Too Many Tools, Not Enough Outcomes: Redefining MDR with Exposure Management
Rapid7 will speak at the ITWeb Security Summit JHB 2026 about redefining managed detection and response (MDR). The firm argues that the proliferation of point tools has produced fragmented defenses, and advocates an outcomes‑first model that merges detection, continuous threat exposure management (CTEM) and red‑team exercises. It will also showcase how attack surface management, digital risk protection, SOAR and UEBA can turn a reactive SOC into a pre‑emptive defense engine. The session positions compliance as a baseline rather than a ceiling.
“I’m Just Scared”: Teen Hacker Jailed After Massive U.S. School Data Breach
Teen hacker Matthew Lane, now 20, was sentenced to four years in federal prison for his central role in the PowerSchool data breach, one of the largest attacks on U.S. education. The breach exposed personal information for roughly 60 million students...
HKIRC Recognised As Certification Authority Under Hong Kong Electronic Transactions Ordinance
The Hong Kong government has officially recognized Hong Kong Internet Registration Corporation Limited (HKIRC) as a certification authority under the Electronic Transactions Ordinance. This designation, announced on 16 April 2026, permits HKIRC to issue six types of trusted digital certificates for individuals...
Capsule Security Raises $7m to Secure AI Agents at Runtime
Capsule Security emerged from stealth with a $7 million seed round led by Lama Partners and participation from Forgepoint Capital International. The startup’s runtime‑first platform aims to secure AI agents while they execute tasks, preventing prompt‑injection attacks, data leaks, and unintended...
Shinka Achieves SOC 2 Type II Certification
Shinka, the independent CTV and DOOH mediation platform, announced it has earned SOC 2 Type II certification after completing a Type I audit. The certification validates that Shinka’s security, availability, processing integrity, confidentiality and privacy controls operate effectively over time. The achievement underscores...
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Security researchers disclosed a new prompt‑injection technique called “Comment and Control” that exploits AI‑driven code tools on GitHub. The method tricks Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent by embedding malicious prompts in pull‑request titles, issue...
US Nationals Behind DPRK IT Worker 'Laptop Farm' Sent to Prison
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to 108 months and 92 months respectively for orchestrating a scheme that placed North Korean IT workers in over 100 American companies using stolen identities. Between 2021 and October 2024...
Use of Agentic AI Erodes GDPR Compliance as We Know It. Wipro's 'Privacy by Design' Comes Into Its Own
The rise of agentic AI—autonomous systems that decompose tasks, retain memory, and act on users’ behalf—exposes gaps in current GDPR compliance frameworks. Traditional governance assumes static tools, not self‑directing agents that make micro‑decisions, store contextual data, and can be hijacked...
New Approaches to Tackling Ransomware Recovery
Ransomware attacks are increasingly targeting backup data, rendering traditional zero‑trust models inadequate. Object First introduced Zero Trust Data Resilience (ZTDR), expanding zero‑trust principles with backup segmentation, multiple resilience zones, and immutable storage. Its appliance leverages Zero Access architecture to deliver...
Microsoft: April Windows Server 2025 Update May Fail to Install
Microsoft is investigating a failure of the April 2026 KB5082063 security update on Windows Server 2025, which triggers error code 0x800F0983 and, in some cases, forces servers into BitLocker recovery mode. The issue appears limited to enterprise‑managed configurations and does not affect...
Teenaged Boy Arrested After NI Schools Hacked
A 16‑year‑old was arrested in Portadown after allegedly compromising the C2K platform used by schools across Northern Ireland. The breach, which occurred at the start of the Easter break, locked students out of their accounts and exposed some personal data....
One Year on From the M&S Cyber Attack: What Did We Learn?
One year after the Easter‑week 2025 Marks & Spencer cyber breach, analysts confirm the attack originated from a simple social‑engineering phone call that compromised a third‑party help‑desk and cascaded into ransomware across VMware hosts. The incident sparked a wave of...
Targeted Cyberattack on Northern Ireland Schools Exposes Personal Data
A recent cyberattack on Northern Ireland's Education Authority was confirmed as a targeted breach affecting a small number of schools. Forensic analysis revealed that attackers accessed personal data, though no large‑scale exfiltration has been proven. Police Service of Northern Ireland...
How to Implement Passwordless Authentication to Boost User Conversion
Passwordless authentication replaces passwords with device‑bound cryptographic keys, removing a major source of friction in sign‑up and login flows. The 2026 Passwordless Conversion Impact Report shows that faster entry boosts lifetime value, while the IBM Cost of Data Breach Report...
Democratized Software, Democratized Risk: Who’s Accountable When Everyone Codes?
AI‑driven coding tools are letting non‑technical teams create software without traditional developer resources, accelerating delivery and cutting costs. However, this democratization creates governance gaps that can expose organizations to security, compliance, and accountability risks. The article advises IT leaders to...
Corporate Affairs Commission Hit by Cyberattack in Nigeria
Nigeria’s Corporate Affairs Commission confirmed a cyber‑attack that compromised its company‑registration platform, prompting an urgent investigation with the National Information Technology Development Agency. The breach threatens sensitive business data, could delay filings and erode confidence in government digital services. At...
Shadow AI and the New Visibility Gap in Software Development
Generative AI is now a core part of software development, but shadow AI—unapproved AI tools used by developers—is already mainstream, with 50% of workers globally and over 70% of UK employees relying on them. This creates a "lethal trifecta" of...
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems
Researchers at Cyble have identified a surge in Android malware campaigns leveraging a new modular framework called MiningDropper. The platform repurposes the open‑source Lumolight app as a trojanized entry point and uses layered XOR and AES encryption to deliver multi‑stage...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Researchers at Acronis have identified a low‑dollar, high‑volume ransomware operation that has been active in Turkey since at least 2020. The attackers deploy a customized Adwind RAT to deliver the JanaWare ransomware, demanding between $200 and $400 per victim. The...
Super Funds Seek to Coordinate Sector's Cyber Threat Response
The Association of Superannuation Funds of Australia (ASFA) has applied to the Australian Competition and Consumer Commission for a five‑year licence to operate the Superannuation Cyber and Financial Crime Exchange (SuperFCX), a dedicated threat‑intelligence sharing platform for the sector. The...
.png)
ITnews to Bring Security Leaders Together for State of Security Breakfast Roadshow
iTnews is launching its inaugural State of Security Breakfast Roadshow in Brisbane on June 18, gathering more than 50 senior IT and security executives to discuss findings from its State of Security report released April 30. The breakfast will focus on three...
Web Supply Chain Risk in ANZ: Why the Browser Is the New Front Line
Reflectiz warns that modern web applications increasingly rely on third‑ and fourth‑party scripts that execute in users' browsers, creating a hidden supply‑chain risk that traditional security tools cannot see. Research of 4,700 ANZ sites shows 64% of these scripts handle...
Cyberwar’s New Frontier
The article warns that autonomous cyber‑agents are moving from theory to operational reality, capable of launching attacks in minutes and persisting undetected across critical sectors. It highlights the U.S. 2026 Cyber Strategy’s embrace of such agents while noting severe staffing...
RedSun: System User Access on Win 11/10 and Server with the April 2026 Update
RedSun is a newly disclosed vulnerability affecting Windows 10, Windows 11 and Windows Server with the April 2026 Update. The flaw exploits Windows Defender’s cloud‑tag handling, causing the antivirus to rewrite a malicious file back to its original location. By overwriting trusted system...
FSF Trying to Contact Google About Spammer Sending 10k+ Mails From Gmail Account
Thom Zane, an administrator of the daedal.io Mastodon instance, posted on the fediverse asking for a direct email address to reach a human on Google’s Gmail team. He wants to report a spammer who allegedly sent more than 10,000 Gmail...
AI Threats Push Businesses to Rethink Cybersecurity Strategies: Kaspersky
AI is reshaping cyber threats, enabling both seasoned hackers and novices to launch sophisticated attacks with generative tools. Kaspersky warns that 72% of firms are deeply concerned as AI‑driven phishing, deepfakes, and automated malware surge. A deepfake video call cost...
Taking Operational Risk to Resilience with Emerging AI Systems: Gartner
Gartner warns that generative AI (GenAI) and agentic AI are exposing enterprises to rising security incidents. It predicts 25% of GenAI applications will suffer at least five minor incidents annually by 2028, and 15% will encounter a major breach by...
Spatiotemporal Light Pulses Could Secure Optical Communication by Masking Data
Ben‑Gurion University researchers have devised a secure optical‑communication scheme that embeds data within spatiotemporal optical vortices—light pulses whose structure conceals information from conventional detectors. The approach pairs these shaped pulses with a pre‑shared key and decoy‑signal algorithm, allowing only a...
Adapting in the Era of AI
Fastly announced ContentGuard, a new feature inside its Bot Management suite that gives customers granular control over who accesses cached content. The company’s security research shows 47% of requests to cached assets are from unverified or malicious bots, while only...
GitLab 18.11 Release
GitLab 18.11 introduces a suite of AI‑driven and security enhancements, including Agentic SAST Vulnerability Resolution that auto‑generates merge requests for critical findings, and the Data Analyst Agent that answers natural‑language queries across the platform. The release also adds fine‑grained personal...
GitLab 18.11 Released with Automated Remediation & New Foundational Agents
GitLab 18.11 introduces Agentic SAST vulnerability resolution that automatically generates merge requests to fix critical and high‑severity findings. The release also makes the Data Analyst Agent generally available and launches the CI Expert Agent in beta, expanding AI‑driven assistance across...
Coremail Showcases at GITEX Asia 2026: Advancing Enterprise Communication with AI-Native Secure Email
Coremail unveiled its AI‑Native Secure Email System and CACTER AI‑Native Secure Email Gateway at GITEX Asia 2026 in Singapore. The solutions combine large language models with autonomous agents to transform email from a static messaging tool into a task‑execution hub....
Anonymizing Network Traffic: A Dive Into SOCKS5 and Data Encryption
SOCKS5 proxies have become a core tool for businesses that need to hide IP addresses while handling any traffic type, from HTTP to UDP. Unlike HTTP proxies, SOCKS5 does not inspect data, allowing seamless use for streaming, automated data collection,...
Over 25K Systems Exposed by Adware App to Supply Chain Compromise
Dragon Boss Solutions’ ad‑ware platform inadvertently exposed more than 25,000 systems after an insecure software‑update channel was discovered. Threat actors could purchase a signed payload for about $10 and push malicious code with SYSTEM privileges. Huntress identified communications from 23,565 IP addresses,...
To Fight Ransomware, Turn to Incident Response Professionals
The UK Home Office is consulting on a ban on ransomware payments for public‑sector bodies and critical national infrastructure, alongside a broader payment‑prevention regime and mandatory incident‑reporting. Critics argue the proposal could leave under‑resourced firms tangled in legal hoops while...
WBA Guidelines Target Rogue Access Points and Credential Theft
The Wireless Broadband Alliance (WBA) released a Wi‑Fi Security Guidelines framework to standardize protection across public, enterprise, IoT, and roaming networks. The document mandates mutual certificate‑based authentication, WPA3‑Enterprise with Protected Management Frames, and encrypted RADIUS traffic to thwart rogue access...
KnowBe4 Debuts Guardrails for Autonomous AI Agents
KnowBe4 has introduced Agent Risk Manager, a real‑time monitoring and governance layer designed to police autonomous AI agents operating across enterprise environments. The solution adds behavioral guardrails to block threats such as unauthorized data exposure, prompt‑injection jailbreaks, and runaway compute...
CoSN 2026: Student-Led Cyber Programs Incentivize Culture of Safety
At DeKalb County School District, the second‑year Cyber Champions program places students at the forefront of district‑wide cybersecurity education, turning them into peer advocates for digital safety, phishing awareness, and AI ethics. The initiative operates without a dedicated budget, leveraging...
Securing Remote Server Access: Why VPNs Matter for Administrators
Remote server administrators face brute‑force, phishing and malware attacks when SSH or RDP are exposed to the internet. Deploying a corporate VPN tunnels remote connections through encrypted channels, limiting access to authenticated users and removing direct exposure of critical ports....
Anthropic's Mythos Triggers Cybersecurity Race — CrowdStrike, Rubrik, Cloudflare Stand To Gain
Anthropic unveiled Project Glasswing and the Claude Mythos model, an AI system that can autonomously discover and exploit software vulnerabilities at scale. ARK Invest highlighted Mythos' 93.9% SWE‑bench and 83.1% CyberGym scores as evidence of a new era in software...
New AgingFly Malware Used in Attacks on Ukraine Govt, Hospitals
CERT‑UA uncovered a new malware family called AgingFly targeting Ukrainian government agencies, hospitals and possibly Defense Forces. The campaign begins with phishing emails offering humanitarian aid, leading victims to click links that deliver malicious LNK shortcuts and HTA files. Once...
Critical MCP Integration Flaw Puts NGINX at Risk
Researchers at Pluto Security have uncovered a critical vulnerability in the popular nginx‑ui web console, identified as CVE‑2026‑33032 with a CVSS score of 9.8. The flaw resides in the MCP /message endpoint, which performs no authentication and can be exploited to...
Class Action Targets Berkadia over Alleged Cyberattack Exposing Thousands' Data
Berkadia Commercial Mortgage, the leading Freddie Mac lender, faces a proposed class action alleging a March 20 cyberattack by the ShinyHunters group. The breach reportedly exposed thousands of individuals' personal and financial data, including Social Security numbers and banking details. Plaintiffs claim...
![Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2026/04/iphone-tap-to-pay-vulnerability-veritasium.webp?resize=1200%2C628&quality=82&strip=all&ssl=1)
Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]
A five‑year‑old tap‑to‑pay flaw in iPhone’s Express mode lets large transit purchases bypass the lock screen, a vulnerability highlighted in a recent Veritasium video. Apple and Visa have been aware of the issue since 2021, but claim it falls under...
Fiverr Denies ‘Major Security Lapse’ Despite Private User Data Appearing in Google Search
Fiverr says there is no major security breach, but a misconfigured Cloudinary storage bucket left private user documents publicly accessible. PDFs, images, tax forms and other sensitive files were indexed by Google after the platform used permanent URLs instead of...
The Myth of the CMMC “Easy Button:” Why Shortcuts Usually Collapse Under Scrutiny From a Third-Party Assessor
Defense contractors face intense pressure to meet CMMC Level 2 requirements on compressed timelines, turning what was once a planning exercise into a contractual mandate. The article warns that shortcuts—such as relying on shared multi‑tenant environments or skipping a proven reference...
The Transparency Tax: The Cost of Not Knowing What’s in Your Software
The article introduces the "transparency tax," the hidden operational cost organizations incur when they lack continuous visibility into the components of their software. It cites past supply‑chain attacks—such as Log4Shell, which averaged over $90,000 in incident‑response costs—to illustrate how manual...
Maine Rejects Broad Privacy Bill
Maine lawmakers rejected the Maine Online Data Privacy Act (LD 1822), a sweeping proposal that would have restricted data collection, mandated opt‑outs for behaviorally targeted advertising, and banned the sale of sensitive information such as biometric, genetic, and race data. The...
How AI Hackers Will Shake up Cyber-Security
Anthropic announced its newest AI model, Mythos, will not be publicly released. Instead, access is limited to the 12 founding members of Project Glasswing, a consortium that includes Apple, Google and Nvidia. The move reflects growing concerns that advanced generative...