Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Iran‑affiliated advanced persistent threat actors have begun disrupting U.S. critical infrastructure by exploiting internet‑exposed programmable logic controllers, especially Rockwell Automation/Allen‑Bradley devices. The campaign, launched after a U.S.–Israel strike on Iran, manipulates PLC project files and SCADA displays, causing operational downtime and financial loss across energy, water, and government sectors. Agencies including CISA, FBI, NSA, EPA, DOE, and Cyber Command issued a joint advisory warning of the attacks and providing mitigation steps. The advisory stresses removing direct internet exposure and hardening OT networks to prevent further incursions.
API Security Risks Rise as AI Adoption Accelerates
Enterprises accelerating AI and autonomous agents are exposing APIs as a critical attack vector, according to Salt Security’s first‑half 2026 report. Nearly half of organizations (47%) have paused AI rollouts over security concerns, while 32% reported API‑related incidents in the...
US Cyber Breach Costs Hit Record $10.2 Million as AI Accelerates Attack Timelines
The 2026 Chubb Cyber Claims Report shows U.S. data‑breach costs soaring to $10.2 million on average in 2025, more than twice the global figure. AI‑powered malware now compromises networks in minutes, while AI‑driven defenses have kept incident frequency steady in some...
Behind the Investment: Linx
Linx Security announced a $50 million Series B round led by Insight Partners, Index Ventures and Cyberstarts. The AI‑native identity governance platform tackles the growing gap between human users and non‑human identities such as service accounts and AI agents. By leveraging an...
10 ChatGPT Prompts L1 SOC Analysts Can Use in Their Daily Work
The article lists ten ready‑to‑use ChatGPT prompts that help Level‑1 SOC analysts automate repetitive tasks such as alert summarization, log analysis, triage checklist creation, case note drafting, and executive‑level reporting. Each prompt is designed to turn raw security data into...
Iowa AG Files Lawsuit Against Change Healthcare over 2024 Data Breach
Change Healthcare, a UnitedHealth Group subsidiary, faces a lawsuit filed by Iowa Attorney General Brenna Bird alleging violations of state consumer‑protection and data‑security laws. The suit stems from a February 2024 breach that went undetected for ten days, exposing Social...
Act-of-War Clauses Cloud Cyber Insurance Coverage
Geopolitical tensions are prompting insurers to insert act‑of‑war exclusions into cyber policies, a provision traditionally used in homeowners and travel insurance. The language lags behind the rapid evolution of cyberwarfare, leaving companies uncertain whether state‑sponsored attacks are covered. Lawyers and...
Anthropic's Zero Day Machine "Mythos" Triggers Hype, Criticism
Anthropic announced Mythos, an unreleased frontier model it says can automatically uncover zero‑day software vulnerabilities far beyond its Opus 4.6 system. The company claims the model’s potency is so high it cannot be released publicly yet. Critics argue the assertions lack...
When the Levee Breaks: Managing Cybersecurity Threats During Natural Disasters
Utility firms face a surge in cyber threats when natural disasters strain resources and distract staff. Experts recommend year‑round phishing awareness, a unified monitoring dashboard, and automated behavioral alerts to keep attackers at bay. Robust incident and disaster response plans,...
New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing
Cybercriminals are now using QR codes in traffic‑violation phishing scams. Scammers send fake “Notice of Default” letters that appear to come from state courts and urge recipients to scan a QR code to settle an alleged $6.99 fee. The QR...
NERC Is ‘Actively Monitoring the Grid’ Following Iran-Linked Cyber Threat
The Cybersecurity and Infrastructure Security Agency (CISA) warned that Iranian‑linked hackers are exploiting programmable logic controllers (PLCs) used in U.S. power, water and government facilities. The attacks manipulate software configurations and human‑machine interfaces, causing operational disruptions and potential financial loss....
From Bytecode to Bytes: Automated Magic Packet Generation
Linux malware increasingly embeds malicious logic in classic Berkeley Packet Filter (BPF) programs, waiting for a precise "magic" packet to activate. Researchers demonstrated that symbolic execution with the Z3 theorem prover can automatically reverse‑engineer these filters and synthesize the triggering...
NWN Adds Managed Security Services With MDR Partnership, Penetration Testing, vCISO
NWN launched NWN Cybersecurity, a managed security services suite that combines in‑house penetration testing, vCISO, and MDR delivered through a partnership with Arctic Wolf. The offering integrates the AI‑driven Aurora Superintelligence platform and leverages existing Cisco and Palo Alto Networks relationships. NWN...
As Open Banking Fuels Interconnectivity, Privacy Matters More
Open banking is deepening connections between traditional banks and fintech providers, intensifying the flow of consumer data. As data sharing grows, regulators and firms are under pressure to deliver clearer, plain‑language privacy disclosures that consumers can easily locate. Javelin Strategy’s...
TikTok Plans Second Billion-Dollar Data Centre in Finland in Move to Store European User Data Locally
TikTok will spend €1 billion (about $1.16 billion) to build a second data centre in Lahti, Finland, adding to its European data‑sovereignty programme. The site will launch with 50 MW of power, scalable to 128 MW, and is slated for operation by 2027. The...
Modernising Governance: A Capability-Centric Approach to Legacy Mainframes
The article argues that traditional entitlement‑centric access governance for mainframe (z/OS) and IBM i systems fails because it abstracts away the business meaning of permissions. It proposes a capability‑centric model that defines access in terms of concrete business actions using...
Who Really Runs Your VPN — and What that May Mean for Your Privacy
A new analysis of 50 VPN providers reveals that the majority rely on a handful of UK hosting firms—M247, Datacamp and CDN77—and rent space in data‑center buildings owned by US giants Equinix and Digital Realty. The study shows 73% of...
Russians Hijacking Routers for Cyber Spying
Russian GRU’s 85th Main Special Service Center has been hijacking vulnerable home routers, notably TP‑Link devices, since at least 2024 by exploiting CVE‑2023‑50224. The actors reconfigure DHCP/DNS settings to route traffic through their own resolvers, enabling man‑in‑the‑middle attacks that capture...
A String of Radio Hijacks Exposes a Deeper Broadcast Weakness
A series of radio broadcast hijacks, including the recent intrusion at Michigan's 107.7 The Bay, reveal a growing vulnerability in studio‑to‑transmitter links. The FCC’s November notice confirmed that attackers are repeatedly compromising unsecured Barix audio equipment to replace legitimate programming...
NL: Dutch Healthcare Software Vendor Goes Dark After Ransomware Attack
ChipSoft, the leading Dutch provider of hospital patient‑record software, was hit by a ransomware attack that took its website offline on April 7. The breach affects roughly 80 percent of the Netherlands’ hospitals, potentially disrupting access to electronic health records. Officials have...
Tired of Targeted Ads? This Simple iPhone Fix Stops App Tracking in Seconds.
Apple’s App Tracking Transparency (ATT) lets iPhone users block apps from accessing the advertising identifier (IDFA) and other tracking data unless they explicitly grant permission. Users can disable tracking globally or per‑app via Settings > Privacy & Security > Tracking, turning targeted ads into generic ones....
HK: Man Arrested over Stolen Patient Personal Data
Hong Kong police have arrested a contractor employee accused of stealing personal data belonging to more than 56,000 patients in the Kowloon East Hospital Authority cluster. The breach involved unauthorized extraction of names, IDs, and medical details, which were later...
Families Face Identity Theft Following a Death
Families of deceased Americans face a growing risk of identity theft as unclosed digital accounts become vulnerable. The California Department of Justice estimates 2.5 million dead individuals have their identities stolen each year, with 800,000 cases directly targeted because the owners...
Why Customers Must Take Control Against Social Engineering Scams
Monzo relies on advanced machine‑learning tools to block many fraud attempts, but customers must adopt a proactive risk‑management mindset. Richard Bromley, speaking at Identity Week Europe 2026, warns that social‑engineering scams—especially impersonation and investment fraud—still catch users off‑guard. About 66%...
Anthropic Reckons Its New Model Has Cracked Cyber Security
Anthropic unveiled Mythos, an AI model that can automatically spot coding flaws and high‑severity security vulnerabilities across major operating systems and browsers. Recognizing the dual‑use risk, the company launched Project Glasswing, granting early access to Mythos for a consortium of...
Hong Kong Car Owner Loses HK$500,000 in Fuel Membership Card Scam
A Hong Kong driver was duped by scammers posing as fuel‑company staff on WhatsApp, losing HK$500,000 (about US$63,800) through a series of prepaid petrol‑card top‑up deals. The fraudsters leveraged soaring fuel prices and promises of deeper discounts to extract more...
NCSC Issues Alert over Russian Hacker Campaign Targeting SOHO Routers
The UK National Cyber Security Centre (NCSC) has linked two new Russian‑linked campaigns to APT28, also known as Fancy Bear, that hijack small‑office/home‑office (SOHO) routers to manipulate DNS settings. By redirecting traffic through malicious name servers, the group conducts man‑in‑the‑middle attacks...
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
Horizon3.ai uncovered a remote code execution vulnerability (CVE‑2026‑34197) in Apache ActiveMQ Classic that had been hidden for 13 years. The flaw lets attackers fetch remote configuration files via the Jolokia API and execute arbitrary OS commands, especially when default credentials...
Ransomware Response: How Businesses Regain Control Under Pressure
Ransomware attacks now hinge on speed, forcing executives to make high‑stakes decisions within hours. The article outlines how the crisis expands from a technical breach to an enterprise‑wide challenge involving legal, financial, and reputational risks. It stresses that pre‑emptive controls—isolated...
Voice Scams: When AI Calls Your Patients, Who’s Responsible?
In 2025, 38% of Americans reported receiving scam calls where fraudsters impersonated their healthcare providers, a surge driven by AI‑generated deepfake voices. Multi‑modal campaigns—combining texts, calls, and emails—have amplified the threat, exemplified by the Kettering Health outage that disrupted patient...
More than Half of Enterprises Are Using Devices with Out-of-Date Operating Systems – and It’s Leaving Them Wide Open to...
Jamf’s Security 360 Report, analyzing over 150,000 macOS devices, found that more than half of enterprises have at least one computer running a critically out‑of‑date operating system. Vulnerable applications are pervasive, with 95 % of assessed apps containing a medium‑severity flaw and...
N. Korean Hackers Spread 1,700 Malicious Packages Across Npm, PyPI, Go, Rust
North Korean‑linked threat group UNC1069, operating under the Contagious Interview campaign, has published more than 1,700 malicious packages across major open‑source ecosystems including npm, PyPI, Go, Rust and Packagist. The packages act as stealthy loaders that fetch second‑stage payloads with...
Gov. Tim Walz Deploys National Guard After Winona Cyberattack Disrupts Services
A cyberattack on Winona County began on April 6, crippling the county’s digital infrastructure that supports emergency and municipal services. Governor Tim Walz issued an emergency executive order authorizing the Minnesota National Guard to assist with containment, system stabilization, and recovery....
FBI Takes Down APT28 Network Behind Global DNS Hijacking Attacks
The FBI, in coordination with the Department of Justice, launched Operation Masquerade to dismantle a global network of compromised SOHO routers used by the Russian-linked threat group APT28 for DNS hijacking. The operation reset DNS configurations on thousands of TP‑Link...
Men Are Buying Hacking Tools to Use Against Their Wives and Friends
AI Forensics examined 2.8 million messages from 16 Italian and Spanish Telegram groups, uncovering a thriving market where men purchase hacking and surveillance tools to target wives, girlfriends, and acquaintances. The study recorded over 24 000 participants sharing 82 723 abusive images, videos and...
Got a Text About Expiring Reward Points? Look Closer
Consumers are receiving text messages warning that their loyalty‑program points are about to expire, but the Federal Trade Commission reports many of these alerts are fraudulent. Scammers embed links that, when clicked, harvest personal data or install malware on the...
CleanStart Takes Aim at BusyBox to Harden Container Security
CleanStart has introduced a BusyBox‑free container architecture that replaces the traditional monolithic utility binary with statically compiled, purpose‑specific tools. By validating the filesystem during image construction, the platform removes unused components and blocks BusyBox from final images, delivering deterministic containers....
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
Researchers have uncovered a zero‑day vulnerability in Adobe Reader that allows remote code execution through crafted PDF files. The exploit chain leverages a memory‑corruption flaw, runs entirely in memory, and requires no user interaction beyond opening the document. Its multi‑layer...
Iran-Linked Hackers Breach U.S. Industrial Systems, Trigger Disruptions
The FBI, CISA, and NSA issued a joint advisory on April 7, 2026 warning that Iranian‑affiliated APT groups are actively exploiting internet‑exposed programmable logic controllers (PLCs) to disrupt U.S. critical infrastructure. The campaign targets water, wastewater, energy, and government services,...
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran‑affiliated cyber actors are targeting internet‑exposed programmable logic controllers (PLCs) across U.S. critical‑infrastructure sectors, including water, energy, and government facilities. The attackers use Dropbear SSH to gain remote access, manipulate HMI/SCADA displays, and disrupt device functionality, focusing on Rockwell Automation...
Bharti Airtel Keen to Work with OTT Cos to Fight Spam: Rahul Vatts
Bharti Airtel announced it will collaborate with OTT communication providers to expand its AI‑driven anti‑spam program, building on a recent partnership with Google that routes RCS messages through Airtel’s spam filters. The telco reports having blocked 71 billion spam calls and...
Major PX4 Drone Software Vulnerability Raises Hijacking Concerns
Cybersecurity firm CYVIATION has identified a critical flaw in the open‑source PX4 Autopilot flight‑control software, catalogued as CVE‑2026‑1579 with a 9.8‑out of‑10 severity rating. The vulnerability stems from missing authentication on MAVLink communications, allowing an attacker on the same network...
Zscaler's AI Agent Security Push: Will It Be a New Growth Driver?
Zscaler is launching a dedicated AI‑agent security suite as enterprises rapidly adopt machine‑driven workflows, expanding the cyber‑attack surface. The company processed nearly 1 trillion AI‑related transactions in 2025 and saw ZDX Advanced Plus bookings jump 80% YoY to $100 million in Q2...
The $135M Google Data Settlement Site Is Live — See If You're Eligible
Google has launched the official website for the $135 million settlement of the Taylor v. Google class‑action lawsuit, which alleges Android devices transmitted cellular data without consent. The settlement covers roughly 100 million U.S. Android users and will be finalized at a...
MCP Security: Logging and Runtime Security Measures
The Model Context Protocol (MCP) enables AI agents to run code on servers, exposing them to prompt‑injection, command‑injection, and tool‑poisoning threats. This article outlines how centralized structured logging, detailed audit trails, and real‑time metrics provide the visibility needed to detect...
Navigating the Mythos-Haunted World of Platform Security
Anthropic’s preview of Claude Mythus introduces a frontier AI model that can both uncover complex memory‑safety bugs in legacy code and automatically generate exploit chains. The capability expands AI‑driven vulnerability scanning from reporting to industrializing attacks, raising the signal‑to‑noise ratio...
Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest
A pro‑Iranian cybercrime group claimed responsibility for denial‑of‑service attacks that took down the websites of Chime Financial and Pinterest on April 1. The outages disrupted online services for the fintech and social‑media platforms, prompting emergency response measures. No data breach was...
Innovative Phishing Simulations to Build Cyber-Resilience
Phishing simulations are evolving from generic, click‑rate tests to hyper‑personalized, technically sophisticated exercises that mirror modern threat vectors such as AI‑driven BEC and MFA‑bypass attacks. Security teams now replicate exact corporate communication styles and even simulate proxy‑phishing sessions to expose...
Hackers Exploit Critical Flaw in Ninja Forms WordPress Plugin
A critical vulnerability (CVE‑2026‑0740) in Ninja Forms' File Upload add‑on lets unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. Wordfence blocked over 3,600 exploitation attempts in a single day, confirming active abuse. The flaw affects versions up...
Why AI, Sovereignty and Visibility Are Redefining Cyber Strategy: Infotrust
Infotrust executives warn that data sovereignty, AI governance, and visibility are reshaping cyber strategy as geopolitical tensions and rapid AI adoption intensify risk. They highlight the rise of "shadow AI"—unsanctioned AI tools used by employees—while noting that vulnerability exploitation windows...