Online Scams: How Our Personal Data Is Being Used Against Us
France is experiencing a data‑breach crisis, with a leak reported roughly every hour and recent incidents at La Poste, France Travail and the ANTS portal exposing millions of records. Criminals buy this information on underground forums and use it to stage sophisticated scams, as illustrated by a fitness coach who lost €8,000 (about $8,700) after a fake customs text and a phone call from an impostor bank adviser. In response, the French government has earmarked €200 million (approximately $218 million) for an emergency cybersecurity plan, but experts warn the funding only enables a catch‑up effort.
Veeam CEO: We Have Defined A Missing ‘Data AI Trust Layer’
Veeam CEO Anand Eswaran announced a new “data AI trust layer” at VeeamON 2026, a unified fabric that sits between data/analytics and AI models to combine security, privacy, compliance, governance and resilience. The company also launched a Data and AI Trust...
Versa Takes Aim at Fragmented Enterprise Security with CSPM, Orchestration Update, and AI Agent Controls
Versa Networks unveiled three coordinated upgrades to its VersaONE Universal SASE platform: native Cloud Security Posture Management (CSPM), a redesigned Concerto orchestration engine, and an upcoming AI‑agent trust and verification framework. A new State of SASE + AI report shows...
Exaforce Raises $125M Series B to Build AI for Catching and Stopping Cyberattacks as They Happen
Exaforce announced a $125 million Series B round, valuing the three‑year‑old AI cybersecurity startup at $725 million and bringing total funding to $200 million. The company’s AI agents, called “Exabots,” automate security operations, reportedly cutting manual analyst work by up to 90 percent. Its product,...
OpenAI’s New Cybersecurity Push Has a Lesson for Crypto: Stop Waiting for the Hack
OpenAI launched Daybreak on May 11, an AI‑driven platform that embeds vulnerability discovery, validation and patch testing into the software build process. The service aims to make applications “resilient by design” through continuous code review, threat modeling, dependency analysis and privileged‑access...
Hacking the Bomb? What Claude Mythos AI Reveals About the Gamble of Nuclear Deterrence
Anthropic unveiled Claude "Mythos," an AI model that reportedly discovers zero‑day vulnerabilities with a 72.4% success rate, including a 27‑year‑old flaw in OpenBSD. The model is being tested by a select group of major tech firms, highlighting a rapid rise...
Amazon Quick Authorization Bypass Let Users Reach Blocked AI Chat Agents
Researchers at Fog Security discovered that Amazon Quick’s custom‑permission UI only blocked AI chat agents on the front end, while direct API calls still returned responses from disabled agents. The flaw, a missing server‑side authorization check (CWE‑862), allowed non‑admin users...
Norm Ai Launches Compliance Agent for Microsoft 365 Copilot
Norm AI has introduced a Compliance Agent that plugs directly into Microsoft 365 Copilot, giving regulated enterprises a built‑in layer of policy enforcement, verification and auditability. The add‑on works alongside Copilot to review content, flag disclosures, validate information against approved...
Hugging Face Packages Weaponized With a Single File Tweak
A security researcher at HiddenLayer uncovered a supply‑chain flaw in Hugging Face’s tokenizer.json file. By altering a single line in this plain‑text mapping, an attacker can hijack model outputs, capture every URL the model accesses, and steal embedded API credentials via...
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
Security researchers at Aryaka have uncovered the CRPx0 malware campaign that uses a free OnlyFans zip file to infect Windows, macOS and emerging Linux systems. The malicious shortcut inside the archive installs a modular payload that steals cryptocurrency by hijacking...
Five Eyes Cybersecurity Agencies’ Careful Agentic AI Adoption Guidance, Operationalized By AEGIS
At the Oracle Applications Analyst Summit, Oracle signaled that agentic AI will be confined to its Fusion platform, while the Five Eyes cybersecurity agencies—CISA, NSA, ASD, and counterparts in Canada, New Zealand and the UK—issued the first coordinated guidance on careful...
Manifold Scores 7,700 MCP Servers in Manifest Expansion Aimed at Agent Security Teams
Manifold Security announced that its Manifest supply‑chain intelligence tool now indexes over 7,700 Model Context Protocol (MCP) servers from the official registry. Each server receives a composite Manifest Score that blends a Lineage Score—assessing publisher provenance—and a Safety Score—flagging behavioral...
Living Off the Agent: The New Tactic Hijacking Enterprise AI
Enterprises are rapidly deploying autonomous, agentic AI across support, coding, and productivity functions, but the technology introduces a novel attack vector called "living off the agent" (LOTA). Malicious actors can hijack trusted agents via the Model Context Protocol (MCP) or...
Tanium Atlas Brings AI Into Endpoint Operations, Gives MSPs a New Services Play
Security firm Tanium unveiled Atlas, an autonomous operating system that merges AI models with its real‑time endpoint data platform. The solution surfaces relevant information, recommends actions, and lets users interact via natural language, aiming to cut manual investigation and context‑switching...
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
West Pharmaceutical Services disclosed a ransomware intrusion that began on May 4, prompting a proactive shutdown of its on‑premise infrastructure and disrupting global operations. The company enlisted Palo Alto Networks’ Unit 42 to contain the breach, restore systems, and investigate the attack....
Apple Patches Dozens of Vulnerabilities in macOS, iOS
Apple issued 11 new security advisories on May 12, 2026, covering more than 60 CVEs in iOS/iPadOS 26.5—including 20 WebKit flaws—and nearly 80 vulnerabilities in macOS Tahoe 26.5. The patches also extend to macOS Sequoia 15.7.7, Sonoma 14.8.7, watchOS, tvOS...
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
SAP announced its May 2026 Security Patch Day, delivering 15 new security notes that address critical vulnerabilities in its flagship S/4HANA and Commerce platforms. The most severe flaws—CVE‑2026‑34260 and CVE‑2026‑34263—receive a CVSS score of 9.6 and could allow attackers to inject...
NetApp Collaborates with Red Hat to Help Advance Data Protection and Scale for Red Hat OpenShift Deployments
NetApp announced a suite of data‑management features tailored for Red Hat OpenShift and OpenShift Virtualization, aimed at accelerating backup, recovery, and disaster‑recovery operations. The updates introduce incremental‑forever backups with Change Block Tracking, a public‑preview DR‑as‑a‑service offering, and Trident Parallelism to remove...
Vidar Stealer Campaign Evades EDR to Steal Credentials
A new Vidar Stealer campaign uses malicious LNK shortcuts, environment‑variable string reconstruction, and layered PowerShell‑to‑Python payloads to bypass endpoint detection and response (EDR) tools. The chain starts with spear‑phishing ZIP archives, launches cmd.exe, then PowerShell to download an obfuscated batch...
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Cybercriminals have merged the ClickFix social‑engineering technique with PySoxy, a decade‑old open‑source SOCKS5 proxy, to create a modular post‑exploitation chain that persists without traditional malware. After the initial ClickFix compromise, attackers conduct reconnaissance before deploying PySoxy, which establishes a covert...
AI and an Absent Government: Takeaways From RSAC 2026
The 2026 RSA Conference highlighted AI as the dominant cybersecurity theme, with executives touting agentic AI’s ability to automate SOC tasks while researchers warned of new attack vectors such as AI‑driven ransomware and credential‑hijacking. Attendees also noted a stark absence...
OpenAI Gives European Companies Access to Its Latest Models to Bolster Resilience
OpenAI announced its "Trusted Access for Cyber" programme, granting European firms access to its newest models, including GPT‑5.5‑Cyber. Early participants span vital sectors such as telecom (Deutsche Telekom, Telefonica), finance (BBVA, Scalable Capital) and cybersecurity (Sophos). The move counters competitive pressure from...
Mini Shai Hulud Strikes Again Hitting over 100 Npm and PyPI Packages Including Mistral AI
The Mini Shai Hulud supply‑chain campaign has resurfaced, this time compromising more than 100 npm and PyPI packages, including popular TanStack libraries and Mistral AI’s TypeScript client. The attack spreads by harvesting CI/CD secrets and injects a credential‑stealing payload that...
Stop Blindly Trusting Your VPN: 8 Ways It Exposes Everything You Do Online
Many VPN users assume they are invisible online, but common leaks—DNS, IPv6, WebRTC, and connection drops—still expose their activity and real IP address. Operating‑system routing, browser fingerprinting, and unencrypted DNS can bypass VPN tunnels, revealing visited sites and identity. The...
Standard 90-Day Vulnerability Disclosure Policy Is Likely Dead Thanks to AI, Expert Warns that AI Can Weaponize Patches in 30...
AI‑driven large language models are accelerating vulnerability discovery, allowing exploits to be weaponized in as little as 30 minutes. Security researcher Himanshu Anand argues that the industry‑standard 90‑day disclosure window is effectively obsolete, citing recent Linux kernel bugs and a...
Cyber Attacks Still Biggest Fear for Utilities
A new Beazley survey of 3,500 global executives shows cyber attacks are now the top concern for 29% of energy and utilities leaders as digital, AI and supply‑chain integration increase exposure. Despite this, roughly 80% of firms say they are...
Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware
Hackers are compromising Microsoft Teams accounts and posing as internal IT support to push a new, undocumented version of the Python‑based ModeloRAT. The attackers deliver a PowerShell loader that writes a ZIP archive to %APPDATA%, extracts a portable WinPython environment,...
Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
Researchers disclosed a critical stored XSS flaw in Open WebUI’s profile picture upload that permits 1‑click remote code execution. By uploading a malicious SVG encoded as a base64 data URI, attackers can run JavaScript in a victim’s browser, harvest tokens,...
The Browser Is the Real Battleground for Businesses
Irish firms are increasingly vulnerable as browsers become the primary work hub, exposing a hidden attack surface that traditional endpoint security often misses. Attackers now exploit browser‑based vectors such as ClickFix fake CAPTCHAs, multi‑channel phishing, and malicious extensions to bypass...
Google Finds First AI-Developed Zero-Day that Bypasses 2FA — Self-Morphing Malware and Gemini-Powered Backdoors Signal a New Era of Cybercrime
Google’s Threat Intelligence Group disclosed the first AI‑crafted zero‑day that sidesteps two‑factor authentication in a widely used open‑source system administration tool. The exploit, a Python script, demonstrates how large language models can parse source code and locate logical flaws faster...
Why Agentic AI Is Security's Next Blind Spot
Agentic AI is already deployed across enterprises, executing tasks and accessing data without security oversight. The article outlines three agent categories—general‑purpose coding assistants, MCP‑enabled vendor agents, and custom user‑built agents—each presenting distinct risk profiles. It argues that security teams must...
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
North Korean threat actors have expanded their "Contagious Interview" campaign by embedding malicious pre‑commit Git hooks in fake coding‑assessment repositories. The hooks fingerprint the victim’s OS and silently download a platform‑specific payload from a disposable Vercel domain before the developer...
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A counterfeit TronLink Chrome extension, masquerading as the official wallet, has been discovered stealing users' private keys and seed phrases. The extension displays inflated user counts and uses Unicode homoglyphs to mimic the brand, while loading a remote interface that...
Chip-Processing Method Could Assist Cryptography Schemes to Keep Data Secure
MIT engineers unveiled two low‑cost hardware innovations that could reshape security and computing at the edge. First, they devised a twin physical‑unclonable‑function (PUF) fabrication method that splits a chip so each half shares a unique fingerprint, enabling direct authentication without...
South Staffordshire Water Fined £1m After Data Breach
South Staffordshire Water and its parent company were fined £1 million (about $1.4 million) by the UK Information Commissioner’s Office after a two‑year‑long cyber intrusion exposed personal data of more than 633,000 current and former customers and employees. The breach began with...
Europe and US Negotiate Deal to Share Citizens’ Biometric Data, UK Also Approached
The European Union and the United States are negotiating an Enhanced Security Border Partnership that would grant U.S. Homeland Security access to EU citizens' biometric data, including fingerprints, photos and genetic information. A leaked draft shows the agreement would enable...
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI unveiled Daybreak, an AI‑powered platform that combines GPT‑5.5 models with Codex Security to automate vulnerability detection, threat modeling, and patch validation. The service offers three model variants—including a Trusted Access version for verified defensive work and a permissive Cyber...
US Communications Regulator Targets Chinese Tech for Security Risks
The Federal Communications Commission announced a series of measures aimed at curbing security risks posed by Chinese‑origin communications equipment. The rules require carriers to identify, assess, and, where necessary, replace hardware and software from firms such as Huawei and ZTE...
The Invisible Insider: How AI Agents Enable Undetectable Trade Secret Theft – and What Companies Must Do Now
AI-driven agents can autonomously query, synthesize, and export corporate trade secrets without leaving traditional forensic footprints. By generating original‑looking outputs and enabling employees to photograph screen displays, these agents sidestep DLP, endpoint, and network alerts. The threat spans incremental queries,...
Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual...
On April 1, 2026 the Dutch Data Protection Authority fined MLU B.V., the operator of the Yango taxi app, €100 million (approximately $109 million) for illegal transfers of EU personal data to Russia. The regulator found the company relied on Standard Contractual Clauses meant for...
Meta Can’t Duck Majority of Android Advertising Tracking Claims
A federal judge in San Francisco ruled that Meta must face the bulk of a class‑action lawsuit alleging the company secretly circumvented Android’s sandbox to link users’ web‑browsing activity with their Facebook and Instagram accounts. The decision allows claims of...
The Path to Zero Trust: Bridging the Gap Between AI Development and OpSec
Artificial intelligence workloads are increasingly vulnerable when data is decrypted for processing, exposing sensitive information to hypervisor and cloud‑provider attacks. Confidential computing, leveraging trusted execution environments (TEEs) such as Intel TDX and AMD SEV‑SNP, encrypts data in use and isolates execution. Red Hat...
The Three Pillars of Trust: The Hardened OpenShift Foundation
Red Hat OpenShift’s new security framework centers on three pillars—integrity, isolation, and identity—to meet the rising demands of generative AI and digital sovereignty. The roadmap introduces node attestation, confidential virtual machines, post‑quantum cryptography, AI Bill of Materials scanning, and a zero‑trust...
GE HealthCare Recalls Certain CT Systems Due to 'Security Vulnerability'
The U.S. FDA has issued a Class 2 recall for GE HealthCare's Revolution series CT scanners after identifying a security vulnerability in the AW Server accessed through Edison Health Link. Approximately 200 systems worldwide are affected, prompting GE to issue Urgent...
Why 62% of Organizations Still Cannot Scale AI Safely
A Stanford AI Index report shows 62% of organizations view security and risk as the primary obstacle to scaling agentic AI, outpacing technical or regulatory concerns. The same data reveals AI‑related incidents jumped from 30% to 50% of firms between...
Can Hackers Break Encrypted USB Drives? I Tried to Find Out
The Kingston IronKey Locker+50 G2 is a hardware‑encrypted USB flash drive that protects data with a dedicated encryption chip. It uses 256‑bit AES‑XTS and wipes its keys after ten failed password attempts, ensuring data is unrecoverable. The drive includes an on‑screen...
Texas Obtains Smart TV Privacy Settlement With LG — Here’s What Changes
Texas Attorney General Ken Paxton secured a settlement with LG Electronics that forces the company to disclose and give users an opt‑out for Automated Content Recognition (ACR) data collection on its smart TVs. The agreement requires a pop‑up notice, a...
Modernizing Wastewater Systems: SCADA, Remote Monitoring & Cybersecurity for Resilient Operations
Wastewater utilities are accelerating digital upgrades to replace legacy SCADA, add remote monitoring, and tighten cybersecurity as regulatory pressure and aging assets mount. The industry’s shift toward interoperable, cloud‑ready control platforms promises greater visibility across dispersed lift stations and treatment...
IPhone-Android RCS Conversations Are End-To-End Encrypted In iOS 26.5
Apple announced that iOS 26.5 now supports end‑to‑end encryption for RCS messages exchanged with Android devices, bringing cross‑platform chats to the same security level as iMessage. The feature is released as a beta and requires carrier support on both the iPhone...
Webinar to Demystify Biometric Physical Access Control Decisions
Biometric Update and Goode Intelligence are hosting a free webinar on May 19 to dissect the latest trends in biometric physical access control, featuring a new market report that forecasts the sector surpassing $9.8 billion by 2028. The event will showcase...