Brute-Force Cyberattacks Originating in Middle East Surge in Q1
Barracuda reported a sharp rise in brute‑force authentication attacks on network devices during Q1 2026, with roughly 90% of the activity traced to Middle‑East sources. SonicWall and Fortinet FortiGate firewalls were the most frequently targeted, accounting for over half of the observed threat volume. The surge overlapped with heightened cyber activity from Iran‑linked groups following the late‑February US‑Israel bombing campaign. Security experts recommend immediate MFA deployment and stricter password policies to mitigate further compromise.
Cloudflare Partners with Wiz to Secure the Global AI Attack Surface, Eliminating Blind Spots Caused by Shadow AI
Cloudflare announced a partnership with Wiz, now part of Google Cloud, to embed its AI Security for Apps into Wiz’s Security Graph. The integration creates a unified, model‑agnostic view of an organization’s AI footprint, detecting shadow AI, prompt‑injection attacks and...
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Cybersecurity firm HUMAN uncovered a new ad‑fraud operation dubbed Pushpaganda that weaponizes AI‑generated news articles to infiltrate Google Discover. The scheme tricks Android and Chrome users into enabling push notifications that deliver scareware and financial scams, driving traffic to malicious...
Cloudflare Launches Mesh to Secure the AI Agent Lifecycle
Cloudflare announced Mesh, a private networking solution built for AI agents that unifies agents, humans, and multicloud infrastructure into a single secure fabric. The service replaces legacy VPNs and manual tunnels, letting developers provision private connectivity in minutes while keeping...
5 Ways Zero Trust Maximizes Identity Security
Stolen credentials accounted for 22% of known initial access attempts in 2025, making them the top entry vector for attackers. Zero Trust promises to curb this risk, but only when identity is the core focus rather than a collection of...
Quantum Computers Could Usher in a Crisis Worse than Y2K
Quantum researchers warn that a functional, large‑scale quantum computer capable of breaking RSA and ECC encryption – dubbed Q‑Day – may emerge within the next decade. The threat mirrors the Y2K panic, but the underlying cryptographic foundations are far more...
X.Org X Server and Xwayland Security Advisory Released for Multiple Issues
The X.Org X server and Xwayland projects have issued a security advisory covering five critical vulnerabilities (CVE‑2026‑33999‑34003). Updated packages—xorg‑server‑21.1.22 and xwayland‑24.1.10—contain patches that resolve integer underflow, out‑of‑bounds reads, and a use‑after‑free bug in XKB and XSYNC components. The flaws, discovered...
Claroty Advances CPS Security with Visibility Orchestration in xDome
Claroty has launched Visibility Orchestration within its SaaS platform Claroty xDome, turning vague asset visibility into a measurable score that drives security actions. The new capabilities automatically assess visibility gaps, prioritize remediation tasks, and enrich asset data using AI, Edge scans,...
Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
An independent audit by webXray examined traffic on more than 7,000 California websites and found that Google, Microsoft and Meta routinely set advertising cookies even when users sent a Global Privacy Control (GPC) opt‑out signal. Google ignored the signal on...
Oligo Security Moves Beyond CVE Prioritization with Real-Time Application-Layer Exploit Blocking
Oligo Security unveiled Runtime Exploit Blocking, a capability that intercepts application‑layer exploit attempts in real time without terminating containers or disrupting services. The technology correlates function calls with system activity to detect malicious sequences and blocks the offending system call...
Manifest Platform From Manifold Targets AI Agent Supply Chain Security Gaps
Manifold Security launched Manifest, a free, open‑access platform that maps AI agent supply‑chain dependencies and external system interactions. The graph‑based service builds execution and environment graphs to reveal hidden risk patterns that traditional file‑level scans miss. Manifold’s accompanying report identified...
FossID Launches Agentic SCA to Bring Real-Time Compliance to AI-Driven Code Development
FossID AB introduced Agentic SCA, a real‑time software composition analysis layer designed for AI‑driven code development. The solution embeds compliance checks directly into AI agents, enabling instant detection of open‑source components, license obligations, and vulnerabilities as code is written. By...
DavMail 6.6.0 Patches a Regex Flaw and Advances Its Microsoft Graph Backend
DavMail 6.6.0 was released this week, addressing a regex‑based security alert, updating the OAuth redirect URI to match Microsoft’s recent OIDC change, and fixing multiple IMAP, SMTP, CalDAV and CardDAV bugs. The update adds VCARD4 birthday support, switches CardDAV photo...
Kraken Is Actively Being Extorted by Criminals Threatening to Release the Top Crypto Exchange’s Internal Data
Kraken disclosed that criminals are extorting the exchange after two support employees improperly accessed limited client data. Approximately 2,000 accounts, representing 0.02% of its user base, were potentially viewed, but the core trading and custody systems were not breached and...
Intruder Adds Container Image Scanning to Cloud Security Platform
Intruder has expanded its cloud security platform to include daily container image scanning across AWS Elastic Container Registry, Google Cloud Artifact Registry, and Azure Container Registry. The new capability uses a graphical interface that requires no agents, letting both security...
Why CIOs Are Moving Away From Legacy Consulting in the AI Era
CIOs are abandoning traditional consulting firms as AI accelerates transformation and exposes gaps in strategy‑execution alignment. Legacy firms’ sequential approach and post‑hoc security fail to meet the speed, precision, and accountability CIOs now demand. New‑generation firms that embed security and...
3 Quantum Realities to Confront This World Quantum Day
World Quantum Day highlighted the accelerating timeline toward a post‑quantum future, with industry leaders warning that waiting for certainty will delay critical migration. Experts emphasized that the operational risk lies in how long it takes to identify dependencies, prioritize remediation,...
China-Linked Cloud Credential Heist Runs on Typos and SMTP
Chinese‑aligned APT41 has deployed a Linux ELF backdoor that steals cloud credentials across AWS, GCP, Azure and Alibaba Cloud. The malware uses port 25 SMTP as a covert C2 channel, sending harvested IAM role and service‑account tokens to three typosquatted...
What Is Anthropic's Mythos AI Model and Why Does It Have the Financial World in a Panic?
Anthropic PBC unveiled Mythos, a general‑purpose AI model that can independently locate and exploit high‑severity software vulnerabilities. The company disclosed that Mythos identified thousands of flaws across major operating systems and browsers, prompting Anthropic to restrict public release and instead...
DataVisor Brings Conversational AI Agents to Fraud and AML Operations
DataVisor unveiled Vera, a conversational AI agent suite that lets financial institutions manage fraud and AML tasks through plain‑language commands. The platform automates detection, investigation, and regulatory reporting, promising up to three‑fold gains in detection coverage and a 20‑30× reduction...
SAP Patches Critical ABAP Vulnerability
SAP released 20 new and updated security notes on April 14, 2026, including two critical CVEs. The most severe, CVE‑2026‑27681 (CVSS 9.9), is a SQL‑injection flaw in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution. SAP mitigated the issue...
Anthropic’s Mythos Raises the Stakes for Software Security
Anthropic has placed its new Claude Mythos preview model—capable of uncovering thousands of previously unknown software vulnerabilities—behind a tightly controlled early‑access program. The company limited access to a select group of major technology and security firms, citing the model’s dual‑use...
How Contact Centers Detect and Prevent Fraud
Contact centers are increasingly targeted by fraudsters exploiting weak authentication and under‑trained agents, especially as operations shift to digital and remote channels. Common schemes include identity theft, account takeover, card‑not‑present purchases, and vishing attacks that leverage caller‑ID spoofing and synthetic...
DNS Security Is Often Inadequate, and Network Engineers Should Get More Involved
Enterprise Management Associates’ DDI Directions 2026 report reveals that only 28% of DDI experts consider their DNS infrastructure fully secure. Threats are evolving, with 86% of enterprises witnessing AI‑enhanced DNS attacks and concerns ranging from malicious redirections to DDoS and...
Triad Nexus Evades Sanctions to Fuel Cybercrime
Triad Nexus, an illicit cyber‑crime network active since 2020, has generated over $200 million in losses through sophisticated cryptocurrency investment‑fraud known as pig‑butchering. After the U.S. sanctioned its primary CDN partner Funnull in 2025, the group adopted infrastructure‑laundering tactics, using front‑company...
QBS Software Africa, Partners to Tackle AI Threats at ITWeb Security Summit 2026
QBS Software Africa (Maxtec) will showcase AI‑focused security solutions alongside partners Atera, Fortinet, Fortra, Ivanti and Thales at the ITWeb Security Summit in Johannesburg. The event will address rising AI‑driven attacks, supply‑chain vulnerabilities, and the acute cybersecurity skills shortage in...
FCC Advances Consumer IoT Protection Scheme
The Federal Communications Commission has moved forward with a voluntary cybersecurity program for consumer Internet of Things (IoT) devices by naming the ioXT Alliance as the lead administrator of the US Cyber Trust Mark Programme. The scheme will allow qualifying...
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
InfoGuard discovered a new Python‑based backdoor called ViperTunnel operating in UK and US enterprises. The malware disguises itself as a system DLL and leverages the sitecustomize.py module to execute code automatically, establishing a SOCKS5 proxy on port 443. Developed by the...
Risk of Fraud and Disruption After Data Breach on Mexico Port Platform
A hacker from the Mexican group Sociedad Privada 157 breached the Ministry of the Navy’s Safe Smart Port (PIS) platform, exfiltrating 39.7 GB of data on roughly 640,000 logistics personnel. The compromised records include biometric identifiers, social security numbers, taxpayer IDs and...
Goldman Sachs ‘Hyperaware’ of AI Risks; Working with Anthropic on Mythos
Goldman Sachs warned that Anthropic’s new AI model, Mythos, can autonomously discover and exploit software vulnerabilities, raising serious cyber‑risk concerns for the financial sector. The bank’s CEO David Solomon said Goldman is "hyperaware" of these threats and is working with...
InfoReg Raises Alarm as Data Breaches Hit 788 in Q1
South Africa’s Information Regulator recorded 788 data‑breach notifications in the first quarter, a sharp rise that includes high‑profile incidents at Standard Bank, Liberty Group and Statistics South Africa. The regulator, led by Advocate Pansy Tlakula, warned that many reports lack...
Nightclub Giant RCI Hospitality Reports Data Breach
RCI Hospitality Holdings, a leading adult nightclub operator, disclosed a data breach affecting its independent contractors. The breach stemmed from an insecure direct object reference (IDOR) vulnerability on an IIS web server discovered on March 23, with unauthorized access beginning March 19....
AI Security Institute Advocates Security Best Practices After Mythos Test
The AI Security Institute (AISI) evaluated Anthropic’s Claude Mythos Preview, finding it could autonomously execute multi‑stage attacks and complete 22 of 32 steps in a simulated corporate network. The model succeeded in three out of ten attempts, highlighting both its...
Germany Complains About Hybrid Attacks
Germany’s defence ministry warned that hybrid attacks are targeting the country’s critical infrastructure and Bundeswehr units deployed abroad. Vice Admiral Thomas Daum said soldiers in Lithuania suspect phone‑call interception and disinformation campaigns, while citing drone strikes, espionage and sabotage of data...
The Mythos Threat: Why Treasurers Must Prepare for the AI Arms Race
Anthropic’s new Claude Mythos model can autonomously discover zero‑day vulnerabilities across major operating systems and browsers, turning a defensive AI tool into a potent offensive weapon. The capability has triggered emergency meetings between transatlantic regulators and the world’s largest banks,...
The AI Inflection Point: What Security Leaders Must Do Now
AI has moved from experiment to production in cybersecurity, forcing security leaders to treat it as an operating‑model shift rather than a bolt‑on tool. Threat reports show AI‑enabled adversaries accelerating attack timelines to under 30 minutes, outpacing human‑only triage. CISOs...
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Security researchers have uncovered a coordinated campaign involving 108 malicious Chrome extensions that share a common command‑and‑control server. The extensions, published under five publisher names, have collectively been installed about 20,000 times and harvest Google OAuth credentials, Telegram Web session...
Cyber Risk Ratings Fade Out; Actionable Intelligence Takes The Spotlight
The Forrester Wave™ Q2 2026 shows cyber risk rating platforms losing influence as firms demand actionable intelligence. Vendors are re‑engineering solutions to serve third‑party risk management rather than merely delivering scores. AI capabilities remain nascent, with only a few providers showcasing...
Hackers Steal Healthcare Recruitment Data
Hackers identifying themselves as XP95 claim to have exfiltrated roughly half a million files from Healthdaq, a recruitment platform used by health trusts in Northern Ireland. The stolen data spans driving licences, criminal background checks, vaccine records, passports and other...
Curious About Quantum? Check Out Training Options From ISC2, IBM, AWS and More
The quantum computing sector is accelerating toward a so‑called Q‑day, projected by Forrester to arrive by 2030, as vendors move from theoretical fault‑tolerant designs to early engineering reality. IBM targets fault‑tolerant quantum processors by 2029, while industry leaders warn that...
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A critical Remote Code Execution (RCE) flaw was discovered in the Kali Forms WordPress plugin, which powers over 10,000 active sites. The vulnerability, reported on March 2, 2026, was patched in version 2.4.10 on March 20, 2026, but attackers began exploiting it the same day,...
Research Bits: Apr. 14
Researchers from Hong Kong, Tsinghua and Southern University of Science and Technology unveiled CLAP, a memristor‑based platform that fuses physically unclonable function authentication with compute‑in‑memory, achieving 99.46% AUC on ECG data while shrinking area and power use. A separate team...
Booking.com Suffers Data Breach, Leaves Guests’ Personal Details Exposed
Booking.com confirmed a data breach that exposed guests' names, emails, phone numbers and reservation details, though financial information remained untouched. The company has not disclosed the number of affected customers, prompting heightened regulator scrutiny after a 2018 breach that resulted...
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
A dark‑web forum called TierOne has launched a $10,000 article contest that rewards technical write‑ups on vulnerability exploitation. The prize pool is split into $5,000 for first place, $3,000 for second, and $2,000 for third, with submissions accepted from April 13...
Is Everyone Scared of the AI Threat? If Not, You Should Be
U.S. regulators convened the CEOs of the nation’s biggest banks after Anthropic unveiled Claude Mythos, an AI model that can autonomously locate and chain together decades‑old software vulnerabilities. The model’s ability to turn hidden flaws into exploitable attacks prompted an...
Vector Informatik Expands CANoe EV with V2G Security Testing
Vector Informatik has broadened its CANoe Test Package EV to include automated security testing for electric‑vehicle charging communication. The new module covers vehicle‑to‑grid (V2G) fuzzing, TLS 1.2/1.3 protocol checks, and Plug & Charge validation, aligning with ISO 15118‑2 and ISO 15118‑20 standards. By automating...
What You Should Know About CCPA Compliance After the California Attorney General’s 2024 Investigative Sweep
The California Attorney General’s 2024 investigative sweep spotlighted widespread failures in CCPA opt‑out compliance, especially among streaming and ad‑tech firms. The audit revealed deceptive, dysfunctional, inadequate, and fragmented opt‑out mechanisms that left consumers’ data exposed across devices and platforms. Companies...
Telecom News: CESNET, Ribbon Communications, Telit Cinterion, Lenovo, NVIDIA, Lidl, 1GLOBAL
CESNET and Ribbon Communications demonstrated a quantum‑secured optical network using Quantum Key Distribution, proving near‑zero latency encryption can be integrated into live fiber links. Telit Cinterion showcased its deviceWISE Industrial Active Intelligence platform at Hannover Messe 2026, leveraging Lenovo edge...
Australian Leaders “Overly Optimistic” About Ability to Manage Cyber Incidents: Datacom
Datacom’s State of Cybersecurity Index shows a stark gap between confidence and preparedness in Australia and New Zealand. While 39% of firms expect to recover from a major cyber incident within days, only 32% have a tested business continuity plan....
Dead Cars Tell Tales by Storing Data That's Never Wiped
Security researchers at Quarkslab dissected a telematics control unit from a salvaged BYD Seal and found that the device stores raw GPS logs for the vehicle's entire lifespan. The data, kept on unencrypted NAND memory, revealed the car’s journey from...
