Unauthorised Access Reported in Ministry of Finance Systems
Hackers breached primary processes at the Dutch Ministry of Finance, raising concerns over employee personal data exposure. The intrusion did not affect any financial information, and services provided by the Tax and Customs Administration remain operational. Access to the compromised systems has been temporarily blocked for staff while a formal investigation is underway. The incident highlights growing cyber threats targeting government infrastructure.
Chinese Captain Sentenced for Taiwan Cable Damage
A Chinese captain was sentenced to three years in prison for deliberately damaging the Taiwan‑Penghu No. 3 submarine communications cable by anchoring in a restricted zone. The court ordered him to pay NT$18.22 million (about US$570,000) in damages to Chunghwa Telecom. The...
CIS Benchmarks March 2026 Update
The Center for Internet Security released its March 2026 benchmark update, refreshing dozens of hardening guides across Windows, Linux, cloud, and database platforms. Highlights include Windows 11 Enterprise (v5.0.0) with nine new settings, Windows Server 2022/2025 revisions, and a minor OCI Foundations tweak....
Exabeam Expands Agent Behavior Analytics to Secure AI Agents Across ChatGPT, Copilot and Gemini
Exabeam announced an expansion of its Agent Behavior Analytics platform to monitor AI agents in ChatGPT, Microsoft Copilot, and Google Gemini. The new suite creates dynamic baselines, detects prompt injection and model abuse, and tracks identity, privilege, and lifecycle events...
Our Ongoing Commitment to Privacy for the 1.1.1.1 Public DNS Resolver
Cloudflare celebrated the eight‑year anniversary of its 1.1.1.1 public DNS resolver by publishing the results of a fresh independent privacy audit conducted by the same Big 4 accounting firm that examined the service in 2020. The audit confirms that the resolver’s...
Sars to Give Every Taxpayer a Digital Identity in Sweeping Tech Overhaul
South Africa's revenue agency SARS unveiled Modernisation 3.0, a digital overhaul that will issue every taxpayer a biometric, two‑factor digital identity. The programme adds AI‑driven case management, instant payments with the Reserve Bank, and automatic VAT assessments. In FY 2025/26...
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
Researchers at Seqrite have identified a "dual‑use dilemma" where ransomware groups repurpose legitimate IT utilities such as IOBit Unlocker and Process Hacker to disable antivirus software. These signed tools allow attackers to create a silent zone, bypassing traditional signature‑based defenses...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Brazilian cyber‑crime group Augmented Marauder, also known as Water Saci, is running a multi‑vector phishing campaign against Spanish‑speaking organizations in Latin America and Europe. The campaign delivers the Casbaneiro banking trojan and the Horabot spreader via password‑protected PDF attachments that are...
Kaspersky Warns of New Phishing Technique Exploiting Trusted Platforms
Kaspersky has identified a new phishing method that hijacks trusted digital platforms such as task‑management and notification services to deliver seemingly authentic messages. The attacks mimic internal corporate communications, prompting users to click links that lead to counterfeit login portals...
FBI Warns Against Using Chinese Mobile Apps Due to Privacy Risks
The FBI issued a public service announcement warning Americans that many popular mobile apps developed in China pose significant privacy and data‑security risks. The advisory highlights that these apps can collect extensive personal information, store it on servers in China,...
WhatsApp Malware Campaign Uses Malicious VBS Files to Gain Persistent Access
Microsoft Defender has identified a WhatsApp‑based malware campaign that distributes malicious Visual Basic Script (VBS) files. The scripts employ social engineering and living‑off‑the‑land techniques, renaming legitimate Windows utilities to download additional payloads. Attackers host these payloads on trusted cloud services...
Venom Stealer MaaS Handles Attacks From ClickFix to Crypto Theft
Venom Stealer, a new malware‑as‑a‑service, enables cybercriminals to launch ClickFix attacks that harvest credentials and cryptocurrency wallets. The service is priced at $250 per month or $1,800 for a lifetime license and includes four Windows and macOS phishing templates. Its...
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are marketing a new Malware‑as‑a‑Service platform called CrystalX RAT through private Telegram channels, offering a subscription‑based toolkit that blends remote‑access, data‑stealing, keylogging, crypto‑clipping, and prankware capabilities. The service provides an automated builder with geofencing, anti‑analysis, and ChaCha20‑encrypted payloads, while...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
Octagon Networks uncovered a critical ImageMagick zero‑day that enables remote code execution on major Linux distributions and WordPress sites. The flaw, dubbed a “magic byte shift,” lets attackers disguise malicious scripts as harmless images, bypassing file‑extension checks and even secure...
Are We Training AI Too Late?
GreyNoise warns that AI‑driven security models are trained on data that arrives after attacks have succeeded, creating a reactive lag. Their 2026 State of the Edge report shows over half of remote‑code‑execution traffic originates from IPs with no prior reputation,...
5 of the Most Common Accounting Cybersecurity Threats
Accounting systems are the financial backbone of any enterprise, making them prime targets for cyber attacks. The article outlines five prevalent threats—AI‑powered email scams, ransomware, ERP and application flaws, insider risk with privilege creep, and insecure cloud accounting services—and recommends...
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
Hackers are weaponizing compromised hotel staff credentials to infiltrate booking management systems and send personalized payment requests to guests. By blending real reservation details with urgent language, the "Reservation Hijack Scam" tricks travelers into entering card information on counterfeit pages....
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
New ESET research shows 78% of UK manufacturers suffered a serious cyber incident in the past year, with 95% reporting direct business impact. Over half (53%) incurred financial losses, averaging six‑figure amounts, while 44% faced supply‑chain disruptions and 39% missed...
9 Ways CISOs Can Combat AI Hallucinations
AI hallucinations are undermining governance, risk and compliance (GRC) processes as generative tools begin making judgment calls on control effectiveness and incident handling. Security leaders warn that unchecked AI can produce convincing yet inaccurate assessments, leading to faulty risk scores...
10 Data Security Stories to Know About (March 2026)
March 2026 saw a wave of data‑security incidents spanning municipal ransomware, high‑profile corporate breaches, and controversial law‑enforcement data purchases. A ransomware attack forced Foster City, California to declare a state of emergency, while a Verizon‑authorized retailer exposed over 6.3 million customer...
CBN Gives Banks 21 Days to Grade Their Cyber Defences
Nigeria's central bank has issued a circular requiring banks, fintechs and other financial institutions to complete a new Cybersecurity Self‑Assessment Tool (CSAT) within 21 days for deposit banks and five weeks for other entities. The move follows a surge in...
Egnyte Expands Content Cloud with AI Governance and Built-In Assistant
Egnyte has launched AI Safeguards, a governance layer that lets IT and compliance teams define who and what can be processed by AI within the Egnyte Content Cloud. The same release adds an AI Assistant that works natively inside the...
Secure at First Silicon: Reducing Cost and Risk
Side‑channel leakage often surfaces only after first silicon, forcing expensive redesigns. The Inspector Pre‑Silicon framework embeds side‑channel analysis into RTL and gate‑level verification, generating test vectors and statistical metrics to identify leakage early. By providing actionable, module‑level insights throughout the...
Meta’s Ray-Ban Glasses Face Investigation in Kenya
Kenya's data protection authority launched an investigation into Meta's Ray‑Ban smart glasses over allegations that footage, including sensitive personal moments, is reviewed by human contractors, raising privacy concerns echoed in the US and UK. In Nigeria, persistent naira volatility—fluctuating around...
SEBI Algo Trading Norms Kick in Today: 2FA, Audit Trails for Brokers Now Mandatory
The Securities and Exchange Board of India (SEBI) has activated new algorithmic trading regulations, requiring brokers to maintain comprehensive audit trails for every automated trade. Mandatory two‑factor authentication, password‑expiry policies, and daily auto‑logout must secure API access. The rules also...
Perplexity AI Accused of Embedding ‘Undetectable’ Trackers for Secretly Routing Sensitive User Data to Meta and Google
Perplexity AI is confronting a proposed class‑action lawsuit that alleges the startup embedded undetectable trackers in its search engine, routing user conversations—including those entered in Incognito mode—to Meta and Google. The complaint, filed by a Utah resident, claims the data...
Mimecast Makes Enterprise Email Security Deployable in Minutes
Mimecast introduced an API‑based email security solution that integrates directly with Microsoft 365, delivering full Secure Email Gateway protection without any MX record changes. The service can be activated within minutes, offering deep URL inspection, sandboxing, AI‑driven BEC detection, and automated...
Malware Detectors Trained on One Dataset Often Stumble on Another
Researchers at the Polytechnic of Porto evaluated machine‑learning static malware detectors across six public Windows PE datasets and four external collections. Models achieved high‑90s AUC and F1 scores on in‑distribution data, but performance fell sharply on external sets, especially the...
Mercor Says It Was Hit by Cyberattack Tied to Compromise of Open Source LiteLLM Project
Mercor, an AI recruiting startup, confirmed a security incident tied to a supply‑chain attack on the open‑source LiteLLM library, which was linked to the hacking group TeamPCP and later claimed by extortion group Lapsus$. The breach may have exposed data,...
Workload IAM Vs. Secrets Management: A Practical Decision Guide
Most organizations begin non‑human identity security with a secrets manager, but exploding credential sprawl and the secret‑zero problem expose its limits. GitGuardian found 29 million secrets leaked on GitHub in 2025, a 34 percent rise, and Verizon still flags credential abuse as...
Australia Is Tightening the Rules on Children’s Privacy – Here’s How It Will Work
Australia is overhauling its privacy framework with the 2024 Privacy and Other Legislation Amendment Act, tasking the OAIC with a new Children’s Online Privacy Code. The draft, now open for public comment until June 5, extends to all digital services that...
Singapore: Tightening Oversight for a Safer Digital Environment
Singapore's Infocomm Media Development Authority (IMDA) issued Letters of Caution to two major social‑media platforms, placing them under Enhanced Supervision for failing to detect and remove child sexual exploitation material and terrorism‑related content. The action stems from the Code of...
Vietnam: Advancing National Capacity to Enhance Cyber Resilience
Vietnam has approved a major project to boost its national cybersecurity protection force, aiming to rank among the top 15 in the Global Cybersecurity Index by 2030. The plan targets training 10,000 specialists, with 20% achieving international certification, and seeks...
_Brian_Jackson_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Forgotten Endpoint: Security Risks of Dormant Devices
Consultants are left holding corporate laptops long after projects pause, creating hidden entry points into enterprise networks. A Kensington study shows 76 % of IT leaders faced device theft and 46 % suffered breaches from unsecured hardware. Organizations repeatedly fail endpoint visibility,...
Mamdani Puts New York City Government Back on TikTok
New York City mayor Zohran Mamdani announced the reversal of the 2023 TikTok ban, permitting city agencies to post on the platform under strict security protocols. The policy change follows TikTok's agreement to spin off its U.S. operations, addressing federal...
WA Local Gov Entity Lost $350,000 in Phishing Attack
A Western Australian council lost approximately US$231,000 after a phishing attack altered a supplier’s bank details in its finance system. The incident is one of 14 case studies in the WA Office of the Auditor General’s 2025 Local Government Information...
US Bounty on Iranian Hackers Reissued
The U.S. State Department has reissued a $10 million bounty for information on Iranian threat groups Handala and Parsian Afzar Rayan Borna. The reward follows the FBI’s confirmation that Handala breached Director Kash Patel’s personal email and earlier disclosures of compromised...
Changemaker Defends Healthcare's Evolving Cyber Frontline
Samantha Jacques, senior leader at McLaren Health Care, is spearheading a public‑private partnership through the Health Sector Coordinating Council to safeguard connected clinical environments. Her team delivers unified guidance that addresses the rising tide of cyber threats targeting hospitals and...
OpenClaw Has 500,000 Instances and No Enterprise Kill Switch
OpenClaw, an AI‑driven personal assistant, has exploded to roughly 500,000 internet‑facing instances, with more than 30,000 showing clear security gaps. A UK CEO’s unencrypted OpenClaw workspace was listed for sale on BreachForums, exposing conversations, production databases, API keys and personal...
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google has moved its AI‑powered ransomware detection and built‑in file recovery for Drive from beta to general availability. The new model claims to spot 14 times more threats and automatically pauses Drive for desktop syncing when encryption activity is detected. A...
Claude Code's Source Code Leaks Via Npm Source Maps
A security researcher uncovered the entire Claude Code repository after source maps in its npm package exposed a Cloudflare R2 bucket containing every file. The leak reveals a sophisticated architecture: a 40‑tool plugin system, a 46,000‑line query engine, multi‑agent “swarms”, an IDE...
Understanding the Updated COPPA Rules and Their Impact on Child Safety
The Federal Trade Commission’s updated COPPA rules will take effect on April 22, 2026, marking the first major overhaul since 2013. The amendments require separate, opt‑in parental consent for targeted ads and third‑party data sharing, broaden the definition of personal...
Black Hat USA
Black Hat USA 2026 returns to Las Vegas for a six‑day cybersecurity showcase, featuring four days of expert‑led trainings, a summit day, and a two‑day conference with briefings, Arsenal tool demos, and a Business Hall. Attendees can use promo code...
IDnow and Trustfull Partner for Continuous Fraud Prevention
IDnow, Europe’s leading identity‑verification provider, has teamed up with fraud‑prevention specialist Trustfull to launch a continuous, end‑to‑end risk‑management solution. The joint offering merges IDnow’s AI‑driven verification suite with Trustfull’s real‑time digital and behavioural intelligence, extending protection beyond the initial onboarding...
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high‑severity zero‑day (CVE‑2026‑3502) in TrueConf’s video‑conferencing client was exploited in the wild, allowing attackers to replace legitimate updates with malicious code. The flaw, rated 7.8 CVSS, enables arbitrary code execution via DLL side‑loading and was used in the TrueChaos...
Rethinking Vulnerability Management Strategies for Mid-Market Security
Mid‑market security teams are confronting a widening gap between the surge in disclosed vulnerabilities—rising from roughly 30,000 to 50,000 CVEs annually—and their ability to remediate them quickly. Chris Wallis, founder of Intruder, argues that counting CVEs is insufficient; the real...
AI and Quantum Are Forcing a Rethink of Digital Trust
Enterprises are confronting a seismic shift in digital trust as AI agents multiply, pushing machine‑to‑human identity ratios from 100:1 toward 1,000:1. At the same time, digital certificates are being issued with ever‑shorter lifespans, complicating lifecycle management and increasing the risk...
Linx Security Raises $50M Series B as Identity Becomes Security’s Biggest Failure Point
Linx Security announced a $50 million Series B round led by Insight Partners, bringing its total capital to $83 million. The New York‑based startup offers an AI‑native identity governance platform that continuously maps, monitors and automates control of human, machine and AI‑agent identities. With...
How to Handle Unexpected Calls About Unclaimed Funds
Scammers are increasingly posing as government agencies to lure victims with promises of unclaimed funds, often citing specific amounts and urgent deadlines. They use phishing tactics such as fake texts, phone calls, and requests for upfront processing fees. Legitimate unclaimed...
Iran Conflict Highlights Cyberthreat Exposure of U.S. Facilities
State‑backed actors tied to the Iran conflict are exploiting insecure smart‑building and operational‑technology systems, as highlighted in WiredScore’s 2026 resiliency report. The report notes that retrofitted legacy assets and internet‑connected IoT devices dramatically expand the cyber‑physical attack surface for commercial...
