Dark Sky Technology, and Carahsoft Partner to Deliver Advanced Software Supply Chain Risk Management Solutions to Government Agencies
Dark Sky Technology and Carahsoft have formed a strategic partnership to make the Bulletproof Trust platform available to U.S. government agencies through Carahsoft’s extensive contract vehicles. The platform ingests Software Bills of Materials, monitors more than 30 vulnerability databases, and evaluates contributor trust to provide continuous risk visibility. It can be deployed as SaaS, in private clouds, or in air‑gapped environments, allowing agencies to enforce security policies directly within development pipelines. The agreement leverages SEWP V, NASPO ValuePoint, TIPS, OMNIA, E&I and The Quilt contracts to meet evolving federal cybersecurity mandates.
US Government To Review Major AI Models
The U.S. Department of Commerce will require Google, Microsoft and xAI to submit new AI models for pre‑deployment review, expanding the voluntary framework first used with OpenAI and Anthropic in 2024. The Centre for AI Standards and Innovation aims to...
Kaspersky Identifies Ongoing Supply Chain Attack
Kaspersky’s March 2026 study revealed supply‑chain attacks as the most frequent cyber threat, yet only 9% of firms listed them as a top priority. The firm now issues a five‑point mitigation playbook covering vendor audits, strict procurement, privilege restriction, continuous XDR...
UIDAI, NFSU Sign 5-Year Pact to Boost Cybersecurity and Digital Forensics
India’s Unique Identification Authority (UIDAI) has signed a five‑year partnership with the National Forensic Sciences University (NFSU) to boost cybersecurity and digital forensics across the Aadhaar ecosystem. The agreement, announced on May 5 in Ahmedabad, outlines six strategic pillars covering talent...
The UAE’s Cybersecurity Strategy in the Hybrid Warfare Era
The United Arab Emirates has unveiled a comprehensive cyber‑resilience strategy to counter the surge of AI‑powered attacks that accompany modern hybrid warfare. The UAE Cybersecurity Council reports a 40% rise in home‑network attacks and notes that 76% of MENA organizations...
AI only as Secure as the Information Behind It: OpenText
OpenText warns that AI-driven security is only as secure as the data it processes, emphasizing the risk of fragmented, ungoverned information. The company argues that without robust information governance, AI can magnify bias, expose sensitive content, and accelerate breach impact....
Australia Forms Cyber Incident Review Board to Strengthen Defences After Major Breaches
Australia has established a Cyber Incident Review Board under the Cyber Security Act 2024 to conduct no‑fault, post‑incident analyses of major cyber attacks affecting both government and private firms. Chaired by Telstra’s CISO Narelle Devine, the board brings together leaders...
Hardware-Software Concealing of Secret Key and Enhancement of Pipelined Advanced Encryption Standard Cryptographic Core via Reconfigurable Devices for Hybrid Fast...
Researchers designed a pipelined two‑cycle AES‑256 cryptographic core on a Cyclone V SX SoC FPGA that delivers 12.8 Gb/s encryption throughput while occupying only 9 % of the device’s logic. Compared with recent FPGA implementations running at 96‑100 MHz, the new core achieves a seven‑fold...
PNB Allocates up to ₹8,000 Crore for Cybersecurity, Ramps up Tech Procurement
Punjab National Bank (PNB) is allocating up to ₹8,000 crore (about $84 million) – roughly 20% of its technology budget – to bolster cybersecurity against rising digital threats, including AI‑driven attacks. The allocation represents a more than 50% increase from the prior...
Middle East Cyber Battle Field Broadens — Especially in UAE
The United Arab Emirates saw daily breach attempts explode from roughly 90,000‑200,000 pre‑conflict to 600,000‑800,000 after Israel and the U.S. launched operations against Iran. Saudi Arabia’s cyber‑relevant activity surged 25‑fold and Qatar’s more than quadrupled, reflecting a regional escalation. Attack...
NCSC Highlights the Potential of AI to Enhance Cyber Defence
The UK National Cyber Security Centre (NCSC) warned that while artificial intelligence can significantly strengthen cyber‑defence, its rollout will be gradual and technically demanding. Deputy CTO Peter Haigh said AI could improve threat detection, vulnerability discovery, software security, system management...
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
Palo Alto Networks disclosed a critical zero‑day vulnerability, CVE‑2026‑0300, that exploits a buffer overflow in the User‑ID Authentication Portal of its PAN‑OS firewalls. The flaw grants unauthenticated attackers root‑level code execution on PA and VM series devices when the portal...
European Industry Fears ‘Back Door’ for US in Cloud Law
The European Commission is drafting the Cloud and AI Development Act to foster a sovereign cloud ecosystem and reduce reliance on foreign tech. Critics say the proposal includes a loophole that permits U.S. providers when no European alternative exists, effectively...
Report: How Cyber Crime Affected the U.S. in 2025
The FBI’s Internet Crime Complaint Center reported that U.S. cyber‑enabled crime losses jumped to $20.9 billion in 2025, a 26 percent rise from the previous year. More than one million incidents were logged, with investment fraud leading the cost chart at $8.6 billion,...
Aussie Small Businesses Still Not Prioritising Cyber Security
Research commissioned by Optus and conducted by Ipsos finds only 40% of Australian small businesses prioritize cyber security. One‑third have already suffered a cyber incident, yet 60% lack a formal cyber plan and many spend less than two hours per...
F5 AI Guardrails Quickstart: Answering the Hard Questions
A financial services firm is piloting an AI assistant that draws answers from its own underwriting manuals and regulatory filings. To address security gaps, F5 offers an AI Guardrails quickstart that adds an inline inspection layer for both prompts and...
AI-Enabled Vulnerability Discovery Is Reshaping National Cyber Defence
Anthropic’s Claude Mythos LLM demonstrated strong vulnerability‑discovery ability, flagging 271 flaws in Firefox during preview testing. AI‑enabled tools now automate key steps of zero‑day exploit development, dramatically reducing time and cost compared with traditional manual methods. The UK warns that...
Expert Warns over Dangers of Amap
A Taiwan security expert warned that China could exploit data collected by the Amap navigation app against Taiwan. Amap offers 3D street views and traffic‑signal countdowns, gathering real‑time location and movement data. Taiwan’s Ministry of Digital Affairs has banned government...
Taiwan’s Global Cybersecurity Role Touted at Event
Taiwan is positioning itself as a global cybersecurity leader, announcing its first international certification for semiconductor‑equipment security at the CYBERSEC 2026 conference. The island’s cyber industry is approaching NT$100 billion (≈US$3.16 billion) in output, while critical infrastructure faced up to 2.63 million intrusion attempts...
Microsoft Edge Will Load All Your Passwords Into Memory in Plaintext, but Microsoft Says It's Not a Security Concern
Microsoft Edge was found to load every saved password into process memory in cleartext when the browser starts, a behavior not seen in other Chromium‑based browsers. Security researcher @L1v1ng0ffTh3L4N demonstrated that an attacker with administrative rights could scrape these credentials....
Megaport Launches Built-In DDoS Protection Enabling On-Demand Network Resilience
Megaport Limited announced Megaport DDoS Protection, a built‑in security layer that filters malicious traffic directly within its global network fabric. The service eliminates the need for external scrubbing centers, reducing latency and simplifying routing for enterprise cloud environments. Customers can...
May 5, 2026 Quick Space Links
NASA investigators revealed a Chinese national phishing campaign that stole software from NASA and the Department of Defense, highlighting growing cyber threats to U.S. space assets. NASA also announced it is evaluating commercial communications providers, including Starlink and other LEO...
Supply-Chain Attacks Take Aim at Your AI Coding Agents
AI coding agents that automatically pull packages from registries are now being weaponized by supply‑chain attackers. Researchers at ReversingLabs identified the PromptMink campaign, attributed to North Korea’s Famous Chollima APT group, which plants persuasive bait packages and malicious dependencies to trick...
NIST SP 800-223 and 800-234: A Turning Point for Federal High-Performance Computing Security
The National Institute of Standards and Technology released SP 800‑223 and the draft SP 800‑234, the first federal frameworks dedicated to securing high‑performance computing (HPC) environments. The standards arrive as the Genesis Mission, a $320 million initiative, links the 17 U.S. national laboratories...
Extreme Moves Toward Autonomous Networking with Advanced AI Agent, Management Tools
Extreme Networks announced its second‑generation AI agent, Extreme Agent ONE, at Extreme Connect 2026, promising proactive, autonomous detection and remediation of network issues. The company also rolled out a major update to its Platform ONE management suite, adding third‑party device...
From Mandate to Momentum: Turning CISA’s Edge Device Directive Into Lasting Capability
The Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 26‑02 compels federal agencies to identify, remediate and continuously manage unsupported edge devices such as routers and firewalls. Agencies have 90 days to inventory these assets, 18 months to replace or mitigate them, and...
Top Google Scientist Says EU Data Measures Pose Privacy Risk for Users
A distinguished Google scientist warned EU antitrust regulators that the Commission’s draft rule to share search‑engine data with rivals could expose user privacy. He demonstrated that Google’s AI red team re‑identified anonymised search data in under two hours, questioning the...
Trellix Source Code Breach Highlights Growing Supply Chain Threats
Trellix disclosed that an unknown threat actor gained unauthorized access to a portion of its source‑code repository, though the company says there is no evidence the code was exploited or the release process compromised. The breach comes amid a wave...
Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack
Kelp DAO issued a detailed rebuttal to LayerZero’s post‑mortem of the April 18 rsETH bridge exploit that cost roughly $300 million. The DAO claims the 1‑1 DVN configuration blamed by LayerZero was the platform’s default, approved in private communications and used by...
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
Federal cybersecurity funding and staffing have slashed, leaving state, city and nonprofit IT teams exposed. The University of California, Berkeley’s Center for Long‑Term Cybersecurity (CLTC) is stepping in, offering free clinics, research surveys and volunteer reserve teams to help low‑resource...
Edge Browser Leaves Passwords Exposed in Plain Text, Says Researcher
A Norwegian researcher discovered that Microsoft Edge’s password manager decrypts and stores saved passwords in plain text within the browser’s process memory, even after the browser is closed and reopened. Microsoft responded that this design balances performance and security, claiming...
CISA Boasts AI Automation Improvements to Threat Analysis, Mission Support
The Cybersecurity and Infrastructure Security Agency (CISA) reports its security operations unit has achieved the largest productivity gains from AI‑driven automation, enabling analysts to triage threats faster and focus on high‑value alerts. The technology also streamlines real‑time customer support in...
Jamie Dimon and Dario Amodei Sidestep Question About Whether the AI Cyber ‘Freakout’ Is Warranted
Jamie Dimon and Anthropic CEO Dario Amodei faced a CNBC query on whether AI‑enabled cyberattacks merit the current "freakout" narrative. While neither gave a definitive yes or no, both underscored that AI‑driven threats are real and accelerating, citing Anthropic's Mythos...
35,000 Users Targeted in Phishing Campaign in Just Two Days
Between April 14 and 16, a sophisticated phishing operation hit more than 35,000 users across 13,000 organizations in 26 countries, with 92% of victims located in the United States. The campaign masqueraded as compliance‑related communications, using organization‑specific details and encrypted‑looking...
Why Security Leadership Makes or Breaks a Pen Test
Penetration testing delivers real security value only when leadership sets clear scope, threat focus, and stakeholder alignment before the engagement and drives disciplined follow‑up afterward. Experts stress that testers need autonomy during the test, but the pre‑test decisions dictate relevance...
Italy PM Meloni Warns over AI Deepfakes After False Photos of Her Circulate
Italian Prime Minister Giorgia Meloni announced that AI‑generated fake images of her have been circulating online, including a fabricated photo of her in underwear. She posted the deepfake herself to illustrate the threat and warned that such manipulations can deceive...
The New Security Risk Every Business Using AI Needs to Know About (and How to Protect Yourself)
Businesses are confronting a new security threat dubbed "OpenClaw," where autonomous AI agents perform actions—often with write or execute privileges—without human oversight. These agents now generate over 80% of authentication attempts, yet receive less than 5% of security monitoring. Traditional...
Connecticut Passes Law Banning Sale Of Location Data, Regulating Ad Volume
Connecticut lawmakers passed Senate Bill 4, a privacy measure that bans the outright sale of precise geolocation data and imposes new limits on surveillance‑based pricing and ad volume in streaming. The bill also requires data brokers to register with the state...
10 Years After OPM Data Breach, Identity Protection Benefits for Affected Feds Start to Expire
A decade after the 2015 Office of Personnel Management breach that exposed more than 22 million federal employees and applicants, the government‑provided MyIDCare identity‑theft protection program is winding down. Enrollees receive rolling emails stating that credit monitoring, dark‑web scanning and insurance...
White House Wants to Vet Powerful AI Models for Risks − a Computer Scientist Explains Why AI Safety Is so...
The White House is drafting a federal review process to assess the safety of powerful artificial‑intelligence models before they are released, a notable shift from its traditionally anti‑regulatory posture. The move follows Anthropic’s decision to restrict access to its Mythos...
New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch
Meta has released a security patch that closes two WhatsApp vulnerabilities—CVE‑2026‑23866 on iOS/Android and CVE‑2026‑23863 on Windows—that could have been used to hide malicious links or executable files within trusted messages. While no active exploitation has been observed, the flaws...
DNSSEC Changes Are Coming. MSPs Should Check Customer Readiness Now
ICANN will introduce a new DNSSEC root trust anchor (KSK‑2024) with a rollover slated for October 2026, forcing validating resolvers to update their trust anchors or face SERVFAIL errors. While the root and most TLDs are signed, over 80% of individual...
Student Hacked Taiwan High-Speed Rail to Trigger Emergency Brakes
A 23‑year‑old Taiwanese university student was arrested after using software‑defined radio equipment to impersonate a TETRA beacon and broadcast a high‑priority "General Alarm" signal. The fake transmission forced four high‑speed rail trains to engage emergency brakes, halting service for 48...
CISA Pushes Critical Infrastructure Operators to Prepare to Work in Isolation
U.S. Cybersecurity and Infrastructure Security Agency (CISA) unveiled CI Fortify, a national program urging critical infrastructure operators to plan for and operate in isolation from the internet and third‑party services during severe cyber incidents. The initiative emphasizes controlled disconnection, rapid...
Your Employees Know What Phishing Looks Like. They’re Still Getting Fooled. Here’s Why.
A recent Sagiss survey of 500 U.S. desk workers shows AI‑generated phishing is now more convincing, with 72% saying attempts look more professional. Employees still click despite training, largely because they operate under pressure, multitask, and face after‑hours expectations. The...
Google Update: Android Flaw Could Put Billions of Devices at Risk
Google disclosed a critical remote‑code‑execution bug (CVE‑2026‑0073) in Android’s adbd daemon that can be triggered without any user interaction, affecting Android 14 through 16‑QPR2 and potentially billions of devices. The flaw is proximal, meaning attackers only need network or physical...
Drift Sets Out Token-Based Recovery Framework for $295M April Exploit
Drift Protocol unveiled a token‑based recovery plan to compensate users affected by the April 1 exploit that caused $295.4 million in losses. The scheme issues SPL tokens worth $1 per verified loss, funded by the protocol’s $3.8 million reserve, a $127.5 million commitment from...
'A Single 732-Byte Python Script Can Be Used to Obtain Root on Essentially All Linux Distributions Shipped Since 2017': Time...
Theori’s research uncovered a local privilege‑escalation flaw dubbed “Copy Fail” (CVE‑2026‑31431) that lets a user write four controlled bytes to any readable file’s page cache and gain root on Linux kernels released since 2017. A 732‑byte Python proof‑of‑concept script can obtain...
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation disclosed a critical vulnerability, CVE‑2026‑23918, in the HTTP/2 module of Apache HTTP Server 2.4.66, earning an 8.8 CVSS rating. The flaw is a double‑free in `mod_http2` that can be triggered by sending a HEADERS frame followed by...
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Kaspersky has uncovered a supply‑chain attack that trojanized DAEMON Tools Lite installers released between April 8 and early May 2026 (versions 12.5.0.2421‑12.5.0.2434). The compromised binaries launch a loader that contacts a command‑and‑control server, downloads a .NET info‑gatherer and a minimalist backdoor, and in...