Sans Institute Preps Live Systems for Nato Cyber Exercise
The SANS Institute will supply a fully operational power‑generation cyber range for NATO’s 16th Locked Shields exercise in Tallinn. For the first time the exercise will use real industrial control systems and physical equipment, letting 16 blue‑team defenders protect a national‑scale grid under live attack. The hybrid IT/OT environment includes about 70 physical ICS devices and 100 virtual machines, making cyber decisions directly affect turbine output and breaker status. Organizers say the realism bridges the gap between classroom labs and real‑world operational readiness amid heightened energy‑security concerns.
M&S One Year On: Turning Anticipation Into Secure by Design
A year after the M&S cyber breach, retailers are moving from prevention to rapid response, treating cyber incidents as core business risks. The attack highlighted how third‑party suppliers can become the weakest link, exposing vast customer data and driving costly...
Fraudsters May Target AI Mandates as Agentic Commerce Takes Off
AI‑driven agents are set to handle consumer transactions, a trend dubbed agentic commerce. McKinsey projects up to $1 trillion in U.S. B2C revenue by 2030, with a global market potential of $3‑5 trillion. Visa’s security unit observed a 450% surge in dark‑web...
Data Security Becomes a Core Skill in Modern Legal Recruitment
Law firms are increasingly recognizing data security as a core competency, driven by the sensitive nature of client information, intellectual property, and legal strategies. Cyber threats targeting these assets are rising, prompting firms to adopt encryption, multi‑factor authentication, and regular...
ANALYSIS: Big Tech Sets AI to Catch AI
Advanced AI is reshaping cyber‑security as both a weapon and a shield. Hackers leveraged over 1,000 AI prompts to breach Mexico’s tax authority, exposing 195 million records and prompting one of the largest government data leaks. At the same time, Anthropic’s...
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
GrapheneOS, the open‑source Android hardening platform hailed as the gold standard for mobile privacy, was co‑created by Canadian security researcher Daniel Micay and a second lead developer. Over the past year, a bitter personal and strategic rift has erupted between...
Canada Life Breach Exposes Data of up to 70,000 People – Mostly Customers
Canada Life disclosed a cyber incident that exposed personal information for up to 70,000 individuals, primarily employees of a single large corporate client. The breach was carried out by the ShinyHunters hacking group, which gained unauthorized access through an employee’s...
ServiceNow Completes $7.75bn Armis Deal to Boost Cyber Visibility
ServiceNow completed a $7.75 bn cash acquisition of cyber‑exposure manager Armis, extending its platform with real‑time, agent‑less visibility of both digital and physical assets. The deal follows ServiceNow’s March 2026 purchase of Veza, adding AI‑native identity intelligence to its security suite....
Zoom Rolls Out “Proof of Humanity” To Combat Deepfake Impersonation
Zoom has launched a "Proof of Humanity" feature that verifies participants’ identities in real time using World ID Deep Face technology. The tool, built with Tools for Humanity, displays a "Verified Human" badge during calls to deter AI‑generated deepfake impersonations....
Top Techniques Attackers Use to Infiltrate Your Systems Today
The article outlines current cyberattack techniques, highlighting identity‑based methods as dominant. Phishing (41%), stolen credentials (18%) and social engineering (12%) drive most incidents, while abuse of legitimate remote monitoring and management (RMM) tools accounts for 30% of breaches. Attackers also...
The Global AI Threat Has Arrived
Anthropic unveiled Claude Mythos Preview, an AI model that can autonomously locate and exploit vulnerabilities in major operating systems and web browsers. The discovery has alarmed business leaders and policymakers worldwide, prompting concerns about a new class of AI‑driven cyber threats. Even...
The Cookbook for Safe, Powerful Agents
Enterprises are moving AI agents from proof‑of‑concepts to production, exposing a critical gap between capability and control. Runloop CEO Jonathan Wall emphasizes that agents must start with minimal privileges and gain access only through layered safeguards. The article outlines a...
The Thin Gray Line: Handala, CyberAv3ngers and Iran’s Proxy Ops
On April 7, six U.S. agencies issued a joint advisory warning that Iranian‑linked advanced persistent threat groups could launch cyberattacks on critical infrastructure, citing the 2023 water‑facility breaches attributed to the APT known as CyberAv3ngers. The advisory also references the...
Addressing the Challenges of Unstructured Data Governance for AI
Enterprises in regulated sectors are expanding data governance beyond warehouses to the massive, unstructured data that now fuels AI models. Leaders cite visibility, lineage, and dynamic access‑control as the toughest hurdles, especially for documents like contracts, health records, and design...
Deep Dive Into the New Kill Chain
Cyberrey will present at the ITWeb Security Summit JHB 2026, unveiling what it calls a "new kill chain" driven by AI‑powered shadow IT. The firm warns that every device, API or cloud workload now creates an exponential attack surface that outpaces...
CISA Adds 8 Exploited Vulnerabilities Affecting Cisco, Zimbra, TeamCity
On April 21, 2026 the Cybersecurity and Infrastructure Security Agency expanded its Known Exploited Vulnerabilities (KEV) catalog with eight new flaws that are already being leveraged in active attacks. The list includes high‑severity issues such as an improper‑authentication bug in...
Vercel Data Breach Exposes SA Developer Community
Vercel, the US‑based platform behind the popular Next.js framework, disclosed a security incident in which attackers accessed internal systems through a compromised third‑party AI tool, Context.ai. The breach allowed the intruder to obtain non‑sensitive environment variables from a limited set...
Panasonic Creates Device-Locked QR Codes to Speed Facial Biometric Capture
Panasonic has introduced device‑locked QR codes that work only with authorized readers, streamlining facial‑biometric enrolment for its Site Management Service. The QR code carries registration data; when scanned by the system’s camera, it triggers a facial capture, eliminating the need...
Personal Data Exposed on ANTS Portal, French Authorities Investigate
French authorities have confirmed a security incident on the ANTS.gouv.fr portal, detected on April 15, 2026, that exposed personal identifiers such as login IDs, names, email addresses, dates of birth and, in some cases, postal addresses and phone numbers. The...
Common Challenges of Online Fraud
Harold van Graan of Solid8 Technologies outlines how online fraud has evolved beyond simple transaction theft to include checkout abuse, inventory hoarding, loyalty fraud, and promo abuse. Bots can empty high‑value stock in seconds, while account‑takeover schemes siphon points and...
Public Servant Charged over Alleged NSW Treasury Document Heist
A 45‑year‑old public servant employed by the New South Wales Treasury was charged with attempting to exfiltrate more than 5,600 sensitive government documents. Police launched “Strike Force Civic” on April 20, raiding the suspect’s residence and arresting him the same day. The...
Cisco Launches Sovereign Critical Infrastructure Across EMEA
Cisco announced the launch of its Sovereign Critical Infrastructure (SCI) portfolio for customers across Europe, the Middle East and Africa. The offering bundles Cisco’s networking, security, compute, collaboration, AI and Splunk solutions into configurable, air‑gapped or hybrid on‑premises environments. It...
Mobai Certified for Cybersecurity and Privacy Protection
Norwegian digital identity company Mobai has secured ISO/IEC 27001:2022 certification, confirming its Information Security Management System meets international standards. The audit, conducted by DNV, took effect on March 30, 2026, and is crucial for its biometric services to financial, government,...
Poste Italiane, Postepay Fined €12.5M for Unlawful User Data Processing
The Italian Data Protection Authority has imposed a combined fine of over €12.5 million (about $13.5 million) on Poste Italiane (€6.6 million) and its Postepay unit (€5.8 million) for unlawful processing of user data via mobile apps. Regulators found the apps collected extensive device‑level...
Arbitrum Freezes $71 Million in Ether Tied to Kelp DAO Exploit
Arbitrum’s Security Council moved 30,766 ETH—about $71 million—into a frozen intermediary wallet after the Kelp DAO rsETH exploit. The freeze recovers roughly a quarter of the $292 million stolen when attackers compromised a LayerZero verifier, an incident linked to North Korea’s Lazarus Group....
Ripple Wants the XRP Ledger to Be Quantum-Proof by 2028. Here Is Its Plan
Ripple announced a four‑phase roadmap to make the XRP Ledger quantum‑resistant by 2028. The plan starts with an emergency “Q‑day readiness” phase that would require all funds to move to quantum‑safe accounts and enable recovery via zero‑knowledge proofs. Subsequent phases...
Advanced AI Raises Security Risks
Palo Alto Networks warns that emerging generative AI models will soon become powerful tools for cyber attackers. In internal tests, the firm’s AI completed the equivalent of a year’s penetration testing in just three weeks and demonstrated the ability to...
10 Best Cloud Data Security Software on G2: My Top Picks
The cloud data security market, valued at $4.75 billion in 2024, is forecast to reach $11.62 billion by 2030, underscoring rapid growth. Disha C’s G2‑based guide ranks the top ten platforms, from Acronis Cyber Protect Cloud’s unified backup and AI threat detection...
Mythos Remains a Mystery as Security World Faces Rising Threats, Agentic Attacks and Concerns About AI Integrity
Anthropic’s unreleased Claude Mythos model, touted for large‑scale software analysis and automated vulnerability chaining, was highlighted by Head of Threat Intelligence Jacob Klein at the SANS Cybersecurity Summit. Klein warned that AI‑driven attacks are accelerating, citing recent breaches at Vercel...
The Illusion of Control: Why Boards Misjudge Cybersecurity Readiness
Recent research from Harvard Business Review, McKinsey, IMD and Deloitte shows corporate boards are consistently misjudging cybersecurity readiness. The missteps stem from three systemic gaps: insufficient cyber fluency, role confusion between oversight and micromanagement, and a lack of decision‑ready information....
Is Indonesia’s Digitalisation Push Leaving MSMEs Exposed?
Indonesia’s finance sector is experiencing a surge in cyber scams, with phishing attacks targeting the industry at a 24.42% rate—far above other sectors. The Financial Services Authority (OJK) reports that scams occur three to four times more often in Indonesia...
Fime Launches Agentic Commerce Trust Layer Service
Fime has launched FACT (Framework for Agentic Commerce Trust), a "trust‑as‑a‑service" platform that secures AI‑driven financial transactions. The service adds intent validation, real‑time policy monitoring, transaction‑level attestation and independent auditor agents, enabling merchants to accept AI‑initiated payments while giving banks...
Vibe Coding Upstart Lovable Denies Data Leak, Cites 'Intentional Behavior,' Then Throws HackerOne Under the Bus
AI coding platform Lovable, valued at $6.6 billion, faced a Broken Object Level Authorization (BOLA) vulnerability that allowed any free‑account user to view other users’ source code, database credentials, and chat history. The flaw, reported 48 days earlier, was first dismissed...
The Web Is Gaslighting AI Agents and Nobody Can Tell
Researchers at Google DeepMind have identified a new class of threat called “AI Agent Traps,” where hidden instructions embedded in ordinary web pages can manipulate autonomous AI agents. The paper outlines six attack vectors, including content injection and semantic manipulation,...
Alabama Becomes Latest State to Enact Comprehensive Privacy Law
Alabama Governor Kay Ivey signed the Alabama Personal Data Protection Act (APDPA) on April 16, 2026, making it the latest state to adopt a comprehensive consumer privacy law. The statute, which takes effect on May 1, 2027, applies to businesses that process the data...
Commentary: Southeast Asia’s Scam Centres Are a New US-China Battleground
Cyber‑fraud scam centres across Southeast Asia entrap roughly half a million people and siphon about $43.8 billion a year, roughly 40% of the region’s combined GDP. China and the United States both vie to lead anti‑fraud initiatives, but their competing digital...
Vuln in Google’s Antigravity AI Agent Manager Could Escape Sandbox, Give Attackers Remote Code Execution
Researchers at Pillar Security disclosed a critical vulnerability in Google’s Antigravity AI‑powered developer tool that allowed prompt injection to escape the platform’s Secure Mode sandbox and achieve remote code execution. The flaw leveraged the native "find_by_name" system tool, which bypassed...
The FTC’s AI Portfolio Is About to Get Bigger
The Federal Trade Commission is preparing to enforce the Take It Down Act, a law that criminalizes the distribution of AI‑generated nonconsensual sexual images and gives victims a right to request rapid removal of such content. Enforcement begins in May,...
Retirees Are a Prime Target for Identity Theft. This 15-Minute Checkup Could Save You Thousands
Retirees are increasingly targeted by identity thieves, with the FBI reporting an average loss of $38,500 per victim in 2025. The article outlines a four‑step, 15‑minute checkup—credit monitoring, Social Security review, Medicare statement audit, and password hygiene—to curb fraud. It...
Scaling Mobile Authentication Across The Modern Enterprise
Enterprises are rapidly adopting mobile authentication to replace static badge systems, driven by AI investments and a tech‑savvy workforce. A recent HID report shows nearly two‑thirds of security leaders are deploying or planning mobile credentials, citing benefits such as instant...
ASIC, APRA Among Regulators Monitoring Anthropic's Mythos
Australian and Asian financial regulators are intensifying scrutiny of Anthropic's AI model Mythos after it demonstrated a powerful ability to uncover software vulnerabilities. ASIC and APRA in Australia, Hong Kong’s HKMA, South Korea’s FSS and FSC, and Singapore’s MAS have all...
Security Firm Releases 114m-Record Dataset Built From Live Enterprise Attack Traffic
WitFoo, a US‑New Zealand security vendor, released the Precinct 6 Cybersecurity Dataset, a free, Apache‑2.0‑licensed collection of 114 million labelled security‑event records captured from five enterprise networks in mid‑2024. The data spans telemetry from 158 products across more than 70 vendors, with 99.34%...
Aave Models $124M to $230M in Bad Debt From Kelp Exploit
Aave’s service providers released an incident report quantifying the protocol’s exposure to the April 18 Kelp DAO rsETH bridge exploit, estimating bad‑debt between $123.7 million and $230.1 million. Attackers moved 89,567 rsETH onto Aave, borrowing roughly $193 million in WETH and wstETH, with health factors...
The Gentlemen Ransomware Now Uses SystemBC for Bot-Powered Attacks
The Gentlemen ransomware‑as‑a‑service has begun deploying the SystemBC proxy‑malware botnet, which now comprises over 1,570 compromised hosts. The botnet, historically used for SOCKS5 tunneling, is being leveraged to deliver Cobalt Strike payloads and facilitate lateral movement in corporate networks. Check Point...
Claude Desktop Changes App Access Settings for Browsers You Don't Even Have Installed Yet
Anthropic’s Claude Desktop for macOS silently creates a Native Messaging manifest that pre‑authorizes Claude browser extensions across Chromium‑based browsers, even if those browsers are not yet installed. The manifest registers a local executable that runs outside the browser sandbox without...
Lovable Denies Mass Data Breach
Swedish low‑code AI startup Lovable denied a mass data breach after an X user claimed they could view other customers' chat histories and personal details. The company admitted its documentation on "public" project visibility was unclear, but says no breach...
Many Smartphones Don’t Detect Face Biometrics Spoofs or Properly Warn Consumers
Which? tested 208 Android smartphones and found 64% vulnerable to 2D printed photo spoofs. iPhones remain largely immune due to depth‑sensing Face ID, while some newer Pixel models also resisted flat images. Many Android manufacturers, including OnePlus and Motorola, fail...
AI and CMMC: A Double-Edge Sword for Defense Contractors
The Pentagon’s CMMC program forces defense contractors to safeguard controlled unclassified information, and the surge of generative AI has complicated compliance by expanding assessment boundaries and introducing new attack vectors. Employees may inadvertently feed CUI into commercial large‑language models, risking...
Flying Somewhere This Spring? A Burner Phone Might Save You From a Border Headache
U.S. Customs and Border Protection inspected over 55,000 mobile devices last fiscal year, using forensic tools to clone and extract data from more than 4,000 phones. The deep‑scan capability means even deleted messages, photos and app data can be recovered,...
Seiko USA Website Defaced as Hacker Claims Customer Data Theft
Seiko USA’s public website was defaced over the weekend, showing a “HACKED” page that claimed attackers had stolen its Shopify customer database. The ransom note warned that the full set of customer names, emails, phone numbers, order histories and shipping...