Cyber Command, NSA Chief Warns Foreign Adversaries Likely to Target Midterms
U.S. Cyber Command head Gen. Joshua Rudd told the Senate that foreign adversaries are likely to attempt interference in the 2024 midterm elections. He noted uncertainty about whether the Election Security Group, the joint task force used since 2018, has been reconstituted. The agencies have historically partnered with CISA, the FBI and others to conduct defensive and offensive cyber measures against threats such as Russian, Iranian and other state actors. Lawmakers also debated using offensive cyber tools to publicly expose hostile foreign leaders.
Police Arrest 10 Suspected Members of Black Axe Cybercrime Gang
Swiss police, in coordination with Europol, arrested ten suspected members of the Black Axe criminal network on 28 April 2026. The raids across multiple cantons captured the group’s Southern Europe regional head and several individuals of Nigerian origin accused of romance scams,...
IAM’s Adaptation for AI Agents Drives M&A Deals for Silverfort, iC Consult
Silverfort, a digital identity security firm, has acquired AI‑native provider Fabrix Security to embed Fabrix’s real‑time AI decision engine into its Runtime Access Protection platform. The combined solution aims to protect human, non‑human and agentic identities at runtime, addressing the...
US FMCSA Tightens ID Checks for Driver Database, Taps Idemia
The Federal Motor Carrier Safety Administration (FMCSA) announced stricter identity‑verification requirements for users of its Drug and Alcohol Clearinghouse, a database that flags commercial drivers barred for substance‑related offenses. The new rules target medical review officers, substance‑abuse professionals, third‑party administrators...
How Identity, Geopolitics and Data Integrity Define Cyber Resilience
The article argues that cyber resilience now hinges on three intertwined forces—identity, geopolitics, and data integrity. Identity weaknesses trigger roughly 90% of breaches, while fragmented global regulations leave 69% of firms scrambling. Data poisoning and unmanaged "shadow AI" expose 63%...
Turning Secret Detection Into Measurable Risk Reduction
HashiCorp’s Vault Radar extends secret detection beyond visibility by adding correlation, automated workflow integration, and reporting. The platform matches discovered secrets with Vault or AWS Secrets Manager, enabling teams to see which exposures are already managed and which represent governance...
Cyber Risk Tops Concerns; Manufacturing Targeted
Cyber risk has vaulted to the top of insurers' concern lists, with a surge in ransomware attacks driving higher loss ratios across sectors. Manufacturing firms are now the most frequent targets, seeing claim frequencies rise sharply as supply‑chain vulnerabilities from...
The Mythos Moment: Enterprises Must Fight Agents with Agents
Anthropic halted the public release of its Claude Mythos preview after recognizing that the model can autonomously locate and exploit software vulnerabilities with high precision. The episode underscores a broader shift toward agentic AI systems capable of planning and executing...
US Reportedly Charges Scattered Spider Hacker Arrested in Finland
A 19‑year‑old dual U.S.–Estonian citizen, known online as “Bouquet,” was arrested in Finland and now faces U.S. federal charges for his role in the Scattered Spider hacking collective. Prosecutors allege he helped extort millions from global corporations, including an $8 million ransom...
ShinyHunters Claims It Stole 1.4 Million Records From Udemy
Cybercrime group ShinyHunters says it exfiltrated 1.4 million Udemy records, including emails, physical addresses, phone numbers, employer information and payout details such as PayPal, cheque and bank transfers. The leak, listed on Have I Been Pwned, could enable large‑scale phishing and...
China Watchdog Warns ByteDance on AI Tags
China’s Cyberspace Administration of China (CAC) has formally warned ByteDance for failing to label AI‑generated content on its Jianying and Maoxiang video editors and the Jimeng AI website. The regulator said the platforms breached national cybersecurity rules that mandate conspicuous...
Ukrainian Police Detain Hackers Suspected of Stealing Thousands of Roblox Accounts for Resale
Ukrainian police have detained a group of hackers accused of stealing more than 610,000 Roblox user accounts and reselling them for cryptocurrency on Russian‑hosted sites. The operation, allegedly run by a 19‑year‑old who recruited accomplices via gaming forums, generated roughly...
‘Fundamental Tension’ Undermines Manufacturers’ Cybersecurity
A Resilience report released on April 28, 2026 finds manufacturing was the most targeted sector in 2025, accounting for one in four cyberattacks. Ransomware incidents rose 61% in the industry, outpacing the 46% overall increase across all sectors. The study...
Harnessing AI to Fight Fraud
Payments firms are turning to artificial intelligence to counter a new wave of AI‑driven fraud, as highlighted at the Nacha Smarter Faster Payments conference in San Diego. Speakers warned that fraudsters are deploying "polymorphic agentic agents" that adapt in real...
Why AI Agents Are Triggering a Rethink of Enterprise Identity
Enterprises are rethinking identity management as AI agents become integral to automation. Traditional token‑based access, which assumes a one‑time authentication, no longer protects against evolving threats. Organizations are moving toward continuous, context‑aware verification that treats humans, workloads, and LLM‑driven agents...
Breach Secure Now Gives MSPs an AI Adoption Playbook
Breach Secure Now (BSN) has introduced an AI Risk to Adoption Program aimed at helping managed service providers (MSPs) guide small‑and‑medium business (SMB) customers through safer AI deployment. The partner‑led offering supplies a repeatable model covering risk assessment, shadow‑AI discovery,...
Vanta Receives FedRAMP 20x Moderate Authorization
Vanta announced that its Government Cloud has received FedRAMP 20x Moderate authorization, making it one of the first cloud service providers to complete Phase Two of the pilot program. The 20x initiative leverages automation, machine‑readable validation and continuous control monitoring...
Implementing Security-First CI/CD: A Hands-On Guide to DevSecOps Automation
The DZone Trend Report outlines a hands‑on, security‑first CI/CD framework that embeds DevSecOps practices from code scanning to policy‑as‑code enforcement, SBOM generation, zero‑trust identity management, and AI‑driven remediation. It details how early shift‑left scans, Open Policy Agent gates, and immutable...
Microsoft Is Testing a Way to Delay Windows Updates Indefinitely
Microsoft’s latest Windows Insider build introduces a 35‑day pause option that users can manually extend indefinitely, effectively allowing them to delay Windows updates forever. The feature is hidden behind the Insider program and requires users to manually reset the pause...
Veeam Ranked the #1 Data Protection Software in Market Share Worldwide for 2H 2025
IDC’s Semiannual Software Tracker for the second half of 2025 ranks Veeam as the global leader in data‑protection software, holding 13.6 % market share, up from 13.2 % in H1. The company posted an 11.5 % sequential growth rate, outpacing the market’s 8.8 %...
QuoIntelligence Raises €7.3m Series A for Threat Intelligence
QuoIntelligence, a Frankfurt‑based threat‑intelligence‑as‑a‑service provider, closed a €7.3 million (≈$8 million) Series A round led by Elevator Ventures with participation from BMH, eCAPITAL and Mercurius. The capital will fund an expansion of its European analyst team, further development of its Mercury platform and...
The Breach Did Not Knock on the Front Door
The latest ColorTokens Threat Advisory reveals that attackers are bypassing traditional network perimeters by exploiting trusted software packages, single‑sign‑on (SSO) accounts, and vendor‑provided tools. High‑profile breaches in healthcare—affecting over 1.2 million patients across three facilities—and a fintech firm, Marquis, illustrate how...
Have I Been Pwned Claims Pitney Bowes Hit by 8.2M Email Address Leak
Pitney Bowes, the U.S. logistics‑technology firm behind mailing and shipping software, suffered a data breach exposing 8.2 million unique email addresses. The leak, verified by Have I Been Pwned on April 27, also contained names, phone numbers, physical addresses and employment details....
Sevii Unveils Cyber Swarm Defense Mode to Stop AI-Driven Attacks at Scale
Sevii introduced Cyber Swarm Defense Mode (CSD), a fixed‑price per‑asset capability that autonomously counters high‑volume, AI‑driven cyber attacks at machine speed. The solution leverages the company’s ADR platform and Myrmidon Defense Technology to spin up unlimited AI Cyber Warrior agents,...
Coupa Expands Trustpair Tie-Up to Fight Vendor Fraud
Coupa has deepened its partnership with Trustpair, adding the fraud‑prevention platform as a certified solution in the Coupa App Marketplace. The integration lets finance and procurement teams automate global bank‑account ownership checks directly within spend‑management workflows, targeting AI‑driven vendor impersonation...
Stablecoins: Always-On Money Needs Always-On Controls
Stablecoins now move money 24/7, turning payments into continuous financial infrastructure. Their adoption has expanded beyond trading to cross‑border settlements, treasury flows, and platform payouts, supporting roughly $4.2 trillion of economic activity in 2025. This round‑the‑clock operation exposes risks beyond private‑key...
Cequence Agent Personas Bring Granular Control and Governance to Enterprise AI Agents
Cequence Security has launched Agent Personas in its AI Gateway, giving enterprises fine‑grained, infrastructure‑level control over AI agents’ tool usage. The feature lets admins define a plain‑English job description that translates into a scoped virtual MCP endpoint, limiting each agent...
The Boardroom Divide: Why Cyber Resilience Is a Cultural Asset
Research by FT Longitude for Uvance Wayfinders, commissioned by Fujitsu, reveals a stark cultural divide in cyber‑resilience. While 64% of business and IT leaders believe their firms can weather a major cyber incident, only 19% disagree. Board‑level awareness is a...
NowSecure MARI Gives Enterprises Evidence-Based Visibility Into Third-Party Mobile App Risk
NowSecure unveiled Mobile App Risk Intelligence (MARI), a platform that gives enterprises evidence‑based visibility into third‑party mobile apps. MARI detects hidden AI and large‑language‑model components, maps data flows by country, and inventories embedded SDKs and libraries. In testing of 50,000...
Microsoft to Deprecate Legacy TLS in Exchange Online Starting July
Microsoft will begin blocking TLS 1.0 and TLS 1.1 for POP and IMAP connections to Exchange Online in July 2026, forcing all traffic to use TLS 1.2 or higher. The move follows a multi‑year industry effort to retire outdated cryptography. Most Exchange Online users...
Inside Semperis: Response and Recovery After Identity System Attacks
Semperis, founded in 2015, offers identity‑driven cyber resilience that focuses on rapid recovery of Active Directory and other identity platforms after breaches. Its patented Active Directory Forest Recovery can slash downtime by up to 90%, turning a multi‑day outage into...
AI-Powered Fraud Now Hides Inside Legitimate Transactions
Forter warns that AI‑powered fraud now hides within legitimate e‑commerce transactions, using synthetic identities and account takeovers. Attackers can create fraud with just a few hours of work, embedding malicious activity in normal user behavior. Forter’s AI platform analyzes over...
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards
The FIDO Alliance announced the creation of two working groups, backed by Google and Mastercard, to develop industry standards that secure payments and other transactions performed by AI agents. The initiative will build on Google’s Agent Payments Protocol (AP2) and...
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Two ransomware gangs, 0APT and KryBit, have entered a retaliatory cycle after each leaked the other’s operational data. 0APT first exposed KryBit’s admin panel, revealing affiliates, victim files and ransom demands ranging from $40,000 to $100,000. KryBit responded by hacking...
Sublime Security Debuts First Partner Program To Boost Agentic Email Security In The Channel
Sublime Security announced its inaugural channel partner program to accelerate adoption of its AI‑driven, agentic email security platform. The initiative offers margin protection on renewals and expansions, ensuring partners retain profitability over a customer’s lifetime. Backed by a recent $150 million...
Shutdowns, Power Outages, and Conflict: A Review of Q1 2026 Internet Disruptions
Q1 2026 saw a sharp rise in internet disruptions, driven by government‑directed shutdowns in Uganda and Iran, power‑grid failures in Cuba and Argentina, and conflict‑related outages in Ukraine and the Middle East. Uganda’s election blackout slashed traffic from 72 Gbps to 1 Gbps,...
Critical Cursor Bug Could Turn Routine Git Into RCE
Security researchers at Novee Security discovered a critical vulnerability (CVE‑2026‑26268) in the Cursor IDE that enables remote code execution when its AI agent autonomously runs Git commands on a malicious repository. The exploit leverages standard Git hooks and bare repositories;...
FIDO Alliance to Develop Standards for Trusted AI Agent Interactions
The FIDO Alliance announced the creation of an Agentic Authentication Technical Working Group and a Payments Technical Working Group to develop open standards for AI‑agent authentication and agent‑initiated commerce. Early contributions come from Google’s Agent Payments Protocol (AP2) and Mastercard’s...
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates – FireTail Blog
FireTail’s Q1 2026 release adds comprehensive AI discovery across code, cloud and workforce, introducing a Software AI Agents view that links directly to source code. The platform now integrates Azure DevOps, Microsoft 365, OpenAI usage logs and expands LangChain detection to Java,...
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Flare researchers uncovered a detailed OPSEC playbook posted on a cybercrime forum that outlines a three‑tier architecture for high‑volume carding operations. The framework separates public, operational, and extraction layers, emphasizing residential IP rotation, encrypted containers, and air‑gapped cash‑out systems. It...
Singapore and Latvia Punch Above Their Weight in NATO Cyber Battle
NATO’s annual Locked Shields cyber‑defense exercise this year centered on protecting national IT and OT infrastructure. Singapore, a non‑NATO member, again topped the competition, marking its second straight victory. The contest routinely invites external partners, allowing smaller nations like Singapore...
Vect Ransomware Actually Destructive Wiper Malware
Check Point Research uncovered that the Vect ransomware, promoted through a partnership with the TeamPCP gang and BreachForums, contains a critical flaw that turns it into a data‑wiper for files larger than 128 KB. The flaw destroys the decryption information, meaning...
MeitY Flags VPN Providers, Intermediaries Enabling Access to Blocked Betting and Prediction Platforms: Check Advisory
The Ministry of Electronics and Information Technology (MeitY) issued an advisory directing VPN providers and other intermediaries to block access to illegal online betting and prediction‑market platforms such as Polymarket. The notice highlights that users are bypassing Indian restrictions by...
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
Sevii introduced Cyber Swarm Defense (CSD), a new mode in its autonomous defense platform that bills customers per protected asset instead of by AI token usage. The fixed‑price model, exemplified by a $50 annual fee per laptop, identity or cloud...
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Everfox’s new Cyber360 report reveals that data movement, not identity or endpoints, is the hidden bottleneck in Zero Trust implementations. Eighty‑four percent of government security leaders view cross‑network data sharing as a top cyber risk, yet 53% still use manual...
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
Researchers disclosed critical security flaws in two popular electric two‑wheelers. Zero Motorcycles’ Bluetooth pairing bug (CVE‑2026‑1354) lets attackers upload malicious firmware that could tamper with throttle, brakes or battery safeguards. Yadea’s T5 scooter suffers a weak authentication flaw (CVE‑2025‑70994) enabling...
MITRE Warns Cloud-Based Medical Devices Face Cascading Ransomware Risk Across Health Systems
MITRE’s April 2026 white papers warn that cloud‑native medical devices create a cascade effect for ransomware, as a single cloud outage can disrupt dozens of hospitals. The reports highlight shared‑responsibility gaps among device makers, health systems, and cloud providers, and call...
UK Data Watchdog Accused of Dragging Feet on eVisa Investigation
The UK Information Commissioner’s Office (ICO) has been reviewing a joint letter from the Open Rights Group and 18 civil‑society organisations urging a formal probe into the Home Office’s eVisa system. Although the ICO opened a case in December 2025,...
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Researchers disclosed CVE‑2026‑25874, a critical deserialization flaw in Hugging Face’s LeRobot robotics platform. The bug stems from unsafe use of Python’s pickle in the async PolicyServer, allowing unauthenticated attackers to execute arbitrary code over gRPC. The vulnerability affects version 0.4.3 and...
Why Unofficial Download Sources Are Still a Security Risk in 2026
Downloading security and privacy software from unofficial sites remains a major risk in 2026. Users habitually click the first search result, often landing on third‑party mirrors that look legitimate but lack verification. Even when the installer is genuine, a confusing...