Radim Marek: Don't Let Your AI Touch Production
AI coding agents now generate SQL that looks correct but often ignores execution plans, locking behavior, and data distribution, leading to costly production incidents. Radim Marek argues that the missing piece is real‑time awareness of the production schema, including table sizes, indexes, and statistics. His dryrun tool captures this metadata into a portable JSON snapshot and exposes it via the Model Context Protocol (MCP), allowing AI models to validate queries offline. By integrating dryrun into CI/CD pipelines, teams can prevent silent migrations, lock contention, and inefficient indexes before they reach production.
Anthropic's Claude Code Leak: Should RIA Firms and Advisors Be Worried?
Anthropic accidentally exposed the raw instruction set behind its Claude Code model on GitHub, prompting a rapid takedown effort. No personally identifiable information was leaked, but the incident reveals gaps in the company’s internal security controls. Wealth‑tech advisors are urged to...
5 Email Myths That Are Quietly Damaging Your Brand’s Reputation
Retailers are enjoying AI‑driven personalization, yet 27% remain in a DMARC enforcement gap, exposing them to domain spoofing. Valimail’s 2026 State of DMARC report shows many have only reporting‑only records, which lets attackers use their brand in AI‑generated phishing emails....
Hims & Hers Says Limited Data Stolen in Social Engineering Attack
Hims & Hers disclosed a sophisticated social‑engineering breach that compromised its third‑party customer‑service platform from February 4‑7, 2026. Hackers accessed service tickets, exposing customer names and email addresses, but the firm confirmed that electronic medical records and provider communications were untouched....
New Cyber Strategy Shifts Attention to Cloud and Supply Chain Security
The White House released a new National Cybersecurity Strategy on March 6, 2026, shifting federal priorities toward cloud data protection and software supply‑chain security. While zero‑trust, AI security, and post‑quantum cryptography remain core, the strategy mandates faster cloud migration and...
Disgruntled Researcher Leaks “BlueHammer” Windows Zero-Day Exploit
A security researcher known as Chaotic Eclipse publicly released exploit code for a previously private Windows privilege‑escalation vulnerability dubbed BlueHammer. The flaw, a local privilege escalation combining a TOCTOU and path‑confusion bug, allows a local attacker to obtain SYSTEM or...
Athens, Ohio, Claws Back Half of $700,000+ Phished Away in Cyber Fraud
City of Athens, Ohio, recovered more than half of the $722,000 lost to a phishing scheme that mimicked a Pepper Construction invoice. The fraud exploited a simple typo—swapping “U” and “C” in the contractor’s email address—to divert payment to a...
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
Iranian‑linked threat actors launched a password‑spraying campaign against more than 300 Israeli Microsoft 365 organizations, exploiting common weak credentials. The operation, attributed to an APT group with ties to Tehran, was uncovered by security researchers who observed repeated login attempts...
A.I. Is on Its Way to Upending Cybersecurity
New AI models from Anthropic, OpenAI and others are reshaping cybersecurity as hackers begin to leverage autonomous agents that can write code and exploit systems with minimal human input. Anthropic disclosed the first known AI‑driven breach, affecting about 30 companies...
The Digital Financial Crime or Manipulation of Financial Information Indicators
Digital financial crime leverages technology to alter or conceal financial data, exposing firms to material misstatements and regulatory scrutiny. Auditors now face a growing checklist of red flags, from untimely transaction entries to unexplained credit adjustments and missing original documents....
Scammers Take Advantage of Austrian Digital ID Certificates’ Expiry
Around 300,000 Austrian ID Austria digital certificates are set to expire in 2026, prompting scammers to exploit the uncertainty with phishing texts that appear to come from the Federal Ministry of Finance. Victims who entered personal data were later contacted, convinced...
Multiple Hackers Warned Anti-Porn App Quittr About Security Issue for Months
Quittr, a self‑help app aimed at reducing pornography consumption, faced a serious security flaw in its Firebase backend that allowed unrestricted read/write access to user data. Independent researchers warned the company about the misconfiguration as early as September 2025, but...
PcTattleTale Stalkerware Maker Sentence Includes Fine, Supervised Release
A federal judge sentenced Bryan Fleming, the creator of pcTattleTale stalkerware, to supervised release and a $5,000 fine after he pleaded guilty to manufacturing a device for covert communication interception. The case marks the first stalkerware conviction since 2014, when...
ENISA Invites Feedback for EU Digital Identity Wallet Cybersecurity Certification
ENISA has launched a public consultation on a draft cybersecurity certification scheme for the EU Digital Identity (EUDI) Wallets, aiming to standardize security across member states. The consultation, which includes a webinar on April 8, 2026, invites feedback until April 30, 2026,...
Digital Identity Research Warns of ‘Password Debt’ as Enterprises Delay IAM Rollouts
Enterprises recognize identity threats but large‑scale passwordless rollouts are stalling. Hypr’s State of Passwordless Identity Assurance 2026 report shows only 43% of firms use passwordless methods while 76% still rely on passwords, with 32% citing legacy‑app incompatibility as a barrier....
Companies, Your Lack of Attention Is Disturbing
Leonard Klie reports that his work email address was harvested from the dark web, resulting in a flood of phishing and scam messages impersonating reputable brands. He finds most companies unresponsive or offering only generic advice when he forwards these...
Harvard Faces ‘Active and Specific Cybersecurity Threat’
Harvard University has identified an active, specific cybersecurity threat involving actors posing as IT staff and deploying counterfeit login portals. The campaign targets faculty, staff, and students to harvest credentials and infiltrate the campus network. Chief Information Security and Data...
North Korea’s Hijack of One of the Web’s Most Used Open Source Projects Was Likely Weeks in the Making
North Korean state‑linked hackers compromised the widely used Axios open‑source library on March 31. They spent weeks building trust through a fake company, Slack workspace, and deceptive video call, eventually delivering malware that granted remote access to the maintainer’s computer. The...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
Researchers at Cofense uncovered a new phishing campaign that disguises itself as urgent missile‑alert emails tied to the Iran‑Israel conflict. The messages, sent from a spoofed Ministry of Interior address, contain QR codes that lead victims to a counterfeit Microsoft...
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
Valley Family Health Care (VFHC) disclosed a TriZetto Provider Solutions breach on Jan. 12 that exposed the personal and health‑insurance data of 4,300 patients. In March, the cyber‑crime group Insomnia listed VFHC on a dark‑web leak, claiming more than one million...
ESET Previews New AI Security Features to Secure Chatbot Communications and AI Workflows
ESET unveiled a suite of AI‑focused security tools at RSAC 2026, slated for release later this year. The offering includes a browser‑level guard that inspects both prompts and LLM responses to block malicious links, scripts, and inadvertent data leaks. New...
Microsoft, RSA Make Identity Security Push in the Age of AI
Microsoft announced the general availability of external multi‑factor authentication (MFA) in its Entra ID platform, letting enterprises integrate third‑party MFA providers without abandoning existing setups. The feature uses OpenID Connect and sits alongside Microsoft’s native MFA within a single admin...
Pyongyang, versus Nebraska?
North Korean state‑backed group UNC1069 infiltrated the popular Axios npm package, compromising two releases that were downloaded by millions of developers. Within three hours the malicious versions infected roughly 3% of cloud environments, according to cloud‑security firm Wiz. The breach...
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes' liability in a biometric privacy lawsuit, finding the fast‑food chain lacked direct control over a franchisee’s fingerprint‑time‑clock system. The plaintiff, an employee of an Illinois Popeyes franchise, alleged violations of the Biometric...
Vectra AI Supercharges Network Observability with Proactive Exposure Management
Vectra AI unveiled new exposure management capabilities on its platform, targeting AI‑driven enterprises operating in hybrid, multi‑cloud environments. The suite adds continuous, agentless asset inventory, proactive detection of security and compliance gaps, and broader environment observability covering zero‑trust and post‑quantum‑crypto...
Apiiro?s AI Threat Modeling Is Built to Target Security and Compliance to Prevent Risks Before Code Exists
Apiiro has launched AI Threat Modeling, an extension of its Guardian Agent platform that automatically creates architecture‑aware threat models before any code is written. The feature uses the company’s patented Deep Code Analysis technology to map software architecture across code,...
SecuGen Advanced Fingerprint Biometrics Device Now Available in MOSIP Marketplace
SecuGen’s Unity 20 fingerprint scanner has been added to the MOSIP Marketplace after achieving compliance with MOSIP’s SBI 2.0 L1 specifications. The device incorporates Live Finger Detection for presentation‑attack detection and a FIPS 140‑3 Level 3‑certified Foundational Trust Module that encrypts biometric data at...
Breach of FBI Surveillance System Considered a “Major Incident,” Security Experts Weigh In
The FBI confirmed a breach of its Digital Collection System Network (DCSNet), labeling it a “major incident” under the Federal Information Security Modernization Act. Attackers accessed the system through a compromised vendor ISP, bypassing the agency’s own defenses. Federal officials...
Global Cyber Fraud Attacks Rose Last Year
LexisNexis Risk Solutions reported that global cyber‑fraud rates rose to 1.6% across 116 billion online transactions last year, up from 1.5% in 2024. Bot‑driven attacks surged 59%, while human‑initiated fraud grew only 8%, with gaming, gambling and e‑commerce most affected. In...
SparkCat Malware Returns on App Stores, Targeting Cryptocurrency Users
A new SparkCat variant has reappeared on both the Apple App Store and Google Play, masquerading as benign enterprise messenger and food‑delivery applications. The trojan employs optical character recognition to scan photo libraries for cryptocurrency wallet recovery phrases, exfiltrating any...
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare has unveiled EmDash CMS, a server‑less, AI‑built content platform designed to rival WordPress, which powers over 40% of websites. EmDash isolates each plugin in a Dynamic Worker sandbox, limiting access to declared permissions and addressing the 96% plugin‑related security...
IBM Achieves FedRAMP Status for 11 Software Solutions
IBM announced FedRAMP authorization for 11 AI and automation solutions, including several watsonx products, marking a four‑fold expansion of its FedRAMP portfolio in just one year. The solutions are hosted exclusively on AWS GovCloud (U.S.), allowing federal agencies to access...
All Emerging Cyber Threats Targeting Power Infrastructure at a Glance
Researchers at Morocco’s Higher School of Technology examined the expanding cyber‑threat landscape facing smart grids, cataloguing attacks such as DDoS, false‑data injection, replay, IoT‑based malware and zero‑dynamics exploits. Their study highlights the growing role of artificial‑intelligence and machine‑learning intrusion detection...
Bitwarden Vs. 1Password: I Tested Both Password Managers
A hands‑on comparison of Bitwarden and 1Password evaluated onboarding, import, autofill, sharing, and security controls. Bitwarden’s free forever plan and granular sharing options give it a cost advantage, while 1Password’s guided import flow and Watchtower monitoring provide a smoother user...
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security teams are increasingly adopting workflow automation to combat alert fatigue and accelerate investigations. Automated pipelines now enrich indicators of compromise, aggregate threat intelligence, and run continuous recon for red teams and bug bounty hunters. Open‑source, self‑hosted platforms such as...
Convicted Spyware Maker Bryan Fleming Avoids Jail at Sentencing
Founder Bryan Fleming, operator of the stalkerware service pcTattletale, was sentenced in San Diego to time served and a $5,000 fine after pleading guilty to federal charges for creating and selling illegal spyware. The conviction marks the first successful U.S. Department...
GlobalLogic Completes Cybersecurity Audit of Ahmedabad Municipal Transport Corporation’s EV Bus Fleet
GlobalLogic, a Hitachi Group company, completed a cybersecurity audit of the Ahmedabad Municipal Transport Corporation’s electric‑bus fleet deployed on February 13, 2026. The audit, conducted with IRCLASS Systems, examined in‑vehicle networks, firmware, CCTV, passenger‑information displays, emergency mechanisms, and the supporting...
NYS School Data Incidents Rose 72% in 2025, with 44 Reported on Long Island
State education officials reported a sharp rise in compromised student data across New York schools in 2025, with incidents climbing 72% from 384 in 2024 to 662 this year. The surge was highlighted in an annual report from the Department...
Two Data Security Incidents Affected Immigration Law Firms and Their Clients
Immigration case‑management platform DocketWise disclosed a data breach that exposed personal information of 116,666 individuals, including Social Security numbers, passports, medical records, and payment details. The breach stemmed from compromised credentials to a third‑party partner, allowing attackers to clone repositories...
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
German authorities have unmasked the hacker known as “UNKN,” identifying him as 31‑year‑old Russian Daniil Maksimovich Shchukin. Shchukin led the notorious ransomware groups REvil and GandCrab, orchestrating at least 130 sabotage and extortion attacks in Germany between 2019 and 2021....
Researchers Didn’t Want to Glamorize Cybercrims. So They Roasted Them.
Security researchers at Trellix have launched the Dark Web Roast, a campaign that publicly mocks notorious cybercrime groups. The effort responds to calls from former CISA chief Jen Easterly and other industry leaders to stop glorifying threat actors with heroic...
75% of Cyberattacks Start with Phishing Emails, UAE Cyber Council Says
The UAE Cyber Security Council warned that over 75% of cyberattacks now begin with phishing emails, citing a daily global volume of 3.4 billion deceptive messages. Attackers rely on urgent language, brand impersonation, and simple tricks to lure users into revealing...
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Cisco Talos and Trend Micro report that Qilin and Warlock ransomware groups are employing a bring‑your‑own‑vulnerable‑driver (BYOVD) strategy to neutralize endpoint detection and response (EDR) solutions. Qilin’s malware drops a malicious msimg32.dll that side‑loads two drivers—rwdrv.sys and hlpdrv.sys—to terminate more than...
Future-Proof Your Security and Reduce Quantum Risk with Cryptographic Agility
Enterprise encryption faces imminent quantum risk, prompting a shift to post‑quantum cryptography (PQC). Because PQC algorithms are still maturing, organizations need cryptographic agility to replace and update algorithms without service disruption. Palo Alto Networks’ PAN‑OS 12.1 demonstrates this by allowing hybrid...
Escaping the COTS Trap
Enterprise cybersecurity teams have amassed large fleets of commercial off‑the‑shelf (COTS) tools, driving complexity, cost, and risk. While COTS promises rapid deployment and lower upfront spend, dependence creates structural lock‑in that hampers future changes and migration. The article highlights how...
CBP’s Flashcard Fiasco Points to a Deeper Problem: Security Culture Can’t Scale as Fast as Hiring
U.S. Customs and Border Protection’s Kingsville station inadvertently posted a Quizlet flashcard set containing entrance codes, gate combinations, and internal system details, leaving the information publicly accessible for about six weeks. The leak was discovered in March, prompting a swift...
Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense
Reflectiz has launched AI Assistant, a conversational AI built directly into its web supply‑chain security platform. The tool lets analysts ask natural‑language questions and receive answers drawn from live security data, eliminating the need to toggle between dashboards. It also...
All Emerging Cyber Threats Targeting Power Infrastructure at a Glance
Researchers at Morocco's Higher School of Technology examined emerging cyber threats to smart grids, highlighting AI‑driven detection and defense methods. They cataloged attacks such as DDoS, false data injection, replay, and IoT‑based intrusions, emphasizing their potential to disrupt power operations....
Beyond the Algorithm: Why Facial Recognition Risk Is Now a Boardroom Issue
Facial recognition technology (FRT) is moving from a back‑office security tool to a strategic boardroom risk. Collecting biometric data exposes firms to regulatory penalties, exemplified by Clearview AI’s £7.5 million (≈$9.5 million) fine in the UK. Boards must add FRT to risk...
Open-Source Software Malware Surging: Endor Labs
Open-source software (OSS) malware exploded in 2025, with more than 90% of OSV malware advisories issued—a 14‑fold increase over the prior two years, and 92% of NPM account takeovers occurring that year. Although 81% of organizations rank OSS malware as...