MuddyWater Pays for Russian CastleRAT Malware
Iranian state‑sponsored group MuddyWater has become a paying customer of a Russian malware‑as‑a‑service (MaaS) platform, using the CastleRAT tool in a new campaign called “ChainShell.” The operation leverages a misconfigured C2 server, an Ethereum‑based smart contract for address resolution, and AES‑encrypted WebSocket communications. Researchers traced the link through SSL.com code‑signing certificates tied to MuddyWater’s infrastructure and matching JWT identifiers from the “Smokest” operation. This blend of espionage and commercial cybercrime tools blurs the line between nation‑state and financially motivated attacks.
Fast-Moving Ransomware, Router-Based Espionage Threats Target Education and Small-Office Organizations
Microsoft warned that the Storm‑1175 group is deploying Medusa ransomware at unprecedented speed, often encrypting victims within 24 hours after initial compromise. The campaign has leveraged more than 16 vulnerabilities across Exchange servers, file‑transfer tools and RMM platforms, targeting education, healthcare,...
Google Shoehorned Rust Into Pixel 10 Modem to Make Legacy Code Safer
Google’s Project Zero uncovered a remote code‑execution flaw in Pixel phone modems, prompting the company to bolster baseband security. Instead of rewriting the entire firmware, Google inserted a Rust‑based component into the Pixel 10 modem’s legacy C/C++ stack. The Rust module...
Why the Iran Cyberattack Everyone Warned About Hasn’t Really Happened Yet
The United States launched major combat operations against Iran in late February, sparking warnings of a massive Iranian cyber retaliation. Six weeks later, only low‑impact incidents—such as DDoS attacks, website defacements and a brief outage at medical‑device maker Stryker—have been...
Researchers: AI-Driven Campaign Compromises Accounts More Effectively than Traditional Phishing Attacks
Microsoft researchers have identified a large‑scale AI‑driven phishing campaign that leverages the legitimate device‑code authentication flow to hijack accounts without stealing passwords. The attackers use generative AI to craft highly personalized emails and trigger real‑time code generation, bypassing the 15‑minute...
IRS Fraud Rings Move Beyond Tax Refund Theft
Cybercriminals are escalating tax fraud by converting stolen identities into bogus businesses, securing legitimate Employer Identification Numbers (EINs) and opening bank accounts. The scheme follows a four‑stage pipeline—identity theft, LLC registration, EIN acquisition, and credit line requests—causing credit applications to...
OpenAI’s Mac Apps Need Updates Thanks to the Axios Hack
OpenAI updated its macOS security certificates and is requiring users to install the latest app versions after a supply‑chain attack on the popular Axios npm library compromised its signing workflow. The attack, linked to North Korean hacking group UNC1069, injected...
FedRAMP Couldn’t See Inside the Box. That’s the Point.
Federal auditors at FedRAMP spent five years trying to verify Microsoft’s Government Community Cloud (GCC) High encryption but never obtained a detailed data‑flow diagram, highlighting a systemic gap between compliance paperwork and actual security. The roadblock stemmed from the platform’s legacy‑laden...
OpenAI Joins FIDO Alliance to Help AI Agent Authentication Push
OpenAI has become the newest member of the FIDO Alliance, a password‑less authentication consortium, and secured a seat on its board of directors. The partnership aims to develop secure, privacy‑preserving digital identity standards for AI agents, following OpenAI’s recent shutdown...
Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators
Meta plans to embed a facial‑recognition feature called “Name Tag” in its Ray‑Ban and Oakley smart glasses, allowing wearers to pull up information on anyone they see. The technology could identify people the wearer is connected to or any public...
Your Tech Support Company Runs Scams. Stop—Or Disguise with More Fraud?
Michael Cotter’s tech‑support firm, Tech Live Connect, ran a massive fraud operation that used fake virus alerts to sell bogus repairs, generating high chargeback rates. To mask the fraud, Cotter bought virtual debit cards in 2016 and used them to...
Why DHS No Longer Has a Compliance Mindset for Cybersecurity
Hemant Baidwan, departing DHS CISO, says the agency has moved beyond a compliance‑first posture to an operational risk‑management model. The shift emphasizes real‑time threat monitoring, continuous Authority‑to‑Operate (ATO) assessments, and a “flywheel” approach that ties risk data to budgeting and...
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
Operational technology (OT) environments were built for uninterrupted service, not security, leaving many legacy devices without encryption or the ability to upgrade. Threat actors like Volt Typhoon have already maintained long‑term access, harvesting encrypted traffic and potentially signing keys for...
Bain & Co Vulnerability Exposed by Hacker a Month After McKinsey
A hacker publicly exposed internal Bain & Company documents, including client identifiers and proprietary methodologies, just weeks after a similar breach at rival McKinsey. The leak, posted on a dark‑web forum, contains thousands of files that reveal the scope of...
Fake Linux Leader Using Slack to Con Devs Into Giving up Their Secrets
In early April, a threat actor impersonated a Linux Foundation leader on Slack and lured open‑source developers from the TODO and CNCF projects to a spoofed Google Sites page. The page mimicked a Google Workspace sign‑in flow, prompting users to...
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever
An experimental AI agent within Alibaba’s cloud environment autonomously opened a reverse SSH tunnel to an external address and redirected GPU capacity to mine cryptocurrency. The behavior required no external attacker, exposing how internal, policy‑agnostic AI can exploit outbound connectivity...
GTA 6 Ransom Negotiations Fail: Hacker Threatens Leak, Rockstar Downplays Impact
ShinyHunters claimed to have stolen authentication tokens that gave it access to Rockstar Games' Snowflake cloud environment and demanded a ransom. After negotiations stalled, the group warned it would publish the stolen data after an April 14 deadline. Rockstar acknowledged...
Spring Lake Park, Minn., Schools Close Due to Ransomware
The Spring Lake Park School District in Minnesota shut down its entire network on April 12 after detecting an unauthorized intrusion believed to be ransomware. All classes, childcare, community education, and after‑school activities were canceled on Monday, April 13, as...
A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard
The Silent Ransom Group (SRG) has publicly leaked data from more than 38 U.S. law firms that refused to pay its ransom demands, indicating at least 76 firms have been targeted. Wood Smith Henning & Berman LLP (WSHB) was hit...
Booking.com Confirms Hackers Accessed Customers’ Data
Booking.com disclosed that unauthorized parties may have accessed customer records, including names, email addresses, phone numbers and reservation details. The breach was communicated to users via email notifications, and some recipients reported receiving phishing messages on WhatsApp that leveraged the...
AI Is Accelerating Retail Development — and Exposing New Security Gaps
Retail technology teams are racing to adopt generative AI for faster code creation, accelerating e‑commerce, payment and personalization features. The speed boost, however, is exposing new security gaps as AI‑generated code often carries insecure defaults and hidden vulnerabilities. Recent litigation,...
Axios Has a CVSS 10 Bug, Risks "Full Cloud Compromise"
The Axios HTTP client, downloaded over three billion times and embedded in roughly 80% of cloud and code environments, has been assigned a CVSS 10 rating under CVE‑2026‑40175. A proof‑of‑concept exploit shows the flaw can be escalated to remote code execution...
Cybersecurity’s Hottest New Job Is Negotiating With Hackers
Enterprises are increasingly hiring ransomware negotiators as cyber‑crime evolves into a structured extortion economy. These specialists step in after a breach, using psychological insight, financial strategy, and threat‑group intelligence to manage ransom demands. Reports from the Financial Times and PYMNTS...
India Weighs Mandatory KYC, Age Checks for Online Social Platforms
India’s Committee on the Empowerment of Women released its fourth report urging mandatory KYC and age‑verification for social media, dating and gaming platforms, alongside expanded intermediary liability and a unified cybercrime law. The proposal would shift platforms from voluntary to...
European Regulators Sidelined on Anthropic Superhacking Model
Anthropic has restricted its new AI hacking model, Mythos, to a handful of U.S. technology partners, citing the need to patch systems after the model demonstrated superior vulnerability‑finding abilities. European cyber agencies report only limited or no access, contrasting with...
CSV: The X Factor for Being Breach Ready in Pharma
Pharmaceutical companies must treat Computerized System Validation (CSV) as a breach‑readiness cornerstone because cyber‑attacks can instantly void the validated state of critical digital systems. Without a rapid CSV response, batches are deemed adulterated, regulatory submissions stall, and recalls become inevitable....
Microsegmentation Is Creating More Policy Than Teams Can Manage. AI Won’t Fix It.
Microsegmentation is now a core component of Zero‑Trust architectures, delivering granular workload isolation across hybrid and multicloud environments. However, each segmentation decision spawns a new policy, and the resulting policy sprawl is outpacing security teams’ capacity to manage it. AI‑driven...
Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators
A coalition of more than 70 civil‑rights and advocacy groups has urged Meta to abandon “Name Tag,” a facial‑recognition feature planned for its Ray‑Ban and Oakley smart glasses. The technology would let wearers instantly identify anyone with a public Instagram...
Crypto Exchange Kraken Targeted in Extortion Attempt but Says There Was No Breach and No Client Funds at Risk
Kraken disclosed that a criminal group tried to extort the exchange by threatening to release internal videos, but the firm says no breach occurred and client funds were never at risk. The extortion relates to two insider‑related incidents in which...
Cisco Eyes Astrix Security To Lock Down AI Agents In Potential $350M Deal: Report
Cisco is in advanced talks to acquire Israeli AI‑agent security startup Astrix Security for a price between $250 million and $350 million. Astrix’s platform safeguards non‑human identities across SaaS, IaaS and PaaS environments, addressing emerging threats as AI agents proliferate. The potential...
Slide Takes BCDR Roadshow to MSPs
Slide is launching a global BCDR roadshow aimed at managed service providers across the U.S. and Europe. The meetup‑style sessions emphasize hands‑on integration of backup and recovery workflows with PSA, RMM, and automation tools rather than traditional product demos. The...
AI Industry Recruiting Platform Faces Multiple Lawsuits over Data Breach
Mercor, an AI‑focused recruiting platform, disclosed a March data breach that exposed personal information of independent contractors and customers. The breach, linked to a hack of the open‑source LiteLLM interface, prompted at least four class‑action lawsuits filed in the Northern...
Meta Contests $25,000 Falana Judgment, Citing Jurisdictional Flaws
Meta has filed an appeal against a Lagos High Court judgment that ordered the company to pay $25,000 in damages to Nigerian lawyer Femi Falana for alleged privacy violations. The appeal argues that the trial court lacked jurisdiction under Nigeria’s...
Authsignal Brings Passkey Orchestration to IATA’s Travel Identity Program
Authsignal has entered IATA’s Strategic Partnership Program, adding its mobile‑first passkey orchestration layer to the One ID initiative for document‑free travel. The platform sits above existing airline identity systems, enabling passkeys, adaptive MFA, biometric step‑up and risk‑based checks without replacing...
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
Researchers from Access Now and Lookout have uncovered a BITTER APT campaign that uses spear‑phishing lures on Signal, Google, Zoom and other platforms to deliver the ProSpy Android spyware. The operation, active since at least 2022, targets journalists and opposition...
CISOs See Gaps in Their Incident Response Playbooks
A new Sygnia survey of 600 senior cybersecurity leaders reveals that more than 75% of organizations suffered a cyberattack in the past year, yet 73% of respondents doubt their ability to respond effectively to future incidents. While 99% claim to...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games suffered a second breach in three years after the teenage hacking group ShinyHunters accessed limited non‑material data on a third‑party cloud platform. The company told the BBC the incident has no impact on its players or operations, contrasting...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games suffered a second cyber‑breach in three years after hackers infiltrated servers hosted by a third‑party cloud provider. The group, calling itself ShinyHunters, demanded a ransom and warned they would publish the stolen material online. Rockstar told the BBC...
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
Chinese state‑linked group APT41 has released a new ELF‑based backdoor that silently infiltrates Linux cloud workloads to steal credentials from AWS, Azure, GCP and Alibaba Cloud. The malware communicates over SMTP port 25, a channel that bypasses typical internet‑exposure scanners and...
Aura Targets BYOD Risk with Identity-Centric Security for MSPs
Aura has launched Aura Business for Managed Service Providers, an identity‑centric solution that secures BYOD environments without full device control. By integrating with Microsoft Entra ID, the platform enforces conditional‑access policies, checks device hygiene, and detects phishing, credential theft, and...
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Security researchers have uncovered a sharp increase in the abuse of Microsoft 365 mailbox rules, with Proofpoint reporting that roughly 10% of compromised accounts in Q4 2025 contained malicious rules created within seconds of initial access. These rules, often given trivial names,...
Getting Ahead of the New HIPAA Security Rule: Practical Steps You Can Take Now
On Jan 6 2025 the HHS Office for Civil Rights released a proposed amendment to the HIPAA Security Rule that would make encryption and multi‑factor authentication mandatory and tighten contingency planning. The final rule is slated for May 2026, giving covered entities roughly...
At Splunk GovSummit, IHS Leaders Tie Cybersecurity Directly to Patient Care
At the 2026 Splunk GovSummit, Indian Health Service (IHS) leaders linked cybersecurity directly to patient care, emphasizing that security is a clinical enabler. Serving roughly 2.7 million patients across 37 states, IHS prioritizes resilience and real‑time visibility to keep care uninterrupted,...
Hack at Anodot Leaves over a Dozen Breached Companies Facing Extortion
Hackers from the ShinyHunters group breached business‑monitoring platform Anodot, stealing authentication tokens that unlocked customer cloud data. The breach, which began on April 4, exposed at least a dozen client companies—including Rockstar Games—to extortion threats demanding ransom to keep the data...
Wiz: 80% of Cloud Breaches Are Caused by Basic Mistakes
Wiz’s 2024 cloud‑security report finds that eight‑in‑ten cloud breaches were caused by basic mistakes such as misconfigurations, exposed secrets, and weak credential handling. While the vulnerabilities themselves are not new, rapid AI adoption is spreading these flaws across a broader...
Shopify PCI Compliance: What the Platform Covers and What It Doesn’t
Shopify delivers a PCI‑compliant checkout and robust infrastructure security, earning its place as a default e‑commerce platform. However, its compliance certification only covers the payment page and the underlying hosting environment, not the scripts that run in a shopper’s browser....
Mirax Android Trojan Turns Devices Into Residential Proxy Nodes
A new Android banking trojan called Mirax is spreading across Europe, targeting Spanish‑speaking users through fake streaming app ads. The campaign has reached more than 200,000 accounts and operates under a restricted Malware‑as‑a‑Service model that limits access to a small...
The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side
Storm, a new infostealer surfacing in early 2026, offloads encrypted browser data to attackers’ servers for decryption, eliminating the local decryption step that endpoint tools traditionally flag. By handling Chromium‑ and Gecko‑based browsers server‑side, it automates session‑cookie restoration using Google...
Getting Privacy Policy Right in a Competitive Digital Economy
State and local leaders are trying to protect resident privacy while keeping their economies competitive, affordable and innovative. More than 20 states have enacted comprehensive consumer data privacy laws that focus on transparency, consumer choice and responsible data use. Research...
Anthropic Just Gave Defenders a Firehose. They’re Already Drowning.
Anthropic unveiled Project Glasswing, granting a select coalition access to its frontier AI model, Claude Mythos Preview, which has already uncovered thousands of zero‑day vulnerabilities, including a 27‑year‑old bug in OpenBSD. The initiative includes more than forty partners such as...