Oligo Security Moves Beyond CVE Prioritization with Real-Time Application-Layer Exploit Blocking
Oligo Security unveiled Runtime Exploit Blocking, a capability that intercepts application‑layer exploit attempts in real time without terminating containers or disrupting services. The technology correlates function calls with system activity to detect malicious sequences and blocks the offending system call while keeping the application running. By protecting entire classes of vulnerabilities—including zero‑days—through technique‑based rules, Oligo moves beyond traditional CVE‑centric approaches. The startup has raised about $80 million, most recently a $50 million round in January 2025.
Manifest Platform From Manifold Targets AI Agent Supply Chain Security Gaps
Manifold Security launched Manifest, a free, open‑access platform that maps AI agent supply‑chain dependencies and external system interactions. The graph‑based service builds execution and environment graphs to reveal hidden risk patterns that traditional file‑level scans miss. Manifold’s accompanying report identified...
FossID Launches Agentic SCA to Bring Real-Time Compliance to AI-Driven Code Development
FossID AB introduced Agentic SCA, a real‑time software composition analysis layer designed for AI‑driven code development. The solution embeds compliance checks directly into AI agents, enabling instant detection of open‑source components, license obligations, and vulnerabilities as code is written. By...
DavMail 6.6.0 Patches a Regex Flaw and Advances Its Microsoft Graph Backend
DavMail 6.6.0 was released this week, addressing a regex‑based security alert, updating the OAuth redirect URI to match Microsoft’s recent OIDC change, and fixing multiple IMAP, SMTP, CalDAV and CardDAV bugs. The update adds VCARD4 birthday support, switches CardDAV photo...
Kraken Is Actively Being Extorted by Criminals Threatening to Release the Top Crypto Exchange’s Internal Data
Kraken disclosed that criminals are extorting the exchange after two support employees improperly accessed limited client data. Approximately 2,000 accounts, representing 0.02% of its user base, were potentially viewed, but the core trading and custody systems were not breached and...
Intruder Adds Container Image Scanning to Cloud Security Platform
Intruder has expanded its cloud security platform to include daily container image scanning across AWS Elastic Container Registry, Google Cloud Artifact Registry, and Azure Container Registry. The new capability uses a graphical interface that requires no agents, letting both security...
Why CIOs Are Moving Away From Legacy Consulting in the AI Era
CIOs are abandoning traditional consulting firms as AI accelerates transformation and exposes gaps in strategy‑execution alignment. Legacy firms’ sequential approach and post‑hoc security fail to meet the speed, precision, and accountability CIOs now demand. New‑generation firms that embed security and...
3 Quantum Realities to Confront This World Quantum Day
World Quantum Day highlighted the accelerating timeline toward a post‑quantum future, with industry leaders warning that waiting for certainty will delay critical migration. Experts emphasized that the operational risk lies in how long it takes to identify dependencies, prioritize remediation,...
China-Linked Cloud Credential Heist Runs on Typos and SMTP
Chinese‑aligned APT41 has deployed a Linux ELF backdoor that steals cloud credentials across AWS, GCP, Azure and Alibaba Cloud. The malware uses port 25 SMTP as a covert C2 channel, sending harvested IAM role and service‑account tokens to three typosquatted...
What Is Anthropic's Mythos AI Model and Why Does It Have the Financial World in a Panic?
Anthropic PBC unveiled Mythos, a general‑purpose AI model that can independently locate and exploit high‑severity software vulnerabilities. The company disclosed that Mythos identified thousands of flaws across major operating systems and browsers, prompting Anthropic to restrict public release and instead...
Anchore Enterprise and the DoD DevSecOps Reference Design
Anchore Enterprise has been tightly woven into the Department of Defense’s DevSecOps Reference Design, providing automated security guardrails across every stage of the software factory. By generating SBOMs, enforcing policy‑as‑code, and continuously scanning containers, Anchore stops vulnerable code before it...
DataVisor Brings Conversational AI Agents to Fraud and AML Operations
DataVisor unveiled Vera, a conversational AI agent suite that lets financial institutions manage fraud and AML tasks through plain‑language commands. The platform automates detection, investigation, and regulatory reporting, promising up to three‑fold gains in detection coverage and a 20‑30× reduction...
SAP Patches Critical ABAP Vulnerability
SAP released 20 new and updated security notes on April 14, 2026, including two critical CVEs. The most severe, CVE‑2026‑27681 (CVSS 9.9), is a SQL‑injection flaw in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution. SAP mitigated the issue...
Anthropic’s Mythos Raises the Stakes for Software Security
Anthropic has placed its new Claude Mythos preview model—capable of uncovering thousands of previously unknown software vulnerabilities—behind a tightly controlled early‑access program. The company limited access to a select group of major technology and security firms, citing the model’s dual‑use...
How Contact Centers Detect and Prevent Fraud
Contact centers are increasingly targeted by fraudsters exploiting weak authentication and under‑trained agents, especially as operations shift to digital and remote channels. Common schemes include identity theft, account takeover, card‑not‑present purchases, and vishing attacks that leverage caller‑ID spoofing and synthetic...
DNS Security Is Often Inadequate, and Network Engineers Should Get More Involved
Enterprise Management Associates’ DDI Directions 2026 report reveals that only 28% of DDI experts consider their DNS infrastructure fully secure. Threats are evolving, with 86% of enterprises witnessing AI‑enhanced DNS attacks and concerns ranging from malicious redirections to DDoS and...
Triad Nexus Evades Sanctions to Fuel Cybercrime
Triad Nexus, an illicit cyber‑crime network active since 2020, has generated over $200 million in losses through sophisticated cryptocurrency investment‑fraud known as pig‑butchering. After the U.S. sanctioned its primary CDN partner Funnull in 2025, the group adopted infrastructure‑laundering tactics, using front‑company...
QBS Software Africa, Partners to Tackle AI Threats at ITWeb Security Summit 2026
QBS Software Africa (Maxtec) will showcase AI‑focused security solutions alongside partners Atera, Fortinet, Fortra, Ivanti and Thales at the ITWeb Security Summit in Johannesburg. The event will address rising AI‑driven attacks, supply‑chain vulnerabilities, and the acute cybersecurity skills shortage in...
FCC Advances Consumer IoT Protection Scheme
The Federal Communications Commission has moved forward with a voluntary cybersecurity program for consumer Internet of Things (IoT) devices by naming the ioXT Alliance as the lead administrator of the US Cyber Trust Mark Programme. The scheme will allow qualifying...
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
InfoGuard discovered a new Python‑based backdoor called ViperTunnel operating in UK and US enterprises. The malware disguises itself as a system DLL and leverages the sitecustomize.py module to execute code automatically, establishing a SOCKS5 proxy on port 443. Developed by the...
Risk of Fraud and Disruption After Data Breach on Mexico Port Platform
A hacker from the Mexican group Sociedad Privada 157 breached the Ministry of the Navy’s Safe Smart Port (PIS) platform, exfiltrating 39.7 GB of data on roughly 640,000 logistics personnel. The compromised records include biometric identifiers, social security numbers, taxpayer IDs and...
Goldman Sachs ‘Hyperaware’ of AI Risks; Working with Anthropic on Mythos
Goldman Sachs warned that Anthropic’s new AI model, Mythos, can autonomously discover and exploit software vulnerabilities, raising serious cyber‑risk concerns for the financial sector. The bank’s CEO David Solomon said Goldman is "hyperaware" of these threats and is working with...
InfoReg Raises Alarm as Data Breaches Hit 788 in Q1
South Africa’s Information Regulator recorded 788 data‑breach notifications in the first quarter, a sharp rise that includes high‑profile incidents at Standard Bank, Liberty Group and Statistics South Africa. The regulator, led by Advocate Pansy Tlakula, warned that many reports lack...
Nightclub Giant RCI Hospitality Reports Data Breach
RCI Hospitality Holdings, a leading adult nightclub operator, disclosed a data breach affecting its independent contractors. The breach stemmed from an insecure direct object reference (IDOR) vulnerability on an IIS web server discovered on March 23, with unauthorized access beginning March 19....
AI Security Institute Advocates Security Best Practices After Mythos Test
The AI Security Institute (AISI) evaluated Anthropic’s Claude Mythos Preview, finding it could autonomously execute multi‑stage attacks and complete 22 of 32 steps in a simulated corporate network. The model succeeded in three out of ten attempts, highlighting both its...
Germany Complains About Hybrid Attacks
Germany’s defence ministry warned that hybrid attacks are targeting the country’s critical infrastructure and Bundeswehr units deployed abroad. Vice Admiral Thomas Daum said soldiers in Lithuania suspect phone‑call interception and disinformation campaigns, while citing drone strikes, espionage and sabotage of data...
The Mythos Threat: Why Treasurers Must Prepare for the AI Arms Race
Anthropic’s new Claude Mythos model can autonomously discover zero‑day vulnerabilities across major operating systems and browsers, turning a defensive AI tool into a potent offensive weapon. The capability has triggered emergency meetings between transatlantic regulators and the world’s largest banks,...
The AI Inflection Point: What Security Leaders Must Do Now
AI has moved from experiment to production in cybersecurity, forcing security leaders to treat it as an operating‑model shift rather than a bolt‑on tool. Threat reports show AI‑enabled adversaries accelerating attack timelines to under 30 minutes, outpacing human‑only triage. CISOs...
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Security researchers have uncovered a coordinated campaign involving 108 malicious Chrome extensions that share a common command‑and‑control server. The extensions, published under five publisher names, have collectively been installed about 20,000 times and harvest Google OAuth credentials, Telegram Web session...
Cyber Risk Ratings Fade Out; Actionable Intelligence Takes The Spotlight
The Forrester Wave™ Q2 2026 shows cyber risk rating platforms losing influence as firms demand actionable intelligence. Vendors are re‑engineering solutions to serve third‑party risk management rather than merely delivering scores. AI capabilities remain nascent, with only a few providers showcasing...
Hackers Steal Healthcare Recruitment Data
Hackers identifying themselves as XP95 claim to have exfiltrated roughly half a million files from Healthdaq, a recruitment platform used by health trusts in Northern Ireland. The stolen data spans driving licences, criminal background checks, vaccine records, passports and other...
Curious About Quantum? Check Out Training Options From ISC2, IBM, AWS and More
The quantum computing sector is accelerating toward a so‑called Q‑day, projected by Forrester to arrive by 2030, as vendors move from theoretical fault‑tolerant designs to early engineering reality. IBM targets fault‑tolerant quantum processors by 2029, while industry leaders warn that...
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A critical Remote Code Execution (RCE) flaw was discovered in the Kali Forms WordPress plugin, which powers over 10,000 active sites. The vulnerability, reported on March 2, 2026, was patched in version 2.4.10 on March 20, 2026, but attackers began exploiting it the same day,...
Research Bits: Apr. 14
Researchers from Hong Kong, Tsinghua and Southern University of Science and Technology unveiled CLAP, a memristor‑based platform that fuses physically unclonable function authentication with compute‑in‑memory, achieving 99.46% AUC on ECG data while shrinking area and power use. A separate team...
Booking.com Suffers Data Breach, Leaves Guests’ Personal Details Exposed
Booking.com confirmed a data breach that exposed guests' names, emails, phone numbers and reservation details, though financial information remained untouched. The company has not disclosed the number of affected customers, prompting heightened regulator scrutiny after a 2018 breach that resulted...
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
A dark‑web forum called TierOne has launched a $10,000 article contest that rewards technical write‑ups on vulnerability exploitation. The prize pool is split into $5,000 for first place, $3,000 for second, and $2,000 for third, with submissions accepted from April 13...
Is Everyone Scared of the AI Threat? If Not, You Should Be
U.S. regulators convened the CEOs of the nation’s biggest banks after Anthropic unveiled Claude Mythos, an AI model that can autonomously locate and chain together decades‑old software vulnerabilities. The model’s ability to turn hidden flaws into exploitable attacks prompted an...
Vault Enterprise 2.0 Modernizes Identity Security at Scale
HashiCorp announced Vault Enterprise 2.0, now generally available, adding identity‑first secret distribution, expanded Linux credential rotation, and high‑performance envelope encryption for streaming workloads. The release also introduces a new versioning and support model aligned with IBM’s lifecycle policies, guaranteeing at...
Vector Informatik Expands CANoe EV with V2G Security Testing
Vector Informatik has broadened its CANoe Test Package EV to include automated security testing for electric‑vehicle charging communication. The new module covers vehicle‑to‑grid (V2G) fuzzing, TLS 1.2/1.3 protocol checks, and Plug & Charge validation, aligning with ISO 15118‑2 and ISO 15118‑20 standards. By automating...
What You Should Know About CCPA Compliance After the California Attorney General’s 2024 Investigative Sweep
The California Attorney General’s 2024 investigative sweep spotlighted widespread failures in CCPA opt‑out compliance, especially among streaming and ad‑tech firms. The audit revealed deceptive, dysfunctional, inadequate, and fragmented opt‑out mechanisms that left consumers’ data exposed across devices and platforms. Companies...
Telecom News: CESNET, Ribbon Communications, Telit Cinterion, Lenovo, NVIDIA, Lidl, 1GLOBAL
CESNET and Ribbon Communications demonstrated a quantum‑secured optical network using Quantum Key Distribution, proving near‑zero latency encryption can be integrated into live fiber links. Telit Cinterion showcased its deviceWISE Industrial Active Intelligence platform at Hannover Messe 2026, leveraging Lenovo edge...
Australian Leaders “Overly Optimistic” About Ability to Manage Cyber Incidents: Datacom
Datacom’s State of Cybersecurity Index shows a stark gap between confidence and preparedness in Australia and New Zealand. While 39% of firms expect to recover from a major cyber incident within days, only 32% have a tested business continuity plan....
Dead Cars Tell Tales by Storing Data That's Never Wiped
Security researchers at Quarkslab dissected a telematics control unit from a salvaged BYD Seal and found that the device stores raw GPS logs for the vehicle's entire lifespan. The data, kept on unencrypted NAND memory, revealed the car’s journey from...
Shining a Light in the Dark: Observability and Security, a SANS Profile
Observability and security integration is highlighted in a new SANS report, emphasizing a unified view of system health and threat behavior. By converging monitoring data with security analytics, organizations gain predictive maintenance capabilities, optimize resources, and reduce blind spots. The...
India: E-SafeHER to Train One Million Rural Women in Cyber Safety
India’s Ministry of Electronics and Information Technology has launched the e‑SafeHER programme to teach cybersecurity to one million rural women over the next three years. The initiative creates a network of “Cyber Sakhis” who will act as community advocates, delivering multilingual,...
FCC Selects New Lead Administrator for U.S. Cyber Trust Mark Program
The Federal Communications Commission has named the ioXt Alliance as the new Lead Administrator for its U.S. Cyber Trust Mark program, a voluntary labeling scheme for consumer IoT security. The role tasks ioXt with coordinating stakeholder outreach, recommending enhanced cybersecurity...
Archives’ Information Security Office Tackles AI and CUI
The National Archives’ Information Security Oversight Office (ISOO) is confronting the rise of AI in managing Controlled Unclassified Information (CUI). Director Michael Thomas highlighted both risks—such as AI‑driven data aggregation that could aid adversaries—and opportunities, like using large‑language models to...
How UK Data Centers Can Navigate Privacy and Cybersecurity Pressures
UK data centres are now classified as essential services under the updated NIS framework and fall within the scope of the Cyber Resilience Bill, which introduces turnover‑based fines and mandatory 24‑hour breach reporting. Operators must satisfy overlapping obligations under UK...
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Organizations handling tax filings must test DDoS defenses during peak traffic, not just in low‑load windows. Real incidents in the Netherlands and Poland showed attacks timed with filing deadlines can cripple critical services. Changes to applications, CDNs, and bot‑mitigation can...
Nearly Half of March Ransomware Attacks in Tied to Just 3 Groups
Check Point researchers reported 672 ransomware incidents in March 2026, with three groups responsible for nearly half of the attacks. Qilin alone accounted for 20% of incidents, Akira for 12%, and Dragonforce RaaS for 8%. The analysis highlighted attackers’ refined...