AusPost Warns of Growing Online Scam Threat
Australia Post warns that scams targeting sellers on online marketplaces have surged, with more than 2,500 reports this year. Fraudsters pose as buyers on platforms like Facebook Marketplace, sending fake QR codes or links that mimic Australia Post’s courier service to harvest personal and financial details. The postal service’s eCommerce report shows Australians spent AU$18.9 billion (≈US$12.5 billion) on marketplace purchases, creating a lucrative environment for scammers. Australia Post stresses it does not handle payments or provide courier services for Facebook Marketplace and advises users to use the official app and avoid sharing information via suspicious links.
Quantum-Secure Satellite Communications and the Future of Protected Networks
Quantum‑secure satellite communications are transitioning from concept to early service architecture, using quantum key distribution from orbit to protect high‑value links. Government programs such as ESA’s SAGA, the QKDSat‑Redwire partnership, and Canada’s QEYSSat illustrate strategic investment driven by sovereignty and...
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
A tentative cease‑fire between Iran, the United States and Israel is unlikely to halt cyber attacks from Iran‑linked groups. Pro‑Iranian hacktivist collective Handala announced it will pause attacks on U.S. targets but continue striking Israel, warning it will resume U.S....
Fake QR Codes Make for Easy Scams – Be Careful What You Scan Out There
QR codes have become ubiquitous for payments, menus, and transport, but their convenience also makes them a prime vector for scams. Cybercriminals employ "quishing"—QR‑based phishing—to redirect users to counterfeit login or payment sites, often by overlaying fake stickers on legitimate...
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Russian GRU‑backed APT28, also known as Fancy Bear, has been exploiting long‑standing bugs in consumer‑grade SOHO routers such as MikroTik and TP‑Link to intercept web traffic worldwide. By reconfiguring DNS settings on compromised devices, the group silently siphons email credentials and...
Stateless Hash-Based Signatures for AI Model Weight Integrity
Enterprises deploying AI agents with Model Context Protocol (MCP) must test cryptographic safeguards in realistic cloud sandboxes. Simulating post‑quantum algorithms such as Kyber and Dilithium on high‑entropy instances reveals significant CPU and latency overhead, especially under heavy agent loads. Proper...
OCR Releases Risk Management Video
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released a new video that explains the HIPAA Security Rule’s risk‑management requirement. The presentation, led by senior cybersecurity advisor Nicholas Heesters, expands OCR’s earlier Risk Analysis...
The Free Ticket You Just Got Offered to Mumbrella360 Is Not Legitimate
Mumbrella has warned that a phishing email offering a free ticket to its Mumbrella360 conference is fake. The scam uses the sender name “The Mumbrella Team” and the address messaging-service@post.xero.com, with the subject line “Your Complimentary Mumbrella360 Ticket.” Recipients are...
Cloud Vs. Local Backup: Which Is Right for Your Organization?
Enterprises are weighing cloud versus local backup as data protection strategies evolve. Cloud backup delivers low upfront costs, unlimited scalability and off‑site disaster recovery, but ongoing storage and egress fees can erode savings. Local backup offers rapid on‑site restores and...
When AI Can Hack Anything, Identity Becomes Everything
Anthropic’s upcoming Claude Mythos model is being touted as far ahead of any existing AI in cyber‑offensive capability, signaling a new wave of tools that can automate vulnerability discovery and exploitation. The more immediate danger, however, is AI‑driven impersonation: 81%...
Anthropic's Mythos Raises Questions for Cybersecurity Startup Valuations
Anthropic unveiled the Mythos Preview frontier model, claiming it can spot thousands of high‑severity vulnerabilities across major operating systems and browsers. The announcement triggered a market reaction, with Qualys shares down about 10% and Tenable off roughly 15% since the...
Cybercriminals Target Accountants to Drain Russian Firms’ Bank Accounts
Cybercriminal group Hive0117 launched a wave of phishing attacks on Russian accountants between February and March 2026, compromising over 3,000 firms. The campaign deployed the DarkWatchman remote‑access trojan, allowing hackers to log into corporate banking portals and create fake salary...
Hackers Use Pixel-Large SVG Trick to Hide Credit Card Stealer
Security firm Sansec uncovered a large‑scale campaign that injects a 1×1‑pixel SVG into Magento stores to deliver a credit‑card skimmer. The malicious SVG uses an onload handler with a base64‑encoded payload, bypassing traditional script‑based scanners. The attack exploits the PolyShell...
Anthropic Wants Competitors Using Mythos
Anthropic unveiled its frontier AI model, Mythos, but kept it private while launching a defensive cyber program called Glasswing. The initiative is designed to shield the model from cyber threats and already includes active competitors, including OpenAI. Logan Graham, head...
Feds Grade Themselves High Despite Legacy Gaps
A new EY survey shows 85 % of federal agency leaders rate their cybersecurity posture as an “A” or “B,” even though only one‑in‑five have completed a full migration to modern, secure platforms. Roughly half of AI‑driven defense projects are still...
Malaysia Faces Structural Shift in Cyber Threats
Malaysia's cyber threat landscape is undergoing a structural shift as rapid digitization outpaces defenses. China‑linked APT groups such as APT41 and Mustang Panda are probing semiconductor and government networks, while financially motivated actors like Lazarus Group and FIN7 target banks...
Olympics Offer IR Lessons for Everyday Firms
The Milan‑Cortina Winter Olympics served as a live cyber‑stress test, exposing a 180% surge in DDoS attacks and coordinated phishing attempts. CISA officials highlighted that the same tactics used against the Games will soon target the FIFA World Cup, underscoring...
The 2026 Digital Omnibus
The European Commission’s Digital Omnibus, unveiled in November 2025, seeks to streamline the EU’s fragmented digital regulatory regime by consolidating reporting portals and aligning definitions across GDPR, the AI Act, NIS2 and DORA. Key proposals include a Single Entry Point for...
This Brazen LAPD Hack Is a Warning for Companies. Make Sure Yours Is Secure by Taking These Simple Steps
Hackers identified as the World Leaks group breached the Los Angeles Police Department’s digital storage, stealing roughly 7.7 terabytes of data across more than 337,000 files. The leak includes sensitive law‑enforcement case files, witness information, health data and other records rarely...
LinkedIn Scanning Users' Browser Extensions Sparks Controversy and Two Lawsuits
LinkedIn is facing two class‑action lawsuits in California alleging it secretly scans users’ browsers to identify installed extensions. The suits rely on a German “BrowserGate” report by Fairlinked, which is linked to Estonian firm Teamfluence that previously sued LinkedIn for...
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic and 11 other industry leaders launched Project Glasswing, a coalition aimed at securing critical software using the new Claude Mythos Preview AI model, which claims to discover zero‑day vulnerabilities faster than existing tools. The initiative signals a potential shift...
Threat Actors Get Crafty With Emojis to Escape Detection
Threat actors are increasingly embedding emojis in malicious communications to evade detection and streamline coordination across platforms such as Telegram, Discord, and underground forums. Flashpoint’s latest analysis highlights the Pakistan‑linked APT group UTA0137 using the Disgomoji malware, which interprets simple...
How State and Local Governments Are Securing the 2026 Midterm Elections
Los Angeles County processed roughly one billion network events during the 2024 election, leveraging AI to filter threats and enforce a zero‑trust, air‑gapped architecture for vote‑counting machines. The county also deployed Cradlepoint E3000 routers with NetCloud Manager to create secure, carrier‑agnostic...
Vibhor Kumar: AI at the Edge, Truth in Postgres
Edge AI is maturing as latency, privacy and regulatory constraints push computation and state to the source of data. PostgreSQL 18, with async I/O, OAuth authentication, row‑level security and skip‑scan support, provides a trustworthy local ledger for these workloads. The...
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HackerOne announced on March 27 that it will pause new vulnerability submissions to its Internet Bug Bounty (IBB) program, citing an unsustainable surge of AI‑generated reports that outpace open‑source maintainers' remediation capacity. The influx has driven valid findings down from roughly...
Agencies Warn Iranian-Linked Hackers Targeting Critical Infrastructure
U.S. agencies warned that Iranian‑linked hacker groups are exploiting programmable logic controllers (PLCs) across multiple critical‑infrastructure sectors, causing operational disruptions and financial losses. The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the FBI urging immediate mitigation...
Disney, Google Seek Dismissal Of Children's Privacy Claims
Disney and Google are asking a California federal judge to dismiss a class‑action lawsuit that accuses them of violating the Children’s Online Privacy Protection Act by failing to label child‑directed YouTube videos as “Made for Kids,” which allegedly enabled targeted...
New macOS Stealer Campaign Uses Script Editor in ClickFix Attack
Security researchers have identified a new macOS stealer campaign that leverages the built‑in Script Editor to deliver the Atomic Stealer (AMOS) malware. The attack uses an “applescript://” URL from fake Apple‑themed cleanup sites, launching a pre‑filled script that runs an...
I Didn't Realize How Many Ways Google Was Tracking Me Until I Checked These Settings
The article reveals how deeply Google tracks users through services like Web & App Activity, personalized ads, and third‑party app connections. It walks readers through step‑by‑step instructions to pause or delete activity logs, disable ad personalization, and revoke app permissions....
Reclaim Developer Hours Through Smarter Vulnerability Prioritization with Docker and Mend.io
Mend.io has integrated with Docker Hardened Images (DHI) to deliver a zero‑configuration solution that automatically distinguishes base‑image vulnerabilities from application‑layer risks. By leveraging Docker’s VEX (Vulnerability Exploitability eXchange) data, the platform filters out non‑exploitable and unreachable CVEs, allowing developers to...
CISA Orders Feds to Patch Exploited Ivanti EPMM Flaw by Sunday
CISA has placed Ivanti Endpoint Manager Mobile (EPMM) in its Known Exploited Vulnerabilities catalog and issued a Binding Operational Directive requiring federal agencies to patch the critical CVE‑2026‑1340 flaw by April 11. The code‑injection bug enables unauthenticated remote code execution on...
Arelion Employs NETSCOUT Arbor DDoS Protection Products
Arelion, a Tier‑1 IP backbone provider serving 129 countries, has deepened its partnership with NETSCOUT to modernize its DDoS defense. After 16 years using Arbor Sightline and the Threat Mitigation System, Arelion added three NETSCOUT offerings—Sentinel, ATLAS Intelligence Feed, and...
6 Winter 2026 G2 Leader Badges Prove This DDoS Protection Stands Out
NETSCOUT’s Arbor Threat Mitigation System (TMS) captured five G2 leader badges for winter 2026, spanning enterprise DDoS protection, momentum, regional Asia, and web security categories. Its companion solution, Arbor Sightline, earned a leader badge in enterprise network management. The awards...
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Researchers have identified a new Chaos malware variant that now targets misconfigured cloud deployments, such as a deliberately vulnerable Hadoop instance. The updated 64‑bit ELF binary drops a SOCKS proxy feature while removing its previous SSH‑based spreading mechanisms. The attack...
Why Operationalizing AI Security Is the Next Great Enterprise Hurdle
NWN announced an AI‑powered managed security operations suite built on its Experience Management Platform (EMP). The offering stitches together telemetry from Palo Alto Networks, Cisco and Arctic Wolf into a single control plane, aiming to tame the 50‑80 tool sprawl...
Passport Numbers for More than 300,000 Leaked During December Eurail Data Breach
Eurail B.V., the Dutch‑based rail‑pass provider, disclosed a December 26 cyber‑attack that exposed personal data for 308,777 customers, including passport numbers. Hackers copied the information and posted a sample on Telegram, while offering the full dataset for sale on the dark...
How Botnet-Driven DDoS Attacks Evolved in 2H 2025
In the second half of 2025, DDoS attacks remained numerically steady but grew dramatically in scale and sophistication. AI‑enhanced DDoS‑for‑hire services enabled even non‑technical actors to launch multiterabit floods, with IoT botnets such as TurboMirai reaching 30 Tbps and 4 gigapackets per...
Perpetuals Launches Quantum Resilient Security Service to Strengthen Encryption Standards Across Financial Markets
Perpetuals.com Ltd announced Quantum‑Resilience‑as‑a‑Service (QRaaS), a security offering that injects quantum‑derived entropy into existing cryptographic processes for financial institutions and other high‑value users. The service integrates with RSA, AES and TLS without requiring system‑wide algorithm changes, using PCIe QRNG hardware,...
HaystackID Named Finalist for Intelligent Insurer’s Cyber Insurance Awards USA 2026 in Two Categories
HaystackID has been named a finalist in two categories of Intelligent Insurer’s Cyber Insurance Awards 2026, recognizing its VALID™ suite and overall cybersecurity solutions. The awards, now in their third year, spotlight firms that help insurers and insureds manage escalating...
Hack-for-Hire Spyware Campaign Targets Journalists in Middle East, North Africa
A suspected Indian‑linked hack‑for‑hire group, identified as the Bitter APT, has been deploying Android ProSpy spyware against journalists and activists across the Middle East and North Africa. The campaign, active since at least 2022, uses spear‑phishing messages from fake social‑media...
Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign
The Department of Justice and FBI announced the takedown of a Russian GRU‑run cyber‑espionage operation, dubbed Operation Masquerade, that compromised thousands of home and small‑office routers, primarily TP‑Link devices, across 23 U.S. states and abroad. The attackers, identified as the APT28/Fancy Bear...
Anthropic’s Project Glasswing May Not Be Enough to Prevent Model Abuse
Anthropic launched Project Glasswing, a coalition with AWS, Apple, Nvidia, JPMorgan Chase and Palo Alto Networks, to protect critical software using its Claude Mythos preview model. Mythos can autonomously discover thousands of vulnerabilities across major operating systems and browsers, highlighting...
Google API Keys Quietly Gain Access to Gemini on Android Devices
A flaw in Google’s API‑key system automatically grants Gemini AI access to any key once the service is enabled, exposing Android apps to unauthorized use. CloudSEK’s analysis of 10,000 apps uncovered 32 active keys in 22 applications that together have...
Hackers Steal and Leak Sensitive LAPD Police Documents
Hackers infiltrated the Los Angeles Police Department’s internal network and exfiltrated thousands of sensitive files, including officer personnel records, internal‑affairs investigations, and unredacted discovery documents. The data was posted online by the Distributed Denial of Secrets platform, which identified the...
ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet
A new campaign is hijacking publicly exposed ComfyUI instances—an open‑source UI for stable diffusion models—to run illicit cryptocurrency mining and proxy botnet operations. Threat actors scan cloud IP ranges with a custom Python tool, exploiting unauthenticated deployments to execute malicious...
Synthetic Identities And Malicious Bots Boost Fraud Attacks, LexisNexis Says
LexisNexis Risk Solutions reports synthetic‑identity fraud as the fastest‑growing fraud type in 2025, representing 11% of global fraud—a rise eight‑fold from 2024. The surge is driven by criminals using generative AI to craft realistic identities, especially in Latin America, which...
Telenor Facing Legal Action over Myanmar Claims
Telenor is facing a Norwegian class‑action lawsuit filed by the Justice and Accountability Initiative on behalf of Myanmar customers, accusing the telecom of handing over user data and surveillance technology to the military junta. The suit alleges that at least...
Telenor Sued Over Claims It Exposed Myanmar Customers to Junta Repression
A Swedish non‑profit has filed a class‑action lawsuit in Norway on behalf of more than 1,200 Myanmar citizens whose call‑log and location data were allegedly handed to the military junta by Telenor’s local subsidiary. The complaint seeks €9,000 (about $10,500)...
Timor-Leste Is Vulnerable to ‘Infiltration by Foreign Organized Crime’, President José Ramos-Horta Says
Timor‑Leste’s president José Ramos‑Horta warned that the island nation is vulnerable to infiltration by foreign organized crime. Australian Federal Police have deployed digital‑forensics and cyber experts to help local law enforcement after a December 2025 visit. A joint Guardian‑OCCRP investigation linked...
Latest $285M Crypto Hack Suggests Next Major Exploit Could Come From ‘Compromised’ Developers
On April 1, Drift Protocol halted deposits after a coordinated attack that siphoned roughly $285 million in a 12‑minute drain. investigators linked the breach to the same actors behind the October 2024 Radiant Capital hack, identifying a social‑engineering campaign that compromised multisig signers...
