Google Makes It Harder to Exploit Pixel 10 Modem Firmware
Google has bolstered the security of its Pixel 10 smartphones by embedding a Rust‑based DNS parser into the cellular baseband modem firmware. The new component, derived from the open‑source hickory‑proto library, replaces legacy C code and adds roughly 371 KB to the firmware. This move follows Pixel 9’s earlier effort to curb memory‑related flaws, aiming to eliminate an entire class of vulnerabilities in the modem’s complex, remote‑attack surface. A brief power‑performance issue discovered during testing was resolved by tweaking the linking process.
N‑able Makes UEM AI-Native with MCP Server Launch
N-able unveiled its Model Context Protocol (MCP) server, a secure bridge that connects everyday AI tools directly to live data within its Unified Endpoint Management (UEM) platforms, N‑central and N‑sight. Alongside the server, the company introduced N‑zo, an in‑product AI...
Command Line: Mythos Burnout and the Boardroom
Anthropic’s Mythos large‑language model is prompting boardroom alarm as AI‑accelerated vulnerability discovery threatens to flood enterprises with exploitable findings. A new “Getting Mythos Ready” paper, authored by top CISOs, urges layered defenses—segmentation, canaries, honey tokens, and automated response playbooks—to contain...
The Dumbest Hack of the Year Exposed a Very Real Problem
In April 2026 a hacker hijacked Bluetooth‑enabled crosswalk buttons in multiple U.S. cities, uploading spoofed recordings of tech CEOs by exploiting the default password "1234" used by Polara devices. The breach affected intersections in Menlo Park, Redwood City, Palo Alto, Seattle and Denver,...
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
German national Noah Christopher, alleged operator of the Fluxstress and Neldowner DDoS‑for‑Hire services, was arrested in Bangkok last week. The 27‑year‑old had been evading capture by moving between Dubai, China and Thailand after a multi‑year probe by German and EU...
Siemens Expands Industrial Automation DataCenter with Edge AI and Cybersecurity
Siemens announced an upgraded Industrial Automation DataCenter that ships as a pre‑installed, AI‑ready turnkey solution for production environments. The platform combines NVIDIA GPUs and BlueField DPUs for edge AI acceleration with Palo Alto Networks Prisma AIRS delivering zero‑trust security. By integrating...
Fake Claude Website Distributes PlugX RAT
Security researchers discovered a counterfeit Anthropic Claude website that offered a fake "pro" version of the LLM, but the download actually installed a trojanized MSI. The installer runs a VBScript dropper that places a signed G DATA updater in the startup...
Seized VerifTools Servers Expose 915,655 Fake IDs, 8 Arrested
Dutch police, in coordination with the FBI, arrested eight men aged 20‑34 after seizing VerifTools servers that had produced 915,655 counterfeit identity documents. The investigation uncovered 5,169 fake Dutch IDs and 236,002 U.S.-linked documents sold for roughly $1.47 million. VerifTools generated...
CISOs Tackle the AI Visibility Gap
CISOs are confronting a growing AI visibility gap as organizations race to deploy generative models and AI‑enabled tools. A Pentera 2026 survey shows 67% of security leaders lack clear insight into where AI runs, and 48% cite limited visibility as...
Why Securing GenAI Use Starts in the Browser
Enterprise adoption of generative AI has exploded, with daily usage rising nearly 60% in a year and weekly use tripling over two years. Employees now spend more than 80% of their workday in browsers, turning the browser into the primary...
We Catch up on the News, Including AI Vuln Hunting; Also More RSAC Interviews! - Mark Lambert, Samuel Hassine, John...
ArmorCode unveiled its AI Exposure Management (AIEM) solution on the Agentic AI Platform, giving enterprises real‑time visibility into AI usage, ownership, and risk across heterogeneous environments. The launch coincides with the release of the 2026 State of AI Risk Management...
ETSI’s Response to the European Commission’s Proposal for the Cybersecurity Act 2
On 15 April 2026 ETSI issued a formal position paper responding to the European Commission’s proposal for the Cybersecurity Act 2. The standards body endorses a risk‑based, tiered certification framework, calls for transparent governance and stakeholder input, and stresses the need...
Adobe Confirms Exploitation: Malware Uses Undocumented API
Adobe has confirmed active exploitation of the critical CVE‑2026‑34621 vulnerability in Acrobat and Reader on Windows and macOS. The flaw grants attackers arbitrary code execution when a user opens a crafted PDF. Exploit code abuses an undocumented API, SilentDocCenterLogin(), and...
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe released emergency updates to fix a high‑impact Acrobat and Reader flaw identified as CVE‑2026‑34621. The vulnerability, rated 8.6 on the CVSS scale, allows arbitrary code execution via prototype pollution and has been confirmed exploited in the wild. Affected products...
Accenture and Google Cloud Unveil Brussels Centre to Accelerate Sovereign AI Adoption
Accenture and Google Cloud have launched a Sovereign Centre in Brussels, featuring a dedicated training facility and an air‑gapped environment for secure AI and cloud experimentation. The centre combines Accenture’s industry and AI expertise with Google Distributed Cloud’s air‑gapped technology...
Cyber Threats for PV: What Are Man-in-the-Middle Attacks and How Do They Work
Man‑in‑the‑middle (MITM) attacks are emerging as a critical cyber threat to network‑connected photovoltaic (PV) plants, allowing adversaries to intercept, modify, or block communications between controllers, inverters and monitoring systems. Such attacks can cause operational failures, physical damage to equipment, and...
Europe Is Dismantling Its Own Rulebook to Compete with America
On 19 November 2025 the European Commission unveiled a Digital Omnibus package that amends the AI Act, GDPR, ePrivacy Directive, Data Act and several cybersecurity rules. The proposal delays high‑risk AI obligations by up to 16 months, adds a GDPR “legitimate‑interest” basis for...
Check Point Launches WA PoP for Workplace Security SASE
Check Point Software Technologies has opened a Western Australia point of presence (PoP) for its Workplace Security SASE platform, delivering local data residency and compliance with WA‑specific legislation. The Perth PoP joins existing sites in Sydney, Melbourne and Auckland and...
India Unveils New Security Standards for Its Digital Payments System to Drive Global Adoption
India’s Bureau of Indian Standards (BIS) has rolled out new security norms covering biometric authentication, QR‑code payments, and digital‑currency handling. The guidelines aim to curb fraud, improve interoperability, and build consumer confidence in the country’s fast‑growing fintech ecosystem. BIS consulted...
A Legal Imperative for Strengthening Data Governance, Protecting Personal Information
South African companies face mounting pressure from the Protection of Personal Information Act (POPIA) to tighten data governance as digital transformation creates fragmented record‑keeping environments. Mohammed Vachiat of Konica Minolta South Africa argues that integrating digital record systems is now...
Fixing Vulnerability Data Quality Requires Fixing the Architecture First
Art Manion of Tharros argues that vulnerability data quality is fundamentally an architecture issue, not merely a metrics problem. He introduces the concept of Minimum Viable Vulnerability Enumeration (MVVE) and finds no single set of assertions can guarantee cross‑repository consistency....
Ground Control & VIAVI Partner to Secure Maritime Navigation Against GNSS Jamming
VIAVI Solutions and Ground Control have teamed up to embed VIAVI’s Secure µPNT STL‑1000 receiver into the RockFLEET Assured maritime tracking platform. The software‑defined, low‑power unit leverages SecureTime altGNSS LEO services to provide a trusted secondary source of positioning, navigation and...
ZeroID: Open-Source Identity Platform for Autonomous AI Agents
ZeroID is an open‑source identity platform that adds a credentialing layer for autonomous AI agents and multi‑agent systems. It uses RFC 8693 token exchange to create verifiable delegation chains, automatically attenuating scopes as tasks cascade. The platform supports real‑time revocation through...
Best MDM Solutions for 2026: 9 Tools Worth Considering
Enterprises now juggle over 10,000 endpoints, with mobile devices comprising about 60% of the fleet, according to IDC. A new G2‑based evaluation of 20+ MDM platforms highlights nine solutions that excel in policy deployment, security enforcement, and remote lock‑down capabilities....
8 Best Password Managers for 2026: Why I Recommend Them
The article reviews three leading password‑management solutions for 2026—NordPass Business, Bitwarden, and IT Glue—highlighting each platform’s strengths and minor drawbacks. NordPass Business is praised for its simplicity and security but suffers occasional autofill inconsistencies. Bitwarden offers a no‑frills, reliable experience that...
Bringing Governance and Visibility to Machine and AI Identities
AppViewX’s CEO Archit Lohokare says the rapid rise of enterprise AI has merged machine and AI‑agent identities into a single, exponentially growing security problem. To address this, AppViewX has partnered with Eos to layer agentic governance on top of its...
Microchip Now Certified to IEC 62443-4-1 ML2 Standards
Microchip Technology announced that its product development process has earned IEC 62443‑4‑1 Maturity Level 2 certification from UL Solutions. The certification confirms that Microchip follows a secure‑by‑design lifecycle covering threat modeling, design, implementation controls, verification and long‑term patch management. By meeting this...
Red Hat OpenShift Sandboxed Containers 1.12 and Red Hat Build of Trustee 1.1 Bring Confidential Computing to Bare Metal and...
Red Hat announced OpenShift sandboxed containers 1.12 and Red Hat build of Trustee 1.1, moving confidential containers on bare metal from preview to General Availability. The GA release adds hardware‑based memory encryption and attestation for Intel TDX, AMD SEV‑SNP, and IBM SEL platforms, plus persistent...
Number of Phishing Cases Drops in Hong Kong but Victims Lose More Money
Hong Kong police reported that phishing incidents dropped 60% in 2025, falling to 1,093 cases from 2,731 the year before. Despite fewer attacks, total victim losses more than doubled to HK$110 million (about US$14 million), with the average loss per case jumping...
Apple Joins Project Glasswing As Mythos AI Raises New Valuation Questions
Apple has entered Project Glasswing, a cybersecurity alliance that leverages Anthropic’s Mythos AI model to hunt for severe software flaws across major operating systems. The partnership signals Apple’s move toward AI‑driven security workflows, aiming to harden iOS, macOS and its...
Hack at Dutch Gym Chain Basic-Fit Exposes Customer Data in Several EU Countries
Dutch gym chain Basic‑Fit confirmed a cyber‑attack that led to the unauthorized download of personal data belonging to roughly 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany. The compromised information includes names, contact details, dates of birth,...
IMF Warns Global Monetary System Not Ready for AI Cyber Threats
The International Monetary Fund’s managing director Kristalina Georgieva warned that the global monetary system is ill‑prepared for the escalating cyber risks posed by artificial intelligence. Her comments followed an emergency U.S. regulator meeting with leading banks after Anthropic announced its...
Darktrace’s Research Shows New Chinese Modus Operandi
Darktrace released a research report, “Crimson Echo,” showing Chinese‑nexus cyber actors are shifting from short‑term breaches to long‑term, persistent access as a form of strategic statecraft. Analyzing behavior data from July 2022 to September 2025, the study finds that maintaining footholds in...
Top Space Cyber Execs Talk Increased Iranian Cyber Attacks
Top CISOs from Vantor, SES, Viasat and Telesat warned that Iranian threat actors have dramatically increased phishing, smishing and AI‑driven deep‑fake attacks against space companies. The attacks exploit public‑facing sites, supplier networks and even voice messages to demand credential escalation....
NSA Reveals Details of New LEO Security Report
The National Security Agency, together with Australia, Canada, New Zealand and the Australian Space Agency, has issued a Cybersecurity Information Sheet titled “Securing Space: Cyber Security for Low Earth Orbit Satellite Communications.” The guidance breaks LEO sat‑com risk and mitigation into...
Vibhor Kumar: Column_encrypt v4.0: A Simpler, Safer Model for Column-Level Encryption in PostgreSQL
The column_encrypt extension for PostgreSQL released version 4.0, a major simplification that consolidates all management functions under an encrypt schema and replaces the previous multi‑role model with a single column_encrypt_user role. Automatic log masking, stricter SECURITY DEFINER handling, and schema‑qualified...
White House Tells Banks to Use Anthropic to Spot Vulnerabilities
The White House is urging the nation’s largest banks to deploy Anthropic’s Mythos AI model for cybersecurity vulnerability detection. JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley have begun internal trials after Treasury Secretary Scott Bessent and...
Five Signs Data Drift Is Already Undermining Your Security Models
Data drift occurs when the statistical profile of inputs to a security‑focused machine‑learning model changes, eroding its detection accuracy. The article outlines five practical signs—performance drops, distribution shifts, altered prediction patterns, rising uncertainty, and broken feature relationships—that indicate drift is...
.jpg)
The Death of Standing Privilege in the Age of AI Agents
Privileged Access Management (PAM) teams have reduced standing privileges, yet identity‑related breaches still affect 74% of organizations. A new survey of 200 CISOs reveals that 86% do not enforce policies for AI identities, only 17% treat them like human users,...
Your Smart Devices Are Speaking to Hackers. Your Security System Isn’t Listening
Researchers warn that AI‑driven intrusion‑detection systems excel in lab settings but falter in real‑world IoT environments. While academic models boast 98‑99% accuracy on balanced datasets, actual networks contain millions of devices where attacks make up less than 1% of traffic....
Defending Europe’s Financial Sector in the Age of AI‑Accelerated Cyber Threats
The IBM X‑Force Threat Intelligence Index 2026 shows Europe as the third‑most attacked region, responsible for 25% of global cyber incidents, with the financial sector bearing 35% of those attacks. Credential theft and exploitation of public‑facing applications each account for 40%...
The Attack Your Security Strategy Wasn’t Designed to Spot
A new class of attack targets Microsoft 365 tenant configurations, letting threat actors manipulate identities, encrypt data and extort firms without deploying malware. Microsoft reported 176,000 configuration‑tampering incidents in May 2024 and 45% of large enterprises suffered a misconfiguration‑related breach in the...
Fake Ledger App on Apple App Store Drains Over $400,000 in Bitcoin
Musician G. Love lost nearly 6 BTC—about $424,000—after downloading a counterfeit Ledger app from Apple’s Mac App Store and entering his 24‑word recovery phrase. The malicious software immediately transferred the funds, which on‑chain analyst ZachXBT traced to KuCoin deposit addresses. Security experts...
Your Developers Are Already Running AI Locally: Why On-Device Inference Is the CISO’s New Blind Spot
The rise of on‑device large language model inference is turning the CISO’s focus from cloud‑based data exfiltration to hidden risks on employee laptops. Advances in consumer‑grade accelerators, mainstream quantization, and frictionless model distribution now let engineers run 70‑billion‑parameter models locally...
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A hacker exploited Anthropic's Claude Code and OpenAI's GPT‑4.1 to breach nine Mexican government agencies between December 2025 and February 2026. The AI‑driven attack executed 5,317 commands from 1,088 prompts, allowing the thief to exfiltrate hundreds of millions of taxpayer, civil and...
West Asia War Spills over to Cyberspace:Emails Spoofed, Cameras Hacked
Cyber operations have become a new front in the West Asia conflict, with Israel and Iran launching offensive hacks alongside missile strikes. Iranian APT groups exploited pre‑planted backdoors to spoof emails, hijack CCTV feeds in Tehran, and wipe more than...
19 Billion Passwords Leaked: Protect Yourself From Cyber Threats
Researchers have uncovered a repository called “RockYou2024” containing over 19 billion compromised passwords from more than 200 breaches in the past year, making it the largest publicly indexed credential dump to date. Only 6 % of the entries are unique, highlighting pervasive...
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
The FBI Atlanta Field Office and Indonesia's National Police dismantled the W3LLSTORE phishing marketplace, a global operation linked to more than $20 million in attempted fraud. The takedown included domain seizures and the detention of a suspected developer, identified only as...
Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity
Anthropic unveiled Project Glasswing and the Claude Mythos model, which can automatically discover and chain vulnerabilities across operating systems, browsers and cloud environments. The U.S. Treasury and Federal Reserve warned that such AI‑driven exploit capabilities pose a systemic financial‑stability threat, prompting...
Week in Review: Windows Zero-Day Exploit Leaked, Patch Tuesday Forecast
The week’s headlines were dominated by a leaked Windows local‑privilege‑escalation exploit dubbed BlueHammer, raising immediate concerns for enterprise patching cycles. At the same time, the April Patch Tuesday forecast warned of a heavy update load, especially for AI‑related vulnerabilities. Cloudflare...