AI Companies to Play Bigger Role in CVE Program, Says CISA
CISA’s Vulnerability Response & Coordination chief Lindsey Cerkovnik urged AI firms such as OpenAI and Anthropic to gain stronger representation in the Common Vulnerabilities and Exposures (CVE) program. The call follows the debut of Anthropic’s Claude Mythos Preview and OpenAI’s GPT‑5.4‑Cyber, both marketed as AI‑driven vulnerability discovery tools. CVE disclosures are accelerating, with forecasts of 70,135 entries in 2026—a 45% rise over 2025. The program now counts 502 registered CNAs, reflecting a broader diversification strategy despite ongoing DHS funding challenges.
DOE Allocates $160M to Secure Energy Systems as Cyber Threats Converge With Grid Modernization
The U.S. Department of Energy’s FY 2027 budget earmarks $160 million for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). The funding will bolster protection of the nation’s energy grid, its supply chain, and nuclear assets while deploying rapid‑response experts...
Rethinking Insider Risk in the Age of AI and Autonomy
Insider risk now accounts for roughly half of all data breaches, a figure amplified by remote and hybrid work models. The rise of AI‑driven productivity tools introduces new, often inadvertent, leakage pathways as employees bypass sanctioned systems. Traditional defenses like...
The Deepfake Dilemma: From Financial Fraud to Reputational Crisis
Deepfake technology has moved from a niche curiosity to a cheap, widely accessible threat, with a 2025 Gartner survey showing 43% of cybersecurity leaders encountering audio deepfakes and 37% facing video deepfakes in the past year. The fraud potential is...
The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought
A new analysis by WIRED and Indicator shows deepfake sexual abuse has spread to at least 90 schools in 28 countries, affecting more than 600 students. Since 2023, roughly 30 incidents have been reported in North America, with additional cases...
13.5M Device Botnet Drives 2 Tbps DDoS Attacks on FinTech, Qrator Finds
Qrator Labs reported that the world’s biggest DDoS botnet has swelled to about 13.5 million compromised devices, a ten‑fold increase since March 2025. The network can launch attacks up to 2.065 Tbps, with a recent assault sustaining that peak for forty minutes....
Danske Bank Upgrade Error Exposed 20,000 Customer Addresses
Danske Bank disclosed that a human error during a planned system upgrade unintentionally revealed the personal addresses of 20,600 Danish customers in domestic payment details. The flaw persisted for three months until a fix was applied in October, after the...
The Need for a Board-Level Definition of Cyber Resilience
Cyber resilience is now a board‑level governance priority, yet its definition varies across regulatory frameworks, leaving directors uncertain about oversight responsibilities. A literature review of 38 sources shows the concept is still fragmented, with divergent views on scope and relationship...
5 Best Practices for Balancing Security and Data Privacy at Facilities
Facilities generate massive streams of security data—from video feeds to access logs—making privacy and security inseparable concerns. The article presents five best practices: continuous cybersecurity hygiene, privacy‑by‑design technology choices, clear internal data‑governance policies, digital evidence management systems, and a responsible...
Ivanti Neurons ITSM Vulnerabilities Could Allow Session Persistence
Ivanti disclosed two medium‑severity flaws—CVE-2026-4913 and CVE-2026-4914—in its Neurons for IT Service Management platform affecting versions up to 2025.3. The first vulnerability lets a remote authenticated user retain access after account deactivation, while the second is a stored XSS that...
Italian Court Accepts Legal Action Over Facebook Mass Breach
An Italian court in Milan has accepted a class‑action lawsuit against Meta Platforms over the 2018‑19 Facebook data‑scraping breach that exposed personal information of 533 million users worldwide, including tens of millions of Italians. The CTCU consumer association is pursuing compensation...
AI-Driven Threats Outpace Traditional Defences
Qualys will showcase its Agent Val platform at the ITWeb Security Summit JHB 2026, highlighting how autonomous exploit validation and risk remediation can keep pace with AI‑driven attacks. The company’s ROC framework and Enterprise TruRisk Management aim to shift security from issue...
Securing LA28 and Mega-Events From Attacks in the Era of Data Overload
Major upcoming events like Los Angeles 2028 (LA28) and the 2026 FIFA World Cup will draw millions of visitors, exposing a massive security challenge. The sheer volume of data—from CCTV, travel manifests, OSINT, and inter‑agency feeds—creates analysis paralysis for law‑enforcement teams. Interpol’s...
Samsung Electronics Seeks Police Probe Over Circulation of Non-Union Employee List
Samsung Electronics filed a criminal complaint and asked police to investigate after a list of non‑union employees was circulated internally. The list, shared via a group messaging channel, detailed names, identification numbers, departments and union membership status. Union leader Choi...
Concurrent Technologies Corporation Awarded $21M Contract to Support Marine Corps Installations Command Cybersecurity Efforts
Marine Corps Installations Command awarded Concurrent Technologies Corporation a $21 million multi‑year contract to deliver Facility‑Related Control Systems (FRCS) cyber services for the Pacific region. CTC, together with RMC Global, will design, implement, and certify a secure network that manages critical...
Banks Test Systems After Anthropic Mythos Warning
Anthropic warned that its new Claude Mythos model can autonomously discover and exploit vulnerabilities across major operating systems and browsers. The U.S. Treasury’s CIO, Sam Corcos, is seeking immediate access to run the model against federal systems. Wall Street banks have...
Gabon’s New Law Makes All Social Media Users Traceable
Gabon enacted a law ending online anonymity, forcing social‑media users to provide full personal details and imposing fines up to $89,000 for violations. In Lagos, emergency responders are using virtual‑reality simulations of the Lekki‑Ikoyi Bridge to practice high‑risk incidents without...
Avast Business and Avert IT Distribution Rewrite the SMB Cybersecurity Playbook
Avast Business and its African distributor Avert IT Distribution are revamping cybersecurity for small and mid‑size firms by delivering a unified, cloud‑managed security suite combined with education and channel support. The platform consolidates endpoint protection, patch management, remote access and...
Deepfakes Are a Threat to Age Assurance, and Injection Attack Detection Is the Answer
Yoti’s CEO Robin Tombs warned that deepfake‑generated media can undermine age‑assurance systems by exploiting post‑authentication injection attacks. Traditional liveness detection, while still essential, no longer blocks sophisticated AI‑crafted faces that are introduced after the initial login. Yoti proposes a multi‑layered...
Europe Builds Its First “Kill-Switch Proof” Cloud Recovery Stack
At the European Data Summit, Cubbit, SUSE, Elemento Cloud and StorPool unveiled Europe’s first fully sovereign disaster‑recovery stack, designed to protect organisations from foreign‑vendor kill‑switches and other catastrophic events. The solution bundles storage, compute, orchestration and security components into a...
Enterprises Must Embed AI-Led Security, Resilience and Trust, as Cyber Strategies for 2026: KPMG
KPMG’s 2026 cybersecurity report calls on enterprises to treat security as a core business driver, integrating AI, geopolitics and regulation into every layer of their architecture. It stresses adaptive data governance, autonomous Security Operations Centers with human‑in‑the‑loop oversight, and centralized...
Why Cloud Security Failures Continue to Expose Data and People to Unnecessary Cyber Risks
Cloud security lapses continue to jeopardize critical data, especially for government agencies and their vendors. Recent incidents—including Conduent’s ransomware breach that exposed 25 million records and stole 8 TB, Snowflake’s credential‑theft affecting over 165 customers, Change Healthcare’s mis‑configured portal leaking 192.7 million health...
Curity Looks to Reinvent IAM with Runtime Authorization for AI Agents
Curity, a Swedish IAM vendor, launched Access Intelligence, a runtime authorization layer for AI agents. The solution extends its Identity Server with Token Intelligence, issuing purpose‑bound OAuth tokens for each agent action. Unlike static IAM, it grants permissions on‑the‑fly and...
Brennan Builds Solid Foundation for Onshore Cyber Security
Brennan, an Australian managed services provider, reported a roughly 20% uplift in services revenue after acquiring Canberra‑based cyber specialist CBR Cyber. The growth is driven by a surge in demand for onshore, sovereign security, highlighted by a 13% year‑on‑year rise...
Wireless Broadband Alliance Claims Wi-Fi Security on a Par with Cellular
The Wireless Broadband Alliance (WBA) released a new Wi‑Fi security framework that it says puts Wi‑Fi on equal footing with cellular networks in terms of security. The guidance consolidates standards such as WPA3, OpenRoaming (Passpoint) and RadSec, covering authentication, encryption,...
CoW Swap Domain Locked Due to Security Issue: CoW Swap
CoW Swap’s primary domain swap.cow.fi was locked on April 14 after a security incident, rendering the site inaccessible. The protocol quickly deployed a temporary UI at a new URL to maintain trading continuity. Users were warned to rely only on...
Central Government yet to Notify Selection Panels for Data Protection Board
The Indian government has still not formed the search‑cum‑selection committees needed to appoint a chairperson and four members to the Data Protection Board of India (DPBI), five months after the board’s statutory creation under the Digital Personal Data Protection (DPDP)...
April Patch Tuesday Roundup: Zero Day Vulnerabilities and Critical Bugs
Microsoft’s April Patch Tuesday delivered 167 fixes, including a actively‑exploited SharePoint Server zero‑day (CVE‑2026‑32201) and a critical Windows IKE remote‑code‑execution flaw (CVE‑2026‑33824) with a 9.8 CVSS score. Additional high‑risk bugs affect Active Directory (CVE‑2026‑33826), TCP/IP stack (CVE‑2026‑33827) and SAP Business...
A Data Removal Service Helped Me Reclaim My Privacy - See if You Need One, Too
Personal data is routinely harvested by thousands of data brokers and sold without consumer consent. Manual opt‑out requests are impractical, prompting the rise of paid data‑removal services such as PrivacyBee and DeleteMe. These platforms scan the web, submit takedown requests,...
OpenAI Expands Cybersecurity Program Before Deploying New Models
OpenAI announced on April 14 that it is expanding its Trusted Access for Cyber (TAC) program, scaling it to thousands of verified security professionals and hundreds of enterprise teams. The rollout adds new identity‑verification tiers and introduces GPT‑5.4‑Cyber, a cyber‑permissive...
Like Anthropic, OpenAI Will Share Latest Technology Only With Trusted Companies
OpenAI announced a limited rollout of GPT‑5.4‑Cyber, an AI model that scans software for security flaws. The initial phase will reach hundreds of trusted partners, with plans to expand to thousands in the coming weeks. The approach mirrors Anthropic’s recent...
Patch Tuesday's a Monster: Thank AI?
Microsoft’s April Patch Tuesday delivered 247 patches covering 164 vulnerabilities, including eight critical flaws and two actively exploited zero‑days in SharePoint and Chromium. Security researcher Joe Desimone reported that all five of his local‑privilege‑escalation bugs were discovered using AI, highlighting...
Evolving Cyber Risk Driven by User Credentials and Human Error
Marlink’s Cyber Intelligence Report for Remote Operations 2026 reveals a decisive shift toward identity‑based cyber threats across maritime, energy, enterprise and critical‑infrastructure sectors. The study, based on continuous SOC monitoring and over 200 security assessments, finds that 69% of observed risks...
Cybercriminals Now Increasingly Targeting Government Organizations, Report Reveals
Kaspersky’s 2025 threat report shows government entities accounted for 19% of high‑severity breaches, making them the top target, while industrial firms followed at 17%. The IT sector rose to third place with 15% of serious incidents, pushing finance out of...
Microsoft Adds Windows Protections for Malicious Remote Desktop Files
Microsoft rolled out new Windows defenses against RDP‑phishing attacks in the April 2026 cumulative updates for Windows 10 (KB5082200) and Windows 11 (KB5083769, KB5082052). The changes introduce a one‑time educational prompt and a persistent security dialog that disables all resource redirections by default....
Microsoft Ends Desktop Detour for Sensitivity Labels in Office Web Apps
Microsoft has updated Office for the web to let users apply sensitivity labels with custom permissions directly in Word, Excel and PowerPoint. The new Permissions dialog mirrors the desktop experience, enabling the assignment of Viewer, Editor or Owner roles without...
Anthropic Mythos Prompting Calls for More Security Measures
Anthropic unveiled its cybersecurity‑focused large language model, Mythos, under Project Glasswing, granting limited access to select vendors and enterprises. The model can ingest code and automatically surface exploitable vulnerabilities, prompting warnings from Federal Reserve Chair Jerome Powell and Treasury Secretary...
N-Able CEO: MSPs Must Shift To AI-Driven Cyber Resiliency As Agents Ramp Up
N‑able CEO John Pagliuca warned that managed service providers (MSPs) must adopt AI‑driven cyber‑resiliency as thousands of autonomous agents outpace human capacity. He likened resilience to health‑tracking wearables, emphasizing outcomes over jargon and urging a full‑stack, end‑to‑end experience. To enable...
Tax Season Scams 2026: How IRS Phishing, Fake Tax Messages, and AI Fraud Threaten Businesses
The 2026 tax season is seeing a surge in sophisticated scams that blend traditional IRS impersonation with AI‑generated messages, QR‑code links, and polished phishing campaigns. Microsoft reported over 29,000 users in 10,000 organizations targeted by tax‑related phishing, while a February...
Why We Chose the Harder Path: Docker Hardened Images, One Year Later
One year after launching Docker Hardened Images (DHI), Docker reports over 500,000 daily pulls and more than one million builds, with a catalog exceeding 2,000 hardened images, Helm charts, and system packages across Debian and Alpine. The DHI Community tier...
Privilege Elevation Dominates Massive Microsoft Patch Update
Microsoft’s April 2026 Patch Tuesday addressed a near‑record 165 CVEs, with elevation‑of‑privilege bugs comprising a record 57% of the fixes. Attackers are already exploiting a SharePoint spoofing zero‑day (CVE‑2026‑32201), while another high‑severity flaw (CVE‑2026‑33825) in Defender antimalware remains unexploited but...
Microsoft Discloses ‘Monstrous’ Number Of Bugs As AI Discoveries Surge: Researcher
Microsoft’s April Patch Tuesday released 163 CVEs, the second‑largest monthly batch in its history. TrendAI researcher Dustin Childs attributes the surge to AI‑driven vulnerability discovery, noting that AI‑generated submissions have roughly tripled. The release follows Anthropic’s claim that its upcoming...
Claude Mythos: Prepare for Your Board’s Cybersecurity Questions About the Latest AI Model From Anthropic
Anthropic unveiled Claude Mythos Preview, its most powerful frontier AI model, capable of autonomously discovering software vulnerabilities that have evaded human researchers. The Federal Reserve’s upcoming meeting with bank CEOs highlights growing board-level concern over AI‑driven cyber risk. Organizations are...
Invicti Launches DAST-to-SAST Correlation
Invicti announced a new DAST-to-SAST correlation feature that links runtime vulnerability scans with static code analysis. The capability maps verified DAST findings to exact source‑code lines, developer ownership, and remediation steps within a single workflow. By overlaying results on a...
FDA Tightens Its Medical Device Cybersecurity Guidance for Manufacturers
The FDA has issued updated cybersecurity guidance for medical devices through Section 524B, imposing stricter lifecycle security requirements. Manufacturers must now provide a software bill of materials, manage component risks, and adopt secure development processes. The guidance forces hospitals, federal agencies...
Are US Businesses Ready for Privacy Fragmentation? Why E-Commerce and Marketing Teams Are Now on the Front Line
U.S. privacy regulation is fragmenting as new state laws in Indiana, Kentucky and Rhode Island join existing statutes, forcing businesses to embed compliance into front‑end digital experiences. E‑commerce and marketing teams now execute consent, targeting and analytics rules that vary...
Review: Box Facilitates Secure Collaboration Across Campus
Box’s cloud‑based content management platform now offers a full suite of collaboration tools, workflow automation, e‑signatures and AI‑driven features for universities. The service integrates with more than 1,500 SaaS applications, allowing seamless file sharing across Microsoft 365, Google Workspace and...
Microsoft Drops Its Second-Largest Monthly Batch of Defects on Record
Microsoft’s April Patch Tuesday addressed 165 vulnerabilities, the second‑largest monthly release in the company’s history. The update includes an actively exploited zero‑day in Office SharePoint (CVE‑2026‑32201) and a high‑severity Defender flaw (CVE‑2026‑33825) with public exploit code. Trend Micro’s Dustin Childs...
4 Questions to Ask Before Outsourcing MDR
Security teams face relentless alerts, staffing gaps and rising expectations for uptime, making Managed Detection and Response (MDR) a strategic necessity rather than a luxury. Outsourcing MDR provides round‑the‑clock monitoring across endpoints, identities and cloud workloads, ensuring threats are spotted...
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
The ecosystem of EDR‑killer tools that exploit bring‑your‑own‑vulnerable‑driver (BYOVD) techniques has expanded dramatically, with researchers cataloguing nearly 90 distinct killers. Although only about 35 vulnerable Windows drivers are actively abused, each can be re‑hashed thousands of times, complicating blocklist defenses....
