Creating AI Deepfakes of Real People to Be Made Illegal in Queensland
Queensland will criminalize the creation of non‑consensual sexual deepfake images, closing a legal gap that currently only bans distribution. Attorney‑General Deb Frecklington announced the proposal, which carries up to three years imprisonment for offenders. The government will begin expert consultations in April and aims to start the legislative process mid‑year. Opposition parties have expressed cautious support, emphasizing the need for updated laws in the face of advancing AI technology.
Is Investing in Advanced NHI Systems Justified
Organizations are increasingly recognizing that managing Non‑Human Identities (NHIs) – the machine credentials that power cloud applications – is essential for robust cybersecurity. Advanced NHI platforms deliver centralized discovery, secret rotation, and behavior monitoring, reducing breach risk and easing regulatory...
How Can Agentic AI Improve Cloud Security?
Non‑Human Identities (NHIs), or machine identities, are becoming central to cloud security as organizations seek to protect secrets such as tokens and keys. Effective NHI management bridges security and development teams, offering lifecycle visibility from creation to decommissioning. The emergence...
Project Glasswing: What Power Companies and Grid Operators Need to Know
On April 7, Anthropic unveiled Project Glasswing, a coalition of 12 technology leaders deploying the Claude Mythos Preview AI model to automatically discover and patch software vulnerabilities. The model has already identified thousands of zero‑day flaws, including a 27‑year‑old bug in OpenBSD and chained...
Microsoft Terminated Accounts Tied to VeraCrypt, WireGuard, and Windscribe — Developers Push Back
Microsoft abruptly terminated developer accounts for VeraCrypt, WireGuard and Windscribe after a new identity‑verification rule in its Windows Hardware Program took effect. The enforcement, intended for partners who missed a government‑ID deadline, mistakenly swept up these open‑source security projects, cutting...
This Russian Military Intelligence Group Has Been Stealing People's Sensitive Data, so You Might Want to Connect Your Router Through...
The UK’s National Cyber Security Centre has uncovered a campaign by Russian military intelligence group APT28 that hijacks vulnerable home routers via a DNS flaw, rerouting traffic through malicious servers that harvest credentials, messages and browsing history. The operation targets...
GTA 6 Dev Rockstar Have Seemingly Been Hacked Again, but They Don't Seem All that Worried
Rockstar Games disclosed a limited data breach stemming from a third‑party compromise of Anodot, a cloud‑cost monitoring tool linked to its Snowflake data warehouse. Hacker group ShinyHunters posted a ransom demand, threatening to leak information by April 14, 2026. Rockstar...
Small Models Also Found the Vulnerabilities that Mythos Found
Anthropic unveiled Claude Mythos Preview and Project Glasswing, pledging $100 M in usage credits and $4 M to open‑source security groups while claiming the model autonomously discovered and exploited thousands of zero‑day bugs. AIS AI researcher Stan Fort tested the showcased vulnerabilities on inexpensive,...
Why Enterprise Digital Rights Management Matters Now
Enterprise Digital Rights Management (EDRM) is emerging as a critical safeguard as data breaches rise and regulatory scrutiny intensifies. By embedding granular permissions directly into files, EDRM lets organizations control viewing, editing, printing and sharing on a per‑document basis. The...
SPARTA Countermeasures: The Complete Guide to Defending Spacecraft From Cyber and Counterspace Threats
The Aerospace Corporation’s SPARTA Countermeasures guide (v3.2) presents a comprehensive, eight‑layer defense‑in‑depth framework for protecting spacecraft against cyber and counter‑space threats. It catalogs 90 specific countermeasures, aligns each with NIST SP 800‑53, ISO 27001, NASA best practices and MITRE D3FEND, and introduces...
![Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://kotaku.com/app/uploads/2026/04/gta5hack-1200x675.jpg)
Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]
Rockstar Games confirmed a breach after ShinyHunters claimed access to its Snowflake cloud data via a compromised Anodot monitoring service. The hackers demanded a ransom payable by April 14, 2026 and threatened to leak corporate documents such as contracts and financial plans....
Resecurity Recognized as 2026 Cyber 150 Winner for Full-Spectrum Cyber Threat Intelligence and Digital Protection
Resecurity, a Los Angeles‑based cyber intelligence firm, has been named a 2026 Cyber 150 Winner, recognizing its innovative full‑spectrum threat‑intelligence and digital protection offerings. The award highlights the company’s AI‑powered platform that serves Fortune 100 enterprises and U.S. government agencies. Resecurity delivers...
CISA Webinar 4/28: ISC Facility Security Committee Seminar – Regions 5 & 7
The Cybersecurity and Infrastructure Security Agency (CISA) and the Interagency Security Committee (ISC) are holding a Facility Security Committee (FSC) seminar on April 28 for Regions 5 and 7. The virtual event will walk participants through FSC procedures, recent updates to the Risk...
Over 20,000 Crypto Fraud Victims Identified in International Crackdown
Operation Atlantic, a joint effort by the U.K. National Crime Agency, U.S. Secret Service, Ontario police and private partners, identified more than 20,000 cryptocurrency‑fraud victims across Canada, the United Kingdom and the United States. Investigators froze over $12 million in suspected...
The SPARTA Matrix: A Complete Guide to Space System Attack Tactics, Techniques, and Sub-Techniques
The Aerospace Corporation released SPARTA version 3.2, a publicly available matrix that catalogs more than 85 techniques and hundreds of sub‑techniques used to attack spacecraft and their supporting infrastructure. Modeled on MITRE ATT&CK, the framework spans cyber intrusion, electronic warfare, and...
Brockton Hospital Still Dealing with Aftermath of Ransomware Attack
Brockton Hospital is reverting to paper‑based processes for the next two weeks after a ransomware attack crippled its electronic systems. The incident, attributed to the Anubis ransomware‑as‑a‑service group, forced ambulance diversions, cancelled chemotherapy sessions and halted new prescription orders. Federal...
Why Fed and Treasury Leaders Powell, Bessent Just Rushed Into a Critical Cyber-Risk Meeting
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called an urgent meeting with major bank CEOs to warn about AI‑driven cyber risk from Anthropic’s new Mythos model. Anthropic disclosed that Mythos has identified thousands of high‑severity, largely...
Your Push Notifications Aren’t Safe From the FBI
The FBI revealed that push‑notification data can survive app removal, allowing encrypted Signal messages to be recovered from a phone’s internal cache. Anthropic announced its Claude Mythos Preview model, limited to a handful of leading tech and finance firms for...
AI Security Officials Test Anthropic Cyber Threat as Bank of England to Convene Chiefs
UK officials have tested Anthropic’s new AI model, Claude Mythos, which successfully completed a full cyber‑range simulation, revealing its ability to locate unknown vulnerabilities. The AI Security Institute labeled it the most capable cyber‑focused model ever evaluated, prompting the Bank...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Citizen Lab uncovered that law‑enforcement agencies worldwide are deploying Webloc, an advertising‑based geolocation platform originally built by Israeli firm Cobwebs Technologies and now sold by its successor Penlink. The system harvests identifiers, location coordinates and profile data from up to...
Mac Users, Update Your ChatGPT App Immediately: OpenAI Issues Urgent Security Warning
OpenAI issued an urgent security warning after a supply‑chain attack compromised the third‑party Axios library used in its macOS ChatGPT app. The company found no evidence that user data was accessed or its systems altered, but it is revoking the...
Banks Are Warned About Anthropic’s New, Powerful A.I. Technology
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened senior executives from Bank of America, Citi and Wells Fargo to flag cyber‑risk from Anthropic’s new AI model, Claude Mythos Preview. The model can uncover software vulnerabilities that human developers miss,...
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims to have breached Rockstar Games' Snowflake data warehouse by exploiting compromised Anodot authentication tokens. The group posted a deadline of April 14, demanding payment to avoid public exposure of the data. Anodot recently disclosed a breach that exposed tokens,...
SIEM Alert Fatigue Has Five Root Causes. Tuning Fixes Zero of Them.
Enterprises now face an average of 4,400 SIEM alerts per day, with large firms seeing 10,000 or more across dozens of tools. Analysts investigate only about 37% of those alerts, leaving the rest triaged superficially or ignored. Traditional SIEM tuning...
White House Races to Head Off Threats From Powerful AI Tools
The White House has assembled an interagency task force, led by National Cyber Director Sean Cairncross, to pre‑empt cybersecurity threats from emerging AI models. Officials are focusing on identifying vulnerabilities in critical infrastructure before releases from leading labs such as...
AI Agent Credentials Live in the Same Box as Untrusted Code. Two New Architectures Show Where the Blast Radius Actually...
At RSAC 2026, four security leaders warned that AI agents still operate in monolithic containers where credentials sit alongside executable code, creating a massive blast radius. New architectures from Anthropic and Nvidia aim to impose zero‑trust controls: Anthropic’s Managed Agents split...
Google Ads Agencies Hit With Scam Client Leads
Google Ads agencies are facing a surge of phishing scams that masquerade as high‑value client inquiries. Scammers craft spoofed emails and newly registered domains to trick agencies into granting access to My Client Center (MCC) accounts. Google’s product liaison, Ginny...
Persistent Systems Launches Fraud Detection Service
Persistent Systems unveiled a Merchant Risk Management and Fraud Detection solution built on the Databricks Data Intelligence platform. The service leverages Agentic AI to vet merchants during onboarding and continuously monitor transactions, chargebacks, and external risk signals in real time....
Children’s Minnesota Staff Email Account Compromised
Children’s Minnesota disclosed that a staff email account was compromised on April 9. An unauthorized actor accessed the account and sent phishing emails with subjects like “Sponsorship Document.” The hospital warned recipients not to click links or open attachments and advised...
Anthropic’s New AI Model Triggered an Emergency Banking Meeting. It’s a Reason to Buy Cybersecurity Stocks.
Anthropic unveiled Claude Mythos, an AI model that can locate zero‑day vulnerabilities with minimal prompting, prompting alarm among regulators. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency meeting of the Big‑8 systemically important banks to assess...
US Treasury to Offer Free Cybersecurity Intelligence to Crypto Firms
The U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection announced a new initiative that will provide cryptocurrency firms with free access to the same cyber threat intelligence shared with traditional banks. Eligible digital‑asset companies and industry groups must meet...
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Infoblox Threat Intel, in partnership with Vietnamese NGO Chong Lua Dao, confirmed the first direct link between a Cambodian forced‑labour scam compound and an Android banking trojan operating in 21 countries. Trafficked workers at the K99 Triumph City facility in...
Visibility Is the only Way to Fix the Public’s Growing Security Debt
Government agencies are grappling with a massive security debt, with 78% of public organizations leaving vulnerabilities unpatched for over a year. On average, it takes more than 300 days to remediate half of their software flaws, far exceeding private‑sector benchmarks....
Hacker Faux Pas Uncloaks North Korean IT Worker Scheme
A hacker unintentionally ran infostealer malware on their own system, exposing a North Korean IT‑worker scam. The breach leaked data from a state‑run payment server, including 390 accounts, chat logs and cryptocurrency transaction details. Independent analyst ZachXBT estimates the operation...
Report: US Accounts for Most PLCs Subjected to Iranian Targeting
A CyberScoop report finds that nearly 3,900 of the 5,219 internet‑exposed Rockwell Automation/Allen‑Bradley programmable logic controllers (PLCs) used in critical‑infrastructure are located in the United States, representing about 75% of the total. Roughly half of these vulnerable devices are linked...
HPE Accelerates Quantum Readiness Ahead of Q-Day
Hewlett Packard Enterprise (HPE) is positioning itself as a leader in quantum readiness ahead of the industry‑wide “Q‑day” when quantum computers could break current cryptography. The company announced its Quantum Scaling Alliance, a full‑stack partnership aimed at marrying quantum processors...
Florida Launches Probe Into OpenAI as Company Eyes Massive IPO
Florida Attorney General Ashley Moody Uthmeier announced a state‑level investigation into OpenAI, citing national‑security and public‑safety risks as the AI firm prepares for a potential IPO that could value it at up to $1 trillion. The probe will issue subpoenas to...
Hims Breach Exposes the Most Sensitive Kinds of PHI
Hims & Hers Health disclosed a data breach that compromised customer support tickets accessed through a third‑party platform. The breach, attributed to the ShinyHunters group, exposed names, email addresses and sensitive medical information such as erectile dysfunction and mental‑health conditions. Hackers...
Eight Things You Should Never Share With an AI Chatbot
A Stanford review of privacy policies for the leading AI chatbots—Claude, Gemini, ChatGPT and others—found that all six companies retain user prompts by default and often use them to train future models. Data can be stored indefinitely, merged with other...
Hospitals Are Becoming Hackers’ Favorite Target, but Downtime Simply Isn’t an Option
Hospitals, especially rural and community facilities, are facing a surge in ransomware attacks that threaten critical electronic health record (EHR) systems. The lack of in‑house IT expertise makes downtime unacceptable, forcing providers to seek resilient, managed solutions. CloudWave is helping...
Google Is Now Rolling Out End-to-End Encryption for (Some) Gmail Users
Google announced that client‑side encryption (CSE), its form of end‑to‑end encryption, is now rolling out to Gmail’s iOS and Android apps. Previously limited to desktop, CSE lets Workspace users encrypt email bodies on mobile without third‑party tools. The feature requires...
Bank of Canada, Major Lenders Meet on Anthropic AI Cyber Risk
On Friday, the Bank of Canada gathered senior executives from the nation’s largest banks and financial firms to discuss cybersecurity risks associated with Anthropic PBC’s newly released AI model, Mythos. The meeting mirrors a U.S. initiative earlier in the week, where...
FBI: Real Estate Cyberfraud Rises with More AI, Crypto Scams
The FBI’s Internet Crime Complaint Center reported that real‑estate cybercrime losses surged to $275 million in 2025, a 59 percent rise from the previous year. AI‑enabled scams and cryptocurrency fraud accounted for a growing share of the losses, with 115 AI‑related incidents...
Cynomi Unveils CISO AI Agents, Go-To-Market Academy As CEO Pushes To Become ‘AI-First Company’
Cynomi announced a major platform upgrade that adds AI‑driven CISO, auditor, analyst and communicator agents, effectively creating a virtual security team for managed service providers (MSPs). Simultaneously, the company launched a Go‑to‑Market Academy to help partners package, price and sell...
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Security researchers discovered that LLM supervisor agents that only scan user messages can be bypassed by indirect prompt injection, where malicious instructions are hidden in trusted data such as user profile fields. In a test of a multi‑model customer‑service chatbot,...
The State of AI Security in 2026
The 2026 Threat Detection Report warns that AI is now a force multiplier for cyber attackers, with large‑language models automating 80‑90% of espionage operations. While the attack techniques remain familiar—credential theft, data exfiltration—the speed and scale have surged, prompting a...
Clear’s Reusable Biometric Digital ID Platform Joins FedRAMP Marketplace
Clear’s reusable biometric digital ID platform, CLEAR1, has been listed in the FedRAMP Marketplace with an “In Process” designation at the Moderate impact level, signaling progress toward full federal authorization. The platform, already certified for IAL2 and AAL2 under NIST...
The AI Supply Chain Is Actually an API Supply Chain: Lessons From the LiteLLM Breach
A recent supply‑chain breach involving Mercor’s use of the open‑source LiteLLM proxy exposed how AI middleware can become a critical attack vector. By compromising the LiteLLM gateway, attackers accessed API keys, raw prompts and model responses, bypassing traditional model‑level defenses....
AI And Cybersecurity: A Glass Half-Empty/Half-Full Proposition, Where The Glass Is Holding Nitroglycerin
Anthropic unveiled Mythos, an AI model that can locate and exploit zero‑day vulnerabilities across all major operating systems and browsers, including decades‑old bugs. To curb misuse, Anthropic launched Project Glasswing, granting more than 40 leading tech firms early access, $100 million...
Enterprises Must Revamp IAM for Comprehensive Security
Enterprises are confronting a surge in credential‑based attacks that bypass traditional identity and access management (IAM) controls. A new Omdia white paper, commissioned by ID Dataweb, argues that legacy IAM frameworks can no longer protect customer, workforce, and third‑party environments. It...