Scot Becomes Second Scattered Spider-Linked Crook to Plead Guilty in US
Tyler Robert Buchanan, a 24‑year‑old Scottish national linked to the Scattered Spider cybercrime group, pleaded guilty in California to conspiracy to commit wire fraud and aggravated identity theft for a phishing and SIM‑swap scheme that stole at least $8 million in cryptocurrency. He faces a statutory maximum of 22 years in prison, with sentencing set for August 21, 2026. The DoJ notes that Buchanan and co‑conspirators used stolen corporate data to breach virtual‑currency wallets, while the broader Scattered Spider operation has targeted high‑profile entities such as MGM Resorts, Caesars Entertainment, and Transport for London. This plea follows the earlier guilty plea of Scattered Spider leader Noah Michael Urban, who is already serving a 10‑year term.
We Can’t Trust Palantir with Our NHS Data
Palantir Technologies UK secured a data‑analytics contract with the NHS valued at roughly $15 billion over two years, promising faster cancer diagnoses and reduced discharge delays. Critics highlight that private firms have already earned about $2 billion in profit from NHS contracts,...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
SGLang, a popular open‑source framework for serving large language models, has been found vulnerable to CVE‑2026‑5760, a critical 9.8‑score remote code execution flaw. The issue resides in the `/v1/rerank` endpoint, where unsandboxed Jinja2 rendering of a malicious GGUF model’s `tokenizer.chat_template`...
Italian Regulator Fines National Postal Service Orgs $15 Million for Data Privacy Violations
Italy’s data protection authority fined Poste Italiane and its digital‑payments subsidiary Postepay a total of €12.5 million ($14.7 million) for privacy breaches. The regulator said the Postepay and BancoPosta apps forced users to authorize invasive monitoring of device data, including installed applications,...
Dune Analytics Reveals 47% of LayerZero OApps Use Minimal DVN Security Following KelpDAO Hack
Dune Analytics examined roughly 2,665 active LayerZero OApp contracts over the last 90 days and found that 47 % run with a 1‑of‑1 Decentralized Validator Network (DVN) security floor, the weakest possible setting. A further 45 % use 2‑of‑2 configurations, while only...
Crypto Infrastructure Company Blames $290 Million Theft on North Korean Hackers
Crypto infrastructure firm LayerZero says a North Korean hacking group, TraderTraitor, stole nearly $290 million from the Kelp platform by exploiting a single‑verifier (DVN) setup. The attackers minted counterfeit rsETH tokens without collateral, used them as loan collateral on platforms like...
Agencies Urge ‘Trust and Verify’ as Supply Chain Cyber Risks Shift
Federal leaders at the CyberScape summit urged agencies to adopt a continuous "trust and verify" approach to supply‑chain cybersecurity. They highlighted a visibility gap, noting that 60‑65% of Defense Logistics Agency partners are small businesses with limited cyber budgets. Officials...
Vercel Breach Originated From an Employee’s AI Tool
Vercel confirmed a data breach after an employee used the consumer AI service Context.ai with corporate credentials. The tool gave attackers access to the employee’s Google Workspace account, which they leveraged to enter limited Vercel internal environments. The company says...
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Researchers at Forescout Technologies uncovered 20 new vulnerabilities in serial-to-IP converters from Silex and Lantronix, devices that bridge legacy serial equipment to Ethernet networks. The flaws, dubbed BRIDGE:BREAK, allow unauthenticated command injection, firmware tampering, denial‑of‑service and full device takeover. Nearly...
Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users
LayerX Security uncovered a coordinated campaign dubbed “StealTok” that distributes fake TikTok video‑downloader extensions on Chrome and Edge. The extensions, marketed as watermark‑free download tools, have silently harvested data from more than 130,000 users worldwide, with roughly 12,500 still active....
Vercel Breach Explained: OAuth Risk in AI + SaaS Environment
Vercel suffered a breach when an employee granted OAuth access to the third‑party AI tool Context.ai, which was later compromised. The attacker used the OAuth token to infiltrate the employee’s Google Workspace account, exposing internal code, secrets, and deployment pipelines....
Keeper Security Adds Enterprise-Grade Approval Governance and Real-Time Visibility to Endpoint Privilege Management
Keeper Security has upgraded its Endpoint Privilege Manager with enterprise‑grade governance tools. The update adds a centralized, role‑based approval framework, configurable approval windows, and real‑time visibility with expanded audit logging. Automated monitoring now enforces policies across Windows, macOS and Linux...
EuroStack and the Kill Switch
Four European vendors—Cubbit, SUSE, Elemento Cloud and StorPool—have announced the EU’s first EuroStack‑style sovereign disaster‑recovery pack, aiming to protect businesses from a potential U.S. kill‑switch that could block access to critical digital services. The initiative is part of a broader...
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
WatchGuard researchers identified two new Formbook phishing campaigns that continue to target organizations worldwide. One campaign uses DLL sideloading, embedding malicious DLLs in a RAR archive to trick legitimate Windows processes, while the other hides obfuscated JavaScript in PDFs and...
[Un]prompted 2026 – Gadi Evron – Opening Words
Gadi Evron, CEO of Knostic and committee chair at unprompted, delivered the opening remarks for the unprompted 2026 AI Security Practitioner conference. The session was recorded and posted on Infosecurity.US, then syndicated through the Security Bloggers Network. The event, streamed...
Vercel Systems Targeted After Third-Party Tool Compromised
Vercel disclosed that attackers accessed internal systems after a third‑party AI tool, Context.ai, was compromised. An employee’s Google Workspace account was hijacked, exposing non‑sensitive environment variables and credentials for a limited set of customers. Vercel has notified affected clients, urged...
Inside the Booking.com Data Breach—Should You Be Worried?
On April 13, 2026, Booking.com disclosed a cyberattack dubbed “reservation hijacking,” in which hackers accessed personal details such as names, email addresses, phone numbers and past booking information. The breach did not expose financial data like credit‑card numbers, according to...
MCMC Issues Security Guide for Remote Work: Key Risks and What Employers Can Do to Ensure Employees Work Safely
The Malaysian Communications and Multimedia Commission (MCMC) has issued a security guide aimed at protecting employees who work from home under the Bekerja Dari Rumah (BDR) scheme. The advisory warns that personal devices and unsecured home networks heighten exposure to...
Court Ruling in Amazon-Perplexity Case Raises New Questions for Agentic AI in Enterprise Systems
A U.S. federal court in Northern California issued a preliminary injunction in Amazon.com Services LLC v. Perplexity AI, holding that AI agents accessing password‑protected platforms without explicit platform permission may violate the Computer Fraud and Abuse Act and California’s data‑access...
WhatsApp Leaks User Metadata to Attackers
Security researcher Tal Be'ery demonstrated that WhatsApp’s design leaks user metadata, allowing attackers to infer online status, device type, and activity patterns without sending visible messages. By exploiting silent ping messages and device fingerprinting through the WhatsApp Web protocol, anyone—from...
58% of Organizations Spend Over 10 Hours a Month Securing AI-Generated Code
A Cloudsmith report reveals that 58% of organizations devote more than ten hours each month to validating and securing AI‑generated code, with 8% spending over forty hours. The study also shows 44% of respondents have suffered security incidents linked to...
How CISOs Can Thrive Amidst Geopolitical And Economic Uncertainty
Forrester’s 2026 report warns that CISOs now operate amid heightened geopolitical conflict, economic volatility and AI‑driven attack surfaces. It urges security leaders to embed AI protection in core budgets, streamline overlapping controls, and adopt visible change‑leadership practices. The report also...
Cyberattack at French Identity Document Agency May Have Exposed Personal Data
France’s National Agency for Secure Documents (ANTS) suffered a cyberattack on its portal that manages passports, ID cards, residence permits and driver’s licences. The breach, detected on April 15, may have exposed login credentials, names, email addresses, dates of birth and...
The Backup Myth that Is Putting Businesses at Risk
Businesses often equate backup with protection, but backup only restores data after an outage, leaving operations stalled. Research shows downtime costs average $9,000 per minute, or $540,000 per hour, making rapid recovery essential. While 60% of firms believe they can...
NIST Is Cataloging so Many Vulnerabilities It Can only Assign Severity Scores to the Highest Priority Threats
The National Institute of Standards and Technology (NIST) announced a major overhaul of its National Vulnerability Database (NVD) enrichment process after CVE submissions surged 263% between 2020 and 2025. Starting April 15, NIST will assign full severity scores only to...
Six Years After “DeFi Summer” Is the Sun Already Setting on the Decentralized Finance Revolution?
A series of high‑profile hacks – KelpDAO’s $292 million rsETH exploit, Drift’s $285 million privileged‑access breach, and Venus’s $14.9 million loss – triggered an estimated $10 billion outflow from DeFi over a single weekend. The attacks exposed vulnerabilities in governance, cross‑chain bridges, and operational...
What Is Configuration Drift, and How Can Governments Manage It?
Configuration drift—unintended divergence from approved cloud baselines—is emerging as a top security risk for state and local governments adopting hybrid and multicloud environments. The drift stems from manual tweaks, rapid automated updates, and fragmented governance across diverse platforms. IBM’s CTO...
I Tried to Wipe My Digital Footprint without Paying for a Data Removal Service - 5 Free Ways
The article outlines how data brokers legally collect personal details from public records, apps and social media, then sell them to third parties. While opting out is possible, the process is fragmented, requiring separate requests and identity verification for hundreds...
Why the Axios Attack Proves AI Is Mandatory for Supply Chain Security
Two weeks ago a suspected North Korean group injected malicious code into the widely used Axios JavaScript library, which averages about 100 million weekly downloads across enterprises, startups and government agencies. An Elastic researcher identified the compromise within minutes using an...
Minidoka Memorial Hospital Updates Easter Morning Cyberattack
Minidoka Memorial Hospital in Rupert, Idaho experienced a cyber incident on Easter morning, April 5, that temporarily disabled imaging services and forced the transfer of some emergency patients. The hospital’s clinics continued treating patients, and a follow‑up update on April 17 confirmed...
Cloudflare Wants to Rebuild the Network for the Age of AI Agents
Cloudflare announced a suite of services at its Agents Week to make autonomous AI agents first‑class network clients. The flagship offering, Cloudflare Mesh, provides a private IP space that lets agents, Workers and devices communicate bidirectionally without VPNs or SSH...
TechCreate Group Ltd. And pQCee Intend to Collaborate on One of the First Quantum-Safe QR Hybrid POS Terminal
TechCreate Group Ltd. announced a partnership with quantum‑security firm pQCee to embed NIST‑approved post‑quantum cryptography into its QR‑Hybrid point‑of‑sale terminals. The collaboration will replace vulnerable RSA and ECC algorithms with quantum‑safe encryption, aiming to thwart harvest‑now‑decrypt‑later attacks. Both companies plan...
Breach at BE PRIME Cybersecurity Company Exposes Client Data and Surveillance Systems; Be Prime Threatens Journalists
Mexican cybersecurity firm BePrime confirmed a breach that exposed roughly 12.6 GB of client data and video‑surveillance feeds. The attacker claims they accessed administrator accounts that lacked multi‑factor authentication, a basic security control. BePrime’s response included a press release threatening legal...
Attackers Abuse Microsoft Teams to Impersonate the IT Helpdesk in a New Enterprise Intrusion Playbook
Microsoft’s security research reveals a new intrusion playbook where threat actors exploit Microsoft Teams’ cross‑tenant chat feature to impersonate IT helpdesk staff. By convincing employees to grant remote access through legitimate tools, attackers bypass traditional phishing filters and blend into...
Planning for Cyber Defense of Critical Urban Infrastructure
Cybersecurity for critical urban infrastructure has become a public‑safety priority as ransomware attacks increasingly target city services, especially water and transportation systems. Attackers exploit phishing and weak user credentials, often encrypting data and demanding cryptocurrency payments. Municipalities frequently lack robust...
Vercel Confirms Security Incident as Threat Actor Claims Stolen Data for Sale
Vercel, the cloud development platform behind Next.js, confirmed an unauthorized intrusion into internal systems after a hacker group claimed to be selling stolen data. The threat actor, linked to ShinyHunters, posted a sample dataset of 580 employee records and alleged...
British Scattered Spider Hacker Pleads Guilty in the US
A 24‑year‑old British hacker, Tyler Robert Buchanan, pleaded guilty in a U.S. federal court to conspiring with the Scattered Spider group to infiltrate dozens of corporate networks and steal cryptocurrency. He employed SMS‑phishing and SIM‑swapping attacks to harvest employee credentials,...
Hackers Exploit Vercel’s Trust in AI Integration
Vercel disclosed a data breach after a compromised third‑party AI tool, Context.ai, abused OAuth to hijack a Google Workspace account. The attackers accessed a limited set of customer credentials and unmarked environment variables, prompting Vercel to advise credential rotation. Threat...
Indian Agency Arrests Key SIM Card Supplier of a Broader Cyber Fraud Network
India’s Central Bureau of Investigation (CBI) arrested a key conspirator in Guwahati who supplied roughly 10,000 fraudulently obtained SIM cards to cyber‑criminal networks, a major step in the ongoing Operation Chakra‑V. The suspect allegedly transferred about ₹67 lakh (≈ $80,000) through multiple...
Pilot Blocks More than 2 Million Phishing Attempts
The Dutch Anti‑Phishing Shield pilot, launched in July 2025, has blocked more than 2 million phishing attempts. Phishing accounts for 91% of cyber attacks, contributing to 25 million victims in the Netherlands. The initiative unites telecoms, broadband operators, police, the Dutch Banking Association...
Solar Inverter Advancements Stress Growing Need for Cybersecurity
The solar industry is moving to formalize cybersecurity for inverters as their connectivity expands. The Solar Energy Industries Association’s February report calls for a domestic manufacturing base and endorses UL 2941, a new multi‑layered security standard developed by NREL and UL...
Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims
A Florida cyber‑incident response negotiator, Angelo Martino, pleaded guilty to conspiring with BlackCat/ALPHV ransomware operators to steal confidential client data and launch attacks on U.S. companies in 2023. By feeding insurers' policy limits and negotiation tactics to the attackers, he helped...
SBC Summit Malta Focuses on Compliance, Risk and Operational Resilience
The SBC Summit Malta, slated for April 29‑30, 2024, will spotlight an ‘Operations and Compliance’ stage aimed at bolstering security, fraud prevention, and regulatory readiness. The two‑day event gathers C‑level leaders, security and fraud experts, and regulators to share best...
Hackers Abuse QEMU for Defense Evasion
Security firm Sophos has identified a rise in the misuse of the open‑source QEMU emulator by threat actors to facilitate ransomware and remote‑access operations. In campaign STAB4713 linked to the PayoutsKing ransomware, attackers leveraged QEMU to create reverse‑SSH tunnels after...
LayerZero Post Mortem Shows Lazarus Group Stole $290M From KelpDAO via RPC Node Compromise
On April 18, 2026, North Korea’s Lazarus Group stole roughly $290 million from KelpDAO’s rsETH bridge by compromising two LayerZero RPC nodes that feed the protocol’s verifier. The attackers injected malware that supplied false transaction data only to the verifier while keeping external...
Bluesky Disrupted by Sophisticated DDoS Attack
Bluesky, the decentralized microblogging platform, suffered a distributed denial‑of‑service attack that began late on April 15 and persisted for roughly 24 hours, causing intermittent outages across feeds, notifications, threads, and search. The company reported no evidence of data theft and said it...
Aikido Launches Endpoint to Secure AI-Native Developer Workflows
Aikido Security unveiled Aikido Endpoint, a lightweight agent that secures developer workstations by scanning and blocking malicious packages, IDE extensions, and AI tools before they reach the filesystem. The solution leverages Aikido Intel, a threat‑intelligence feed that evaluates nearly 100,000...
AI Fuels Wireless Talent Shortage
Enterprise networks are grappling with a severe wireless talent shortage, with 86% of organizations unable to find qualified staff. The shortage is amplified by AI‑driven workloads and IoT expansion, driving operational complexity and higher security incident costs—averaging $21.2 million annually for...
C-DOT, Jumps Automation Partner to Develop Gamified Cybersecurity Awareness Platform
The Centre for Development of Telemetics (C‑DOT) has signed an MoU with Jumps Automation LLP to create a gamified cybersecurity awareness platform delivered as a commercial‑grade SaaS. The solution will combine a gaming arena, leaderboards, LMS, discussion forums and realistic...
Musk and Former X CEO Under Investigation by French Cybercrime Authorities
Elon Musk and former X chief Linda Yaccarino were summoned by Paris’ cyber‑crime unit for voluntary interviews about the platform’s AI chatbot Grok. The probe, launched after a February raid on X’s French office, now includes allegations of fraudulent data...