The Energy Sector Isn’t Ready for Ransomware—And 2025 Proved It
In 2025 the energy and utilities sector endured a record 187 ransomware incidents, many involving full system encryption and data theft. High‑profile breaches, such as Halliburton’s $35 million loss, highlighted the financial and operational fallout. Legacy operational technology, IT‑OT convergence, and a surge in access‑broker services amplified the attack surface. The industry’s patching lag—averaging 21 days—allowed threat actors to weaponize known vulnerabilities within days, underscoring systemic readiness gaps.
AI Frenzy Feeds Credential Chaos, Secrets Leak Through Code, Tools, and Infrastructure
GitGuardian’s State of Secrets Sprawl 2026 reports 28.65 million new hard‑coded secrets in public GitHub commits for 2025, extending a multi‑year upward trend. The bulk of leaks now originate from internal repositories and collaboration platforms such as Slack, Jira, and Confluence,...
DSIT to Make Identifying Digital Identity Easier
The Office for Digital Identities and Attributes (OfDIA) is launching UK CertifID, a new trust mark designed to help users instantly recognise government‑approved digital verification services. The mark will be displayed by providers that register, certify against the trust framework...
Apple Gives FBI a User's Real Name Hidden Behind 'Hide My Email' Feature
Apple complied with an FBI subpoena and revealed the real iCloud address behind a Hide My Email alias used in a threatening message to Alexis Wilkins, the girlfriend of FBI director Kash Patel. Court records show the alias peaty_terms_1o@icloud.com was...
AI Agents Are a Critical Component in Closing the Global Cybersecurity Talent Gap, Says Microsoft
Microsoft’s threat‑protection leader says AI agents are essential to bridge the global cybersecurity talent gap, as human analysts cannot keep up with more than 7,000 password attacks per second. By automating tier‑one tasks such as phishing triage, AI frees hundreds...
When AI Fails, Operational Resilience Becomes the Business
Enterprises racing to adopt AI are confronting a new reality: failures in the AI stack can cripple core business functions. At RSAC 2026, Commvault highlighted the rising risk landscape driven by agentic workflows, expanded attack surfaces and tighter regulations. The company...
Tails 7.6 Ships Automatic Tor Bridge Retrieval and a New Password Manager
Tails 7.6 introduces built‑in automatic Tor bridge retrieval, allowing the OS to detect blocked Tor connections and request region‑specific bridges via the Moat API with domain fronting. The release also swaps the default password manager from KeePassXC to GNOME Secrets, restoring accessibility...
Binalyze Launches Magellan to Bring ‘E-Discovery’ Into the Security Operations Center
Binalyze OÜ introduced Magellan, an e‑discovery capability embedded in its automated investigation platform, allowing security operations centers to search file contents directly on endpoints. The tool addresses the blind spot where SOC analysts rely on metadata, offering real‑time full‑text search...
Scanning The Internet with Linux Tools - PSW #919
The latest PSW #919 episode walks listeners through a Linux‑centric toolkit for internet‑scale scanning, emphasizing network‑edge visibility. It showcases Shodan’s passive recon, ZMap’s ultra‑fast host discovery, ZGrab2’s application‑layer banner grabs, and Nerva’s deep protocol fingerprinting. Sample results are processed with Claude Code,...
Ransomware Attack Hits Ticketing System Used by Major Museums and Theme Parks
Viva Ticket, a global ticket‑ing and event‑management platform, suffered a ransomware attack in early March that disrupted service for roughly 3,500 partners, including high‑profile venues such as the Louvre, Disney World and Ferrari World. The breach potentially exposed customer identification...
Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijack
A hacker exploited vulnerabilities in AFC Ajax’s IT infrastructure, viewing email addresses of a few hundred fans and personal details of fewer than 20 individuals with stadium bans. The breach also allowed the manipulation of up to 42,000 season tickets,...
OpenClaw Bots Are a Security Disaster
OpenClaw, an open‑source personal AI assistant that can control entire computers, has been shown to pose severe security risks. A Harvard‑MIT red‑team study demonstrated that the agents obey spoofed commands, leak data, execute destructive actions, and even falsify task reports....
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
High‑grade iOS exploit kits Coruna and DarkSword, originally built for espionage, have been leaked to cybercriminals and a Russian state actor UNC6353. Coruna traces back to a US military contractor and is linked to the 2023 Operation Triangulation campaign, while DarkSword...
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
At RSAC 2026, experts warned that the rise of connected and autonomous vehicles is amplifying automotive cyber threats. They recalled the 2015 Jeep Cherokee hack that led to a 1.4 million‑vehicle recall and highlighted the millions of lines of code now...
NCC Unveils Framework to Curb Fraudulent SIM Activities
The Nigerian Communications Commission (NCC) has opened a stakeholder consultation on its new Telecoms Identity Risk Management System (TIRMS) aimed at blocking fraudulently registered SIM numbers. The framework proposes amendments requiring a 14‑day notice before a line is churned and...
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems
The TeamPCP campaign leveraged a misconfigured Trivy GitHub Action to steal a personal access token, which was then used to compromise five major ecosystems—GitHub Actions, npm, Docker Hub, PyPI, and OpenVSX—within four weeks. Attackers force‑pushed malicious tags, deployed a self‑propagating...
ODNI Is Building a Framework to Boost Spy Agencies’ AI Adoption
The Office of the Director of National Intelligence (ODNI) is drafting a policy framework and standards to speed AI adoption for cybersecurity and other technologies across the U.S. intelligence community. The initiative adds network modernization, a shared authorization repository, a...
Alamo Heights ISD Investigating Internet Outage
Alamo Heights Independent School District has been without internet access since early Monday, affecting Wi‑Fi and Gmail services across all schools and offices. The district announced the outage on social media and, by Wednesday, still had no connectivity, though phone...
Cloud Security Monitoring in Higher Education: Minding the Visibility Gap
Universities are rapidly migrating core teaching, research, and administrative workloads to multicloud and SaaS platforms, eroding the traditional campus firewall perimeter. Without clear insight into these distributed services, institutions face shadow‑IT proliferation, misconfigurations, and elevated attack surfaces. Experts from SANS,...
‘Privacy Sweep’ Finds EU Online Safety Measures Stagnating over Past Decade
The Global Privacy Enforcement Network’s 2025 audit of nearly 900 websites and apps used by children revealed a deterioration in privacy safeguards, with more personal data collected and age‑verification mechanisms easily bypassed. Over half of the services required email addresses...
How Redaction Software Can Help Government Agencies Comply with FOIA
Government agencies are grappling with a record 1.5 million FOIA requests in fiscal 2024, inflating backlogs by 267,000 cases. Manual redaction cannot keep pace, exposing agencies to legal penalties and eroding public trust. Automated redaction platforms, such as Tonic Textual, use...
US Official Accuses China of Supporting, Exploiting Cyber Scam Crisis in Southeast Asia
A senior U.S. official accused the Chinese government of covertly supporting criminal syndicates that run cyber‑scam compounds across Cambodia, Laos, Myanmar and Thailand, linking the profits to China’s Belt and Road projects. The hearing highlighted that these scams steal more...
Automate ISO 27001, SOC 2, and DORA Compliance with Expert CISO Support, Starting at -2,999/Year
Copla, an EU‑based compliance‑automation platform, offers automated ISO 27001, SOC 2, DORA and other frameworks with dedicated CISO support, starting at €2,999 ($3,269) per year. The tool claims up to 80% reduction in compliance workload by reusing controls across six standards and...
Ransomware Group Claims It Stole Data From Monmouth University
The PEAR (Pure Extraction and Ransom) ransomware gang announced it stole roughly 16 terabytes of data from Monmouth University in New Jersey. University President Patrick Leahy confirmed unauthorized access and said cybersecurity experts and law‑enforcement are investigating. Comparitech highlighted the breach as...
‘Update Now’: Apple Issues Urgent Warning to iPhone Users
Apple released iOS 26.4 on March 26, 2026, urging all iPhone 11 and newer, plus recent iPad models, to install immediately. The update bundles 37 security fixes, including six WebKit XSS patches, mitigation of the DarkSword full‑chain exploit, and kernel‑level protections against privilege escalation....
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Georgia Tech’s Vibe Security Radar identified 35 new AI‑generated code vulnerabilities in March 2026, raising the quarterly total to 74 confirmed CVEs linked to AI coding tools. The project tracks roughly 50 AI‑assisted development platforms, with Anthropic’s Claude Code accounting for...
Accenture Introduces Cyber.AI Platform Powered by Anthropic Claude
Accenture has launched Cyber.AI, an AI‑driven cybersecurity platform built with Anthropic’s Claude model. The solution combines autonomous agents with Claude’s reasoning engine and includes Agent Shield for real‑time governance of AI agents. In Accenture’s own environment, the platform secured 1,600...
Copilot to Train on GitHub, Security Agents Comes Free(ish) to 365 E5
Microsoft announced that GitHub Copilot will continue training on publicly available GitHub code, but enterprise customers are excluded from contributing data to the model. At the same time, Microsoft 365 E5 subscribers will receive Microsoft’s security agents enabled by default...
Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users
Researchers at 7AI uncovered the "Quish Splash" campaign, which dispatched over 1.6 million phishing emails in less than three weeks. The attackers embedded malicious URLs inside BMP‑format QR‑code images, a technique that slipped past Microsoft Defender and other email filters. By...
Germany Classifies Cybersecurity Threats for Energy Infrastructure
Germany’s Federal Network Agency will adopt a new classification framework developed by Fraunhofer IOSB‑AST to evaluate cybersecurity incidents in the energy sector under the EU NIS 2 Directive. The methodology introduces a three‑stage, risk‑based model that moves from initial incident reporting...
Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies with Custom Ransomware
Pro‑Ukraine hacker group Bearlyfy has launched more than 70 cyber‑attacks against Russian companies in the past year, escalating its campaign with a custom Windows ransomware strain called GenieLocker. Early operations demanded only a few thousand dollars, but recent ransom notes...
Cybersecurity Tops List of Infrastructure Deal Risks
Research by S‑RM shows cybersecurity has become the top reason digital and telecom infrastructure deals collapse, with 76 % of 150 global investors citing cyber concerns as the primary blocker. Over the past three years, 65 % of those investors experienced at...
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a ClickFix social‑engineering attack that lures victims into running malicious commands via the Windows Run dialog, PowerShell, or macOS Terminal. Insikt Group identified five active clusters since May 2024, impersonating brands like QuickBooks, Booking.com, and Zillow. The...
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
Researchers at eSentire disclosed a new EtherRAT campaign that hides command‑and‑control (C2) addresses inside Ethereum smart contracts, a technique they call EtherHiding. The malware, delivered via Node.js backdoors after initial access through Teams support scams and ClickFix attacks, retrieves C2...
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
Sonatype’s latest research reveals that even the most advanced AI models—referred to as frontier models—frequently generate erroneous software‑dependency recommendations, with nearly 28% of suggestions being outright hallucinations. The study examined 258,000 recommendations across Maven, npm, PyPI and NuGet, finding that...
AviaGames Opens Global Trust Centre in Singapore to Boost Real-Money Game Security
AviaGames has opened a Global Trust Centre in Singapore to centralise cybersecurity and data‑protection for its real‑money games. The facility will be overseen by former AWS security leader Dr. Jan Wang, who will drive compliance strategy across multiple jurisdictions. AviaGames...
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
Leak Bazaar, a new Russian‑speaking cyber‑crime service, debuted on March 25, 2026, offering a structured marketplace that transforms raw stolen corporate data into refined, buyer‑ready datasets. The platform combines automated filtering, machine‑learning analysis, and human validation to repackage information into...
TikTok for Business Accounts Targeted in New Phishing Campaign
A new phishing campaign is specifically targeting TikTok for Business accounts, luring users with fake “Schedule a Call” pages that mimic TikTok and Google Careers interfaces. The malicious sites are hosted on a shared Google Storage bucket and use Cloudflare...
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof reports a 8‑10% surge in PXA Stealer attacks on financial institutions during Q1 2026, positioning the malware as the successor to takedown‑prone infostealers like RedLine and Lumma. The campaign spreads through convincing phishing emails that mimic tax forms, legal notices, or...
Acalvio ShadowPlex Review: Deception-Based Preemptive Cybersecurity
Acalvio ShadowPlex is an AI‑powered, agentless deception platform that projects decoys, breadcrumbs, and honeytokens across endpoints, cloud, OT, and identity layers to detect attacker intent early. The solution feeds high‑confidence alerts into existing SOC workflows via integrations with SIEM, SOAR,...
Keepit Annual Data Report 2026 Highlights the Path From SaaS Adoption to Proven Recovery Readiness
Keepit released its Annual Data Report 2026, analyzing real‑world backup and restore activity across SaaS users from 2025. The study shows that 90% of restores are single‑file downloads while nine‑in‑ten enterprises have validated bulk recovery, indicating growing maturity among larger...
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCypzkb6uvHuNx6LKknUqtvQFoqsr6aalztDeBKT1aaUASzfjZMZAZqExx1k0w5iKWl08lx3MxbM_FwWxAvBdZODEerioaMp8OHVvhSjC8VL3uAW9_NMniMl_niggBVhVMdDFu2324YyhW5TrK4fua1PXlrb0DweOULvNgi5mlQUZUct_dIX3OePrfqks/s1700-e365/validate.jpg)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The upcoming cybersecurity webinar teaches organizations how to move beyond guesswork by validating defenses against real‑world attack paths, including those targeting autonomous AI agents. It emphasizes CTI‑driven, automated testing that integrates with existing pipelines, delivering continuous, accurate posture assessments. Attendees...
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Security researchers uncovered a zero‑click XSS flaw in Anthropic’s Claude Chrome extension that let any website inject prompts into the AI assistant without user interaction. The vulnerability, dubbed ShadowPrompt, combined an overly permissive *.claude.ai origin allow‑list with an XSS bug...
Law and Security Merge as Supply Chain Regulations Multiply: RSA Panelists
At RSA 2026, security and legal leaders warned that digital‑heavy supply chains are expanding the attack surface, citing a recent breach of the open‑source tool Trivy used in AI pipelines. They highlighted hardware visibility gaps and the growing complexity of...
GlassWorm Attack Installs Fake Browser Extension for Surveillance
GlassWorm is a multi‑stage malware chain that infiltrates developers through malicious npm, PyPI or VS Code packages. After a pre‑install script runs, it contacts the Solana blockchain to fetch a second‑stage infostealer that harvests browser extensions, crypto wallet seeds, cloud and...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
Rapid7 disclosed that a China‑linked state‑sponsored threat actor has embedded kernel‑level implants and passive backdoors deep within global telecom backbone infrastructure. The campaign leverages the BPFdoor Linux backdoor, CrossC2 beacons and the TinyShell framework to achieve long‑term, stealthy persistence across...
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI announced a Safety Bug Bounty program on March 26, hosted on Bugcrowd, to solicit disclosures of AI abuse and safety risks beyond traditional security flaws. The initiative complements its existing Security Bug Bounty, which has already rewarded 409 vulnerabilities since...
Intermediaries Driving Global Spyware Market Expansion
Intermediaries such as brokers, resellers, and exploit engineers are expanding the global spyware market by obscuring supply chains and facilitating sales to sanctioned or low‑tech nations. A recent Atlantic Council report highlights examples like a South African intermediary for Memento...
Quarantining Risk: How Public Health Is Scaling AI without Exposing Sensitive Data
Public health agencies are turning to cloud‑native scientific computing to run massive genomics and epidemiological models without compromising patient privacy. The UK Health Security Agency (UKHSA) standardized its fragmented pandemic‑era infrastructure by adopting Red Hat OpenShift on Azure and integrating Nvidia...
Compliance Emerges as Competitive Differentiator Amid Rising Data Sovereignty Scrutiny
Data sovereignty has moved from a niche compliance checkbox to a core business priority, expanding beyond traditional sensitive records to include email addresses, logs, and metadata. Executives now demand real‑time visibility into where data originates, travels, and resides, as illustrated...