Russian Cyber Spies Targeting Consumer, Soho Routers
The UK National Cyber Security Centre and Microsoft have uncovered a large‑scale DNS hijacking operation run by Russian APT28, also known as Fancy Bear, targeting vulnerable consumer and small‑office routers. The campaign, active since August 2025, has compromised over 200 organisations and more than 5,000 home devices, rerouting traffic through malicious servers to steal credentials via adversary‑in‑the‑middle attacks. The findings arrive as the US FCC tightens restrictions on routers manufactured abroad, a move that addresses supply‑chain risk but not inherent firmware weaknesses. Experts warn that insecure routers remain an easy foothold for nation‑state actors.
Inside Intelligent Enterprises
Wipro and Intel have launched the WINGS.OTNxT.AI platform, an end‑to‑end managed service that unifies operational technology (OT) and Internet of Things (IoT) environments for manufacturers. The solution, already deployed by more than 40 customers, combines device inventory, secure networking, vulnerability...
Asylon and Thrive Logic Bring Physical AI to Enterprise Perimeter Security
Asylon and Thrive Logic have partnered to embed physical AI into enterprise perimeter security, combining Asylon’s autonomous robotic patrols with Thrive Logic’s AI‑driven analytics and automated incident workflows. The integration streams video from mobile robots to the AI platform, which...
1 Billion Microsoft Users Warned As Angry Hacker Drops 0-Day Exploit
Security researcher released the BlueHammer zero‑day exploit targeting Windows, affecting roughly one billion Microsoft users worldwide. The exploit enables privilege escalation at the kernel level and, unlike typical disclosures, no patch exists yet. Microsoft has acknowledged the threat and is...
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
The RSAC 2026 conference opened with AI taking center stage, as vendors aggressively promote AI‑driven security solutions, including ambitious agentic AI that could augment or replace traditional security‑operations centers. Executives debated the scalability of the "human‑in‑the‑loop" model, with Vodafone’s CISO Emma Smith...
Severe StrongBox Vulnerability Patched in Android
Google released the April 2026 Android security patch, fixing two high‑profile flaws: a local denial‑of‑service bug (CVE‑2026‑0049) in the Framework and a high‑severity vulnerability (CVE‑2025‑48651) affecting StrongBox, the hardware‑backed keystore. StrongBox implementations from Google, NXP, STMicroelectronics and Thales are impacted. While...
VMRay Joins the Microsoft Intelligent Security Association
VMRay announced its membership in the Microsoft Intelligent Security Association (MISA), joining an ecosystem of security vendors integrated with Microsoft’s security stack. The company’s deep‑malware analysis platform now connects directly with Microsoft Sentinel and Microsoft Defender for Endpoint, adding behavior‑based...
Standard Bank Notifies Clients of Data Breach
Standard Bank, Africa’s largest lender by assets, disclosed a data breach that exposed business client records such as account numbers, limited account information, business names, and ID or registration numbers. The bank emphasized that its transactional banking systems were not...
Up to 28,000 Employees Could Have Been Affected by Paperwork Data Breaches in 2025
Officeology’s analysis of UK Information Commissioner’s Office (ICO) data shows 11,141 paperwork‑related data breaches were reported between 2020 and 2025, with 1,820 incidents in 2025 alone. Employee information featured in 330 of those 2025 cases, potentially exposing up to 28,000...
UK Exposes Russian Cyber Unit Hacking Home Routers to Hijack Internet Traffic
British officials warned that Russian GRU‑linked hackers, known as Fancy Bear or APT28, are compromising home and small‑office routers to hijack internet traffic. The campaign exploits weak SNMP configurations and unpatched TP‑Link models, allowing attackers to alter DNS settings and conduct...
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
Security researcher Noma Security disclosed a critical Grafana vulnerability dubbed GrafanaGhost, which lets attackers exploit the platform’s AI features to exfiltrate enterprise data via crafted image prompts. By injecting a hidden “intent” keyword, the flaw bypasses Grafana’s image URL validation...
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes’ liability in a biometric privacy lawsuit, finding the fast‑food chain did not control the franchisee’s fingerprint‑scanning policy. The employee alleged violations of the Biometric Information Privacy Act (BIPA) after her thumbprint was...
Ambulances Diverted After Cyberattack Hits Mass. Hospital
Brockton Hospital in Massachusetts is diverting ambulances and cancelling certain services after a cybersecurity incident disrupted its information systems. Chemotherapy infusions and retail pharmacies were suspended, while inpatient and walk‑in emergency care remain operational. The hospital reverted to paper records...
Acronis MDR by TRU Brings 24/7 Managed Detection and Response to MSPs
Acronis unveiled Acronis MDR by Acronis TRU, a 24/7/365 managed detection and response service tailored for managed service providers. The offering combines endpoint detection, rapid threat containment, patch management, and built‑in business continuity in a single platform. MSPs can now deliver...
How to Unlock Possibilities Through Data Privacy Enhancing Technologies
Singapore’s Infocomm Media Development Authority and Personal Data Protection Commission have launched the nation’s first Privacy‑Enhancing Technologies (PET) sandbox, signaling a regulatory push for secure data innovation. In the Philippines, Aboitiz Data Innovation introduced Parlay, a cloud‑based data exchange platform...
Threat Cluster Launches Extortion Campaign Using Social Engineering
Google Threat Intelligence Group uncovered a financially motivated threat cluster, UNC6783, running a social‑engineering extortion campaign. The group compromises business‑process outsourcers and targets help‑desk staff to gain footholds in client networks. Attackers deploy fake live‑chat Okta pages and phishing kits...
Civil Service Pension Scheme: Capita Confirms Data Breach
Capita, the contractor overseeing the Civil Service Pension Scheme, confirmed a data breach on its portal that exposed personal Annual Benefit Statements of 138 members to other scheme participants. The breach was identified quickly, prompting the suspension of the ABS...
NASA’s New Moon Base Project Requires Operational Technology Systems in Space, but They Are Vulnerable.
NASA Administrator Jared Isaacman announced a $20 billion Moon‑base program, shifting from a lunar‑orbit station to a surface settlement. The plan, timed against China’s 2030 lunar landing goal, includes robotic landers, drones, and a future nuclear power plant. Experts warn the...
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
Rapid7 Labs identified seven new BPFDoor variants that embed Berkeley Packet Filter code in the Linux kernel, allowing the backdoor to remain hidden in telecom environments. The malware now employs a stateless command‑and‑control model, treating the source of a specially...
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
Researchers at Cyera disclosed CVE‑2026‑34040, a critical Docker Engine flaw that lets attackers bypass authorization plugins by sending API requests larger than 1 MB. The daemon processes the full payload while the plugin sees a truncated request, enabling creation of privileged...
Zero‑click Grafana AI Attack Can Enable Enterprise Data Exfiltration
Security researchers have uncovered GrafanaGhost, a chained exploit that leverages indirect prompt injection in Grafana’s AI dashboards to exfiltrate sensitive enterprise data without user authentication. The attack persists malicious prompts, tricks the AI model into generating outbound image requests, and...
North Korean Agents Embedded in 40+ DeFi Platforms for Nearly a Decade: Taylor Monahan
Security researcher Taylor Monahan revealed that North Korean actors, linked to the Lazarus Group, have been embedded in more than 40 decentralized finance (DeFi) platforms for almost ten years. The disclosure ties the recent $280 million Drift Protocol exploit to this...
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
Security researchers have identified a campaign that scans cloud IP ranges for exposed ComfyUI instances—a popular Stable Diffusion UI—and hijacks them for cryptocurrency mining and proxy botnet operations. The Python‑based scanner exploits a misconfiguration in custom nodes to achieve unauthenticated...
AI Is Reshaping Cyber Risk. Boards Need to Manage the Threat.
AI‑enabled cyber attacks now cost an average $4.88 million per breach and have surged 44% in a single year, while 77% of organizations still lack basic AI security practices. The article argues that traditional VUCA thinking no longer fits; instead, a...
Cyberattack Hits Northern Ireland’s Centralized School Network, Disrupting Access for Thousands
A cyberattack on Northern Ireland’s centralized C2K school network forced the Education Authority to shut down access for hundreds of thousands of pupils and teachers. The breach, discovered last week, prompted immediate containment actions, including system shutdown and collaboration with...
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
Keeper Security’s new report, presented at RSA 2026, reveals that companies are rapidly deploying AI agents and other non‑human identities (NHIs) without adequate security controls. Nearly half of surveyed firms give AI‑powered tools access to critical data, yet 76% lack...
AI-Enabled Device Code Phishing Campaign Exploits OAuth Flow for Account Takeover
Microsoft Defender Security Research uncovered an AI‑enabled phishing campaign that weaponizes the OAuth Device Code Authentication flow to hijack organizational accounts. The attackers automate live device code generation, bypassing the standard 15‑minute expiration and multi‑factor authentication by decoupling the user’s...
Your Keys to Secure Password Management—Included with Zoho Workplace
Zoho has added its password manager, Zoho Vault, to the Zoho Workplace suite at no extra cost. The integration lets teams generate, store, autofill and securely share passwords while providing role‑based access controls and real‑time security alerts. By backing up...
Fake Gemini Npm Package Steals AI Tool Tokens
Hackers published a counterfeit npm package named gemini‑ai‑checker, posing as a Google Gemini token verifier, to hijack developers' AI coding environments. The package contacts a Vercel‑hosted endpoint during installation, retrieves an obfuscated JavaScript backdoor, and executes it in memory, stealing...
The Hidden Cost of Recurring Credential Incidents
Recurring credential incidents impose hidden operational costs beyond headline breach expenses. IBM reports the average breach cost $4.4 million, yet everyday password resets represent up to 30 % of help‑desk tickets, each costing roughly $70. Weak policies and forced periodic changes drive...
CII Reveals ‘Labelling Problem’ as Barrier to Effective Vulnerability Management
The Chartered Insurance Institute’s new Road to Consumer Trust report flags the industry’s “labelling problem” – advisers avoid recording client vulnerability because it triggers extra compliance steps. CII proposes a proportionate, practical approach that aligns FCA Consumer Duty expectations with...
Cybersecurity Unicorn Torq Is in Talks to Acquire This AI Startup for $50 Million
Cybersecurity unicorn Torq, valued at $1.2 billion after a $140 million funding round, is in advanced talks to acquire Boston‑based AI security assistant Jit for about $50 million. The deal would merge Torq’s large security command center with Jit’s automated tools to create...
Airrived Named Among Only 11 Startups in Gartner’s “Emerging Tech: AI Vendor Race — Startups to Watch in Agentic AI”
Airrived has been named one of only 11 startups in Gartner’s March 2026 report on emerging agentic AI, standing out as the sole company purpose‑built for cybersecurity and IT operations. The Gartner evaluation covered 129 startups, and Airrived’s Agentic OS platform...
Data Breach Exposes Jones Day Client Files After Ransomware Threat
Jones Day disclosed a data breach that exposed confidential client files after a ransomware threat forced the firm to shut down parts of its network. The intrusion, discovered in early April 2026, affected both internal documents and client communications, prompting...
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers have revived the ClickFix social‑engineering scheme to drop a sophisticated Node.js‑based remote access Trojan on Windows machines. The campaign uses a fake CAPTCHA page to execute a Base64‑encoded PowerShell command that silently installs a malicious MSI containing a full...
Fake Buffett, Real Reputation Risk: How Deepfakes Are Reshaping the Cyber Landscape
In November 2025 a TikTok video featuring a hyper‑realistic deepfake of Warren Buffett promoted crypto giveaways, exposing how synthetic media can be weaponized for fraud. The clip amassed over 17,000 subscribers before the deception was uncovered, highlighting the speed at...
Supply Chain Security Is Now a Board-Level Issue: Here’s What CSOs Need to Know
Supply chain security has moved from a niche technical issue to a board‑level priority, driven by stringent regulations like the European Cyber Resilience Act and U.S. EO 14028. Open‑source components now appear in 97% of commercial applications, with 86% harboring vulnerabilities,...
Infinite Electronics Facility Earns CMMC Level 2
Infinite Electronics announced that its Hayden, Idaho facility has earned Cybersecurity Maturity Model Certification (CMMC) Level 2 after a third‑party audit. The certification validates compliance with all 110 NIST SP 800‑171 controls required to protect Controlled Unclassified Information and Federal Contracting Information....
Cloudflare and GoDaddy Ink Partnership to Rein in AI Agents Reshaping Web Traffic
Cloudflare and GoDaddy announced a partnership that extends Cloudflare’s AI traffic‑control suite to GoDaddy’s roughly 20 million small‑business websites. The deal adds the Web Bot Auth system, which uses cryptographic verification to let legitimate bots prove their identity while blocking impersonators....
As Breakout Time Accelerates, Prevention-First Cybersecurity Takes Center Stage
Cyber attackers are leveraging AI to accelerate ransomware and lateral movement, cutting average breakout time to about 30 minutes—29% faster than a year ago. Roughly 80% of ransomware‑as‑a‑service groups now embed AI or automation in their kits, enabling rapid credential...
Cloud-First Vs. Sovereign-First: Navigating the Trade-Off
Enterprises are increasingly adopting sovereign cloud solutions to meet data‑residency mandates, mitigate geopolitical risk, and reduce reliance on foreign cloud providers. Gartner defines sovereign cloud as locally hosted services that ensure legal and operational autonomy, a definition echoed by Forrester...
SEALSQ and IC’Alps Achieve Key Common Criteria Certification Steps
SEALSQ Corp and its subsidiary IC’Alps announced major progress in their Common Criteria (CC) security certification programs. Independent evaluator SERMA confirmed that the QS7001 Secure Element achieved a PASS on fault‑injection and side‑channel resistance tests, moving the platform toward full...
Comp AI: The Open-Source Way to Get Compliant with SOC 2, ISO 27001, HIPAA and GDPR
Comp AI launches an open‑source compliance platform that automates SOC 2, ISO 27001, HIPAA and GDPR readiness. The tool combines an AI‑driven policy editor, automated evidence collection, and a device‑agent that monitors encryption, antivirus, password and screen‑lock settings. Core code is released...
ICO Urges Parents to Treat Online Privacy Like Road Safety
The UK Information Commissioner’s Office has launched the “Switched on to Privacy” campaign, urging parents to treat children’s online privacy with the same vigilance as road safety and stranger danger. New research of 1,000 parents shows 75% fear their kids...
Maidar Secure, Strike48 Bring Agentic AI to the SOC
Maidar Secure has teamed up with Strike48 to embed the latter’s agentic AI platform into its managed security services and SOC operations. The integration promises autonomous threat detection, real‑time attack simulation and machine‑speed incident response, turning traditional reactive defenses into...
Germany Names Suspected Leader of REvil and GandCrab Ransomware Gangs
German authorities have identified a 31‑year‑old Russian, Daniil Maksimovich Shchukin, as the suspected leader of the REvil and GandCrab ransomware gangs. The BKA says he directed at least 130 attacks in Germany from 2019‑2021, extorting roughly €2 million (about $2.1 million) and...
When Silicon Got Serious About Security
The article traces cryptography’s evolution from the 1970s Data Encryption Standard (DES) to today’s Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). It highlights how silicon’s exponential speed gains exposed DES’s 56‑bit weakness, prompting the 1998 Deep Crack break. The...
Exclusive-Russia Supplies Iran with Cyber Support, Spy Imagery to Hone Attacks, Ukraine Says
Russian reconnaissance satellites conducted at least 24 passes over 46 military and critical sites in 11 Middle Eastern countries during March 21‑31, sharing high‑resolution imagery with Iran. The data preceded Iranian missile and drone attacks on bases, including a strike on...
FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE
Fortinet disclosed two critical vulnerabilities in its FortiClientEMS endpoint management platform that are already being exploited in the wild. CVE-2026-21643 is a SQL injection flaw in the admin interface of version 7.4.4, allowing unauthenticated remote code execution. CVE-2026-35616 is an...
Trump Administration Releases Cyber Strategy
The Trump administration unveiled a new Cyber Strategy for America in March 2026, paired with Executive Order 14390 to intensify federal action against cybercrime. The strategy outlines six pillars—deterrence, streamlined regulation, federal network modernization, critical‑infrastructure protection, technology superiority, and talent...
