Ukrainian Emergency Services and Hospitals Hit by Espionage Campaign Using New AgingFly Malware
Ukrainian hospitals, emergency services and municipal authorities have been hit by a coordinated espionage campaign using a new malware suite dubbed AgingFly. The attacks, attributed to the Russian‑linked APT28 group, began with phishing emails masquerading as humanitarian‑aid proposals and delivered a malicious archive containing AgingFly, SilentLoop, ChromeElevator, ZapixDesk and, in some cases, the XMRig cryptocurrency miner. Researchers say the malware enabled remote control, credential theft, screenshot capture and crypto‑mining, while a similar tactic was observed targeting Ukraine’s Defense Forces via Signal. The campaign underscores a broader push to infiltrate critical civilian and military infrastructure in Ukraine.
Behind the Mythos Hype, Glasswing Has Just One Confirmed CVE
Anthropic’s Project Glasswing, the gated access program behind its Mythos AI, has produced only one publicly attributed CVE (CVE‑2026‑4747) according to VulnCheck’s analysis. While Anthropic researchers are credited with 40 CVEs overall, the majority stem from external collaborations rather than...
Splunk Enterprise Update Patches Code Execution Vulnerability
Splunk released emergency patches for several critical flaws across its Enterprise, Cloud Platform, and MCP Server products. The most severe issue, CVE‑2026‑20204, allowed low‑privileged users to upload malicious files and achieve remote code execution due to improper handling of temporary...
Overstretched NIST to Limit CVE Enrichments
The U.S. National Institute of Standards and Technology (NIST) announced it will stop enriching every CVE entry in its National Vulnerability Database due to a surge in submissions. CVE submissions rose 263 % between 2020 and 2025, overwhelming NIST’s resources. Going...
Standard Bank Data Breach Fallout Deepens
Standard Bank confirmed that data stolen in a March cyber‑attack has now been posted online, exposing client names, identification numbers, contact details and limited credit‑card information. The breach, attributed to a hacker using the handle “ROOTBOY,” involved a three‑week intrusion...
French Minister Says New Measures Are Coming After Crypto Kidnappings
French interior minister delegate Jean‑Didier Berger announced new measures to curb crypto kidnappings, known as wrench attacks, after a recent €400,000 ransom case. Authorities have launched a prevention platform that already has thousands of sign‑ups and are collaborating with Interior...
AI Bots - a New Risk and Opportunity for CIOs to Manage
AI‑generated bots are flooding corporate web estates, with Akamai reporting a 300% rise in AI‑driven traffic and some CIOs seeing a 400% jump in site crawls. The surge inflates API, cloud and CDN usage, driving up operating expenses and degrading...
AI and Executive Protection: New Risks, New Defenses
AI‑generated phishing attacks are now targeting corporate executives with hyper‑personalized emails crafted from public profiles and generative AI. The barrier to launch such campaigns has collapsed, allowing amateurs to produce convincing phishing kits and doxing databases. Security teams can counter...
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
Reflectiz discovered that a Taboola tracking pixel approved in a bank’s CSP silently redirected logged‑in users to a Temu endpoint via a 302 response. The redirect included an Access‑Control‑Allow‑Credentials header, causing browsers to send authentication cookies to Temu and link...
Business Logic Flaws: The Silent Threat in Modern Web Applications
In late 2019 Robinhood’s options platform mis‑calculated buying power, allowing users to control positions worth hundreds of thousands of dollars with only a few thousand in capital. The flaw stemmed from a business‑logic assumption that margin‑related trades reduced risk, which...
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
Researchers at Elastic Security Labs identified a novel social‑engineering campaign that abuses Obsidian’s community plugins to deliver the previously unknown PHANTOMPULSE remote‑access trojan. Threat actors pose as venture‑capital contacts on LinkedIn and Telegram, coaxing finance and cryptocurrency professionals to enable...
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Security researchers at Ox Security disclosed a critical, systemic flaw in Anthropic's Model Context Protocol (MCP) that enables arbitrary command execution. The vulnerability stems from the protocol’s STDIO interface, which runs commands even when server startup fails, exposing over 200...
CAIS
HolistiCyber’s Cyber AI Suite (CAIS) is a comprehensive service that secures AI‑driven applications from architecture through governance. It begins with a deep review of Retrieval‑Augmented Generation (RAG) pipelines and vector databases, then applies threat modeling and AI‑focused penetration testing using...
Inditex Data Breach: Zara Owner Inditex Reports Major Data Breach Exposing Customer Transaction Records
Inditex, the parent of Zara, disclosed a data breach that originated from a former technology provider and exposed transaction‑related information but no customer names, contact details, passwords, or payment data. The breach involved a third‑party service used by several international...
'Attention-Seeking' Man Allegedly Targeted Police, Defence in 'Cybercrime Spree'
A 22‑year‑old Adelaide resident, Aiden Wood, was charged with 12 hacking offences after allegedly launching a four‑month cybercrime spree that targeted critical government infrastructure, including the Australian Federal Police and Defence Force, as well as the NBN network at a...
Norway’s State Telecoms Firm Accused of Helping Myanmar Regime Seize Activists
A Norwegian state‑owned telecom, Telenor, faces a class‑action lawsuit in Norway alleging it supplied the Myanmar military with personal data on more than 1,200 activists, facilitating arrests and alleged torture. The suit, filed by the Justice and Accountability Initiative and...
“I’m Just Scared”: Teen Hacker Jailed After Massive U.S. School Data Breach
Teen hacker Matthew Lane, now 20, was sentenced to four years in federal prison for his central role in the PowerSchool data breach, one of the largest attacks on U.S. education. The breach exposed personal information for roughly 60 million students...
Capsule Security Exits Stealth with $7m Seed Round
Capsule Security emerged from stealth with a $7 million seed round co‑led by Lama Partners and Forgepoint Capital. The startup offers a runtime trust layer that monitors AI agents between prompt and action, aiming to stop manipulation, unexpected behavior, and data...
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Security researchers disclosed a new prompt‑injection technique called “Comment and Control” that exploits AI‑driven code tools on GitHub. The method tricks Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent by embedding malicious prompts in pull‑request titles, issue...
US Nationals Behind DPRK IT Worker 'Laptop Farm' Sent to Prison
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to 108 months and 92 months respectively for orchestrating a scheme that placed North Korean IT workers in over 100 American companies using stolen identities. Between 2021 and October 2024...
Use of Agentic AI Erodes GDPR Compliance as We Know It. Wipro's 'Privacy by Design' Comes Into Its Own
The rise of agentic AI—autonomous systems that decompose tasks, retain memory, and act on users’ behalf—exposes gaps in current GDPR compliance frameworks. Traditional governance assumes static tools, not self‑directing agents that make micro‑decisions, store contextual data, and can be hijacked...
Microsoft: April Windows Server 2025 Update May Fail to Install
Microsoft is investigating a failure of the April 2026 KB5082063 security update on Windows Server 2025, which triggers error code 0x800F0983 and, in some cases, forces servers into BitLocker recovery mode. The issue appears limited to enterprise‑managed configurations and does not affect...
One Year on From the M&S Cyber Attack: What Did We Learn?
One year after the Easter‑week 2025 Marks & Spencer cyber breach, analysts confirm the attack originated from a simple social‑engineering phone call that compromised a third‑party help‑desk and cascaded into ransomware across VMware hosts. The incident sparked a wave of...
Targeted Cyberattack on Northern Ireland Schools Exposes Personal Data
A recent cyberattack on Northern Ireland's Education Authority was confirmed as a targeted breach affecting a small number of schools. Forensic analysis revealed that attackers accessed personal data, though no large‑scale exfiltration has been proven. Police Service of Northern Ireland...
How to Implement Passwordless Authentication to Boost User Conversion
Passwordless authentication replaces passwords with device‑bound cryptographic keys, removing a major source of friction in sign‑up and login flows. The 2026 Passwordless Conversion Impact Report shows that faster entry boosts lifetime value, while the IBM Cost of Data Breach Report...
Democratized Software, Democratized Risk: Who’s Accountable When Everyone Codes?
AI‑driven coding tools are letting non‑technical teams create software without traditional developer resources, accelerating delivery and cutting costs. However, this democratization creates governance gaps that can expose organizations to security, compliance, and accountability risks. The article advises IT leaders to...
Corporate Affairs Commission Hit by Cyberattack in Nigeria
Nigeria’s Corporate Affairs Commission confirmed a cyber‑attack that compromised its company‑registration platform, prompting an urgent investigation with the National Information Technology Development Agency. The breach threatens sensitive business data, could delay filings and erode confidence in government digital services. At...
Shadow AI and the New Visibility Gap in Software Development
Generative AI is now a core part of software development, but shadow AI—unapproved AI tools used by developers—is already mainstream, with 50% of workers globally and over 70% of UK employees relying on them. This creates a "lethal trifecta" of...
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems
Researchers at Cyble have identified a surge in Android malware campaigns leveraging a new modular framework called MiningDropper. The platform repurposes the open‑source Lumolight app as a trojanized entry point and uses layered XOR and AES encryption to deliver multi‑stage...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Researchers at Acronis have identified a low‑dollar, high‑volume ransomware operation that has been active in Turkey since at least 2020. The attackers deploy a customized Adwind RAT to deliver the JanaWare ransomware, demanding between $200 and $400 per victim. The...
Web Supply Chain Risk in ANZ: Why the Browser Is the New Front Line
Reflectiz warns that modern web applications increasingly rely on third‑ and fourth‑party scripts that execute in users' browsers, creating a hidden supply‑chain risk that traditional security tools cannot see. Research of 4,700 ANZ sites shows 64% of these scripts handle...
Cyberwar’s New Frontier
The article warns that autonomous cyber‑agents are moving from theory to operational reality, capable of launching attacks in minutes and persisting undetected across critical sectors. It highlights the U.S. 2026 Cyber Strategy’s embrace of such agents while noting severe staffing...
RedSun: System User Access on Win 11/10 and Server with the April 2026 Update
RedSun is a newly disclosed vulnerability affecting Windows 10, Windows 11 and Windows Server with the April 2026 Update. The flaw exploits Windows Defender’s cloud‑tag handling, causing the antivirus to rewrite a malicious file back to its original location. By overwriting trusted system...
FSF Trying to Contact Google About Spammer Sending 10k+ Mails From Gmail Account
Thom Zane, an administrator of the daedal.io Mastodon instance, posted on the fediverse asking for a direct email address to reach a human on Google’s Gmail team. He wants to report a spammer who allegedly sent more than 10,000 Gmail...
Taking Operational Risk to Resilience with Emerging AI Systems: Gartner
Gartner warns that generative AI (GenAI) and agentic AI are exposing enterprises to rising security incidents. It predicts 25% of GenAI applications will suffer at least five minor incidents annually by 2028, and 15% will encounter a major breach by...
Spatiotemporal Light Pulses Could Secure Optical Communication by Masking Data
Ben‑Gurion University researchers have devised a secure optical‑communication scheme that embeds data within spatiotemporal optical vortices—light pulses whose structure conceals information from conventional detectors. The approach pairs these shaped pulses with a pre‑shared key and decoy‑signal algorithm, allowing only a...
Coremail Showcases at GITEX Asia 2026: Advancing Enterprise Communication with AI-Native Secure Email
Coremail unveiled its AI‑Native Secure Email System and CACTER AI‑Native Secure Email Gateway at GITEX Asia 2026 in Singapore. The solutions combine large language models with autonomous agents to transform email from a static messaging tool into a task‑execution hub....
Anonymizing Network Traffic: A Dive Into SOCKS5 and Data Encryption
SOCKS5 proxies have become a core tool for businesses that need to hide IP addresses while handling any traffic type, from HTTP to UDP. Unlike HTTP proxies, SOCKS5 does not inspect data, allowing seamless use for streaming, automated data collection,...
Over 25K Systems Exposed by Adware App to Supply Chain Compromise
Dragon Boss Solutions’ ad‑ware platform inadvertently exposed more than 25,000 systems after an insecure software‑update channel was discovered. Threat actors could purchase a signed payload for about $10 and push malicious code with SYSTEM privileges. Huntress identified communications from 23,565 IP addresses,...
To Fight Ransomware, Turn to Incident Response Professionals
The UK Home Office is consulting on a ban on ransomware payments for public‑sector bodies and critical national infrastructure, alongside a broader payment‑prevention regime and mandatory incident‑reporting. Critics argue the proposal could leave under‑resourced firms tangled in legal hoops while...
WBA Guidelines Target Rogue Access Points and Credential Theft
The Wireless Broadband Alliance (WBA) released a Wi‑Fi Security Guidelines framework to standardize protection across public, enterprise, IoT, and roaming networks. The document mandates mutual certificate‑based authentication, WPA3‑Enterprise with Protected Management Frames, and encrypted RADIUS traffic to thwart rogue access...
KnowBe4 Debuts Guardrails for Autonomous AI Agents
KnowBe4 has introduced Agent Risk Manager, a real‑time monitoring and governance layer designed to police autonomous AI agents operating across enterprise environments. The solution adds behavioral guardrails to block threats such as unauthorized data exposure, prompt‑injection jailbreaks, and runaway compute...
CoSN 2026: Student-Led Cyber Programs Incentivize Culture of Safety
At DeKalb County School District, the second‑year Cyber Champions program places students at the forefront of district‑wide cybersecurity education, turning them into peer advocates for digital safety, phishing awareness, and AI ethics. The initiative operates without a dedicated budget, leveraging...
Securing Remote Server Access: Why VPNs Matter for Administrators
Remote server administrators face brute‑force, phishing and malware attacks when SSH or RDP are exposed to the internet. Deploying a corporate VPN tunnels remote connections through encrypted channels, limiting access to authenticated users and removing direct exposure of critical ports....
Anthropic's Mythos Triggers Cybersecurity Race — CrowdStrike, Rubrik, Cloudflare Stand To Gain
Anthropic unveiled Project Glasswing and the Claude Mythos model, an AI system that can autonomously discover and exploit software vulnerabilities at scale. ARK Invest highlighted Mythos' 93.9% SWE‑bench and 83.1% CyberGym scores as evidence of a new era in software...
New AgingFly Malware Used in Attacks on Ukraine Govt, Hospitals
CERT‑UA uncovered a new malware family called AgingFly targeting Ukrainian government agencies, hospitals and possibly Defense Forces. The campaign begins with phishing emails offering humanitarian aid, leading victims to click links that deliver malicious LNK shortcuts and HTA files. Once...
Critical MCP Integration Flaw Puts NGINX at Risk
Researchers at Pluto Security have uncovered a critical vulnerability in the popular nginx‑ui web console, identified as CVE‑2026‑33032 with a CVSS score of 9.8. The flaw resides in the MCP /message endpoint, which performs no authentication and can be exploited to...
Class Action Targets Berkadia over Alleged Cyberattack Exposing Thousands' Data
Berkadia Commercial Mortgage, the leading Freddie Mac lender, faces a proposed class action alleging a March 20 cyberattack by the ShinyHunters group. The breach reportedly exposed thousands of individuals' personal and financial data, including Social Security numbers and banking details. Plaintiffs claim...
![Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2026/04/iphone-tap-to-pay-vulnerability-veritasium.webp?resize=1200%2C628&quality=82&strip=all&ssl=1)
Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]
A five‑year‑old tap‑to‑pay flaw in iPhone’s Express mode lets large transit purchases bypass the lock screen, a vulnerability highlighted in a recent Veritasium video. Apple and Visa have been aware of the issue since 2021, but claim it falls under...
