Google and Amnesty International Teamed up to Make It Harder for Spyware Vendors to Hide
Google has begun rolling out Intrusion Logging, a new forensic feature for Android devices, in partnership with Amnesty International and other digital‑rights groups. The tool, part of Android Advanced Protection Mode, records security events such as device unlocks, physical access, and spyware installation or removal. Initially limited to Pixel phones running Android 16, the logs can be exported for analysis by investigators. Amnesty hailed the move as the first major vendor‑level effort to give civil‑society researchers reliable data on sophisticated mobile attacks.
AI Is Separating the Companies Built to Scale From the Ones Built to Sell
Artificial intelligence has moved from a niche add‑on to the core of cybersecurity, reshaping how startups are built, funded, and scaled. Venture capital is concentrating on a handful of AI‑native firms, delivering larger rounds and higher valuations while compressing the...
Google Spotted an AI-Developed Zero-Day Before Attackers Could Use It
Google's Threat Intelligence Group uncovered a zero‑day exploit that was generated by artificial intelligence and warned the vulnerable vendor before a notorious cybercrime group could launch a mass‑exploitation campaign. The exploit targeted a popular open‑source web‑based administration tool, using a...
The Missing Cybersecurity Leader in Small Business
Small and medium businesses face average cyberattack costs exceeding $250,000, while hiring a full‑time CISO costs $250‑400k, creating a costly leadership gap. Virtual and fractional CISOs offer affordable senior cyber expertise, delivering risk assessments, remediation roadmaps, and governance. The article...
Sen. Schumer Seeks DHS Plan on AI Cyber Coordination with State, Local Governments
Senate Minority Leader Chuck Schumer wrote to DHS Secretary Markwayne Mullin demanding a coordinated plan to protect state, local, tribal and territorial (SLTT) governments from AI‑enhanced cyber attacks. He set a July 1 deadline for a strategy covering talent identification, rapid...
One House Democrat Is Pressing Commerce on the Government’s Spyware Use
Representative Summer Lee, the top Democrat on the Oversight and Government Reform Committee, has asked the Commerce Department for a briefing on the federal government’s use of commercial spyware, including ICE’s deployment of Paragon’s Graphite and the recent U.S. investment...
A DOD Contractor’s API Flaw Exposed Military Course Data and Service Member Records
A defense‑tech firm, Schemata, exposed military training data and service‑member records through API endpoints that lacked proper tenant isolation. A low‑privilege account could retrieve confidential 3D courses, Army field manuals, and personal enrollment details across multiple DoD customers. The flaw...
CISA Boasts AI Automation Improvements to Threat Analysis, Mission Support
The Cybersecurity and Infrastructure Security Agency (CISA) reports its security operations unit has achieved the largest productivity gains from AI‑driven automation, enabling analysts to triage threats faster and focus on high‑value alerts. The technology also streamlines real‑time customer support in...
‘Copy Fail’ Is a Real Linux Security Crisis Wrapped in AI Slop
Researchers have identified a high‑severity Linux kernel flaw (CVE‑2026‑31431) that allows any authenticated local user to gain root privileges. The vulnerability, dubbed “Copy Fail,” affects mainstream kernels released since 2017 and was added to CISA’s exploited‑vulnerabilities catalog. Theori, the firm...
A College Student Is Suing a Dating App that Allegedly Used Her TikTok Videos to Target Men in Her Dormitory
A 19‑year‑old University of Tennessee student has filed a lawsuit against the dating app Meete, alleging the company repurposed her TikTok video into an advertisement without permission and used geofencing to target men in her dormitory. The complaint, filed in...
Why Data Centers Now Belong on the Critical Infrastructure List
Recent missile and drone attacks on cloud data centers in the Middle East highlighted a new strategic vulnerability: the physical disruption of digital infrastructure that underpins modern economies and militaries. As artificial intelligence workloads surge, data centers have become indispensable...
Former Incident Responders Sentenced to 4 Years in Prison for Committing Ransomware Attacks
The Justice Department sentenced former incident‑response manager Ryan Clifford Goldberg and former ransomware negotiator Kevin Tyler Martin to four years in federal prison for deploying the ALPHV/BlackCat ransomware against multiple U.S. organizations in 2023. Leveraging their insider knowledge from Sygnia...
Two New Extortion Crews Are Speedrunning the Scattered Spider Playbook
CrowdStrike has identified two new extortion groups, Cordial Spider and Snarky Spider, linked to the broader The Com cybercrime ecosystem. Since October 2025 they have been exploiting voice‑phishing and social engineering to hijack identity platforms across U.S. critical‑infrastructure sectors. The...
Everyone’s Building AI Agents. Almost Nobody’s Ready for What They Do to Identity.
Anthropic withheld its most powerful AI model, Mythos, after it uncovered thousands of decades‑old software vulnerabilities in major operating systems and browsers, deeming the model too dangerous for public release. The episode underscores that the same AI agents being rolled...
Congress, Industry Ponder Government Posture for Protecting Data Centers
Lawmakers on the House Homeland Security Subcommittee held a hearing to assess whether U.S. data centers should receive a standalone critical infrastructure designation. Industry witnesses cited recent Iranian drone attacks on Amazon facilities and the rapid AI‑driven construction boom as...
Spy Agency Officials Say Job Loss Anxiety, Moving Fast ‘Safely’ Among Top Challenges in AI Workforce Overhaul
The National Geospatial Intelligence Agency (NGA) is launching a three‑to‑five‑year AI transformation, aiming to embed agentic AI into secure decision‑making while preserving core intelligence methods. Agency leaders stress moving fast enough to stay ahead of adversaries such as Russia and...
Federal CIO Cautious on Anthropic’s Mythos Despite Planned Rollout
Federal CIO Greg Barbaccia said the government will proceed with a measured rollout of Anthropic’s Mythos AI model, noting its promise for bolstering cyber defenses while emphasizing lingering uncertainties about real‑world performance. He has only seen lab‑based evaluations and no...
Rep. Delia Ramirez Takes over as Top House Cybersecurity Dem
Illinois Rep. Delia Ramirez was appointed ranking member of the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection Subcommittee, replacing Rep. Eric Swalwell after his resignation. Ramirez, a 2022‑elected Democrat who won reelection in 2024, has served as the subcommittee’s...
U.S. Companies Hit with Record Fines for Privacy in 2025
U.S. states levied a record $3.45 billion in privacy‑related fines in 2025, exceeding the total of the previous five years combined, according to Gartner. The surge stems from stronger state laws such as California’s CCPA, new interstate enforcement collaborations, and heightened...
Senators Seek Answers About Hackers Obtaining Sensitive Student Data From Ostensibly Anonymous Tip Line
Senators Maggie Hassan and Jim Banks have sent a letter to Navigate360 demanding answers after a hack on its P3 Global Intel tip line reportedly exposed sensitive student information. The company, which provides anonymous safety‑reporting tools to more than 30,000...
Dragos: Despite AI Use, New Malware Targeting Water Plants Is ‘Hype’
Industrial‑cybersecurity firm Dragos dismissed the newly reported ZionSiphon malware as hype, noting it contains numerous coding errors and AI‑generated hallucinations. Darktrace initially flagged the sample as a threat to Israeli water treatment and desalination plants, claiming it could manipulate chlorine...
CISA Director Pick Sean Plankey Withdraws His Nomination
Sean Plankey, the long‑sidelined nominee for CISA director, formally asked President Trump to withdraw his nomination after 13 months of Senate deadlock. The move follows the recent Senate confirmation of DHS Secretary MarkWayne Mullin, heightening pressure for a permanent CISA...
House Republicans Roll Out National Privacy Bill
House Republicans introduced the Secure Data Act, a federal privacy proposal that would let consumers opt out of data collection for targeted advertising, third‑party sales, and automated decision‑making. The bill requires companies to give clear notices, provide portable copies of...
The AI Era Demands a Different Kind of CISO
The article argues that traditional CISO frameworks—focused on audits, static vulnerability checks, and compliance—are obsolete in an AI‑driven threat environment. AI models can discover and exploit weaknesses in minutes, outpacing legacy risk metrics that capture only past conditions. To stay...
Vuln in Google’s Antigravity AI Agent Manager Could Escape Sandbox, Give Attackers Remote Code Execution
Researchers at Pillar Security disclosed a critical vulnerability in Google’s Antigravity AI‑powered developer tool that allowed prompt injection to escape the platform’s Secure Mode sandbox and achieve remote code execution. The flaw leveraged the native "find_by_name" system tool, which bypassed...
The FTC’s AI Portfolio Is About to Get Bigger
The Federal Trade Commission is preparing to enforce the Take It Down Act, a law that criminalizes the distribution of AI‑generated nonconsensual sexual images and gives victims a right to request rapid removal of such content. Enforcement begins in May,...
Why the Axios Attack Proves AI Is Mandatory for Supply Chain Security
Two weeks ago a suspected North Korean group injected malicious code into the widely used Axios JavaScript library, which averages about 100 million weekly downloads across enterprises, startups and government agencies. An Elastic researcher identified the compromise within minutes using an...
Network ‘Background Noise’ May Predict the Next Big Edge-Device Vulnerability
GreyNoise’s 103‑day study of network background noise identified 104 distinct traffic surges targeting 18 edge‑device vendors. The research found that roughly half of these spikes were followed by a public vulnerability disclosure within three weeks, with a median lead time...
Officials Seize 53 DDoS-for-Hire Domains in Ongoing Crackdown
Authorities from 21 nations coordinated Operation PowerOFF to dismantle 53 DDoS‑for‑hire domains and seize related servers and databases. The crackdown yielded data on more than 3 million alleged criminal accounts and led to four arrests. Over 75,000 warning emails and letters...
Executive Orders Likely Ahead in Next Steps for National Cyber Strategy
National Cyber Director Sean Cairncross said the White House will likely issue additional executive orders to flesh out the cyber strategy released in March. The administration already issued an executive order targeting cyber‑enabled fraud on the same day the strategy...
We’re only Seeing the Tip of the Chip-Smuggling Iceberg
Federal prosecutors have charged six individuals in three separate cases for smuggling roughly $2.5 billion worth of advanced AI chips to China, using complex routes through Taiwan, Thailand and other Southeast Asian hubs. The indictments expose how current U.S. export controls...
Microsoft Drops Its Second-Largest Monthly Batch of Defects on Record
Microsoft’s April Patch Tuesday addressed 165 vulnerabilities, the second‑largest monthly release in the company’s history. The update includes an actively exploited zero‑day in Office SharePoint (CVE‑2026‑32201) and a high‑severity Defender flaw (CVE‑2026‑33825) with public exploit code. Trend Micro’s Dustin Childs...
Space Force Official Touts AI’s Impact on Cyber Compliance
Space Force acting cyber chief Seth Whitworth says large language models are reshaping how the service reviews cyber risk and achieves compliance. He highlighted that AI can automatically patch minor misconfigurations that often serve as entry points for state‑sponsored actors....
Black Basta’s Playbook Lives on as Former Affiliates Launch Fast-Scale Intrusion Campaign
A loose network of former Black Basta affiliates has launched a fast‑scale intrusion campaign, targeting over 100 senior employees across dozens of organizations. The attackers employ mass email bombing and Microsoft Teams help‑desk impersonation to gain rapid remote access, often...
Secretary Mullin Must Help Finish the Job: Urge the Senate to Confirm Plankey
On March 23 the Senate confirmed Markwayne Mullin as homeland security secretary, but the Cybersecurity and Infrastructure Security Agency (CISA) still lacks a Senate‑confirmed director. The vacancy leaves the nation’s primary civilian cyber‑defense agency without clear authority to set priorities,...
OpenAI’s Mac Apps Need Updates Thanks to the Axios Hack
OpenAI updated its macOS security certificates and is requiring users to install the latest app versions after a supply‑chain attack on the popular Axios npm library compromised its signing workflow. The attack, linked to North Korean hacking group UNC1069, injected...
Commerce Setting up New AI Export Regime to Push Adoption of ‘American AI’ Abroad
The U.S. Department of Commerce announced a new "American AI" export program, inviting companies to submit full‑stack AI solutions for a government‑backed catalog. Designated packages will receive priority export licensing, inter‑agency coordination, and financing referrals, as mandated by President Trump’s...
Inside the FBI’s Router Takedown that Cut Off APT28’s ‘Tremendous Access’
The FBI’s Operation Masquerade forced a reset of DNS settings on more than 18,000 compromised TP‑Link routers, cutting off Russian GRU‑linked APT28 (Fancy Bear) from infiltrating over 200 organizations worldwide. By targeting the routers themselves, the agency blocked the malicious IP...
Don’t Just Fight Fraud, Hunt It
The article warns that AI has transformed fraud into an industrialized, global enterprise that can create tens of thousands of synthetic identities in days. Traditional detection methods—such as tracking reused emails or devices—are rapidly losing relevance, with unique email patterns...
Hack-for-Hire Spyware Campaign Targets Journalists in Middle East, North Africa
A suspected Indian‑linked hack‑for‑hire group, identified as the Bitter APT, has been deploying Android ProSpy spyware against journalists and activists across the Middle East and North Africa. The campaign, active since at least 2022, uses spear‑phishing messages from fake social‑media...
Tech Giants Launch AI-Powered ‘Project Glasswing’ to Identify Critical Software Vulnerabilities
Anthropic unveiled Project Glasswing, a coalition of Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft and Palo Alto Networks that will use the unreleased Claude Mythos Preview AI model to hunt for hidden software flaws. In early testing the...
Iranian Hackers Launching Disruptive Attacks at U.S. Energy, Water Targets, Feds Warn
U.S. federal agencies have issued a joint alert that Iranian‑affiliated advanced persistent threat actors are exploiting internet‑facing operational technology, specifically programmable logic controllers (PLCs) from Rockwell Automation/Allen‑Bradley. The attacks have disrupted PLC functions across energy, water, and government sectors, manipulating...
PcTattleTale Stalkerware Maker Sentence Includes Fine, Supervised Release
A federal judge sentenced Bryan Fleming, the creator of pcTattleTale stalkerware, to supervised release and a $5,000 fine after he pleaded guilty to manufacturing a device for covert communication interception. The case marks the first stalkerware conviction since 2014, when...
Akira Ransomware Group Can Achieve Initial Access to Data Encryption in Less than an Hour
The Akira ransomware group can move from initial access to full data encryption in under an hour, often within four hours. Active since 2023, it has extorted roughly $245 million in ransom payments through September 2025. Akira leverages zero‑day exploits, vulnerable VPNs,...
Lawmakers Renew Push for Labor Department-Backed Cyber Apprenticeship Grants
Lawmakers introduced the bipartisan Cyber Ready Workforce Act, directing the Department of Labor to launch a grant program that expands registered cybersecurity apprenticeship programs. The legislation adds House co‑sponsors to revive a previously stalled Senate effort and targets the estimated...
Medtech Giant Stryker Says It’s Back up After Iranian Cyberattack
Medtech leader Stryker announced it is now fully operational after a March 11 wiper attack by the Iranian‑linked Handala group, which crippled order processing, manufacturing and shipping. The breach, framed as retaliation for U.S. actions in the Israel‑Palestine conflict, forced...
European-Chinese Geopolitical Issues Drive Renewed Cyberespionage Campaign
Proofpoint reports that Chinese state‑aligned cyberespionage group TA416, also known as Twill Typhoon, has re‑engaged Europe in mid‑2025, targeting diplomatic missions, NATO delegations and EU institutions amid heightened EU‑China tensions following the 25th EU‑China summit. The campaign coincides with disputes over...
Alleged RedLine Infostealer Conspirator Extradited to US
An Armenian national, Hambardzum Minasyan, was extradited to the United States and appeared in a Texas federal court on charges tied to the RedLine infostealer. Prosecutors allege he helped develop, host, and monetize the malware, which siphons billions of user...
Treasury Asks Whether Terrorism Risk Insurance Program Should Bolster Cyber Coverage
The U.S. Treasury Department has opened a public comment period to consider expanding the Terrorism Risk Insurance Program (TRIP) to cover cyber‑related losses stemming from acts of terrorism. The agency will incorporate feedback into a mandatory report to Congress due...
An AI-Powered Phishing Campaign Has Compromised Hundreds of Organizations
Huntress uncovered an AI‑driven phishing campaign that leveraged Railway’s PaaS to spin up credential‑harvesting infrastructure, compromising hundreds of organizations across sectors. The attackers used generative AI to craft unique email lures and exploited Microsoft’s device authentication flow, stealing OAuth tokens...