Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Trend Micro’s latest research reveals that Russia’s Fancy Bear (APT28) continues to run sophisticated espionage and sabotage campaigns worldwide. The group deployed the Prismex malware suite against Ukraine’s defense supply chain and used NTLMv2 hash‑relay attacks via a patched Outlook vulnerability to steal credentials from diverse targets. FBI and international agencies also warned of GRU‑linked compromises of TP‑Link routers, enabling DNS hijacking and man‑in‑the‑middle attacks. Despite two decades of activity, Fancy Bear’s tactics still hinge on classic phishing and credential theft.
Cybercriminals Use Emojis to Evade Detection, Flashpoint Warns
Flashpoint’s latest threat‑intelligence report reveals cybercriminals are swapping traditional fraud‑related keywords with emojis to slip past security filters. By mapping emojis to concepts such as credit cards, banks, credentials, and malware, threat actors make automated monitoring far less effective. The...
StarkWare Researcher Publishes Quantum-Safe Bitcoin Transaction Scheme
StarkWare researcher Avihu Levy released Quantum Safe Bitcoin (QSB), an open‑source transaction format that makes Bitcoin payments resistant to quantum attacks without requiring a softfork or protocol upgrade. The scheme operates within existing Bitcoin script limits and leverages a hash‑puzzle...
Hack-for-Hire Group Targets MENA Journalists and Officials
A hack‑for‑hire group has been uncovered running a multi‑year espionage campaign against journalists, activists and government officials across the Middle East and North Africa. The attackers used phishing to steal Apple ID credentials and access iCloud backups, while deploying Android spyware...
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
A researcher using the alias Chaotic Eclipse publicly released exploit code for a Windows zero‑day flaw dubbed “BlueHammer,” which targets a race condition in Windows Defender’s signature update system. The PoC, posted on GitHub on April 2, claims the vulnerability remains...
GAO Warns DOD’s CMMC Fix Could Become the Program’s Biggest Threat
The Government Accountability Office issued a report warning that the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program is vulnerable to external risks, notably an over‑reliance on waivers and a shortage of qualified assessors. GAO also highlighted DOD’s lack...
ConnectWise CISO: MSP Cybersecurity Readiness Isn’t About ‘Chasing The Latest Zero-Day Anymore’
ConnectWise’s 2026 MSP Threat Report shows attackers are abandoning zero‑day exploits in favor of identity abuse, using stolen credentials, session tokens and trusted service accounts to infiltrate managed service providers. Ransomware groups now prioritize speed, targeting backups and bypassing MFA...
How the FBI Extracted Deleted Signal Messages From a Defendant's iPhone
The FBI recovered deleted Signal messages from a defendant’s iPhone by extracting data from the device’s push‑notification database, not the app itself. The suspect had removed Signal, yet incoming messages persisted in lock‑screen previews stored by iOS. This method revealed...
Kamino Introduces Contract-Level Security Controls for Lending Vaults
Kamino, Solana's largest lending protocol, launched Whitelisted Reserves, a contract‑level security feature that restricts vault allocations to protocol‑approved reserves. The mechanism blocks compromised curator keys from moving depositor funds into unvetted markets, a risk highlighted by the recent $270 million Drift...
Is Anthropic Limiting the Release of Mythos to Protect the Internet — or Anthropic?
Anthropic is holding back its newest large language model, Mythos, limiting access to a handful of major enterprises such as Amazon Web Services and JPMorgan Chase. The company says the model’s advanced ability to locate software vulnerabilities could be weaponized...
Google Chrome Adds Infostealer Protection Against Session Cookie Theft
Google Chrome 146 introduces Device Bound Session Credentials (DBSC) for Windows, a hardware‑linked protection that stops infostealer malware from abusing harvested session cookies. The feature cryptographically binds each session to the device’s TPM, making stolen cookies unusable without the private...
Mythos Autonomously Exploited Vulnerabilities that Survived 27 Years of Human Review. Security Teams Need a New Detection Playbook
Anthropic’s Claude Mythos Preview autonomously uncovered a 27‑year‑old OpenBSD TCP stack bug and dozens of other zero‑day flaws across operating systems, browsers, and crypto libraries, costing roughly $20,000 per discovery campaign. The model demonstrated a 90‑fold improvement over Claude Opus...
Do Ceasefires Slow Cyberattacks? History Suggests Not
A fragile US‑Iran cease‑fire was announced, prompting Iran‑aligned hacktivist group Handala to claim a temporary pause in its cyber operations against the United States. Experts, however, warn that historical evidence shows cease‑fires rarely translate into a digital stand‑down; cyber activity...
Alamo Heights ISD Declines to Say Whether It Paid Ransom
Alamo Heights Independent School District (AHISD) suffered a ransomware attack in late March that knocked out internet access for nearly a week. The district restored its systems with external forensic investigators but refused to confirm whether it paid a ransom,...
$3.6 Million Crypto Heist Targets Bitcoin Depot
Bitcoin Depot, which runs more than 25,000 crypto ATMs worldwide, disclosed a breach that allowed attackers to transfer roughly 50.9 Bitcoin—about $3.66 million—out of company‑controlled wallets. The intrusion was detected on March 23, prompting an incident response that involved external cybersecurity firms...
EU Publishes Implementing Act for Remote EUDI Wallet Onboarding
On Tuesday, the European Commission released an Implementing Act that sets reference standards for remote onboarding of European Digital Identity (EUDI) wallets. The act mandates a high assurance level, combining electronic identification with additional procedures, and aligns with ETSI TS 119 461...
AI Security Starts with Awareness and Governance, CISO Says
Healthcare AI promises efficiency and clinical gains, but introduces fresh security risks. Akron Children's Hospital’s CISO Deepesh Randeri outlines a structured governance model that forces every AI initiative through committees, due‑diligence vetting, and continuous oversight. The hospital mandates centralized IT...
Claude Mythos Is Everyone’s Problem
Anthropic announced Claude Mythos Preview, an AI model that can autonomously locate thousands of software vulnerabilities, including long‑standing OS flaws. The tool is being shared only with a consortium of major tech firms such as Apple, Microsoft, Google and Nvidia...
Smart Slider Updates Hijacked to Push Malicious WordPress, Joomla Versions
Security researchers discovered that the update mechanism for the Smart Slider 3 Pro plugin was hijacked, delivering a malicious version (3.5.1.35) for WordPress and Joomla on April 7. The compromised code embeds multiple backdoors, creates hidden administrator accounts, and injects persistent...
New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
Apple has issued a global warning about a new wave of social‑engineering scams that target iPhone users through fake Apple Pay alerts and urgent phone calls. The fraudsters create panic, press victims to call a supplied number, and in extreme cases...
Inside the FBI’s Router Takedown that Cut Off APT28’s ‘Tremendous Access’
The FBI’s Operation Masquerade forced a reset of DNS settings on more than 18,000 compromised TP‑Link routers, cutting off Russian GRU‑linked APT28 (Fancy Bear) from infiltrating over 200 organizations worldwide. By targeting the routers themselves, the agency blocked the malicious IP...
MailRoute Expands MSP Program to Simplify Email Security Delivery
MailRoute has refreshed its MSP and channel partner program to deliver email security as a fully white‑label service that can be provisioned in minutes via MX‑level filtering. The new model lets managed service providers onboard client domains by changing two...
SOCRadar Unveils AI Agent Marketplace and Identity Intelligence to Protect Against Identity-Driven Cyberattacks
SOCRadar has launched an AI Agent Marketplace that lets organizations buy and deploy specialized autonomous agents for tasks like phishing detection, brand abuse protection, and dark‑web monitoring. The company also introduced Identity and Access Intelligence to expose credential leaks across...
USCIS Explores Remote Identity Verification for Immigration Services
U.S. Citizenship and Immigration Services (USCIS) issued a Request for Information seeking a software‑only, API‑driven platform that can authenticate identity documents and perform facial comparison remotely. The agency wants a solution that works on any mobile device or web browser,...
STX RAT Targets Finance Sector With Advanced Stealth Tactics
A new remote access trojan, STX RAT, was discovered after an attempted intrusion in a financial services firm in February 2026. The malware employs multi‑stage scripts, in‑memory execution, and encrypted C2 traffic to evade traditional defenses. It can harvest browser data,...
Little Snitch Comes To Linux To Expose What Your Software Is Really Doing
Little Snitch, the macOS network‑monitoring utility, is being ported to Linux. The prototype leverages eBPF for kernel‑level traffic interception and is built primarily in Rust with a web‑based interface that can monitor both local and remote machines. Early testing on...
Tesla Cracks Down on FSD Hacking Devices, Remotely Shuts Down Access
Tesla has begun remotely disabling Full Self‑Driving (FSD) on vehicles equipped with unauthorized CAN‑bus hack modules that bypass regional software locks. The €500 devices, popular in Europe, South Korea, China and Turkey, unlock FSD where regulatory approval is pending, prompting...
WatchGuard Targets EDR Pricing Pressure with MSP-Focused Endpoint Model
WatchGuard launched a new endpoint security portfolio that bundles AI‑driven detection, vulnerability management, and URL filtering into a tiered licensing model aimed at managed service providers (MSPs). The approach removes the so‑called “entry‑level tax,” allowing MSPs to offer baseline protections...
8 Best Practices for a Bulletproof IAM Strategy
Organizations must move beyond default IAM configurations to counter rising identity‑related threats such as AI‑driven attacks, machine identities, and sophisticated phishing. The article outlines eight best practices, including adopting zero‑trust, deploying phishing‑resistant MFA, enforcing strong password policies, applying least‑privilege access,...
Fuzzing: What Are the Latest Developments?
Fuzz testing has moved from a niche security tool to a mainstream assurance technique, now covering cloud‑native, embedded, and safety‑critical systems. Innovations such as grammar‑based, hybrid, and AI‑assisted fuzzers boost coverage and efficiency, while emulation‑based approaches enable early testing of...
Lumen: Upstream Network Visibility Is Enterprise Security’s New Front Line
Lumen’s 2026 Defender Threatscape Report argues that modern cyber‑attacks reveal their most decisive signals upstream, in the network, rather than on endpoints. Leveraging its backbone visibility into 99% of public IPv4 space, Black Lotus Labs monitors over 200 billion NetFlow sessions...
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
LayerX researchers discovered that the CLAUDE.md configuration file can be weaponized to bypass Claude Code’s safety guardrails, enabling automated SQL‑injection attacks without any programming. By inserting just three lines of plain English, the AI assistant was convinced it had permission to...
XDR vs SIEM vs SOAR: What’s the Right Cybersecurity Strategy in 2026?
The article examines the evolving roles of SIEM, SOAR and XDR in 2026, emphasizing that no single tool can address modern threat landscapes alone. While SIEM provides foundational log collection and compliance, SOAR automates response workflows, and XDR delivers context‑rich,...
Google Addresses Privacy Concerns Around Gemini in Gmail
Google announced that its Gemini AI embedded in Gmail will not use personal email content for model training, processing each request locally and discarding the data afterward. The company emphasized that Gemini acts as a temporary assistant, keeping user inboxes...
Apple Intelligence AI Guardrails Bypassed in New Attack
Researchers from RSAC demonstrated a method to bypass Apple Intelligence's on‑device AI guardrails, achieving a 76% success rate across 100 test prompts. The technique merges the Neural Execs prompt‑injection attack with Unicode right‑to‑left override manipulation, allowing malicious output to slip...
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
The FBI recovered deleted Signal messages from a suspect’s iPhone by extracting the device’s push‑notification database, which stored copies of incoming messages even after the app was removed. The evidence was used in a trial concerning a July incident at...
The Ghost in the Machine: Securing Non-Human Identities
BeyondTrust will address the growing risk of non‑human identities at the ITWeb Security Summit in Johannesburg, highlighting how machines, applications and service accounts are becoming prime attack vectors. The firm warns that attackers now prefer logging in with over‑privileged or...
Security Researchers Tricked Apple Intelligence Into Cursing at Users. It Could Have Been a Lot Worse
Security researchers at RSAC demonstrated that Apple Intelligence, the on‑device AI built into iPhones, iPads, Macs and Vision Pro, can be hijacked through prompt‑injection attacks. Using a Neural Exec technique combined with a Unicode right‑to‑left override, they forced the model to utter...
As Fraud Escalates, Taking a Beat Becomes a Critical Defense
Fraud in the United States surged to an all‑time high, with the FBI reporting nearly $21 billion in losses last year and over one million complaints filed. Cryptocurrency investment scams alone accounted for $11 billion in damages, while AI‑driven schemes generated $893 million in...
Microsoft 365 Modernization Is Becoming a Data Sovereignty Challenge
Enterprises are now treating Microsoft 365 data sovereignty as a front‑line buying criterion rather than a post‑deployment check. Modernization projects—migrations, restructurings, and Copilot rollouts—are accelerating, exposing gaps in permissions, guest access, and identity sprawl that can undermine compliance. Governance must travel...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
ThreatsDay bulletin highlights a surge in the hybrid P2P botnet Phorpiex, a 13‑year‑old Apache ActiveMQ RCE chain, record cyber‑fraud losses, AI‑driven DDoS evolution, and multiple supply‑chain and malware incidents. Phorpiex now infects roughly 125,000 devices daily, using peer‑to‑peer communication to...
From AML to Data Reform: The 2026 Compliance Agenda for UK Law Firms
In 2026 UK law firms will face intensified scrutiny across anti‑money‑laundering, sanctions, data protection and court‑transparency rules. The transition of AML oversight from the SRA to the FCA, the rollout of Companies House identity‑verification requirements, and the Data (Use and...
Weak at the Seams
The article argues that cyber risk is no longer a collection of isolated silos but a systemic threat amplified by digital transformation across healthcare, finance and manufacturing. While global security spending is projected to exceed $212 billion in 2025, the exposure...
Lotte Card Given Notice of $3M Penalty, Business Suspension over Massive Data Breach
Lotte Card has been served a notice from South Korea's Financial Supervisory Service requiring a penalty of roughly 5 billion won (about $3.38 million) and a suspension of new customer sign‑ups for more than four months. The penalties will be finalized by...
86% of Businesses Refused to Pay Cyber Ransoms in 2025 — Coalition Insurance
Coalition’s 2026 cyber claims report, covering over 100,000 policyholders in the US, Canada, UK, Australia and Germany, found that 86% of the 1,400 high‑signal ransomware claims from 2025 did not result in a ransom payment. Ransom demands surged 47% year‑over‑year,...
Capita Under Investigation After Workers Hit by Pensions Data Breach
Capita, the administrator of the UK Civil Service Pension Scheme, is under government investigation after confirming a second data breach within three years. The latest incident affected up to 138 retirees, who either received incorrect annual statements or had their...
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
The Madras High Court dismissed cybersecurity specialist Himanshu Pathak’s appeal seeking a multi‑ministry investigation into alleged security lapses at Star Health Insurance. While his petition was pending, Star Health suffered a cyber‑attack on October 9 2024 that exposed policyholder data. Pathak, a policyholder,...
A Hacker Has Allegedly Breached One of China’s Supercomputers and Is Attempting to Sell a Trove of Stolen Data
A hacker claims to have exfiltrated over 10 petabytes of classified data from China’s National Supercomputing Center in Tianjin, including defense documents and missile schematics. The breach allegedly spanned months and went undetected, affecting more than 6,000 clients across scientific...
ENISA Launches Public Consultation on Draft EUDI Wallet Certification Schemes
ENISA has opened a public consultation on a draft certification scheme for providers of the EU Digital Identity (EUDI) wallet, following a two‑year agreement to back the European Commission’s rollout. The core EU wallet regulation took effect in May 2024, and...
Amid Rising Cyber and Physical Threats, Center for Cross-Sector Coordination Launches
The Center for Cross‑Sector Coordination (CXC) launched as an industry‑driven, not‑for‑profit hub that links owners and operators across all 16 U.S. critical infrastructure sectors. Its mission is to improve coordination, share security tools, training, and threat intelligence, and act as...
