Ukraine Cyber Defense and Data Sovereignty Dynamics
Hungarian Prime Minister Viktor Orban’s defeat and Peter Magyar’s landslide win removed Hungary’s veto that blocked a €90 billion ($97 billion) Ukraine aid package. The loan is now expected to be finalized, channeling funds into Ukraine’s digital infrastructure, cyber‑defense capacity, and EU‑aligned...
How Hackers Are Thinking About AI
A new academic paper examines over 160 cyber‑crime forum posts collected across seven months, revealing how hackers are beginning to incorporate artificial intelligence into their operations. The research shows a dual mindset: strong curiosity about leveraging both off‑the‑shelf AI services...
Italtel, Quantum Bridge Partner to Protect Critical Communications
Italian system integrator Italtel has formed a strategic partnership with Canadian quantum‑security specialist Quantum Bridge Technologies to deliver post‑quantum communication solutions worldwide. The collaboration aims to embed quantum‑safe encryption into existing network infrastructures, targeting telecom operators, enterprises, and critical‑infrastructure owners....
Cisco Warns of Critical IMC Vulnerabilities – Ironically, the Server Manager Itself Has Become a Point of Entry
Cisco issued critical advisories on April 1, 2026 for its Integrated Management Controller (IMC), revealing an authentication‑bypass flaw (CVE‑2026‑20093) that grants unauthenticated admin access and a suite of command‑injection/RCE bugs (CVE‑2026‑20094‑20097) that let even read‑only users execute code as root. Cisco provides...
![[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://images.workoscdn.com/images/85740be5-63b5-46b9-be9f-eb687428dc69.png?auto=format&fit=clip&q=80)
[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents
WorkOS introduces Fine‑Grained Authorization (FGA) to secure AI agents that now operate inside enterprise environments. Traditional IAM models—OAuth tokens, service‑account keys, and flat RBAC—grant agents the same broad privileges as humans, exposing Confused Deputy attacks. FGA extends role‑based control with...
SWJ–El Centro Book Review: Cybersecurity Governance in Latin America
Dr. Carlos Solar’s new book Cybersecurity Governance in Latin America offers a comprehensive academic study of how emerging democracies in the Western Hemisphere are building cyber capacity, shaping governance frameworks, and militarizing digital operations. The analysis focuses on Brazil, Mexico, Colombia, Argentina,...
Why a Temporary Phone Number for Verification Matters in Modern Online Business
Modern online businesses increasingly rely on SMS verification to secure access to tools, marketplaces, and payment systems. Because many of these checks are one‑time, using a personal or permanent business number creates friction and privacy concerns. Temporary phone numbers provide...
Bad News If You Downloaded HWMonitor OR CPU-Z Late Last Week
On April 9‑10, CPUID’s website was breached for about six hours, during which hackers swapped the legitimate download links for HWMonitor and CPU‑Z with malicious URLs. The attackers did not alter the original installers but redirected users to malware‑laden copies hosted...
When the Insurer Becomes the Insured
Tariffs on auto parts, steel and aluminum are inflating loss costs for U.S. personal auto insurers, prompting carriers like Acuity to file double‑digit rate increases while rivals such as State Farm and USAA pursue cuts. Evercore ISI notes that personal...
Claude Mythos, Evaluated
The UK AI Security Institute evaluated the unreleased Claude Mythos Preview and found it to be the first model to complete an end‑to‑end cyber‑range assessment. Unlike earlier models that could only handle beginner‑level tasks in 2023, Mythos can autonomously compromise...
What ‘Nude’ Means Now
A new AI Forensics report reveals a thriving underground market on Telegram where non‑consensual nude images of women are harvested, weaponized, and sold alongside spyware. The study of 16 groups in Spain and Italy uncovered over 82,000 abusive images and...
On Anthropic’s Mythos Preview and Project Glasswing
Anthropic announced Claude Mythos Preview, a powerful AI model it will not release publicly due to its advanced cyberattack capabilities, and launched Project Glasswing to automatically probe public and proprietary software for vulnerabilities. The move has sparked widespread media coverage...
GTA 6 Hackers Give Rockstar a Deadline to Pay for Stolen Data
Rockstar Games has been pressured by the ShinyHunters ransomware group to pay a ransom by April 14 2026 for data stolen in a third‑party breach. The attackers accessed authentication tokens through a compromised cloud‑cost monitoring tool, allowing them to infiltrate Rockstar’s Snowflake...
Are AI Agents Your Next Security Nightmare?
In 2026 autonomous AI agents have moved beyond chatbots to proactive systems that can plan, reason, and execute actions across corporate networks. Incidents like the OpenClaw shadow‑AI deployments expose thousands of instances without authentication, highlighting the danger of ungoverned agents....
Los Angeles Data Breach Exposes LAPD Personnel and Litigation Records
In late March, ransomware group WorldLeaks claimed to have exfiltrated roughly 7.7 TB of data from the Los Angeles City Attorney’s office, including 340,000 files of LAPD personnel, internal affairs, litigation, and medical records. The data was stored on an unsecured...
FBI Classifies Suspected Chinese Breach of Wiretap Surveillance System as ‘Major Incident’
The FBI announced that a suspected Chinese state‑sponsored intrusion compromised its Digital Collection System Network (DCSNet), the internal platform that manages pen‑register and trap‑and‑trace wiretap data. The breach, achieved through a commercial ISP vendor, was classified as a “major incident”...
AWS Security Digest #256 - TY Mythos
AWS inadvertently pushed a test IAM managed policy into production, a slip caught by IAM Trail. The incident coincides with the first Mythos‑reported vulnerability appearing in AWS security bulletin 2026‑015, highlighting AI‑driven code‑scanning efforts under Project Glasswing. Research disclosed critical flaws in...
How Claude Mythos Preview Found Thousands of Zero-Day Vulnerabilities and Why the Health Tech Sector’s Absence From Project Glasswing Should...
On April 7, 2026 Anthropic unveiled Claude Mythos Preview, an AI model that autonomously discovered thousands of zero‑day vulnerabilities across major operating systems and browsers. The company kept the model private and launched Project Glasswing, a defensive coalition of 40+...
Iran-Linked Group Handala Claims to Have Breached Three Major UAE Organizations
Handala, an Iran‑linked hacktivist group believed to be a front for Void Manticore, claimed a massive cyberattack on three UAE agencies—Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority. The group alleges it destroyed six petabytes of data...
CPUID Watering Hole Attack Spreads STX RAT Malware
Threat actors compromised the CPUID website between April 9‑10, 2026, swapping legitimate CPU‑Z and HWMonitor download links with malicious installers for roughly six hours. The trojanized files contained a malicious DLL that used DLL sideloading to deliver the STX remote‑access trojan,...
Token Is All You Need: Finding 0days with LLMs and Agentic AI
The blog details how large language models (LLMs) have transformed zero‑day discovery from a niche skill into a scalable service. By using the "Carlini Loop"—a file‑by‑file prompting technique—Anthropic, OpenAI and open‑source projects have uncovered hundreds of high‑severity bugs in heavily...
CESNET, Ribbon Achieve PoC in Quantum-Secured Optical Networking
Ribbon Communications announced the successful completion of a quantum key distribution (QKD) proof‑of‑concept with CESNET, the Czech Republic’s national academic network. The test used Ribbon’s Apollo optical platform to deliver Layer‑1 encryption with virtually zero latency, proving quantum‑secured transmission can...
OpenAI Pulls the Plug on macOS Signatures Following a Supply Chain Incident
OpenAI disclosed a supply‑chain attack that compromised the Axios library used in its macOS app‑signing workflow on March 31, 2026. The breach gave attackers access to the certificate used to sign ChatGPT Desktop, Codex, Codex‑cli and Atlas, prompting OpenAI to revoke and...
Last Week Ignite - 4/12/2026
Anthropic introduced Project Glasswing, releasing the Claude Mythos Preview—a frontier AI model designed to scan and harden critical software—for a closed group of launch partners on April 7. The company explicitly stated that Mythos will not be made broadly available, signaling a...
Linux Out-Of-Bounds Access Fixed For Unprivileged Users With Specially Crafted Certs
A three‑year‑old out‑of‑bounds read in the Linux kernel’s X.509 certificate parser could be triggered by an unprivileged user submitting a specially crafted certificate via the keyrings API. The flaw, present since the 6.4 release in 2023, risked kernel crashes, denial‑of‑service...
AI Only Has to Beat 3/10
The author argues that the prevailing myth of AI as a super‑intelligent threat is misplaced. Most companies and their cybersecurity postures operate at roughly a 3‑out‑of‑10 effectiveness level, while current AI tools sit around a 5‑to‑6 rating. Because AI can...
Hackers Claim Control over Venice San Marco Anti-Flood Pumps
Hackers claiming to be the "Infrastructure Destruction Squad" breached the operational technology controlling Venice’s San Marco flood‑gate system in late March, asserting they could disable defenses and flood the historic piazza. The group posted screenshots of control panels on Telegram...
Nessus Essentials: Complete Guide for Security Professionals (2026)
Tenable’s free Nessus Essentials provides the same scanning engine and full plugin library as its paid versions, but restricts users to 16 IP addresses per activation and omits compliance, content‑audit, live‑update, virtual appliance, and agent capabilities. The rebranding removed the...
Day 156: Building Your Security Command Center - SIEM Implementation
The post walks security leaders through building a Security Information and Event Management (SIEM) platform tailored for a financial services firm handling millions of transactions daily. It outlines how raw logs—from user logins to network traffic—are normalized, correlated, and scored...
Motherboard Updates Suddenly Become Mandatory: Secure Boot Certificates Are Forcing Manufacturers and Users to Take Action Before June 2026
Microsoft will retire the 2011 Secure Boot certificates in June 2026 (with additional expirations in October), replacing them with 2023 versions. OEMs such as ASUS and MSI have already warned that BIOS updates must include the new KEK and DB...
