Visibility Is the only Way to Fix the Public’s Growing Security Debt
Government agencies are grappling with a massive security debt, with 78% of public organizations leaving vulnerabilities unpatched for over a year. On average, it takes more than 300 days to remediate half of their software flaws, far exceeding private‑sector benchmarks. The root cause is a lack of comprehensive visibility across sprawling, legacy‑laden networks and siloed monitoring tools. Experts argue that unified, real‑time asset monitoring is the only viable path to reduce this debt and protect citizen data.
Hacker Faux Pas Uncloaks North Korean IT Worker Scheme
A hacker unintentionally ran infostealer malware on their own system, exposing a North Korean IT‑worker scam. The breach leaked data from a state‑run payment server, including 390 accounts, chat logs and cryptocurrency transaction details. Independent analyst ZachXBT estimates the operation...
Report: US Accounts for Most PLCs Subjected to Iranian Targeting
A CyberScoop report finds that nearly 3,900 of the 5,219 internet‑exposed Rockwell Automation/Allen‑Bradley programmable logic controllers (PLCs) used in critical‑infrastructure are located in the United States, representing about 75% of the total. Roughly half of these vulnerable devices are linked...
HPE Accelerates Quantum Readiness Ahead of Q-Day
Hewlett Packard Enterprise (HPE) is positioning itself as a leader in quantum readiness ahead of the industry‑wide “Q‑day” when quantum computers could break current cryptography. The company announced its Quantum Scaling Alliance, a full‑stack partnership aimed at marrying quantum processors...
Florida Launches Probe Into OpenAI as Company Eyes Massive IPO
Florida Attorney General Ashley Moody Uthmeier announced a state‑level investigation into OpenAI, citing national‑security and public‑safety risks as the AI firm prepares for a potential IPO that could value it at up to $1 trillion. The probe will issue subpoenas to...
Hims Breach Exposes the Most Sensitive Kinds of PHI
Hims & Hers Health disclosed a data breach that compromised customer support tickets accessed through a third‑party platform. The breach, attributed to the ShinyHunters group, exposed names, email addresses and sensitive medical information such as erectile dysfunction and mental‑health conditions. Hackers...
Eight Things You Should Never Share With an AI Chatbot
A Stanford review of privacy policies for the leading AI chatbots—Claude, Gemini, ChatGPT and others—found that all six companies retain user prompts by default and often use them to train future models. Data can be stored indefinitely, merged with other...
Hospitals Are Becoming Hackers’ Favorite Target, but Downtime Simply Isn’t an Option
Hospitals, especially rural and community facilities, are facing a surge in ransomware attacks that threaten critical electronic health record (EHR) systems. The lack of in‑house IT expertise makes downtime unacceptable, forcing providers to seek resilient, managed solutions. CloudWave is helping...
Google Is Now Rolling Out End-to-End Encryption for (Some) Gmail Users
Google announced that client‑side encryption (CSE), its form of end‑to‑end encryption, is now rolling out to Gmail’s iOS and Android apps. Previously limited to desktop, CSE lets Workspace users encrypt email bodies on mobile without third‑party tools. The feature requires...
Bank of Canada, Major Lenders Meet on Anthropic AI Cyber Risk
On Friday, the Bank of Canada gathered senior executives from the nation’s largest banks and financial firms to discuss cybersecurity risks associated with Anthropic PBC’s newly released AI model, Mythos. The meeting mirrors a U.S. initiative earlier in the week, where...
FBI: Real Estate Cyberfraud Rises with More AI, Crypto Scams
The FBI’s Internet Crime Complaint Center reported that real‑estate cybercrime losses surged to $275 million in 2025, a 59 percent rise from the previous year. AI‑enabled scams and cryptocurrency fraud accounted for a growing share of the losses, with 115 AI‑related incidents...
Cynomi Unveils CISO AI Agents, Go-To-Market Academy As CEO Pushes To Become ‘AI-First Company’
Cynomi announced a major platform upgrade that adds AI‑driven CISO, auditor, analyst and communicator agents, effectively creating a virtual security team for managed service providers (MSPs). Simultaneously, the company launched a Go‑to‑Market Academy to help partners package, price and sell...
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Security researchers discovered that LLM supervisor agents that only scan user messages can be bypassed by indirect prompt injection, where malicious instructions are hidden in trusted data such as user profile fields. In a test of a multi‑model customer‑service chatbot,...
The State of AI Security in 2026
The 2026 Threat Detection Report warns that AI is now a force multiplier for cyber attackers, with large‑language models automating 80‑90% of espionage operations. While the attack techniques remain familiar—credential theft, data exfiltration—the speed and scale have surged, prompting a...
Clear’s Reusable Biometric Digital ID Platform Joins FedRAMP Marketplace
Clear’s reusable biometric digital ID platform, CLEAR1, has been listed in the FedRAMP Marketplace with an “In Process” designation at the Moderate impact level, signaling progress toward full federal authorization. The platform, already certified for IAL2 and AAL2 under NIST...
The AI Supply Chain Is Actually an API Supply Chain: Lessons From the LiteLLM Breach
A recent supply‑chain breach involving Mercor’s use of the open‑source LiteLLM proxy exposed how AI middleware can become a critical attack vector. By compromising the LiteLLM gateway, attackers accessed API keys, raw prompts and model responses, bypassing traditional model‑level defenses....
AI And Cybersecurity: A Glass Half-Empty/Half-Full Proposition, Where The Glass Is Holding Nitroglycerin
Anthropic unveiled Mythos, an AI model that can locate and exploit zero‑day vulnerabilities across all major operating systems and browsers, including decades‑old bugs. To curb misuse, Anthropic launched Project Glasswing, granting more than 40 leading tech firms early access, $100 million...
Enterprises Must Revamp IAM for Comprehensive Security
Enterprises are confronting a surge in credential‑based attacks that bypass traditional identity and access management (IAM) controls. A new Omdia white paper, commissioned by ID Dataweb, argues that legacy IAM frameworks can no longer protect customer, workforce, and third‑party environments. It...
Senator Launches Inquiry Into 8 Tech Giants for Failures to Adequately Report CSAM
Senate Judiciary Committee chair Chuck Grassley has opened a congressional inquiry into eight major tech firms—Meta, Amazon AI Services, TikTok, Snapchat, Discord, X.AI, Grindr and Roblox—over alleged failures to provide complete child sexual abuse material (CSAM) reports to the National...
Connected Cars: Privacy Compliance Guidance
Cooley special counsel Claire Gibbs warned that original equipment manufacturers (OEMs) face mounting privacy and compliance hurdles as connected cars continuously capture sensitive driver data. She emphasized that OEMs must provide clear, timely notice and secure meaningful consent before any...
Why Legacy Networks Are a Growing Liability
Legacy networking infrastructures built on outdated hardware and operating systems are still common, but they create management complexity, performance bottlenecks, and security gaps. Organizations cling to these networks because engineers rely on familiar skill sets, budgets are tight, and executives...
Top Secret Clearance Holder Charged With Leaking Classified National Defense Information
The FBI arrested Courtney Williams, a former Special Military Unit member with a Top Secret/Sensitive Compartmented Information clearance, and charged her with leaking classified national‑defense information. Prosecutors allege that between 2022 and 2025 she provided secret data to a journalist via 10 hours...
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
Cybersecurity firm ReversingLabs uncovered that North Korea‑linked Lazarus Group launched the GraphAlgo campaign by registering a bona‑fide Florida LLC, Blocmerce, to lend credibility to fake job offers targeting blockchain developers. The group now embeds malicious Remote Access Trojans in GitHub...
OneDigital Warns Clients of Alleged Salesforce Data Breach
OneDigital Investment Advisors disclosed that a breach of its Salesforce CRM exposed up to 28,414 client records, including names and Social Security numbers. The intrusion stemmed from the Drift chat‑agent integration rather than Salesforce’s core platform, and OneDigital’s internal network...
The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks
Flashpoint’s latest research shows phishing has morphed into a full‑service ecosystem, offering subscription‑based platforms that bundle kit development, hosting, delivery and real‑time dashboards. Low‑skill actors can now launch campaigns for as little as $10, while advanced services employ reverse‑proxy (AiTM)...
Fake Claude Site Installs Malware that Gives Attackers Access to Your Computer
Researchers uncovered a counterfeit website masquerading as Anthropic’s Claude AI, offering a “Claude‑Pro‑windows‑x64.zip” installer. The zip installs a functional Claude client while silently deploying a PlugX remote‑access trojan via a signed G DATA updater and malicious avk.dll sideloading. The dropper copies...
Analysis: Anthropic Claude Mythos Won’t ‘Reshape Cybersecurity’
Anthropic unveiled Claude Mythos, a frontier AI model touted to overhaul vulnerability discovery and management. The company paired the preview with Project Glasswing, granting early access to firms like CrowdStrike and Palo Alto Networks. Investor reaction was swift, sending shares of major...
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
FINRA announced the launch of the Financial Intelligence Fusion Center (FIFC), a secure portal that enables member brokerage firms to share real‑time cybersecurity and fraud intelligence. The platform builds on FINRA Forward initiatives and incorporates data from government and private‑sector...
Electronics Industry Says FCC's Foreign-Made Router Policy Is a Bit of a Mesh
The FCC’s new rule places foreign‑made consumer routers on a Covered List, allowing only those cleared by the DoD or DHS and committed to U.S. manufacturing to receive approval. The Global Electronics Association argues the policy is misguided, noting past...
Anthropic’s Glasswing Highlights AI’s Security Paradox
Anthropic unveiled Project Glasswing, an initiative that gives more than 40 leading tech firms early access to its Claude Mythos model for proactive vulnerability detection. The program is designed to identify, test and mitigate software flaws before they can be weaponized...
You Can't Trust macOS Privacy and Security Settings
A new macOS demo shows the Privacy & Security panel can lie about folder access. Using the free app Insent on macOS 13.5‑26, the author proves an app can retain Documents access even after the toggle is disabled, provided the user later opens...
What Anthropic’s New Nightmare Means, in Plain English
Anthropic announced that its latest model, Claude Mythos Preview, can automatically discover zero‑day vulnerabilities across all major operating systems and web browsers. Rather than releasing the model publicly, Anthropic is collaborating with a consortium that includes Apple, Google and Microsoft...
Anthropic Tries to Keep Its New AI Model Away From Cyberattackers as Enterprises Look to Tame AI Chaos
Anthropic unveiled Claude Mythos, a powerful AI model designed to spot software vulnerabilities, but will only share it with a curated group of cloud and security firms under the Project Glasswing initiative. The move reflects growing concern that advanced models could become...
Nordic Banks Turn to CaaS to Fight Rising Fraud
Nordic banks are grappling with a surge in digital fraud as cashless payments dominate the region. Norwegian banks blocked roughly NOK 2.3 bn (about $250 m) and Danish banks prevented DKK 500 m (around $70 m) in attempted fraud in 2025. At the same time, compliance...
What To Know When Evaluating Sensitive Data Discovery And Classification Solutions
The Forrester Wave™ Q2 2026 evaluates the leading sensitive data discovery and classification solutions, emphasizing accuracy, scalability, and breadth of data‑source coverage. Vendors now claim 95%‑plus detection rates and support cloud, on‑prem, and in‑motion scanning, but buyers must validate performance in...
AHA Names Its Preferred Cybersecurity Provider
The American Hospital Association (AHA) has appointed Rubrik as its Preferred Cybersecurity Provider, giving roughly 5,000 member hospitals access to Rubrik’s cyber‑resilience tools and a breach‑recovery playbook. The designation is part of the AHA’s Preferred Cybersecurity & Risk Provider Program...
Stryker Warns of Earnings Fallout From March Cyberattack
Stryker disclosed that a March 11 wiper attack linked to the Iran‑backed Handala group disrupted its manufacturing, ordering and shipping systems, denting first‑quarter earnings. The breach wiped data from thousands of devices via the company’s Microsoft Intune environment and forced the...
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
The weekly SecurityWeek roundup highlighted several high‑profile cyber incidents, including a March 2026 attack on medical‑device maker Stryker that will shave earnings from its first‑quarter results, and a newly disclosed Windows zero‑day dubbed BlueHammer that gives attackers full SYSTEM privileges....
Silent Ransom Group Leaked Another Big Law Firm: Orrick, Herrington & Sutcliffe
The Silent Ransom Group (SRG) breached law firm Orrick, Herrington & Sutcliffe in late January 2026 and spent a week inside its network before demanding a ransom. Negotiations stretched from early February to late February, with Orrick offering a maximum...
FBI Recovers "Deleted" Signal Messages Through iPhone Notifications
The FBI recovered deleted Signal messages from an iPhone by extracting push‑notification data stored by iOS. In a Texas terrorism case, agents accessed incoming messages that the defendant had set to expire and removed from the app. Apple’s operating system...
‘A Perfect Storm’: How AI Is Transforming the Global Scam Industry
A new Infoblox report reveals that AI‑driven remote‑access trojans are turning Southeast Asian scam compounds into industrial‑scale cybercrime operations. These malware tools give attackers full control of victims’ Android devices, enabling real‑time monitoring, data exfiltration and instant bank‑account draining. AI...
Anthropic’s AI Hacking Tech Triggers Concern in German Cyber Agency
Anthropic unveiled Mythos, an AI model that can locate and exploit software bugs faster than human hackers. The German Federal Office for Information Security (BSI) is in active dialogue with Anthropic after the model was shared with 12 cybersecurity firms...
Analysis of One Billion CISA KEV Remediation Records Exposes Limits of Human-Scale Security
Qualys analyzed over one billion CISA KEV remediation records from 10,000 organizations, revealing that critical vulnerabilities remain open longer despite a 6.5‑fold increase in ticket closures. The share of critical flaws still unpatched after seven days climbed from 56% to...
AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech
This week’s tech headlines were dominated by AI breakthroughs, escalating security threats, and a wave of layoffs. Google unveiled a Gemini‑powered Notebooks workspace, Meta launched the multimodal Muse Spark model, and Microsoft pledged its own large‑model portfolio by 2027. At the...
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks released patches for nearly three dozen vulnerabilities affecting its Junos OS and Junos OS Evolved platforms. The most critical flaw, CVE-2026-33784 (CVSS 9.8), involves a default password in the Support Insights Virtual Lightweight Collector that could be exploited...
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Researchers have uncovered a new GlassWorm variant that hides a Zig‑compiled native binary inside a counterfeit WakaTime VS Code extension. The binary acts as a dropper, locating every IDE that supports VS Code extensions and silently installing a malicious VSIX package. The...
Hungarian Government Email Passwords Exposed Ahead of Election
Bellingcat uncovered that passwords for nearly 800 Hungarian government email accounts are publicly available, affecting 12 of the 13 ministries, including national‑security officials. The leaks stem from simple, easily guessable passwords rather than sophisticated cyber attacks. The exposure comes weeks...
“We Are Trying to Scare the Daylights Out of You…
The Inside Quantum Technology newsletter this week spotlights several hot topics in the quantum sector, most notably Infleqtion’s first look at its Sqale neutral‑atom quantum computer. It also references a revised assessment that RSA/ECC cryptosystems remain vulnerable to future quantum...
Hadrian Named a Representative Vendor in the Gartner® Market Guide for Adversarial Exposure Validation
Hadrian, an agentic AI offensive security platform, has been named a Representative Vendor in Gartner’s Market Guide for Adversarial Exposure Validation (AEV) released on March 24, 2026. The guide positions AEV as the successor to breach and attack simulation and...
Powell and Bessent Met with Major U.S. Banks over Anthropic Cyber Threats
Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent met with top U.S. bank CEOs to discuss cyber‑security risks tied to Anthropic’s newly released Mythos AI model. The discussion was part of Project Glasswing, a joint initiative that includes...
