Microsoft’s VibeVoice Is Free, Open-Source, and a Compliance Problem Waiting to Happen
Microsoft Research has open‑sourced VibeVoice, a free, locally‑run voice AI that can generate up to 90 minutes of multi‑speaker conversational audio and transcribe 60‑minute recordings with speaker attribution. The system runs on consumer‑grade hardware with roughly 200 ms first‑chunk latency, but was briefly removed from GitHub after misuse and relaunched with strict usage restrictions. By eliminating platform intermediaries, VibeVoice gives creators unprecedented production power while shifting legal responsibility to the user. Microsoft advises against commercial deployment until further testing is completed.
Developing A Security Framework For Chiplet-Based Systems
The article outlines a security framework for chiplet‑based systems, emphasizing that each chiplet must possess a verifiable identity tied to a platform‑wide trust chain. It describes two provisioning patterns—certificate‑based external provisioning and silicon‑derived (PUF) self‑generated keys—and explains how both feed...
World First: MACsec IP Receives ISO/PAS 8800 Certification For Automotive And Physical AI Security
Synopsys became the first company to earn ISO/PAS 8800 certification for its MACsec IP, a standard that secures Ethernet communication inside vehicles. The certification, validated by SGS TÜV Saar, confirms that the IP not only protects data integrity but also meets the...
NCSC Warns of Messaging App Targeting Public Sector
The UK National Cyber Security Centre (NCSC) has warned that Russian‑based threat actors are targeting public‑sector personnel through popular messaging apps such as WhatsApp, Messenger and Signal. High‑risk individuals—those with access to or influence over sensitive information—may face login‑code theft,...
Federal Cyber Experts Thought Microsoft’s Cloud Was “A Pile Of Shit.” They Approved It Anyway.
In late 2024 FedRAMP granted its cybersecurity seal to Microsoft’s Government Community Cloud High (GCC High) even though internal reviewers called the product “a pile of shit” due to missing security documentation. The agency cited a “buyer beware” notice and the...
Banks, Telcos to Chuck OTPs, Adopt Silent Authentication
India’s leading private banks and telecom operators are jointly phasing out traditional one‑time passwords in favor of a silent authentication system that validates the mobile number linked to a banking app against the SIM currently active on the device. The...
Private NZ Cardio Centre Halts Procedures After Hack
Auckland‑based private specialist IntraCare halted its IT systems after detecting a network breach on March 20, postponing at least 28 cardiac and radiology procedures for a week. The provider engaged cybersecurity firm CyberCX and coordinated with Te Whatu Ora, the...
The Compliance Tightrope: Balancing Uniformity and Precision Across U.S. State Consumer Privacy Laws
U.S. companies now navigate a fragmented landscape of more than twenty state consumer privacy statutes, each with distinct definitions, thresholds, and exemptions. California remains the most demanding jurisdiction, applying a $26.6 million revenue test and extending coverage to employee and B2B...
Meta’s Facial Recognition Smart Glasses Plan Sees Increasing Opposition
More than 60 civil‑society groups, led by the Consumer Federation of America, have written to Congress demanding a halt to Meta’s plan to embed facial‑recognition software, called “Name Tag,” in its Ray‑Ban smart glasses. The groups cite a Swedish investigation...
Data Privacy Emerges as a ‘Core American Value,’ Expert Says
A new Center for Democracy and Technology survey shows 74% of Americans worry about how the federal government stores and uses their personal data. The concern follows recent Trump executive orders that broaden federal access to state‑held information for fraud...
Amazon Security Boss: AI Makes Pentesting 40% More Efficient
Amazon’s chief information security officer CJ Moses says AI‑driven penetration testing has lifted efficiency by roughly 40%, slashing human and operating costs. The AI handles data‑heavy vulnerability discovery while humans review critical exploit decisions, enabling continuous testing beyond traditional point‑in‑time...
Nissan Says Stolen Data Came From Third-Party Vendor After Hacking Group Claims Breach
Nissan confirmed that a recent cyber‑incident involved a third‑party vendor that services its North American dealerships, not the automaker’s own systems. The Everest hacking group alleges it stole 910 GB of data, including customer, dealership and loan information, and threatened to...
Cloudflare Announces EmDash As Open-Source 'Spiritual Successor' To WordPress
Cloudflare unveiled EmDash, an open‑source platform marketed as a spiritual successor to WordPress, aiming to resolve chronic plugin‑security issues. Built from the ground up with AI‑assisted coding, EmDash is written entirely in TypeScript and adopts a server‑less, sandboxed architecture. The...
Cetera, Ameriprise Face Class Action Lawsuits Over Data Breaches
Cetera Financial and Ameriprise are facing class‑action lawsuits after data breaches exposed client personally identifiable information. Cetera’s breach stemmed from an unauthorized email account access, leaking names, Social Security numbers and account details. Ameriprise was hit by the ShinyHunters ransomware...
Top EU Officials’ Signal Group Chat Shut Down over Hacking Fears
The European Commission ordered senior officials to shut down a Signal group chat after fearing it could be targeted by hackers. The directive follows a series of recent cyber incidents, including a website breach and a mobile‑device infrastructure attack that...
New Report Warns Federal Fraud Controls Are Falling Behind
A new Socure‑sponsored report warns that federal fraud controls are lagging behind rapidly evolving identity‑theft tactics powered by AI and automation. The Government Accountability Office estimates annual federal fraud losses between $233 billion and $521 billion, with pandemic relief programs alone losing...
The AI Intelligence Layer for SIEM, Explained: What It Does, Why It Matters, and How to Evaluate One
Security teams face a massive investigation gap: 67% of SIEM alerts go uninvestigated, with each manual review averaging 70 minutes. While SIEMs excel at log collection and alert generation, they lack the ability to reason about attack chains. An AI...
Data Security in Digital Health: Protecting Patient Privacy in Recovery Programs
A panel of five digital‑health experts outlines how recovery programs can harden patient‑data protection. They stress mandatory encryption, role‑based least‑privilege access, continuous audit logging, and a shift toward zero‑trust architectures. Limiting data collection, enforcing vendor accountability, and embedding privacy‑by‑design are...
North Dakota Water Treatment Plant Reports March Ransomware Attack
A ransomware intrusion hit the Minot, North Dakota water treatment plant on March 14, forcing operators to unplug a server and run manual controls for about 16 hours. The city kept water safe and pressure stable, and no ransom was...
Review: Rubrik Security Cloud Helps Agencies Build Data Resilience
Rubrik Security Cloud offers state and local governments a zero‑trust, immutable backup platform that combines data‑observability with rapid cyber‑recovery. Its architecture stores unalterable backups, detects anomalies across on‑prem, cloud and SaaS workloads, and automates restoration of clean data. The solution...
Galaxy Digital's Testnet Suffers Hack but No Client Funds or Information Were Compromised
Galaxy Digital disclosed an unauthorized intrusion into an isolated research‑and‑development testnet, resulting in a loss of less than $10,000. The breach was contained quickly, and the firm confirmed that no client funds or account information were accessed. Core trading platforms,...
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A new phishing campaign is tricking LinkedIn users with counterfeit notification emails that appear to come from the platform. The emails, sent from a freshly registered khanieteam.com domain, direct victims to a look‑alike site (inedindigital) that harvests login credentials. Cofense's...
Agentic AI Governance: How to Approach It
Agentic AI agents are now in production at roughly 70% of enterprises, creating a hidden layer of "identity dark matter" that traditional IAM tools cannot see or control. Existing identity providers struggle to enforce runtime policies for these autonomous, short‑lived...
Google Deepmind Study Exposes Six "Traps" That Can Easily Hijack Autonomous AI Agents in the Wild
Google DeepMind’s new paper defines six “AI agent traps” that exploit the perception, reasoning, memory, action, multi‑agent dynamics, and human‑in‑the‑loop stages of autonomous agents. The study shows real‑world proof‑of‑concept attacks, from hidden HTML instructions to coordinated multi‑agent flash‑crash scenarios. Researchers...
Facephi Expands LATAM Behavioral Biometrics Footprint with New Banking Contract
Facephi has signed a five‑year deal with an unnamed Central American bank to deploy its mule‑account detection and behavioral biometrics platform across the institution’s operations. The solution will monitor the full customer lifecycle, targeting synthetic identities, organized fraud networks and...
Cyberattacks Intensify Pressure on Latin American Governments
Latin American governments are confronting a surge in cyber attacks, with organizations in the region experiencing about 3,050 incidents per week in March—well above the global average of roughly 2,000. Government agencies face even higher pressure, enduring around 4,200 weekly...
FCC Router Rules Shake U.S. Market: Ookla Data Reveals Top Vendors and Wi-Fi Upgrade Gap
The FCC’s new router rule forces any consumer router built abroad to obtain a waiver before sale, aiming to curb cyber‑attacks linked to foreign hardware. Ookla data shows the U.S. market is led by Eero, TP‑Link, Netgear and others, all...
WhatsApp Notifies Hundreds of Users Who Installed a Fake App Made by Government Spyware Maker
WhatsApp disclosed that it alerted roughly 200 users—mostly in Italy—who installed a counterfeit iOS version of its app containing spyware. The fake client was traced to Italian surveillance firm SIO, which has a history of producing government‑grade spyware. WhatsApp logged...
The First Quantum Computer to Break Encryption Is Now Shockingly Close
Two independent studies reveal that a quantum computer capable of cracking the elliptic‑curve discrete logarithm problem (ECDLP) – the backbone of most internet encryption – is nearer than previously believed. The analyses suggest the world’s largest quantum processor is already...
Anthropic Rushes to Limit Leak of Claude Code Source Code
Anthropic PBC moved quickly to contain an accidental public release of the source code powering Claude Code, its flagship AI‑assistant that drives most of the company’s revenue. The firm issued copyright takedown notices that removed thousands of copies from GitHub....
Peppa Pig and Transformers Owner Hasbro Hit by Cyber-Attack
Hasbro disclosed an unauthorized intrusion into its corporate network, first identified on March 28 and reported in an SEC filing. The breach forced portions of the company’s main and brand‑specific websites offline, displaying error messages and prompting warnings of possible...
HCP Terraform Adds IP Allow List for Terraform Resources
HashiCorp announced that IP allow lists are now generally available in HCP Terraform, enabling organizations to define approved CIDR ranges for both platform access and Terraform agents. The new organization‑level setting can be scoped to individual agent pools, restricting UI,...
Report Sheds More Light on Phantom Stealer
A multi‑wave phishing campaign targeting European manufacturing, technology and logistics firms deployed the .NET‑based Phantom Stealer, bundled with a crypter and remote‑access tool. The attackers sent spoofed emails lacking DKIM signatures and failing SPF checks, attaching either a malicious executable...
Widespread Microsoft 365 Account Compromise Sought by Iran-Linked Hackers
Iran‑linked threat groups have compromised Microsoft 365 accounts across more than 300 Israeli organizations, 25 firms in the United Arab Emirates, and a limited set of targets in the United States, Saudi Arabia and Europe. The campaign began in early March with...
Key Leaks, Vault Failures, and TEE Attacks: Highlights From RWC 2026
GitGuardian presented at the Real World Cryptography Symposium 2026, revealing that 945,560 private keys have leaked in the wild, compromising 139,767 certificates. The team also demonstrated 27 attacks that break the zero‑knowledge promises of four leading password managers and showcased...
5 AWS AI Controls Every Security Team Should Have
AWS now offers organization‑wide controls that let security teams govern AI workloads beyond the application layer. Five key mechanisms—MCP server access blocks, Bedrock policy guardrails, model‑specific SCP denies, service‑wide SCP disables, and long‑term Bedrock API‑key restrictions—can be applied uniformly across...
Joint Offering Combines CrowdStrike's Falcon with HCLTech's AI Force
CrowdStrike and HCLTech have deepened their alliance by launching a continuous threat exposure management service that merges CrowdStrike’s Falcon platform with HCLTech’s VERITY framework and AI Force. The solution delivers real‑time visibility, AI‑driven insights, and automated remediation across endpoints, cloud, identity,...
Microsoft Deploys yet Another Emergency Patch for Windows 11 — but at Least the Fix for the Broken March Update...
Microsoft issued an emergency patch for Windows 11 to address critical failures introduced by the March 2024 cumulative update. The patch restores login functionality, resolves file‑system corruption, and stabilizes system performance. Microsoft rolled out the fix within 48 hours, marking a...
Resemble AI Unveils Deepfake Detection Tools Amid Synthetic Media Surge
Resemble AI released a deepfake threat report and two free detection tools—a Chrome extension that scans images, video and audio, and an X bot that lets users verify suspicious posts without leaving the platform. The company also added enterprise features...
48 Hours: The Window Between Infostealer Infection and Dark Web Sale
Whiteintel researchers mapped the full infostealer lifecycle and found that stolen corporate credentials appear on dark‑web marketplaces within 48 hours of infection, often much sooner. The five‑stage process—infection, harvest, packaging, marketplace listing, and exploitation—compresses credential theft into a window far...
Halcyon Days for HYCU as the Pair Link up on Ransomware Pitch
HYCU is embedding Halcyon’s ransomware‑detection software into its R‑Shield platform, creating a unified solution for ransomware detection, prevention, and recovery. The enhanced offering protects workloads across virtual machines, data warehouses, finance apps, storage buckets, and git repositories in hybrid and...
AI-Driven Identity Must Exist in a Robust Compliance Framework
Enterprises are rapidly adopting AI‑driven identity and verification tools, but UK regulators are demanding that governance, risk and compliance (GRC) precede deployment. New legislation such as the Data (Use and Access) Act 2025, the Online Safety Act 2025, and updated ICO guidance...
Rapid Response: How Boston Children’s Hospital Overcame the Stryker Cyberattack
Boston Children’s Hospital faced a massive wiper cyberattack that crippled Stryker’s Vocera communication platform, prompting an immediate, coordinated response. Within 30 minutes the hospital isolated the vendor network and began dismantling the compromised system. By evening, Epic Secure Chat was...
Hasbro Says It Was Hacked, and May Take ‘Several Weeks’ to Recover
Hasbro confirmed a cyberattack discovered on March 28, prompting the company to shut down parts of its IT infrastructure. The toy maker activated business continuity plans to keep order processing and shipping functional while external cybersecurity experts work on remediation....
Commvault Expands Integrations with Microsoft Security to Connect AI Threat Detection, Investigation, and Trusted Recovery
Commvault announced an expanded integration with Microsoft Security, linking its Cloud platform to Microsoft Sentinel and Security Copilot. The new Sentinel connector streams backup‑related alerts—such as malware detections and ransomware anomalies—into a centralized data lake for real‑time analysis. An Investigation...
Meeting Regulatory Requirements with Informatica
Informatica highlighted the critical role of trusted data in meeting ever‑growing regulatory demands during a DBTA webinar. A recent survey cited by David Thain shows 93% of data leaders say regulations impede their initiatives. Speakers emphasized that siloed data hampers...
NYC Mayor Zohran Mamdani Lifts Government TikTok Ban, Citing Need to Reach New Yorkers on Social Media
New York City Mayor Zohran Mamdani has lifted the 2023 ban on TikTok for government use, allowing agencies to operate on the platform under strict guidelines. The new policy requires dedicated government devices, designated staff, and agency‑managed credentials to address...
Kaufman Rossin and Synack Partner to Scale AI-Powered, Continuous Penetration Testing for Regulated Companies
Kaufman Rossin, a top‑50 public accounting and advisory firm, has partnered with Synack, the leader in penetration testing as a service, to deliver AI‑powered, continuous security testing for regulated enterprises. The collaboration blends Kaufman Rossin’s deep cybersecurity advisory expertise with...
European-Chinese Geopolitical Issues Drive Renewed Cyberespionage Campaign
Proofpoint reports that Chinese state‑aligned cyberespionage group TA416, also known as Twill Typhoon, has re‑engaged Europe in mid‑2025, targeting diplomatic missions, NATO delegations and EU institutions amid heightened EU‑China tensions following the 25th EU‑China summit. The campaign coincides with disputes over...
North Korean Hackers Linked to Axios Npm Supply Chain Compromise
On March 31, 2026, attackers compromised a maintainer’s npm account and published two malicious versions of the popular Axios HTTP client library. The backdoored packages contained a hidden dependency that executed a post‑install script, downloading the WAVESHAPER.V2 remote‑access trojan targeting...
