Data Privacy Emerges as a ‘Core American Value,’ Expert Says
A new Center for Democracy and Technology survey shows 74% of Americans worry about how the federal government stores and uses their personal data. The concern follows recent Trump executive orders that broaden federal access to state‑held information for fraud detection and immigration enforcement. States are pushing back, with dozens of lawsuits aimed at limiting data sharing and protecting residents’ privacy. The poll also reveals that 44% would forgo eligible public benefits if unsure about data usage, underscoring a tangible impact on program participation.
Amazon Security Boss: AI Makes Pentesting 40% More Efficient
Amazon’s chief information security officer CJ Moses says AI‑driven penetration testing has lifted efficiency by roughly 40%, slashing human and operating costs. The AI handles data‑heavy vulnerability discovery while humans review critical exploit decisions, enabling continuous testing beyond traditional point‑in‑time...
Nissan Says Stolen Data Came From Third-Party Vendor After Hacking Group Claims Breach
Nissan confirmed that a recent cyber‑incident involved a third‑party vendor that services its North American dealerships, not the automaker’s own systems. The Everest hacking group alleges it stole 910 GB of data, including customer, dealership and loan information, and threatened to...
Cloudflare Announces EmDash As Open-Source 'Spiritual Successor' To WordPress
Cloudflare unveiled EmDash, an open‑source platform marketed as a spiritual successor to WordPress, aiming to resolve chronic plugin‑security issues. Built from the ground up with AI‑assisted coding, EmDash is written entirely in TypeScript and adopts a server‑less, sandboxed architecture. The...
Cetera, Ameriprise Face Class Action Lawsuits Over Data Breaches
Cetera Financial and Ameriprise are facing class‑action lawsuits after data breaches exposed client personally identifiable information. Cetera’s breach stemmed from an unauthorized email account access, leaking names, Social Security numbers and account details. Ameriprise was hit by the ShinyHunters ransomware...
Top EU Officials’ Signal Group Chat Shut Down over Hacking Fears
The European Commission ordered senior officials to shut down a Signal group chat after fearing it could be targeted by hackers. The directive follows a series of recent cyber incidents, including a website breach and a mobile‑device infrastructure attack that...
New Report Warns Federal Fraud Controls Are Falling Behind
A new Socure‑sponsored report warns that federal fraud controls are lagging behind rapidly evolving identity‑theft tactics powered by AI and automation. The Government Accountability Office estimates annual federal fraud losses between $233 billion and $521 billion, with pandemic relief programs alone losing...
The AI Intelligence Layer for SIEM, Explained: What It Does, Why It Matters, and How to Evaluate One
Security teams face a massive investigation gap: 67% of SIEM alerts go uninvestigated, with each manual review averaging 70 minutes. While SIEMs excel at log collection and alert generation, they lack the ability to reason about attack chains. An AI...
Data Security in Digital Health: Protecting Patient Privacy in Recovery Programs
A panel of five digital‑health experts outlines how recovery programs can harden patient‑data protection. They stress mandatory encryption, role‑based least‑privilege access, continuous audit logging, and a shift toward zero‑trust architectures. Limiting data collection, enforcing vendor accountability, and embedding privacy‑by‑design are...
North Dakota Water Treatment Plant Reports March Ransomware Attack
A ransomware intrusion hit the Minot, North Dakota water treatment plant on March 14, forcing operators to unplug a server and run manual controls for about 16 hours. The city kept water safe and pressure stable, and no ransom was...
Review: Rubrik Security Cloud Helps Agencies Build Data Resilience
Rubrik Security Cloud offers state and local governments a zero‑trust, immutable backup platform that combines data‑observability with rapid cyber‑recovery. Its architecture stores unalterable backups, detects anomalies across on‑prem, cloud and SaaS workloads, and automates restoration of clean data. The solution...
Galaxy Digital's Testnet Suffers Hack but No Client Funds or Information Were Compromised
Galaxy Digital disclosed an unauthorized intrusion into an isolated research‑and‑development testnet, resulting in a loss of less than $10,000. The breach was contained quickly, and the firm confirmed that no client funds or account information were accessed. Core trading platforms,...
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A new phishing campaign is tricking LinkedIn users with counterfeit notification emails that appear to come from the platform. The emails, sent from a freshly registered khanieteam.com domain, direct victims to a look‑alike site (inedindigital) that harvests login credentials. Cofense's...
Agentic AI Governance: How to Approach It
Agentic AI agents are now in production at roughly 70% of enterprises, creating a hidden layer of "identity dark matter" that traditional IAM tools cannot see or control. Existing identity providers struggle to enforce runtime policies for these autonomous, short‑lived...
Google Deepmind Study Exposes Six "Traps" That Can Easily Hijack Autonomous AI Agents in the Wild
Google DeepMind’s new paper defines six “AI agent traps” that exploit the perception, reasoning, memory, action, multi‑agent dynamics, and human‑in‑the‑loop stages of autonomous agents. The study shows real‑world proof‑of‑concept attacks, from hidden HTML instructions to coordinated multi‑agent flash‑crash scenarios. Researchers...
Facephi Expands LATAM Behavioral Biometrics Footprint with New Banking Contract
Facephi has signed a five‑year deal with an unnamed Central American bank to deploy its mule‑account detection and behavioral biometrics platform across the institution’s operations. The solution will monitor the full customer lifecycle, targeting synthetic identities, organized fraud networks and...
Cyberattacks Intensify Pressure on Latin American Governments
Latin American governments are confronting a surge in cyber attacks, with organizations in the region experiencing about 3,050 incidents per week in March—well above the global average of roughly 2,000. Government agencies face even higher pressure, enduring around 4,200 weekly...
FCC Router Rules Shake U.S. Market: Ookla Data Reveals Top Vendors and Wi-Fi Upgrade Gap
The FCC’s new router rule forces any consumer router built abroad to obtain a waiver before sale, aiming to curb cyber‑attacks linked to foreign hardware. Ookla data shows the U.S. market is led by Eero, TP‑Link, Netgear and others, all...
WhatsApp Notifies Hundreds of Users Who Installed a Fake App Made by Government Spyware Maker
WhatsApp disclosed that it alerted roughly 200 users—mostly in Italy—who installed a counterfeit iOS version of its app containing spyware. The fake client was traced to Italian surveillance firm SIO, which has a history of producing government‑grade spyware. WhatsApp logged...
The First Quantum Computer to Break Encryption Is Now Shockingly Close
Two independent studies reveal that a quantum computer capable of cracking the elliptic‑curve discrete logarithm problem (ECDLP) – the backbone of most internet encryption – is nearer than previously believed. The analyses suggest the world’s largest quantum processor is already...
Anthropic Rushes to Limit Leak of Claude Code Source Code
Anthropic PBC moved quickly to contain an accidental public release of the source code powering Claude Code, its flagship AI‑assistant that drives most of the company’s revenue. The firm issued copyright takedown notices that removed thousands of copies from GitHub....
Peppa Pig and Transformers Owner Hasbro Hit by Cyber-Attack
Hasbro disclosed an unauthorized intrusion into its corporate network, first identified on March 28 and reported in an SEC filing. The breach forced portions of the company’s main and brand‑specific websites offline, displaying error messages and prompting warnings of possible...
HCP Terraform Adds IP Allow List for Terraform Resources
HashiCorp announced that IP allow lists are now generally available in HCP Terraform, enabling organizations to define approved CIDR ranges for both platform access and Terraform agents. The new organization‑level setting can be scoped to individual agent pools, restricting UI,...
Report Sheds More Light on Phantom Stealer
A multi‑wave phishing campaign targeting European manufacturing, technology and logistics firms deployed the .NET‑based Phantom Stealer, bundled with a crypter and remote‑access tool. The attackers sent spoofed emails lacking DKIM signatures and failing SPF checks, attaching either a malicious executable...
Widespread Microsoft 365 Account Compromise Sought by Iran-Linked Hackers
Iran‑linked threat groups have compromised Microsoft 365 accounts across more than 300 Israeli organizations, 25 firms in the United Arab Emirates, and a limited set of targets in the United States, Saudi Arabia and Europe. The campaign began in early March with...
Key Leaks, Vault Failures, and TEE Attacks: Highlights From RWC 2026
GitGuardian presented at the Real World Cryptography Symposium 2026, revealing that 945,560 private keys have leaked in the wild, compromising 139,767 certificates. The team also demonstrated 27 attacks that break the zero‑knowledge promises of four leading password managers and showcased...
5 AWS AI Controls Every Security Team Should Have
AWS now offers organization‑wide controls that let security teams govern AI workloads beyond the application layer. Five key mechanisms—MCP server access blocks, Bedrock policy guardrails, model‑specific SCP denies, service‑wide SCP disables, and long‑term Bedrock API‑key restrictions—can be applied uniformly across...
Joint Offering Combines CrowdStrike's Falcon with HCLTech's AI Force
CrowdStrike and HCLTech have deepened their alliance by launching a continuous threat exposure management service that merges CrowdStrike’s Falcon platform with HCLTech’s VERITY framework and AI Force. The solution delivers real‑time visibility, AI‑driven insights, and automated remediation across endpoints, cloud, identity,...
Microsoft Deploys yet Another Emergency Patch for Windows 11 — but at Least the Fix for the Broken March Update...
Microsoft issued an emergency patch for Windows 11 to address critical failures introduced by the March 2024 cumulative update. The patch restores login functionality, resolves file‑system corruption, and stabilizes system performance. Microsoft rolled out the fix within 48 hours, marking a...
Resemble AI Unveils Deepfake Detection Tools Amid Synthetic Media Surge
Resemble AI released a deepfake threat report and two free detection tools—a Chrome extension that scans images, video and audio, and an X bot that lets users verify suspicious posts without leaving the platform. The company also added enterprise features...
48 Hours: The Window Between Infostealer Infection and Dark Web Sale
Whiteintel researchers mapped the full infostealer lifecycle and found that stolen corporate credentials appear on dark‑web marketplaces within 48 hours of infection, often much sooner. The five‑stage process—infection, harvest, packaging, marketplace listing, and exploitation—compresses credential theft into a window far...
Halcyon Days for HYCU as the Pair Link up on Ransomware Pitch
HYCU is embedding Halcyon’s ransomware‑detection software into its R‑Shield platform, creating a unified solution for ransomware detection, prevention, and recovery. The enhanced offering protects workloads across virtual machines, data warehouses, finance apps, storage buckets, and git repositories in hybrid and...
AI-Driven Identity Must Exist in a Robust Compliance Framework
Enterprises are rapidly adopting AI‑driven identity and verification tools, but UK regulators are demanding that governance, risk and compliance (GRC) precede deployment. New legislation such as the Data (Use and Access) Act 2025, the Online Safety Act 2025, and updated ICO guidance...
Rapid Response: How Boston Children’s Hospital Overcame the Stryker Cyberattack
Boston Children’s Hospital faced a massive wiper cyberattack that crippled Stryker’s Vocera communication platform, prompting an immediate, coordinated response. Within 30 minutes the hospital isolated the vendor network and began dismantling the compromised system. By evening, Epic Secure Chat was...
Hasbro Says It Was Hacked, and May Take ‘Several Weeks’ to Recover
Hasbro confirmed a cyberattack discovered on March 28, prompting the company to shut down parts of its IT infrastructure. The toy maker activated business continuity plans to keep order processing and shipping functional while external cybersecurity experts work on remediation....
Commvault Expands Integrations with Microsoft Security to Connect AI Threat Detection, Investigation, and Trusted Recovery
Commvault announced an expanded integration with Microsoft Security, linking its Cloud platform to Microsoft Sentinel and Security Copilot. The new Sentinel connector streams backup‑related alerts—such as malware detections and ransomware anomalies—into a centralized data lake for real‑time analysis. An Investigation...
Meeting Regulatory Requirements with Informatica
Informatica highlighted the critical role of trusted data in meeting ever‑growing regulatory demands during a DBTA webinar. A recent survey cited by David Thain shows 93% of data leaders say regulations impede their initiatives. Speakers emphasized that siloed data hampers...
NYC Mayor Zohran Mamdani Lifts Government TikTok Ban, Citing Need to Reach New Yorkers on Social Media
New York City Mayor Zohran Mamdani has lifted the 2023 ban on TikTok for government use, allowing agencies to operate on the platform under strict guidelines. The new policy requires dedicated government devices, designated staff, and agency‑managed credentials to address...
Kaufman Rossin and Synack Partner to Scale AI-Powered, Continuous Penetration Testing for Regulated Companies
Kaufman Rossin, a top‑50 public accounting and advisory firm, has partnered with Synack, the leader in penetration testing as a service, to deliver AI‑powered, continuous security testing for regulated enterprises. The collaboration blends Kaufman Rossin’s deep cybersecurity advisory expertise with...
European-Chinese Geopolitical Issues Drive Renewed Cyberespionage Campaign
Proofpoint reports that Chinese state‑aligned cyberespionage group TA416, also known as Twill Typhoon, has re‑engaged Europe in mid‑2025, targeting diplomatic missions, NATO delegations and EU institutions amid heightened EU‑China tensions following the 25th EU‑China summit. The campaign coincides with disputes over...
North Korean Hackers Linked to Axios Npm Supply Chain Compromise
On March 31, 2026, attackers compromised a maintainer’s npm account and published two malicious versions of the popular Axios HTTP client library. The backdoored packages contained a hidden dependency that executed a post‑install script, downloading the WAVESHAPER.V2 remote‑access trojan targeting...
Unauthorised Access Reported in Ministry of Finance Systems
Hackers breached primary processes at the Dutch Ministry of Finance, raising concerns over employee personal data exposure. The intrusion did not affect any financial information, and services provided by the Tax and Customs Administration remain operational. Access to the compromised...
Chinese Captain Sentenced for Taiwan Cable Damage
A Chinese captain was sentenced to three years in prison for deliberately damaging the Taiwan‑Penghu No. 3 submarine communications cable by anchoring in a restricted zone. The court ordered him to pay NT$18.22 million (about US$570,000) in damages to Chunghwa Telecom. The...
CIS Benchmarks March 2026 Update
The Center for Internet Security released its March 2026 benchmark update, refreshing dozens of hardening guides across Windows, Linux, cloud, and database platforms. Highlights include Windows 11 Enterprise (v5.0.0) with nine new settings, Windows Server 2022/2025 revisions, and a minor OCI Foundations tweak....
Exabeam Expands Agent Behavior Analytics to Secure AI Agents Across ChatGPT, Copilot and Gemini
Exabeam announced an expansion of its Agent Behavior Analytics platform to monitor AI agents in ChatGPT, Microsoft Copilot, and Google Gemini. The new suite creates dynamic baselines, detects prompt injection and model abuse, and tracks identity, privilege, and lifecycle events...
Our Ongoing Commitment to Privacy for the 1.1.1.1 Public DNS Resolver
Cloudflare celebrated the eight‑year anniversary of its 1.1.1.1 public DNS resolver by publishing the results of a fresh independent privacy audit conducted by the same Big 4 accounting firm that examined the service in 2020. The audit confirms that the resolver’s...
Sars to Give Every Taxpayer a Digital Identity in Sweeping Tech Overhaul
South Africa's revenue agency SARS unveiled Modernisation 3.0, a digital overhaul that will issue every taxpayer a biometric, two‑factor digital identity. The programme adds AI‑driven case management, instant payments with the Reserve Bank, and automatic VAT assessments. In FY 2025/26...
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
Researchers at Seqrite have identified a "dual‑use dilemma" where ransomware groups repurpose legitimate IT utilities such as IOBit Unlocker and Process Hacker to disable antivirus software. These signed tools allow attackers to create a silent zone, bypassing traditional signature‑based defenses...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Brazilian cyber‑crime group Augmented Marauder, also known as Water Saci, is running a multi‑vector phishing campaign against Spanish‑speaking organizations in Latin America and Europe. The campaign delivers the Casbaneiro banking trojan and the Horabot spreader via password‑protected PDF attachments that are...
Kaspersky Warns of New Phishing Technique Exploiting Trusted Platforms
Kaspersky has identified a new phishing method that hijacks trusted digital platforms such as task‑management and notification services to deliver seemingly authentic messages. The attacks mimic internal corporate communications, prompting users to click links that lead to counterfeit login portals...