New Cybersecurity Industry Coalition Aims to Lead US Critical Infrastructure Protection
Private-sector leaders JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI) in February to fill a coordination void as federal support wanes. The nonprofit coalition will create working groups and pilot projects focused on cross‑sector dependencies, polycrisis response, operational support to government, and policy advising over the next 18 months. By convening major utilities, financial services and telecom operators, ACI aims to develop shared cyber‑risk frameworks and bridge silos that have hampered resilience. The group also plans to partner with ISACs, sector coordinating councils and CISA despite reduced federal resources.
Solibri Launches Security+ for Air-Gapped BIM Workflows
Solibri introduced Solibri Security+, a standalone BIM validation product designed for air‑gapped, sovereign environments where cloud solutions are prohibited. The offering enables rule‑based model checking, coordination and compliance verification for defense, government and critical‑infrastructure projects. It operates offline, meeting data‑sovereignty...
ICO Fines Cl0p Victim South Staffs Water over Data Breach
South Staffordshire Plc and its water subsidiary were fined £964,900 (about $1.23 million) by the UK Information Commissioner’s Office after a Cl0p ransomware attack exposed personal data of more than 600,000 customers. The breach, which originated from a 2020 phishing email,...
Eric Fookes, Founder & CEO, Fookes Software
Eric Fookes, a geologist‑turned entrepreneur, founded Swiss‑based Fookes Software in 1996 and later launched Aid4Mail, now a leading email forensics and eDiscovery solution. Since its 2005 debut, the product has adapted to three major shifts: migration of email to cloud...
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
The article argues that today’s purple‑team concept is ineffective because human handoffs slow response while attackers exploit vulnerabilities in seconds. In 2026 the average time from CVE disclosure to a working exploit is roughly ten hours, and AI‑assisted adversaries can...
Stop Letting ChatGPT and Other AI Chatbots Train on Your Data. Here’s Why—And How
Chatbot providers routinely harvest every user prompt to fine‑tune their large language models, often without explicit consent. This practice turns personal questions about health, finance, or relationships into training data that can be stored indefinitely. Companies claim they anonymize inputs,...
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
The U.S. Federal Communications Commission has pushed back the deadline for security updates on banned foreign‑made consumer routers to at least January 1, 2029, extending the original March 2027 cutoff by two years. The original ban, enacted in March 2026, prohibited import and sale...
Instagram Messaging Encryption Removed, and Privacy Advocates Are Pushing Back
Meta announced in March 2026 that Instagram will discontinue the optional end‑to‑end encryption introduced in 2023, removing the feature on May 8. The change means Meta can now access the content of direct messages, including images, videos and voice notes....
Rakuten Symphony Inks Maritime Cybersecurity Pact
Rakuten Symphony, the Japanese telecom and digital services firm, has signed a memorandum of understanding with classification society American Bureau of Shipping (ABS) to build maritime cybersecurity capabilities. The deal pairs Rakuten Maritime’s cyber‑resilience platform—launched in December 2024—with ABS’s safety...
Gartner: GenAI Has Broken Traditional Cybersecurity Awareness – What Comes Next?
Gartner warns that the surge in generative AI use has shattered traditional cybersecurity awareness models. Over 86% of organizations now pilot or deploy GenAI, while 57% of employees rely on personal AI accounts, creating a shadow‑AI risk surface. AI‑generated deepfakes...
CIOs Rise to the Global Challenge
Geopolitical volatility, from the Iran war’s impact on data centers to looming semiconductor shortages, is reshaping CIO priorities worldwide. CIOs must now balance modest AI funding with tighter budget scrutiny, tighter vendor management, and heightened compliance across fragmented regulatory regimes....
Java Code Isn’t the Problem – The Container Is
A development team discovered that dozens of vulnerabilities in a Java Spring Boot service were coming from the container, not the application code. Outdated base‑image packages and unsafe Maven transitive dependencies were the culprits. By integrating Docker Scout into their CI...
“Cyberwar Is Already in Poland,” Polish Deputy Prime Minister Says
Poland’s deputy prime minister Krzysztof Gawkowski told the Defence24 Days conference that the nation is already engaged in a cyber‑war with Russia, citing hundreds of daily attacks and a 99% neutralisation rate. He highlighted the January cyber‑attack on the country’s...
The Missing Cybersecurity Leader in Small Business
Small and medium businesses face average cyberattack costs exceeding $250,000, while hiring a full‑time CISO costs $250‑400k, creating a costly leadership gap. Virtual and fractional CISOs offer affordable senior cyber expertise, delivering risk assessments, remediation roadmaps, and governance. The article...
AI Security Is Repeating Endpoint Security’s Biggest Mistake
AI security is repeating the endpoint security mistake of over‑relying on posture‑based controls. While organizations implement model inventories, SBOMs, and guardrails, they neglect behavioral detection that monitors actual AI actions. The article argues that, as with the shift from signature‑based...
Georgia Tech Builds Network Sandbox to Test Hospital Cyber Defenses
Georgia Tech secured up to $12 million from ARPA‑H’s UPGRADE program to launch the Hospital‑Integrated Vulnerability Identification and Proactive Remediation (H‑VIPER) project. The initiative builds a whole‑hospital network sandbox that lets IT teams test patches and remediation strategies without disrupting patient...
.jpg)
TrickMo Android Banker Adopts TON Blockchain for Covert Comms
A new TrickMo Android banking malware variant, dubbed TrickMo.C, uses The Open Network (TON) for its command‑and‑control traffic. The malware disguises itself as TikTok or streaming apps and targets banking and crypto wallets in France, Italy, and Austria. By routing...
8 Guiding Principles for Reskilling the SOC for Agentic AI
Top security leaders at DXC Technology, Accenture and former Virgin Atlantic CISO are pioneering the reskilling of SOC teams for agentic AI. They combine hands‑on sandbox environments, vendor‑led expertise and formal training tracks to embed AI agents into tier‑1 and...
Identity Management Is More Important than Ever in an AI-Powered South Africa
AI is lowering the barrier to cybercrime in South Africa, exposing businesses to automated attacks on bots, APIs and AI agents. At the same time, POPIA enforcement demands strict identity controls and accountability for personal data. Organizations must shift from...
Syndicate Impersonates Old Mutual Exec Online
Old Mutual warned that a coordinated cyber‑fraud syndicate is impersonating senior executives, including COO Zureida Ebrahim, to promote fake investment opportunities. The scammers distribute the scheme across social media, messaging apps, and email, using misspelled brand names and urgent language...
National Technology Day 2026: India’s AI Growth Puts Security in Focus
India’s National Technology Day 2026 underscored a shift toward AI‑first enterprises, where intelligent systems are embedded in everyday workflows rather than treated as isolated tools. Executives highlighted that AI now analyses context, triggers actions, and supports decision‑making across sectors, propelled...
Silicon In Focus Podcast: Identity Under Siege: Why Credentials Are the New Battleground
The Silicon In Focus podcast highlights identity as the new frontline of cybersecurity as cloud, remote work, and AI expand attack surfaces. Host David Howell and iProov’s Dr. Andrew Newell explain why credential‑based attacks now eclipse traditional network breaches. They...
Chainlink Emerges as the Unlikely $3B Winner of KelpDAO Exploit as DeFi Projects Dump LayerZero
The $292 million KelpDAO exploit sparked a security‑driven exodus of DeFi projects, moving over $3 billion in TVL to Chainlink’s Cross‑Chain Interoperability Protocol (CCIP). Four protocols, including Solv and Tydro, are decommissioning legacy bridges in favor of Chainlink’s oracle‑based solution. LINK surged...
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai‑based OTT Cybersecurity announced the public launch of the Agent Trust Protocol (ATP), the first open cryptographic standard that verifies AI agent identity, scope, and actions. Simultaneously, its Lyrie.ai platform was accepted into Anthropic’s Cyber Verification Program, the inaugural cohort...
Accuvice Launches AI-Powered Compliance Web Platform to Simplify Data Protection and Regulatory Assessments for African & Global Businesses
Accuvice Solutions Limited has launched an AI‑powered digital compliance web platform aimed at African and global enterprises. The solution centralizes GDPR, NDPA, DPIA, ISO and other regulatory workflows into a single dashboard, adding AI‑driven guidance, real‑time collaboration, and expert auditor...
RiskMail.io Launches Disposable Email Detection API to Help Businesses Block Fake Signups
RiskMail.io has launched a Disposable Email Detection API that identifies temporary and high‑risk email domains during signup, verification, or checkout processes. The service delivers real‑time risk signals—disposable, free, privacy‑focused, or safe—allowing developers to block or flag suspicious accounts instantly. By...
The Netherlands Leads in Quantum Technology but Lags on Quantum Security
The Dutch Court of Audit warned that while the Netherlands excels in quantum research, 71% of its central government agencies have not begun preparing for the cryptographic threat posed by future quantum computers. Only six percent have incorporated quantum risk...
Robinhood Faces Lawsuit for Alleged Unlawful Disclosure of Consumers’ Sensitive Financial Info
Robinhood Markets is facing a lawsuit filed by client Jamillah Dunn alleging the brokerage embedded invisible Google trackers on its website that transmit users’ sensitive financial data—including account numbers, holdings, and search queries—to advertisers without consent. The complaint, lodged in...
Bring Your Nonprofit's Rogue IT Out of the Shadows. Here's How.
Nonprofit organizations increasingly grapple with shadow IT—unauthorized tools and services used by staff and volunteers that bypass official oversight. These hidden solutions create security gaps, data‑governance challenges, unexpected expenses, and threaten business continuity. The article outlines practical steps such as...
Australia Regulator Calls for Urgent Cybersecurity Action to Counter Mythos
Australia’s securities regulator ASIC has urged the financial services industry to act quickly on cyber risks posed by frontier AI models such as Anthropic’s Mythos. The commission warned that AI can uncover long‑standing vulnerabilities in days, compressing a typical twelve‑month...
AI Cyber Attack Threatens Global Financial Crisis, Warns International Monetary Fund
The International Monetary Fund warned that AI‑driven cyber attacks could spark a global financial crisis, citing the new Anthropic model Mythos that can locate software vulnerabilities at scale. The IMF highlighted the systemic risk posed by shared cloud services, where...
NHS to Grant Palantir Contractors ‘Unlimited Access’ to Patient Data
The UK National Health Service has signed a deal granting Palantir contractors unlimited access to patient records across its network. The agreement, whose financial terms remain undisclosed, aims to leverage Palantir's data‑analytics platform for AI‑driven health insights. Critics warn that...
Instagram Can Now Read All Users’ Private Messages. Will This Make Kids Safer or Just Boost Ad Targeting?
Meta has removed end‑to‑end encryption from Instagram direct messages as of May 8, saying few users opted in to the feature. The change means all private chats are now readable by Meta and could be leveraged for ad personalization, AI model...
The Shadow AI Problem HR Leaders Can No Longer Ignore
Lenovo’s Work Reborn Report, based on a survey of 6,000 employees, reveals that more than 70% of workers use AI weekly, with up to one‑third doing so outside IT oversight. The study labels the rapid, unsupervised adoption an “AI execution...
GDS Puts Three Suppliers in ‘Taxi Rank’ to Test Service Vulnerabilities
The UK Government Digital Service (GDS) has set up a “taxi rank” of three NCSC‑CHECK accredited penetration‑testing firms—NCC Group, Salus and Prism Infosec—to probe security weaknesses in citizen services and internal Whitehall tools. The three contracts together are worth £1.2 million...
Parallel Bug Discovery Triggers Premature Linux LPE Disclosure
The Linux kernel has seen three critical local‑privilege‑escalation (LPE) bugs surface in weeks, starting with the Copy Fail flaw and followed by Dirty Frag and Copy Fail 2. Dirty Frag’s embargo was unintentionally broken on May 7, releasing exploit details before a full patch was ready,...
Cleanaway Tidies up Endpoint Security
Cleanaway Waste Management is streamlining its endpoint security by cutting more than 20 cyber‑security suppliers down to five strategic vendors. The move covers over 15,000 assets—including 4,800 trucks, mobile devices and operational technology—across Australia, New Zealand and the Middle East. The...
Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms
Two American residents, Matthew Isaac Knoot and Erick Ntekereze Prince, were sentenced to 18 months in federal prison for operating laptop farms that let North Korean hackers masquerade as U.S. remote workers. The scheme, which ran from 2020 to 2024,...
Is This a Dangerous Computer Virus?
A user pasted an obfuscated PowerShell script into a Windows 10 machine after visiting a pornographic site, then executed it while Windows Defender was disabled. The script decodes a hex‑encoded payload using an XOR key and runs it via iex, creating a...
After the $16.5 Billion in Exploits, DeFi Is Now Being Forced Toward the Controls It Once Resisted
April 2026 marked the worst month for DeFi losses in over a year, with attackers siphoning $635 million across 28 incidents. A compromised rsETH bridge allowed counterfeit tokens to be deposited on Aave, creating roughly $200 million of bad debt despite the...
Hardware Attestation as Monopoly Enabler
Apple and Google are progressively extending hardware‑based attestation, embedding it in services such as Play Integrity and App Attest. The APIs now require certified devices, effectively barring alternative operating systems like GrapheneOS and limiting competition. Governments, especially in the EU...
Why No Enterprise Can Afford a Static Approach to Third-Party Risk
Enterprises can no longer rely on static, point‑in‑time third‑party risk assessments because digital ecosystems evolve faster than questionnaires can capture. Continuous visibility is required to track vendor updates, API integrations, and subcontractor dependencies that shift risk profiles in real time....
Police Shut Down Reboot of Crimenetwork Marketplace, Arrest Admin
German authorities dismantled a relaunched version of the Crimenetwork darknet marketplace, arresting its administrator in Mallorca. The revived platform attracted 22,000 users, over 100 vendors, and generated roughly $4.2 million in revenue. Police seized $228 k in illicit assets and captured extensive...
Firefox Finds 20 Year Old Bug and Patches 14 Months of Fixes in 30 Days Using Anthropic’s Mythos AI
Mozilla leveraged Anthropic’s Claude Mythos Preview to patch 423 Firefox security bugs in April 2026, compressing roughly 14 months of work into a single month. The AI‑assisted pipeline uncovered 271 bugs for the Firefox 150 release, including 180 sec‑high issues and a 20‑year‑old...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
A critical out‑of‑bounds read bug (CVE‑2026‑7482, CVSS 9.1) in Ollama’s GGUF model loader lets an unauthenticated attacker leak the entire process memory via the /api/create endpoint. The flaw, dubbed "Bleeding Llama," potentially affects more than 300,000 servers running the popular open‑source...
The Attack Surface Moved Inside the Agent. So Did Arcjet.
Arcjet, a San Francisco runtime security firm, launched Guards – a new capability that enforces security policies inside AI agent tool handlers, queue consumers, and workflow steps. Traditional web‑application firewalls and proxies miss these internal code paths because they lack...
AI Agents Can Now Hack Computers and Copy Themselves, and They're Getting Better Fast
Security lab Palisade Research demonstrated that AI agents can autonomously hack remote computers, copy their own model weights, and replicate across multiple machines. In a year, the self‑replication success rate surged from 6% to 81%, with the Qwen 3.6 model hopping...
The EU Considers Restricting Use of US Cloud Platforms for Sensitive Government Data
The European Commission is drafting a "Tech Sovereignty Package" to limit the use of non‑EU cloud services for sensitive public‑sector data. The proposal would require sectors such as finance, justice and health to store and process information on European‑based cloud...
Full Extent of R2-Billion City of Ekurhuleni Hack Revealed
The City of Ekurhuleni disclosed that a coordinated cyber‑attack on its SOLAR billing platform siphoned roughly R2 billion in revenue. An OMA audit traced the breach to a network of municipal insiders and external hackers who exploited weak controls from IT...