Microchip Now Certified to IEC 62443-4-1 ML2 Standards
Microchip Technology announced that its product development process has earned IEC 62443‑4‑1 Maturity Level 2 certification from UL Solutions. The certification confirms that Microchip follows a secure‑by‑design lifecycle covering threat modeling, design, implementation controls, verification and long‑term patch management. By meeting this globally recognized standard, Microchip provides audit‑backed assurance that security is embedded from silicon through firmware. The move helps customers meet emerging regulations such as the EU Cyber Resilience Act.
Red Hat OpenShift Sandboxed Containers 1.12 and Red Hat Build of Trustee 1.1 Bring Confidential Computing to Bare Metal and...
Red Hat announced OpenShift sandboxed containers 1.12 and Red Hat build of Trustee 1.1, moving confidential containers on bare metal from preview to General Availability. The GA release adds hardware‑based memory encryption and attestation for Intel TDX, AMD SEV‑SNP, and IBM SEL platforms, plus persistent...
Number of Phishing Cases Drops in Hong Kong but Victims Lose More Money
Hong Kong police reported that phishing incidents dropped 60% in 2025, falling to 1,093 cases from 2,731 the year before. Despite fewer attacks, total victim losses more than doubled to HK$110 million (about US$14 million), with the average loss per case jumping...
Apple Joins Project Glasswing As Mythos AI Raises New Valuation Questions
Apple has entered Project Glasswing, a cybersecurity alliance that leverages Anthropic’s Mythos AI model to hunt for severe software flaws across major operating systems. The partnership signals Apple’s move toward AI‑driven security workflows, aiming to harden iOS, macOS and its...
Hack at Dutch Gym Chain Basic-Fit Exposes Customer Data in Several EU Countries
Dutch gym chain Basic‑Fit confirmed a cyber‑attack that led to the unauthorized download of personal data belonging to roughly 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany. The compromised information includes names, contact details, dates of birth,...
IMF Warns Global Monetary System Not Ready for AI Cyber Threats
The International Monetary Fund’s managing director Kristalina Georgieva warned that the global monetary system is ill‑prepared for the escalating cyber risks posed by artificial intelligence. Her comments followed an emergency U.S. regulator meeting with leading banks after Anthropic announced its...
Darktrace’s Research Shows New Chinese Modus Operandi
Darktrace released a research report, “Crimson Echo,” showing Chinese‑nexus cyber actors are shifting from short‑term breaches to long‑term, persistent access as a form of strategic statecraft. Analyzing behavior data from July 2022 to September 2025, the study finds that maintaining footholds in...
Top Space Cyber Execs Talk Increased Iranian Cyber Attacks
Top CISOs from Vantor, SES, Viasat and Telesat warned that Iranian threat actors have dramatically increased phishing, smishing and AI‑driven deep‑fake attacks against space companies. The attacks exploit public‑facing sites, supplier networks and even voice messages to demand credential escalation....
NSA Reveals Details of New LEO Security Report
The National Security Agency, together with Australia, Canada, New Zealand and the Australian Space Agency, has issued a Cybersecurity Information Sheet titled “Securing Space: Cyber Security for Low Earth Orbit Satellite Communications.” The guidance breaks LEO sat‑com risk and mitigation into...
Vibhor Kumar: Column_encrypt v4.0: A Simpler, Safer Model for Column-Level Encryption in PostgreSQL
The column_encrypt extension for PostgreSQL released version 4.0, a major simplification that consolidates all management functions under an encrypt schema and replaces the previous multi‑role model with a single column_encrypt_user role. Automatic log masking, stricter SECURITY DEFINER handling, and schema‑qualified...
White House Tells Banks to Use Anthropic to Spot Vulnerabilities
The White House is urging the nation’s largest banks to deploy Anthropic’s Mythos AI model for cybersecurity vulnerability detection. JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley have begun internal trials after Treasury Secretary Scott Bessent and...
Five Signs Data Drift Is Already Undermining Your Security Models
Data drift occurs when the statistical profile of inputs to a security‑focused machine‑learning model changes, eroding its detection accuracy. The article outlines five practical signs—performance drops, distribution shifts, altered prediction patterns, rising uncertainty, and broken feature relationships—that indicate drift is...
.jpg)
The Death of Standing Privilege in the Age of AI Agents
Privileged Access Management (PAM) teams have reduced standing privileges, yet identity‑related breaches still affect 74% of organizations. A new survey of 200 CISOs reveals that 86% do not enforce policies for AI identities, only 17% treat them like human users,...
Your Smart Devices Are Speaking to Hackers. Your Security System Isn’t Listening
Researchers warn that AI‑driven intrusion‑detection systems excel in lab settings but falter in real‑world IoT environments. While academic models boast 98‑99% accuracy on balanced datasets, actual networks contain millions of devices where attacks make up less than 1% of traffic....
Defending Europe’s Financial Sector in the Age of AI‑Accelerated Cyber Threats
The IBM X‑Force Threat Intelligence Index 2026 shows Europe as the third‑most attacked region, responsible for 25% of global cyber incidents, with the financial sector bearing 35% of those attacks. Credential theft and exploitation of public‑facing applications each account for 40%...
The Attack Your Security Strategy Wasn’t Designed to Spot
A new class of attack targets Microsoft 365 tenant configurations, letting threat actors manipulate identities, encrypt data and extort firms without deploying malware. Microsoft reported 176,000 configuration‑tampering incidents in May 2024 and 45% of large enterprises suffered a misconfiguration‑related breach in the...
Fake Ledger App on Apple App Store Drains Over $400,000 in Bitcoin
Musician G. Love lost nearly 6 BTC—about $424,000—after downloading a counterfeit Ledger app from Apple’s Mac App Store and entering his 24‑word recovery phrase. The malicious software immediately transferred the funds, which on‑chain analyst ZachXBT traced to KuCoin deposit addresses. Security experts...
Your Developers Are Already Running AI Locally: Why On-Device Inference Is the CISO’s New Blind Spot
The rise of on‑device large language model inference is turning the CISO’s focus from cloud‑based data exfiltration to hidden risks on employee laptops. Advances in consumer‑grade accelerators, mainstream quantization, and frictionless model distribution now let engineers run 70‑billion‑parameter models locally...
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A hacker exploited Anthropic's Claude Code and OpenAI's GPT‑4.1 to breach nine Mexican government agencies between December 2025 and February 2026. The AI‑driven attack executed 5,317 commands from 1,088 prompts, allowing the thief to exfiltrate hundreds of millions of taxpayer, civil and...
West Asia War Spills over to Cyberspace:Emails Spoofed, Cameras Hacked
Cyber operations have become a new front in the West Asia conflict, with Israel and Iran launching offensive hacks alongside missile strikes. Iranian APT groups exploited pre‑planted backdoors to spoof emails, hijack CCTV feeds in Tehran, and wipe more than...
19 Billion Passwords Leaked: Protect Yourself From Cyber Threats
Researchers have uncovered a repository called “RockYou2024” containing over 19 billion compromised passwords from more than 200 breaches in the past year, making it the largest publicly indexed credential dump to date. Only 6 % of the entries are unique, highlighting pervasive...
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
The FBI Atlanta Field Office and Indonesia's National Police dismantled the W3LLSTORE phishing marketplace, a global operation linked to more than $20 million in attempted fraud. The takedown included domain seizures and the detention of a suspected developer, identified only as...
Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity
Anthropic unveiled Project Glasswing and the Claude Mythos model, which can automatically discover and chain vulnerabilities across operating systems, browsers and cloud environments. The U.S. Treasury and Federal Reserve warned that such AI‑driven exploit capabilities pose a systemic financial‑stability threat, prompting...
Week in Review: Windows Zero-Day Exploit Leaked, Patch Tuesday Forecast
The week’s headlines were dominated by a leaked Windows local‑privilege‑escalation exploit dubbed BlueHammer, raising immediate concerns for enterprise patching cycles. At the same time, the April Patch Tuesday forecast warned of a heavy update load, especially for AI‑related vulnerabilities. Cloudflare...
Creating AI Deepfakes of Real People to Be Made Illegal in Queensland
Queensland will criminalize the creation of non‑consensual sexual deepfake images, closing a legal gap that currently only bans distribution. Attorney‑General Deb Frecklington announced the proposal, which carries up to three years imprisonment for offenders. The government will begin expert consultations...
Is Investing in Advanced NHI Systems Justified
Organizations are increasingly recognizing that managing Non‑Human Identities (NHIs) – the machine credentials that power cloud applications – is essential for robust cybersecurity. Advanced NHI platforms deliver centralized discovery, secret rotation, and behavior monitoring, reducing breach risk and easing regulatory...
How Can Agentic AI Improve Cloud Security?
Non‑Human Identities (NHIs), or machine identities, are becoming central to cloud security as organizations seek to protect secrets such as tokens and keys. Effective NHI management bridges security and development teams, offering lifecycle visibility from creation to decommissioning. The emergence...
Project Glasswing: What Power Companies and Grid Operators Need to Know
On April 7, Anthropic unveiled Project Glasswing, a coalition of 12 technology leaders deploying the Claude Mythos Preview AI model to automatically discover and patch software vulnerabilities. The model has already identified thousands of zero‑day flaws, including a 27‑year‑old bug in OpenBSD and chained...
Microsoft Terminated Accounts Tied to VeraCrypt, WireGuard, and Windscribe — Developers Push Back
Microsoft abruptly terminated developer accounts for VeraCrypt, WireGuard and Windscribe after a new identity‑verification rule in its Windows Hardware Program took effect. The enforcement, intended for partners who missed a government‑ID deadline, mistakenly swept up these open‑source security projects, cutting...
This Russian Military Intelligence Group Has Been Stealing People's Sensitive Data, so You Might Want to Connect Your Router Through...
The UK’s National Cyber Security Centre has uncovered a campaign by Russian military intelligence group APT28 that hijacks vulnerable home routers via a DNS flaw, rerouting traffic through malicious servers that harvest credentials, messages and browsing history. The operation targets...
GTA 6 Dev Rockstar Have Seemingly Been Hacked Again, but They Don't Seem All that Worried
Rockstar Games disclosed a limited data breach stemming from a third‑party compromise of Anodot, a cloud‑cost monitoring tool linked to its Snowflake data warehouse. Hacker group ShinyHunters posted a ransom demand, threatening to leak information by April 14, 2026. Rockstar...
Small Models Also Found the Vulnerabilities that Mythos Found
Anthropic unveiled Claude Mythos Preview and Project Glasswing, pledging $100 M in usage credits and $4 M to open‑source security groups while claiming the model autonomously discovered and exploited thousands of zero‑day bugs. AIS AI researcher Stan Fort tested the showcased vulnerabilities on inexpensive,...
Why Enterprise Digital Rights Management Matters Now
Enterprise Digital Rights Management (EDRM) is emerging as a critical safeguard as data breaches rise and regulatory scrutiny intensifies. By embedding granular permissions directly into files, EDRM lets organizations control viewing, editing, printing and sharing on a per‑document basis. The...
SPARTA Countermeasures: The Complete Guide to Defending Spacecraft From Cyber and Counterspace Threats
The Aerospace Corporation’s SPARTA Countermeasures guide (v3.2) presents a comprehensive, eight‑layer defense‑in‑depth framework for protecting spacecraft against cyber and counter‑space threats. It catalogs 90 specific countermeasures, aligns each with NIST SP 800‑53, ISO 27001, NASA best practices and MITRE D3FEND, and introduces...
![Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://kotaku.com/app/uploads/2026/04/gta5hack-1200x675.jpg)
Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]
Rockstar Games confirmed a breach after ShinyHunters claimed access to its Snowflake cloud data via a compromised Anodot monitoring service. The hackers demanded a ransom payable by April 14, 2026 and threatened to leak corporate documents such as contracts and financial plans....
Resecurity Recognized as 2026 Cyber 150 Winner for Full-Spectrum Cyber Threat Intelligence and Digital Protection
Resecurity, a Los Angeles‑based cyber intelligence firm, has been named a 2026 Cyber 150 Winner, recognizing its innovative full‑spectrum threat‑intelligence and digital protection offerings. The award highlights the company’s AI‑powered platform that serves Fortune 100 enterprises and U.S. government agencies. Resecurity delivers...
CISA Webinar 4/28: ISC Facility Security Committee Seminar – Regions 5 & 7
The Cybersecurity and Infrastructure Security Agency (CISA) and the Interagency Security Committee (ISC) are holding a Facility Security Committee (FSC) seminar on April 28 for Regions 5 and 7. The virtual event will walk participants through FSC procedures, recent updates to the Risk...
Over 20,000 Crypto Fraud Victims Identified in International Crackdown
Operation Atlantic, a joint effort by the U.K. National Crime Agency, U.S. Secret Service, Ontario police and private partners, identified more than 20,000 cryptocurrency‑fraud victims across Canada, the United Kingdom and the United States. Investigators froze over $12 million in suspected...
The SPARTA Matrix: A Complete Guide to Space System Attack Tactics, Techniques, and Sub-Techniques
The Aerospace Corporation released SPARTA version 3.2, a publicly available matrix that catalogs more than 85 techniques and hundreds of sub‑techniques used to attack spacecraft and their supporting infrastructure. Modeled on MITRE ATT&CK, the framework spans cyber intrusion, electronic warfare, and...
Brockton Hospital Still Dealing with Aftermath of Ransomware Attack
Brockton Hospital is reverting to paper‑based processes for the next two weeks after a ransomware attack crippled its electronic systems. The incident, attributed to the Anubis ransomware‑as‑a‑service group, forced ambulance diversions, cancelled chemotherapy sessions and halted new prescription orders. Federal...
Why Fed and Treasury Leaders Powell, Bessent Just Rushed Into a Critical Cyber-Risk Meeting
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called an urgent meeting with major bank CEOs to warn about AI‑driven cyber risk from Anthropic’s new Mythos model. Anthropic disclosed that Mythos has identified thousands of high‑severity, largely...
Your Push Notifications Aren’t Safe From the FBI
The FBI revealed that push‑notification data can survive app removal, allowing encrypted Signal messages to be recovered from a phone’s internal cache. Anthropic announced its Claude Mythos Preview model, limited to a handful of leading tech and finance firms for...
AI Security Officials Test Anthropic Cyber Threat as Bank of England to Convene Chiefs
UK officials have tested Anthropic’s new AI model, Claude Mythos, which successfully completed a full cyber‑range simulation, revealing its ability to locate unknown vulnerabilities. The AI Security Institute labeled it the most capable cyber‑focused model ever evaluated, prompting the Bank...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Citizen Lab uncovered that law‑enforcement agencies worldwide are deploying Webloc, an advertising‑based geolocation platform originally built by Israeli firm Cobwebs Technologies and now sold by its successor Penlink. The system harvests identifiers, location coordinates and profile data from up to...
Mac Users, Update Your ChatGPT App Immediately: OpenAI Issues Urgent Security Warning
OpenAI issued an urgent security warning after a supply‑chain attack compromised the third‑party Axios library used in its macOS ChatGPT app. The company found no evidence that user data was accessed or its systems altered, but it is revoking the...
Banks Are Warned About Anthropic’s New, Powerful A.I. Technology
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened senior executives from Bank of America, Citi and Wells Fargo to flag cyber‑risk from Anthropic’s new AI model, Claude Mythos Preview. The model can uncover software vulnerabilities that human developers miss,...
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims to have breached Rockstar Games' Snowflake data warehouse by exploiting compromised Anodot authentication tokens. The group posted a deadline of April 14, demanding payment to avoid public exposure of the data. Anodot recently disclosed a breach that exposed tokens,...
SIEM Alert Fatigue Has Five Root Causes. Tuning Fixes Zero of Them.
Enterprises now face an average of 4,400 SIEM alerts per day, with large firms seeing 10,000 or more across dozens of tools. Analysts investigate only about 37% of those alerts, leaving the rest triaged superficially or ignored. Traditional SIEM tuning...
White House Races to Head Off Threats From Powerful AI Tools
The White House has assembled an interagency task force, led by National Cyber Director Sean Cairncross, to pre‑empt cybersecurity threats from emerging AI models. Officials are focusing on identifying vulnerabilities in critical infrastructure before releases from leading labs such as...
AI Agent Credentials Live in the Same Box as Untrusted Code. Two New Architectures Show Where the Blast Radius Actually...
At RSAC 2026, four security leaders warned that AI agents still operate in monolithic containers where credentials sit alongside executable code, creating a massive blast radius. New architectures from Anthropic and Nvidia aim to impose zero‑trust controls: Anthropic’s Managed Agents split...
