Wiz: 80% of Cloud Breaches Are Caused by Basic Mistakes
Wiz’s 2024 cloud‑security report finds that eight‑in‑ten cloud breaches were caused by basic mistakes such as misconfigurations, exposed secrets, and weak credential handling. While the vulnerabilities themselves are not new, rapid AI adoption is spreading these flaws across a broader set of services and environments. Threat actors are exploiting AI to accelerate reconnaissance, automate malware, and generate more persuasive phishing lures, but they still rely on the same fundamental errors to gain footholds. Wiz urges enterprises to tighten exposure management, improve visibility, and treat pre‑compromise activity as a detection opportunity.
Shopify PCI Compliance: What the Platform Covers and What It Doesn’t
Shopify delivers a PCI‑compliant checkout and robust infrastructure security, earning its place as a default e‑commerce platform. However, its compliance certification only covers the payment page and the underlying hosting environment, not the scripts that run in a shopper’s browser....
Mirax Android Trojan Turns Devices Into Residential Proxy Nodes
A new Android banking trojan called Mirax is spreading across Europe, targeting Spanish‑speaking users through fake streaming app ads. The campaign has reached more than 200,000 accounts and operates under a restricted Malware‑as‑a‑Service model that limits access to a small...
The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side
Storm, a new infostealer surfacing in early 2026, offloads encrypted browser data to attackers’ servers for decryption, eliminating the local decryption step that endpoint tools traditionally flag. By handling Chromium‑ and Gecko‑based browsers server‑side, it automates session‑cookie restoration using Google...
Getting Privacy Policy Right in a Competitive Digital Economy
State and local leaders are trying to protect resident privacy while keeping their economies competitive, affordable and innovative. More than 20 states have enacted comprehensive consumer data privacy laws that focus on transparency, consumer choice and responsible data use. Research...
Anthropic Just Gave Defenders a Firehose. They’re Already Drowning.
Anthropic unveiled Project Glasswing, granting a select coalition access to its frontier AI model, Claude Mythos Preview, which has already uncovered thousands of zero‑day vulnerabilities, including a 27‑year‑old bug in OpenBSD. The initiative includes more than forty partners such as...
WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
WebinarTV, a platform that indexes Zoom webinars, has secretly scraped and posted more than 200,000 Zoom sessions, including confidential addiction recovery, health‑support, and even nudist gatherings. The recordings expose participants' full names and faces, violating the expectation of privacy that...
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
The Open Source Security Foundation (OpenSSF) has issued an advisory about a new Slack‑based phishing campaign that pretends to be Linux Foundation leaders. The attackers promote a bogus AI tool, directing developers to a counterfeit Google Workspace page that installs...
Zimbabwe Boosts Cybersecurity as AI-Driven Cyber Fraud Surges
Zimbabwe is ramping up its cybersecurity defenses as AI‑driven fraud spikes, with deepfake voice cloning and automated phishing tools targeting mobile money users and public services. The government reports cyber‑related losses exceeding $30 million a year and a 40% rise in...
$12 Million Frozen, 20,000 Victims Identified in Crypto Scam Crackdown
International law‑enforcement operation Operation Atlantic froze more than $12 million and identified over 20,000 victims of cryptocurrency scams. The crackdown also uncovered $45 million in suspected fraud losses, while FBI data shows $11.3 billion in crypto‑related fraud last year, with $7.2 billion tied to...
How to Run a GDPR-Compliant Remote Hiring Process
Remote hiring in the Netherlands now spans Europe, forcing companies to move candidate data across borders under the GDPR. Recruiters must first establish a lawful basis—typically legitimate interest or pre‑contractual steps—before collecting any personal information. The article outlines a step‑by‑step...
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
OpenAI disclosed that a GitHub Actions workflow used for macOS app signing inadvertently downloaded a malicious version of the popular Axios JavaScript library, version 1.14.1, as part of a supply‑chain attack linked to North Korean group UNC1069. The compromised workflow...
Whoops: Russia’s Attempt To Block VPNs Causes Major Banking Failure
Russia's latest attempt to curb VPN usage backfired, triggering a nationwide outage of online banking services. The government's filtering system mistakenly targeted IP ranges belonging to major banks such as Sberbank, VTB and T‑Bank, overwhelming the network and disabling mobile...
How the Explosion in Machine Identities Is Changing Cyber Defense
Machine identities—API keys, service accounts, certificates—now outnumber human accounts by over 100 to 1, with some sectors hitting 500 to 1, according to Obsidian Security. Fifty percent of enterprises reported breaches linked to compromised machine credentials in the past year, while only 12 % have...
Adobe Finally Patches PDF Pest After Months of Abuse
Adobe released a patch on April 11 for CVE‑2026‑34621, a critical zero‑day in Acrobat and Reader that allowed arbitrary code execution on Windows and macOS. The flaw was actively exploited for months, using heavily obfuscated JavaScript to profile victims and deliver...
‘Grand Theft Auto’ Publisher Rockstar Hit by Hackers Again
Rockstar Games suffered a second breach when the ShinyHunters gang used stolen authentication tokens to masquerade as a legitimate user of the AI analytics platform Anodot and infiltrate the company’s Snowflake data warehouse. The attackers accessed a limited set of...
Seven IBM WebSphere Liberty Flaws Can Be Chained Into Full Takeover
Security researchers disclosed seven interrelated flaws in IBM WebSphere Liberty, a modular Java application server, that can be chained to achieve full server takeover. The chain begins with a pre‑authentication remote code execution (RCE) vulnerability in the SAML Web SSO...
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
The security industry has narrowed mean‑time‑to‑detect (MTTD) but still suffers a lengthy post‑alert gap, where analysts spend 20‑40 minutes investigating alerts. Recent AI‑driven exploits, such as Anthropic’s Mythos model, demonstrate that attackers can move in seconds, making human‑speed investigations untenable....
New Industry Resource Announced by DSA: Best Practice Guidelines for ID Documents
The Document Security Alliance, together with INTERGRAF and the Secure Identity Alliance, released the Minimum Security Standards for Identity Documents, a best‑practice guide for state issuers. The guidelines address integration of physical security features with embedded digital elements and aim...
Managing Cyber Risks in the Era of Decentralized Energy
The U.S. electric grid is rapidly integrating distributed energy resources (DERs) such as rooftop solar, storage and vehicle‑to‑grid systems, creating a more resilient but digitally complex network. This shift has expanded the attack surface, with utility cyber‑attacks up 75% from...
Booking.com Warns Customers Their Private Travel Details May Have Been Accessed by ‘Unauthorised Party’
Booking.com has warned that an unauthorized third party may have accessed customers' personal travel information. The breach notification was sent to a subset of Australian users, indicating that names, booking details and itineraries could be exposed. The company said it...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games, the studio behind Grand Theft Auto, suffered a second cyber intrusion within three years, as disclosed by cybersecurity outlets on Saturday. A hacker collective claimed responsibility, posting details of the breach online. Rockstar publicly downplayed the incident, stating...
MN: Spring Lake Park Schools Closed After Suspected Ransomware Attack
Spring Lake Park School District in Minnesota shut all campuses on Monday after a suspected ransomware attack crippled its computer systems. The intrusion forced the district to suspend classes and administrative operations as a precaution while local law enforcement and...
LG Uplus Gets Physical on USIM Security Update
LG Uplus has launched a free USIM replacement programme to fix a weakness in IMSI number security. The rollout began on 8 April and has already attracted at least 157,811 customers who booked store visits for the swap, with extra staff...
Google Makes It Harder to Exploit Pixel 10 Modem Firmware
Google has bolstered the security of its Pixel 10 smartphones by embedding a Rust‑based DNS parser into the cellular baseband modem firmware. The new component, derived from the open‑source hickory‑proto library, replaces legacy C code and adds roughly 371 KB to the...
N‑able Makes UEM AI-Native with MCP Server Launch
N-able unveiled its Model Context Protocol (MCP) server, a secure bridge that connects everyday AI tools directly to live data within its Unified Endpoint Management (UEM) platforms, N‑central and N‑sight. Alongside the server, the company introduced N‑zo, an in‑product AI...
Command Line: Mythos Burnout and the Boardroom
Anthropic’s Mythos large‑language model is prompting boardroom alarm as AI‑accelerated vulnerability discovery threatens to flood enterprises with exploitable findings. A new “Getting Mythos Ready” paper, authored by top CISOs, urges layered defenses—segmentation, canaries, honey tokens, and automated response playbooks—to contain...
The Dumbest Hack of the Year Exposed a Very Real Problem
In April 2026 a hacker hijacked Bluetooth‑enabled crosswalk buttons in multiple U.S. cities, uploading spoofed recordings of tech CEOs by exploiting the default password "1234" used by Polara devices. The breach affected intersections in Menlo Park, Redwood City, Palo Alto, Seattle and Denver,...
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
German national Noah Christopher, alleged operator of the Fluxstress and Neldowner DDoS‑for‑Hire services, was arrested in Bangkok last week. The 27‑year‑old had been evading capture by moving between Dubai, China and Thailand after a multi‑year probe by German and EU...
Siemens Expands Industrial Automation DataCenter with Edge AI and Cybersecurity
Siemens announced an upgraded Industrial Automation DataCenter that ships as a pre‑installed, AI‑ready turnkey solution for production environments. The platform combines NVIDIA GPUs and BlueField DPUs for edge AI acceleration with Palo Alto Networks Prisma AIRS delivering zero‑trust security. By integrating...
Fake Claude Website Distributes PlugX RAT
Security researchers discovered a counterfeit Anthropic Claude website that offered a fake "pro" version of the LLM, but the download actually installed a trojanized MSI. The installer runs a VBScript dropper that places a signed G DATA updater in the startup...
Seized VerifTools Servers Expose 915,655 Fake IDs, 8 Arrested
Dutch police, in coordination with the FBI, arrested eight men aged 20‑34 after seizing VerifTools servers that had produced 915,655 counterfeit identity documents. The investigation uncovered 5,169 fake Dutch IDs and 236,002 U.S.-linked documents sold for roughly $1.47 million. VerifTools generated...
CISOs Tackle the AI Visibility Gap
CISOs are confronting a growing AI visibility gap as organizations race to deploy generative models and AI‑enabled tools. A Pentera 2026 survey shows 67% of security leaders lack clear insight into where AI runs, and 48% cite limited visibility as...
Why Securing GenAI Use Starts in the Browser
Enterprise adoption of generative AI has exploded, with daily usage rising nearly 60% in a year and weekly use tripling over two years. Employees now spend more than 80% of their workday in browsers, turning the browser into the primary...
We Catch up on the News, Including AI Vuln Hunting; Also More RSAC Interviews! - Mark Lambert, Samuel Hassine, John...
ArmorCode unveiled its AI Exposure Management (AIEM) solution on the Agentic AI Platform, giving enterprises real‑time visibility into AI usage, ownership, and risk across heterogeneous environments. The launch coincides with the release of the 2026 State of AI Risk Management...
ETSI’s Response to the European Commission’s Proposal for the Cybersecurity Act 2
On 15 April 2026 ETSI issued a formal position paper responding to the European Commission’s proposal for the Cybersecurity Act 2. The standards body endorses a risk‑based, tiered certification framework, calls for transparent governance and stakeholder input, and stresses the need...
Adobe Confirms Exploitation: Malware Uses Undocumented API
Adobe has confirmed active exploitation of the critical CVE‑2026‑34621 vulnerability in Acrobat and Reader on Windows and macOS. The flaw grants attackers arbitrary code execution when a user opens a crafted PDF. Exploit code abuses an undocumented API, SilentDocCenterLogin(), and...
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe released emergency updates to fix a high‑impact Acrobat and Reader flaw identified as CVE‑2026‑34621. The vulnerability, rated 8.6 on the CVSS scale, allows arbitrary code execution via prototype pollution and has been confirmed exploited in the wild. Affected products...
Accenture and Google Cloud Unveil Brussels Centre to Accelerate Sovereign AI Adoption
Accenture and Google Cloud have launched a Sovereign Centre in Brussels, featuring a dedicated training facility and an air‑gapped environment for secure AI and cloud experimentation. The centre combines Accenture’s industry and AI expertise with Google Distributed Cloud’s air‑gapped technology...
Cyber Threats for PV: What Are Man-in-the-Middle Attacks and How Do They Work
Man‑in‑the‑middle (MITM) attacks are emerging as a critical cyber threat to network‑connected photovoltaic (PV) plants, allowing adversaries to intercept, modify, or block communications between controllers, inverters and monitoring systems. Such attacks can cause operational failures, physical damage to equipment, and...
Europe Is Dismantling Its Own Rulebook to Compete with America
On 19 November 2025 the European Commission unveiled a Digital Omnibus package that amends the AI Act, GDPR, ePrivacy Directive, Data Act and several cybersecurity rules. The proposal delays high‑risk AI obligations by up to 16 months, adds a GDPR “legitimate‑interest” basis for...
Check Point Launches WA PoP for Workplace Security SASE
Check Point Software Technologies has opened a Western Australia point of presence (PoP) for its Workplace Security SASE platform, delivering local data residency and compliance with WA‑specific legislation. The Perth PoP joins existing sites in Sydney, Melbourne and Auckland and...
India Unveils New Security Standards for Its Digital Payments System to Drive Global Adoption
India’s Bureau of Indian Standards (BIS) has rolled out new security norms covering biometric authentication, QR‑code payments, and digital‑currency handling. The guidelines aim to curb fraud, improve interoperability, and build consumer confidence in the country’s fast‑growing fintech ecosystem. BIS consulted...
A Legal Imperative for Strengthening Data Governance, Protecting Personal Information
South African companies face mounting pressure from the Protection of Personal Information Act (POPIA) to tighten data governance as digital transformation creates fragmented record‑keeping environments. Mohammed Vachiat of Konica Minolta South Africa argues that integrating digital record systems is now...
Fixing Vulnerability Data Quality Requires Fixing the Architecture First
Art Manion of Tharros argues that vulnerability data quality is fundamentally an architecture issue, not merely a metrics problem. He introduces the concept of Minimum Viable Vulnerability Enumeration (MVVE) and finds no single set of assertions can guarantee cross‑repository consistency....
Ground Control & VIAVI Partner to Secure Maritime Navigation Against GNSS Jamming
VIAVI Solutions and Ground Control have teamed up to embed VIAVI’s Secure µPNT STL‑1000 receiver into the RockFLEET Assured maritime tracking platform. The software‑defined, low‑power unit leverages SecureTime altGNSS LEO services to provide a trusted secondary source of positioning, navigation and...
ZeroID: Open-Source Identity Platform for Autonomous AI Agents
ZeroID is an open‑source identity platform that adds a credentialing layer for autonomous AI agents and multi‑agent systems. It uses RFC 8693 token exchange to create verifiable delegation chains, automatically attenuating scopes as tasks cascade. The platform supports real‑time revocation through...
Best MDM Solutions for 2026: 9 Tools Worth Considering
Enterprises now juggle over 10,000 endpoints, with mobile devices comprising about 60% of the fleet, according to IDC. A new G2‑based evaluation of 20+ MDM platforms highlights nine solutions that excel in policy deployment, security enforcement, and remote lock‑down capabilities....
8 Best Password Managers for 2026: Why I Recommend Them
The article reviews three leading password‑management solutions for 2026—NordPass Business, Bitwarden, and IT Glue—highlighting each platform’s strengths and minor drawbacks. NordPass Business is praised for its simplicity and security but suffers occasional autofill inconsistencies. Bitwarden offers a no‑frills, reliable experience that...
Bringing Governance and Visibility to Machine and AI Identities
AppViewX’s CEO Archit Lohokare says the rapid rise of enterprise AI has merged machine and AI‑agent identities into a single, exponentially growing security problem. To address this, AppViewX has partnered with Eos to layer agentic governance on top of its...
