AI-Assisted Fraud Makes Big Debut in FBI's Cybercrime Stats
The FBI’s 2025 Internet Crime Complaint Centre report introduced AI‑assisted fraud as a distinct category, documenting $893 million in losses. Overall cybercrime losses topped $20 billion, a 26 percent rise from 2024, with investment scams leading at $8.6 billion. AI‑generated content fueled business‑email‑compromise, voice‑cloning, romance, and cryptocurrency scams, adding tens of millions in damages. The bureau warned that many AI‑related losses remain under‑reported.
Jones Day Confirms Limited Breach After Phishing Attack by Silent Ransom Group
Jones Day, one of the nation’s top law firms, confirmed a limited data breach after the Silent Ransom Group (SRG) posted files for ten clients on a dark‑web leak site. The attackers demanded roughly $13 million to delete the stolen data...
China Ready to Interfere in Local Elections: NSB
Taiwan’s National Security Bureau warned that Beijing is poised to interfere in the November nine‑in‑one local elections through a coordinated hybrid campaign. The report details more than 173 million cyber attacks on the government service network, 13,000 suspicious online accounts and...
Pipeline Security Lessons From March Supply Chain Incidents
Between March 19 and March 31, 2026, the TeamPCP threat group executed four supply‑chain attacks that compromised the open‑source scanner Trivy, the IaC scanner Checkmarx KICS, the AI model gateway LiteLLM, and the JavaScript client axios. Each breach leveraged malicious...
ATO Adds In-App Call Verification to Stop Scams
The Australian Taxation Office (ATO) has introduced a new in‑app “verify call” feature that lets taxpayers confirm whether a phone call claiming to be from the ATO is authentic within 30 seconds. The tool, available on iOS and Android, pushes...
2027 POTUS Budget Proposal Targets CISA With Funding Cuts
The FY2027 White House budget proposes cutting the Cybersecurity and Infrastructure Security Agency’s (CISA) funding by up to $707 million, reducing its budget to just over $2 billion. The administration frames the reductions as a strategic realignment that narrows CISA’s focus to...
AI-Assisted Supply Chain Attack Targets GitHub
A threat actor used AI‑assisted automation to launch the "prt‑scan" supply‑chain campaign on GitHub, opening over 500 malicious pull requests between March 11 and early April. The campaign targeted repositories that use the vulnerable pull_request_target workflow, compromising fewer than 10 %...
Scammers Posing as Federal Officials Drive Complaints up and Rack up $800 Million in Losses
The FBI’s 2025 Internet Crime Complaint Center report shows government‑impersonation scams nearly doubled from 2024, with complaints rising from about 17,300 to 32,500. Victims lost roughly $797 million in 2025, up from $405 million the year before, placing this fraud among the...
Axios Attack Shows Complex Social Engineering Is Industrialized
The popular JavaScript HTTP client Axios was compromised when North Korean state‑linked group UNC1069 socially engineered lead maintainer Jason Saayman into installing a malicious dependency. The attackers delivered a remote‑access Trojan via a fake Slack workspace and Microsoft Teams call,...
Maine House Advances McCabe Bill to Strengthen Cybersecurity at Maine Hospitals
The Maine House unanimously advanced Rep. Julie McCabe’s LD 2103, mandating hospitals adopt cybersecurity plans aligned with DHS and CISA best practices. The bill requires prompt law‑enforcement notification, backup communication systems, and annual staff training. It responds to spring cyber‑attacks that...
Microsoft Links Medusa Ransomware Affiliate to Zero-Day Attacks
Microsoft has identified Storm-1175, a China‑based financially motivated cybercrime group, as an affiliate of the Medusa ransomware operation. The gang is now leveraging both known (n‑day) and previously undisclosed (zero‑day) vulnerabilities in rapid, high‑velocity attacks. Microsoft’s intelligence shows Storm-1175 can...
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet issued an emergency hotfix for the critical CVE‑2026‑35616 zero‑day in its FortiClient Endpoint Management Server, a 9.1‑CVSS flaw that enables unauthenticated code execution. The vulnerability has already been exploited in the wild, prompting a security advisory that recommends immediate...
Radim Marek: Don't Let Your AI Touch Production
AI coding agents now generate SQL that looks correct but often ignores execution plans, locking behavior, and data distribution, leading to costly production incidents. Radim Marek argues that the missing piece is real‑time awareness of the production schema, including table...
Anthropic's Claude Code Leak: Should RIA Firms and Advisors Be Worried?
Anthropic accidentally exposed the raw instruction set behind its Claude Code model on GitHub, prompting a rapid takedown effort. No personally identifiable information was leaked, but the incident reveals gaps in the company’s internal security controls. Wealth‑tech advisors are urged to...
5 Email Myths That Are Quietly Damaging Your Brand’s Reputation
Retailers are enjoying AI‑driven personalization, yet 27% remain in a DMARC enforcement gap, exposing them to domain spoofing. Valimail’s 2026 State of DMARC report shows many have only reporting‑only records, which lets attackers use their brand in AI‑generated phishing emails....
Hims & Hers Says Limited Data Stolen in Social Engineering Attack
Hims & Hers disclosed a sophisticated social‑engineering breach that compromised its third‑party customer‑service platform from February 4‑7, 2026. Hackers accessed service tickets, exposing customer names and email addresses, but the firm confirmed that electronic medical records and provider communications were untouched....
New Cyber Strategy Shifts Attention to Cloud and Supply Chain Security
The White House released a new National Cybersecurity Strategy on March 6, 2026, shifting federal priorities toward cloud data protection and software supply‑chain security. While zero‑trust, AI security, and post‑quantum cryptography remain core, the strategy mandates faster cloud migration and...
Disgruntled Researcher Leaks “BlueHammer” Windows Zero-Day Exploit
A security researcher known as Chaotic Eclipse publicly released exploit code for a previously private Windows privilege‑escalation vulnerability dubbed BlueHammer. The flaw, a local privilege escalation combining a TOCTOU and path‑confusion bug, allows a local attacker to obtain SYSTEM or...
Athens, Ohio, Claws Back Half of $700,000+ Phished Away in Cyber Fraud
City of Athens, Ohio, recovered more than half of the $722,000 lost to a phishing scheme that mimicked a Pepper Construction invoice. The fraud exploited a simple typo—swapping “U” and “C” in the contractor’s email address—to divert payment to a...
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
Iranian‑linked threat actors launched a password‑spraying campaign against more than 300 Israeli Microsoft 365 organizations, exploiting common weak credentials. The operation, attributed to an APT group with ties to Tehran, was uncovered by security researchers who observed repeated login attempts...
A.I. Is on Its Way to Upending Cybersecurity
New AI models from Anthropic, OpenAI and others are reshaping cybersecurity as hackers begin to leverage autonomous agents that can write code and exploit systems with minimal human input. Anthropic disclosed the first known AI‑driven breach, affecting about 30 companies...
The Digital Financial Crime or Manipulation of Financial Information Indicators
Digital financial crime leverages technology to alter or conceal financial data, exposing firms to material misstatements and regulatory scrutiny. Auditors now face a growing checklist of red flags, from untimely transaction entries to unexplained credit adjustments and missing original documents....
Scammers Take Advantage of Austrian Digital ID Certificates’ Expiry
Around 300,000 Austrian ID Austria digital certificates are set to expire in 2026, prompting scammers to exploit the uncertainty with phishing texts that appear to come from the Federal Ministry of Finance. Victims who entered personal data were later contacted, convinced...
Multiple Hackers Warned Anti-Porn App Quittr About Security Issue for Months
Quittr, a self‑help app aimed at reducing pornography consumption, faced a serious security flaw in its Firebase backend that allowed unrestricted read/write access to user data. Independent researchers warned the company about the misconfiguration as early as September 2025, but...
PcTattleTale Stalkerware Maker Sentence Includes Fine, Supervised Release
A federal judge sentenced Bryan Fleming, the creator of pcTattleTale stalkerware, to supervised release and a $5,000 fine after he pleaded guilty to manufacturing a device for covert communication interception. The case marks the first stalkerware conviction since 2014, when...
ENISA Invites Feedback for EU Digital Identity Wallet Cybersecurity Certification
ENISA has launched a public consultation on a draft cybersecurity certification scheme for the EU Digital Identity (EUDI) Wallets, aiming to standardize security across member states. The consultation, which includes a webinar on April 8, 2026, invites feedback until April 30, 2026,...
Digital Identity Research Warns of ‘Password Debt’ as Enterprises Delay IAM Rollouts
Enterprises recognize identity threats but large‑scale passwordless rollouts are stalling. Hypr’s State of Passwordless Identity Assurance 2026 report shows only 43% of firms use passwordless methods while 76% still rely on passwords, with 32% citing legacy‑app incompatibility as a barrier....
Companies, Your Lack of Attention Is Disturbing
Leonard Klie reports that his work email address was harvested from the dark web, resulting in a flood of phishing and scam messages impersonating reputable brands. He finds most companies unresponsive or offering only generic advice when he forwards these...
Harvard Faces ‘Active and Specific Cybersecurity Threat’
Harvard University has identified an active, specific cybersecurity threat involving actors posing as IT staff and deploying counterfeit login portals. The campaign targets faculty, staff, and students to harvest credentials and infiltrate the campus network. Chief Information Security and Data...
North Korea’s Hijack of One of the Web’s Most Used Open Source Projects Was Likely Weeks in the Making
North Korean state‑linked hackers compromised the widely used Axios open‑source library on March 31. They spent weeks building trust through a fake company, Slack workspace, and deceptive video call, eventually delivering malware that granted remote access to the maintainer’s computer. The...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
Researchers at Cofense uncovered a new phishing campaign that disguises itself as urgent missile‑alert emails tied to the Iran‑Israel conflict. The messages, sent from a spoofed Ministry of Interior address, contain QR codes that lead victims to a counterfeit Microsoft...
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
Valley Family Health Care (VFHC) disclosed a TriZetto Provider Solutions breach on Jan. 12 that exposed the personal and health‑insurance data of 4,300 patients. In March, the cyber‑crime group Insomnia listed VFHC on a dark‑web leak, claiming more than one million...
ESET Previews New AI Security Features to Secure Chatbot Communications and AI Workflows
ESET unveiled a suite of AI‑focused security tools at RSAC 2026, slated for release later this year. The offering includes a browser‑level guard that inspects both prompts and LLM responses to block malicious links, scripts, and inadvertent data leaks. New...
Microsoft, RSA Make Identity Security Push in the Age of AI
Microsoft announced the general availability of external multi‑factor authentication (MFA) in its Entra ID platform, letting enterprises integrate third‑party MFA providers without abandoning existing setups. The feature uses OpenID Connect and sits alongside Microsoft’s native MFA within a single admin...
Pyongyang, versus Nebraska?
North Korean state‑backed group UNC1069 infiltrated the popular Axios npm package, compromising two releases that were downloaded by millions of developers. Within three hours the malicious versions infected roughly 3% of cloud environments, according to cloud‑security firm Wiz. The breach...
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes' liability in a biometric privacy lawsuit, finding the fast‑food chain lacked direct control over a franchisee’s fingerprint‑time‑clock system. The plaintiff, an employee of an Illinois Popeyes franchise, alleged violations of the Biometric...
Vectra AI Supercharges Network Observability with Proactive Exposure Management
Vectra AI unveiled new exposure management capabilities on its platform, targeting AI‑driven enterprises operating in hybrid, multi‑cloud environments. The suite adds continuous, agentless asset inventory, proactive detection of security and compliance gaps, and broader environment observability covering zero‑trust and post‑quantum‑crypto...
Apiiro?s AI Threat Modeling Is Built to Target Security and Compliance to Prevent Risks Before Code Exists
Apiiro has launched AI Threat Modeling, an extension of its Guardian Agent platform that automatically creates architecture‑aware threat models before any code is written. The feature uses the company’s patented Deep Code Analysis technology to map software architecture across code,...
SecuGen Advanced Fingerprint Biometrics Device Now Available in MOSIP Marketplace
SecuGen’s Unity 20 fingerprint scanner has been added to the MOSIP Marketplace after achieving compliance with MOSIP’s SBI 2.0 L1 specifications. The device incorporates Live Finger Detection for presentation‑attack detection and a FIPS 140‑3 Level 3‑certified Foundational Trust Module that encrypts biometric data at...
Breach of FBI Surveillance System Considered a “Major Incident,” Security Experts Weigh In
The FBI confirmed a breach of its Digital Collection System Network (DCSNet), labeling it a “major incident” under the Federal Information Security Modernization Act. Attackers accessed the system through a compromised vendor ISP, bypassing the agency’s own defenses. Federal officials...
Global Cyber Fraud Attacks Rose Last Year
LexisNexis Risk Solutions reported that global cyber‑fraud rates rose to 1.6% across 116 billion online transactions last year, up from 1.5% in 2024. Bot‑driven attacks surged 59%, while human‑initiated fraud grew only 8%, with gaming, gambling and e‑commerce most affected. In...
SparkCat Malware Returns on App Stores, Targeting Cryptocurrency Users
A new SparkCat variant has reappeared on both the Apple App Store and Google Play, masquerading as benign enterprise messenger and food‑delivery applications. The trojan employs optical character recognition to scan photo libraries for cryptocurrency wallet recovery phrases, exfiltrating any...
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare has unveiled EmDash CMS, a server‑less, AI‑built content platform designed to rival WordPress, which powers over 40% of websites. EmDash isolates each plugin in a Dynamic Worker sandbox, limiting access to declared permissions and addressing the 96% plugin‑related security...
IBM Achieves FedRAMP Status for 11 Software Solutions
IBM announced FedRAMP authorization for 11 AI and automation solutions, including several watsonx products, marking a four‑fold expansion of its FedRAMP portfolio in just one year. The solutions are hosted exclusively on AWS GovCloud (U.S.), allowing federal agencies to access...
All Emerging Cyber Threats Targeting Power Infrastructure at a Glance
Researchers at Morocco’s Higher School of Technology examined the expanding cyber‑threat landscape facing smart grids, cataloguing attacks such as DDoS, false‑data injection, replay, IoT‑based malware and zero‑dynamics exploits. Their study highlights the growing role of artificial‑intelligence and machine‑learning intrusion detection...
Bitwarden Vs. 1Password: I Tested Both Password Managers
A hands‑on comparison of Bitwarden and 1Password evaluated onboarding, import, autofill, sharing, and security controls. Bitwarden’s free forever plan and granular sharing options give it a cost advantage, while 1Password’s guided import flow and Watchtower monitoring provide a smoother user...
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security teams are increasingly adopting workflow automation to combat alert fatigue and accelerate investigations. Automated pipelines now enrich indicators of compromise, aggregate threat intelligence, and run continuous recon for red teams and bug bounty hunters. Open‑source, self‑hosted platforms such as...
Convicted Spyware Maker Bryan Fleming Avoids Jail at Sentencing
Founder Bryan Fleming, operator of the stalkerware service pcTattletale, was sentenced in San Diego to time served and a $5,000 fine after pleading guilty to federal charges for creating and selling illegal spyware. The conviction marks the first successful U.S. Department...
GlobalLogic Completes Cybersecurity Audit of Ahmedabad Municipal Transport Corporation’s EV Bus Fleet
GlobalLogic, a Hitachi Group company, completed a cybersecurity audit of the Ahmedabad Municipal Transport Corporation’s electric‑bus fleet deployed on February 13, 2026. The audit, conducted with IRCLASS Systems, examined in‑vehicle networks, firmware, CCTV, passenger‑information displays, emergency mechanisms, and the supporting...
NYS School Data Incidents Rose 72% in 2025, with 44 Reported on Long Island
State education officials reported a sharp rise in compromised student data across New York schools in 2025, with incidents climbing 72% from 384 in 2024 to 662 this year. The surge was highlighted in an annual report from the Department...