UK to Build ‘National Cyber Shield’ to Protect Against AI Cyber Threats
The UK government announced a "national cyber shield" to defend against AI‑powered cyber attacks, calling for close cooperation between AI firms and public agencies. Security Minister Dan Jarvis highlighted that the National Cyber Security Centre dealt with over 200 nationally significant incidents last year, double the prior count, driven largely by hostile states. The plan includes a $115 million investment to bolster cyber resilience for small‑ and medium‑sized enterprises and a public Cyber Resilience Pledge tied to the NCSC’s Cyber Essentials standards. A formal National Cyber Action Plan is slated for release this summer.
Toxic Combinations: When Cross-App Permissions Stack Into Risk
On Jan. 31 2026 researchers revealed that Moltbook, an AI‑agent social network, left its database exposed, leaking 35,000 email addresses and 1.5 million agent API tokens. Private messages also contained plaintext third‑party credentials, including OpenAI API keys stored alongside the tokens. The breach...
Anthropic’s Mythos Under Fire as OpenAI Attacks Its Marketing and Unauthorised Users Breach the Model
Anthropic’s restricted cybersecurity AI, Mythos, faced a turbulent week after OpenAI CEO Sam Altman labeled its limited rollout as “fear‑based marketing.” The model, offered to roughly 40 firms under Project Glasswing, was reportedly accessed by unauthorized users through a third‑party vendor...
Brace Yourself for a Flood of Patches in All of Your Tech Gadgets
Anthropic unveiled Mythos, its most powerful AI model, capable of automatically identifying hidden software vulnerabilities across operating systems and browsers. The company has granted early access to 40 leading tech firms, including Apple, Google, and Amazon, to remediate flaws such...
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Infrawatch researchers identified a Belarus‑originated software platform, ProxySmart, operating 87 control panels across 17 countries and supporting 94 SIM farms in 19 U.S. states. The platform offers a turnkey “SIM Farm as a Service” solution, handling device management, automated IP...
The AI Era Demands a Different Kind of CISO
The article argues that traditional CISO frameworks—focused on audits, static vulnerability checks, and compliance—are obsolete in an AI‑driven threat environment. AI models can discover and exploit weaknesses in minutes, outpacing legacy risk metrics that capture only past conditions. To stay...
New GoGra Malware for Linux Uses Microsoft Graph API for Comms
Symantec discovered a new Linux variant of the GoGra backdoor that uses Microsoft Graph API to communicate with a hijacked Outlook mailbox. The malware authenticates with hard‑coded Azure AD credentials, retrieves OAuth2 tokens, and polls a folder named “Zomato Pizza”...
Another DeFi Protocol Hacked as Sui-Based Volo Hit by $3.5M Exploit
DeFi liquid‑staking platform Volo on the Sui blockchain disclosed a security breach that stole roughly $3.5 million from three isolated vaults. The protocol quickly froze about $2 million of the stolen assets, including blocking a bridge attempt of 19.6 WBTC (≈$590 k). Around $28 million...
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
Google’s Antigravity, an AI‑agent development platform powered by Gemini, has drawn attention from both security researchers and cybercriminals. Pillar Security uncovered a sandbox‑escape vulnerability that allowed remote code execution, which Google patched in late February 2026. Separately, Malwarebytes reported a...
A&K Travel Journeys with Colt for Global Quantum-Safe Network
Travel operator A&K Travel Group has partnered with Colt Technology Services to build a global, quantum‑safe network for its portfolio of luxury travel brands. The solution incorporates Arqit’s quantum‑resistant encryption, enabling secure, low‑latency connectivity across more than 100 countries, including...
Sendmarc Review: Features, User Experiences, Pros & Cons (2026)
Sendmarc is an email‑authentication platform that streamlines DMARC, SPF and DKIM deployment through guided workflows and managed support. Pricing starts at $45 per month, with hosted DNS services reserved for Premium and Enterprise tiers. The solution targets mid‑size firms, enterprises and...
Visibility-Led Security Key to Pre-Emptive Defence: Exclusive Networks
Exclusive Networks is sponsoring the ITWeb Security Summit 2026 in Johannesburg to engage Africa’s cyber‑security ecosystem. The event will feature an Infoblox workshop that demonstrates how deep visibility into everyday internet traffic can reveal compromised devices, command‑and‑control activity and data...
How Energy Medicine Yoga Reached 57% Open Rates and Simplified BIMI Implementation with EasyDMARC
Energy Medicine Yoga, a global wellness brand, partnered with EasyDMARC to overhaul its email authentication and adopt Brand Indicators for Message Identification (BIMI). The managed BIMI service guided the non‑technical team through DMARC enforcement, VMC acquisition, logo preparation, and DNS...
Anthropic Bets on EPSS for the Coming Bug Surge
Anthropic introduced Mythos, an AI model that can discover software flaws at unprecedented speed, intensifying the existing vulnerability overload. To help defenders prioritize, Anthropic advises using the Exploit Prediction Scoring System (EPSS), a probabilistic model that forecasts exploitation likelihood within...
Exclusive: OpenAI Briefs Feds and Five Eyes on New Cyber Product
OpenAI has begun briefing U.S. federal agencies, state governments, and Five Eyes allies on its new GPT‑5.4‑Cyber model, a large‑language‑model designed for advanced cybersecurity tasks. The company demonstrated the tool to about 50 cyber‑defense practitioners in Washington, D.C., and announced...
European Commission Awards New Sovereign Cloud Contracts To ‘Mostly’ EU Clouds
The European Commission has signed four sovereign‑cloud contracts worth about €180 million ($210 million) over six years, aiming to keep public‑sector data inside the EU and curb reliance on non‑European hyperscalers. The deals target German provider STACKIT, French provider Scaleway, a Franco‑Luxembourg...
Default BitLocker Configuration Isn’t Enough: Defending Endpoints Against Physical Attacks
Physical‑access attacks on laptops are becoming commonplace as employees work from cafés, airports and hotels. While many enterprises rely on BitLocker’s default TPM‑only configuration to encrypt drives, researchers have shown that TPM‑bus snooping can capture the decryption key in under...
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
In March 2026 the global cyber threat landscape intensified, with CRIL reporting 702 ransomware incidents—56% of which were driven by five prolific groups such as Qilin and Akira. The month also saw 20 access‑broker listings, a growing underground market that...
Oracle Patches 450 Vulnerabilities With April 2026 CPU
Oracle issued its April 2026 Critical Patch Update, delivering 481 security patches that address roughly 450 CVEs across 28 product families. More than 300 of the fixes target vulnerabilities that can be exploited remotely without authentication, and about three dozen are...
Silverfort and SentinelOne Partner to Tackle AI-Era Identity Security
Silverfort and SentinelOne announced a partnership that merges Silverfort’s identity discovery and runtime enforcement with SentinelOne’s AI‑powered Singularity Platform. The joint solution extends real‑time protection to human users, machine identities and autonomous AI agents, enabling automatic detection, blocking and isolation...
Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations
The Kelp DAO decentralized finance platform suffered a $292 million cross‑chain restaking exploit on April 18, sparking a chain reaction that erased roughly $9 billion from the sector’s largest DeFi lending protocol. Unlike prior attacks that targeted private keys or smart‑contract bugs, the...
Today’s Regulatory Intelligence Solutions Replace Drudgery With Confidence
Volatility in the B2B landscape is now the norm, driving leaders to seek smarter compliance tools. Over 170 countries have introduced cybersecurity and data‑protection laws, overwhelming security and risk teams with manual research. Forrester’s 2026 study shows regulatory intelligence platforms...
Inside Rhino’s Push to Make Privacy-Preserving AML Collaboration Work
Rhino Federated Computing, a Massachusetts startup founded in 2021, offers a privacy‑preserving AI stack that lets banks run anti‑money‑laundering (AML) models where their data resides. By training locally and sharing only encrypted model updates, institutions avoid moving raw transaction records...
AI Drives Surge in ‘Bug Bounty’ Reports, but ‘Slop’ Is Rising Too
Bug bounty programs across the crypto and open‑source sectors are experiencing a dramatic surge driven by AI tools that can quickly generate vulnerability reports. Cosmos Labs reported a 900% increase in submissions, averaging 20‑50 daily, while HackerOne logged 85,000 valid...
South Korea Expands AI Cybersecurity to Safeguard Cloud-Based Education Systems
South Korea’s Ministry of Education and KERIS are expanding an AI‑driven cybersecurity platform to protect private‑cloud environments used by schools and universities. The AI‑based Automated Cyber Intrusion Detection and Notification System recorded roughly 480 million threat indicators in 2025, confirming 86 000...
A Tsunami of Flaws: When Frontier AI and Patch Tuesday Collide
Microsoft’s April 2026 Patch Tuesday released over 160 vulnerabilities, the second‑largest monthly batch on record. The surge coincides with the debut of Anthropic’s frontier‑model AI, Mythos, under Project Glasswing, which claims to discover thousands of zero‑days. Experts warn that AI‑driven bug...
Hotline: Cybersecurity and Privacy | April 2026
Michael Corn’s April 2026 column tackles three pressing higher‑education security dilemmas: AI‑enabled cheating, drastic cybersecurity budget cuts, and audit‑driven heroics. He argues that multi‑factor authentication alone cannot stop AI‑driven fraud and proposes a five‑layer defense spanning identity, device context, behavioral...
The Security Metric That’s Failing You
Security teams have let patch‑rate metrics become the de‑facto strategy, but clean patch reports hide far greater risks such as misconfigurations, stale permissions, and legacy network segments. The window for exploiting a disclosed vulnerability has collapsed from weeks to roughly...
Think You’re Not A Data Broker? California’s Delete Act Might Say Otherwise
California’s Delete Act now forces any business that collects and sells consumer data without a direct relationship to register as a data broker with the California Privacy Protection Agency. Starting August 1 2026, registered brokers must process deletion requests through the new...
Think You’re Not A Data Broker? California’s Delete Act Might Say Otherwise
California’s Delete Act now forces any business that collects and sells consumer data without a direct relationship to register as a data broker with the CPPA. Starting August 1, 2026, registered brokers must process deletion requests through the new Delete Request and...
2Apply Raked for 'Dark Patterns' Used to Snare Renters' Data
Australian privacy regulator OAIC ruled that 2Apply, the nation’s largest rent‑tech platform, employed dark‑pattern design tricks to pressure prospective tenants into providing excessive personal data. The commissioner identified tactics such as “confirmshaming” and bundled consent that misled users about the...
Sekuro, The Missing Link Celebrated as Top CrowdStrike JAPAC Partners for 2026
CrowdStrike announced that Sekuro, an Insight company, and The Missing Link, an Infosys affiliate, were named among its top-performing partners in the Japan and Asia‑Pacific (JAPAC) region for 2026. Sekuro secured the JAPAC Partner of the Year award for the...
Lattice-Based Signature Schemes for MCP Host Authentication
Lattice‑based signature schemes, especially the ML‑DSA (Dilithium) family, are emerging as the quantum‑resistant alternative to RSA and ECDSA for Model Context Protocol (MCP) host authentication. The article explains how module‑LWE and module‑SIS underpin these schemes, delivering verification times under 30 ms...
Unauthorized Group Has Gained Access to Anthropic’s Exclusive Cyber Tool Mythos, Report Claims
Anthropic’s newly announced AI cybersecurity tool, Mythos, was reportedly accessed by an unauthorized group through a third‑party vendor. The breach was uncovered after members of a Discord channel posted screenshots and a live demo of the tool. Anthropic says no...
Enterprises Are Ramping up Preparations for a Post-Quantum World – Experts Worry It Could Be Too Late for Many
Post‑quantum computing adoption is accelerating, with Juniper Research projecting users to rise from 35,000 this year to over 100 million by 2035, yet only 27% of firms plan to implement quantum‑secure safeguards in time. Google now predicts quantum computers capable of...
UK Intelligence: 100 Nations Have Spyware that Can Hack Britain
The UK National Cyber Security Centre (NCSC) warns that roughly 100 countries have bought cyber‑intrusion software capable of targeting Britain’s infrastructure, businesses, and private networks. The commercial spyware market, exemplified by tools like Pegasus and Predator, has broadened its focus...
Guilt Admitted by British Hacker in $8M Crypto Theft Scheme
British hacker Tyler Buchanan pleaded guilty to a scheme that stole at least $8 million in cryptocurrency from U.S. victims, targeting roughly 12 companies across virtual‑currency, technology, telecom and entertainment sectors between September 2021 and April 2023. Prosecutors say he and co‑conspirators used...
Unpatched AI Flaw Poses Risk to Banking Sector
Security firm OX Security uncovered a critical flaw in Anthropic's Model Context Protocol (MCP) that lets AI agents execute arbitrary host‑machine commands via the default "stdio" setup. Anthropic has declined to patch the underlying code, placing the onus on developers—particularly...
Over 400K Records Allegedly Stolen From Major Dutch Webshop Bol, Data Leaked
A hacker using the alias “Jeffrey Epstein” claims to have stolen data on over 400,000 Belgian customers of Dutch e‑commerce giant Bol. The alleged dataset includes names, birthdates, contact details, shipping information and order history, though passwords and bank data are...
Crypto Stealing Wallet Apps Proliferate in Apple App Store
A wave of 26 counterfeit crypto‑wallet apps masquerading as Coinbase, MetaMask, OneKey and Trust Wallet surfaced in the Apple App Store. The apps redirected users to phishing pages that installed malicious provisioning profiles, enabling the theft of mnemonic seed phrases....
Microsoft Teams, Quick Assist Weaponized in Helpdesk Spoofing Intrusions
Threat actors are weaponizing Microsoft Teams and Quick Assist in a new help‑desk impersonation campaign. Attackers send spoofed Teams messages that convince users to approve a Quick Assist session, granting the intruder full control of the device within minutes. Once...
Novel Malware Campaign Bundles Gh0st RAT, CloverPlus Adware
A new malware campaign combines the Gh0st RAT remote‑access trojan with CloverPlus adware to monetize infected PCs while maintaining long‑term control. Attackers use an obfuscated loader that first installs CloverPlus to display ads and generate click revenue, then deploys a...
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
Angelo Martino, a former ransomware negotiator at a US incident‑response firm, pleaded guilty to conspiring with the BlackCat/ALPHV ransomware gang to steal confidential negotiation data and facilitate extortion attacks in 2023. Together with two other cybersecurity professionals, he helped deploy...
$293M KelpDAO Crypto Heist Exposes Cross-Chain Weaknesses in DeFi
A coordinated attack stole roughly $293 million worth of rsETH from KelpDAO, a liquid restaking protocol on Ethereum. The thieves compromised RPC nodes and flooded the network with DDoS traffic, corrupting LayerZero’s cross‑chain verification and allowing fraudulent transfers. The stolen tokens...
The Missing Layer in Federal Data Protection
Federal agencies have long secured data at rest and in transit, but data in use remains vulnerable. Confidential computing, built on trusted execution environments (TEEs), encrypts memory and isolates workloads, offering a third layer of protection. The technology is already...
How Zero Networks Is Closing the Network Enforcement Gap for AI Agents
Zero Networks, founded in 2019, offers an agentless, automated microsegmentation platform that eliminates manual policy creation. The solution discovers assets via directories and third‑party tools, then enforces label‑based policies using native firewalls and switch ACLs. Its new AI Segmentation feature...
Thousands of Apache ActiveMQ Instances Still Unpatched, Weeks After an Actively Exploited Hole Discovered
Researchers at Horizon3.ai used Anthropic's Claude AI to uncover a remote code execution flaw (CVE‑2026‑34197) in Apache ActiveMQ within ten minutes. The vulnerability affects versions before 5.19.4 and 6.0‑6.2.2, exposing nearly 6,500 internet‑facing instances two weeks after disclosure. CISA has...
Murder, She Wrote: Ex-FBI Chief Wants some Ransomware Crims Charged with Homicide
Former FBI cyber‑division deputy chief Cynthia Kaiser urged the Justice Department to treat ransomware attacks on hospitals as felony murder, citing at least 47 deaths between 2016 and 2021 and likely hundreds today. She called on State, Justice and Treasury...
American College of Radiology Offers Cybersecurity Resources
The American College of Radiology (ACR) has unveiled a suite of cybersecurity resources, including a joint white paper with the Society for Imaging Informatics in Medicine (SIIM) that replaces its prior practice parameter, and an online Cybersecurity Hub that aggregates...
HHS Watchdog Advises CIOs to Secure Data Before AI Implementation
The HHS Office of the Inspector General warned federal CIOs that AI projects must be preceded by robust data‑security controls. Agencies are urged to adopt operational AI governance, drawing on NIST guidance, and to shift from static policies to real‑time...