Stop Scams Steps up to Online Fraud Challenge
Stop Scams UK, a not‑for‑profit founded in 2020, is scaling its data‑sharing platform to combat online fraud across banks, telecoms and tech firms. In the first half of 2025, UK scams cost roughly $800 million, with two‑thirds originating online. The organisation now runs a real‑time engine hosted on AWS and has launched a Block SIMs service that has already issued about 2.5 million warnings about fraudulent SIM cards. Membership includes major banks such as HSBC and fintechs, alongside Amazon, Google and BT, positioning the coalition to intercept scams at multiple points.
Telstra Business Launches Managed IT Service for SMB Market
Telstra Business announced a new managed IT service aimed at small‑ to medium‑sized enterprises with up to 500 staff. The offering bundles IT support, security and maintenance into Basic, Standard and Premium tiers, each featuring a 24/7 service desk and...
Don’t Count on Government Guidance After a Smart Home Breach
Researchers examined government cybersecurity guidance across 11 countries for smart homes and found that most advice concentrates on prevention—such as regular updates and changing default credentials—while post‑breach support is minimal. Reporting mechanisms exist but are generic and not tailored to...
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Microsoft issued its March 2026 security update, fixing 83 vulnerabilities across Windows, Office, SQL Server, Azure and other core products. The bulletin includes eight critical and 75 important flaws, notably remote‑code‑execution bugs in Office (CVE‑2026‑26110, CVE‑2026‑26113) and the Print Spooler service...
Model Resource Exhaustion as a Denial-of-Intelligence Attack
The article introduces “denial‑of‑intelligence” attacks, where adversaries drain AI inference resources instead of bandwidth. By sending crafted prompts that trigger long contexts, deep reasoning, or multiple tool calls, attackers force costly compute cycles on the target. Because AI request costs...
Attribute-Based Access Control for AI Capability Negotiation
The article provides a practical guide for users and developers to disconnect from Apple Single Sign‑On (SSO) and replace it with enterprise‑grade identity solutions. It details the UI steps for consumers, explains why SaaS firms view Apple SSO as a...
Announcing Red Hat Advanced Cluster Security for Kubernetes 4.10
Red Hat released Advanced Cluster Security for Kubernetes version 4.10, extending its security platform across OpenShift clusters in public, private and hybrid clouds. The update adds a technology‑preview plug‑in that surfaces real‑time vulnerability data inside the OpenShift Console, and introduces a...
Strengthening Spain's Digital Sovereignty: Red Hat Enterprise Linux Achieves Top-Tier ENS Security Certification
Red Hat Enterprise Linux (RHEL) 9.0 Extended Update Support has been added to Spain’s CPSTIC catalogue, earning top‑tier certification under the National Security Framework (ENS). The inclusion authorises public‑sector bodies to deploy RHEL while meeting the strict confidentiality, integrity and...
Cyber Security’s Workforce Gap Is a Capability Risk for Government
Australia is pouring billions into cyber security hardware and sovereign capability, yet its workforce remains a critical vulnerability. Women represent only 17% of the nation’s cyber professionals, highlighting a stark diversity gap that hampers problem‑solving under pressure. The Australian Public...
Always-On Assurance: Moving APS Security From “Trust” To Reproducible Evidence
The latest Commonwealth Cyber Security Posture report highlights a decisive move from point‑in‑time audit snapshots to always‑on, automated evidence of control effectiveness. Organizations are urged to replace frantic pre‑audit scrambles with continuous monitoring that delivers reproducible compliance data in real...
Apple’s Age Verification Move Is Bigger than It Looks
Apple has rolled out mandatory age verification for iCloud users in the United Kingdom, shifting the check from individual apps to the account level. The change aligns with the UK’s Online Safety framework, which demands tighter age controls for digital...
Are Your NHIs Fully Supported for Optimal Performance?
Non‑Human Identities (NHIs), or machine identities, are becoming a cornerstone of modern cybersecurity, especially in cloud‑first environments. Organizations must manage the full NHI lifecycle—from discovery and classification to threat detection, remediation, and continuous monitoring—to prevent breaches. Traditional point solutions like...
What Role Does Innovation Play in Agentic AI Development?
Non‑human identities (NHIs), also known as machine identities, are becoming a critical focus for cybersecurity, especially in cloud environments. Managing the full lifecycle of these encrypted secrets and permissions reduces breach risk, improves compliance, and drives operational efficiency. The article...
Councils Push for Federal Shared Security Centre Funding
Australian local councils are lobbying the federal government for shared security operations centres (SOCs) to bolster cyber defences. Ahead of the ALGA national assembly, identical motions call for $10 million AUD (about $6.6 million USD) to fund SOC infrastructure, 24/7 monitoring, SIEM...
ChatGPT Won't Let You Type Until Cloudflare Reads Your React State
Every ChatGPT request now triggers a Cloudflare Turnstile challenge that runs a virtual‑machine program inside the browser. The bytecode arrives encrypted as a 28,000‑character base64 string, but the decryption key – a server‑generated float – is embedded directly in the...
NAB Is Co-Designing a SIEM with Databricks
National Australia Bank (NAB) has joined four other design partners to co‑design Lakewatch, a new security information and event management (SIEM) platform built on Databricks. The solution, currently in private preview, leverages the bank’s existing Databricks‑on‑AWS data lake, Ada, to...
Did You Sign up for the New White House App? Don’t Use It Until You Read This!
The White House launched a mobile app on March 28, 2026, branded “Unparalleled access to the Trump Administration.” Security researcher Thereallo decompiled the APK and uncovered multiple privacy and data‑security violations that breach federal cybersecurity standards. Patrick Quirk highlighted the...
Over 300 Vietnamese Arrested After Cambodia Scam Bust
More than 300 Vietnamese were arrested in Dong Nai province after being repatriated from Cambodia, where authorities dismantled a transnational online‑scam ring. Cambodia deported 776 Vietnamese nationals linked to the illicit operation, highlighting the scale of Southeast Asia’s cyber‑fraud ecosystem....
Is Your Signal Secure?
At the NAB Show, a panel titled “Securing the Signal” examined how broadcasters can shift from reactive security to proactive risk management across distributed field operations. Experts from Fox, Dataminr, Smith Entertainment Group and Verkdata discussed integrating real‑time threat‑intelligence platforms...
The Compliance Blind Spot in Cyber Risk
Financial institutions are discovering that compliance can fail even when core systems stay online. Automated compliance judgments degrade silently when underlying data conditions change during cyber incidents, eroding the validity of regulatory outputs. Regulators are shifting focus from mere control...
CareCloud Notifies the SEC After Attack on One of Its EHR Environments
CareCloud disclosed to the SEC that an unauthorized third party accessed one of its six electronic health record (EHR) environments on March 16, causing an eight‑hour disruption that was fully restored the same evening. The company promptly notified its cyber‑insurance carrier,...
The 2026 Cyber Risk Horizon: Why AI Is Changing the Game for European Finance
AI is reshaping cyber risk for European financial institutions, turning generic phishing into highly personalized, multilingual attacks powered by deep‑fakes and synthetic identity documents. Regulators such as the ECB and EBA warn that AI‑driven fraud attempts are surging, while the...
Scaling AI Demands a New Infrastructure Playbook
Enterprises moving AI from pilots to production face a fundamentally different infrastructure challenge, requiring tight integration of accelerated compute, high‑performance networking, security and observability. Fragmented stacks cause fragile deployments and costly GPU idle time, especially during intensive training or retrieval‑augmented...
File Read Flaw in Smart Slider Plugin Impacts 500K WordPress Sites
A file‑read flaw (CVE‑2026‑3098) in the Smart Slider 3 WordPress plugin allows any authenticated user, even a subscriber, to export arbitrary server files. The vulnerability stems from missing capability checks in the plugin’s AJAX export function, enabling access to sensitive files...
Cybersecurity AI Awareness Training for Texas Government Agencies: How Kratikal’s Threatcop Meets the DIR Mandate
Texas’ Department of Information Resources (DIR) has mandated AI‑aware cybersecurity awareness training for all state and local government employees, with a certification deadline of August 31. Kratikal’s Threatcop platform is one of only five vendors approved under the DIR certification, offering...
Do Emergency Microsoft, Oracle Patches Point to Wider Issues?
Microsoft and Oracle have each released emergency out‑of‑band patches this week, drawing attention to the fragility of enterprise update cycles. Microsoft’s KB5085516 fixes a sign‑in error that showed a “no internet” message for standard Microsoft accounts after the latest Patch...
Thankfully, the Infinite Campus Incident Did Not Involve a Lot of Non-Directory Student Information
DataBreaches downloaded the Infinite Campus leak posted by ShinyHunters and examined its contents. The majority of files were proprietary or client‑related and did not contain personal student information. Approximately two dozen support tickets referenced students by name, with two tickets...
Lessons From CalPrivacy PlayOn Order
California Privacy Protection Agency (CalPrivacy) fined PlayOn Sports $1.1 million for illegal tracking of student data between January 2023 and December 2024. The company sold personal information to third parties without a functional opt‑out, used a cookie banner that forced consent, and ignored...
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Iran‑linked threat actors operating under the Handala Hack persona breached the personal email of FBI Director Kash Patel, leaking historical messages from 2010 and 2019. The same group claimed a destructive wiper attack on medical‑device giant Stryker, wiping thousands of...
From Data to Intelligence: Why More Signals Don’t Equal Better Security
The article argues that simply accumulating more security signals does not improve protection; instead, organizations need to convert raw data into actionable intelligence through verification, attribution, and context, especially around identity. It highlights problems like alert fatigue, false positives, and...
New Infinity Stealer Malware Grabs macOS Data via ClickFix Lures
Infinity Stealer, a new macOS infostealer, uses a Python payload compiled with the open‑source Nuitka compiler to produce a native binary that evades static analysis. The malware is delivered via a ClickFix lure that mimics Cloudflare’s CAPTCHA, prompting users to...
Woodfords Family Services Notifying Patients and Families About 2024 Ransomware Attack
Woodfords Family Services, a Maine provider for people with disabilities, disclosed a ransomware breach that first occurred on April 8, 2024 but was only publicly notified on March 27, 2026 for some victims. The organization previously reported a 2023 incident...
Simple Ways to Stay Safe When Installing New Software
The article emphasizes proactive security habits when installing new software, highlighting system updates, reputable sources, and careful installation steps as primary defenses. It recommends consulting niche tech blogs and community sites for practical risk assessments beyond generic advice. Core practices...
Thousands of Corewell Health Patients Affected by Security Breach
Corewell Health disclosed that its former consulting partner, Pinnacle Holdings, suffered a data breach in 2024, potentially compromising the personal information of thousands of patients. The health system promptly initiated an internal review to determine the scope of exposure and...
Secure Authentication Starts With Secure Software Development
The MojoAuth blog stresses that secure authentication begins with secure software development, not just choosing the right protocol. It highlights how modern methods like passkeys, WebAuthn, OAuth, and JWT introduce implementation challenges that can become breach vectors. The article outlines...
What Is Shift Left Security?
Shift‑Left Security embeds protection into the earliest phases of the software development lifecycle, moving security checks leftward on the SDLC diagram. Gartner forecasts cloud spending will exceed $1 trillion by 2028, intensifying the need for proactive AppSec. By integrating automated SAST,...
Open VSX Scanner Vulnerability Lets Malicious Extensions Go Live
Open VSX, the extension marketplace for VS Code forks, patched a critical “Open Sesame” vulnerability that let malicious extensions bypass its pre‑publish scanning pipeline. The flaw stemmed from a Boolean logic error that treated scanner failures as a “no scanners configured”...
China Used Fake LinkedIn Profiles to Spy on NATO, EU: Security Source
Chinese state security operatives deployed fabricated LinkedIn recruiter accounts to infiltrate NATO and EU institutions, posing as head‑hunters to solicit sensitive information. The fake profiles, such as the "Kevin Zhang" persona, offered paid reports before requesting classified data, paying recruits...
A New Phishing Scheme Is Targeting NFL and NBA Stars: Here’s How the ‘Adult Film Star’ Scam Works
A Georgia man, Kwamaine Jerell Ford, is accused of running a phishing operation that duped NFL and NBA players by posing as an adult film star. The scheme harvested iCloud credentials, stole credit‑card data and secretly filmed victims during coerced...
Don't YOLO Your File System
Developers are increasingly seeing AI agents wipe files, empty directories, and corrupt home folders when given unrestricted system access. The new open‑source tool jai offers a single‑command sandbox that isolates an agent’s workspace while keeping the current working directory writable....
'From 16 Hours to Under 5 Minutes': How Gen AI Is Turning Fraud Into a $400B+ Global Industry — and...
Generative AI is slashing the time needed to craft fraud schemes from over 16 hours to under five minutes. The acceleration has helped push global financial losses past $400 billion in a single year, with two‑thirds of scams succeeding within a...
Breach of Confidence – 27 March 2026
The security community faced a wave of incidents in late March, starting with the compromise of Trivy, a popular open‑source scanner, which turned a defensive tool into an attack vector. A separate breach of McKinsey’s AI platform exposed 22 unauthenticated...
ShinyHunters Walk Away From BreachForums, Leak 300,000-User Database
The ShinyHunters hacker collective announced it is abandoning BreachForums, labeling the platform a waste of time after an FBI seizure in October 2025. Simultaneously, the group released a fresh dump containing data on more than 300,000 BreachForums users, including full...
F5, Breached by an APT Last Year, Says BIG-IP APM Exploited
F5’s BIG‑IP Access Policy Manager (APM) vulnerability CVE‑2025‑53521 is being actively exploited, granting unauthenticated remote code execution. Attackers can disable SELinux, write in‑memory webshells, and seize control of authentication and VPN services used by Fortune 500 firms. The exploit follows a...
Windows PCs Crash Three Times As Often As Macs, Report Says
Omnissa’s 2026 State of Digital Workspace report, based on global telemetry, finds Windows PCs crash 3.1 times more often than Macs and freeze 7.5 times more frequently. Windows devices are typically refreshed every three years, compared with five years for Macs, leading...
Anthropic’s Mythos Leak Is a Wake-Up Call: Phishing 3.0 Is Already Here
Anthropic’s accidental disclosure of its upcoming Claude Mythos model has ignited concerns about AI‑driven cyber threats, but the real alarm is that today’s publicly available generative AI already powers sophisticated phishing attacks. These models can scrape public data, mimic corporate tone,...
Secure Tomorrow’s Data Centers with Platform Firmware Resiliency
The National Institute of Standards and Technology released SP800‑193, a framework for platform firmware resiliency (PFR) that guides data‑center operators in protecting, detecting, and recovering from firmware attacks. The standard distinguishes secured boot, which blocks untrusted code, from measured boot,...
BSidesSLC 2025 – LLM-Assisted Risk Management For Small Teams & Budgets
At BSidesSLC 2025, cloud architect Connor Turpin presented a framework for leveraging large‑language models (LLMs) to streamline risk management in security‑constrained environments. He demonstrated how open‑source LLMs can automate vulnerability triage, threat‑intel summarization, and ticket generation for teams with limited...
Skullcandy Taps Riskified for Fraud Prevention
Skullcandy partnered with Riskified via the Shopify app to overhaul its fraud‑prevention workflow. By adding a secondary review layer and recalibrating AI‑driven thresholds, the retailer cut its fraud‑decline rate to about 0.1% and kept chargebacks around 0.06% over 12 months....
GPT Can’t Trace an Attack Chain. A Purpose-Built Cybersecurity LLM Can.
Cybersecurity teams face a chronic talent gap, with 4.8 million positions unfilled and 71% of SOC analysts reporting burnout. General‑purpose LLMs like GPT‑4 can summarize alerts but fail to trace attack chains or correlate data across dozens of tools. Purpose‑built cybersecurity...
