MSPs Need AI to Fight AI-Fueled Cyberthreats: Guardz
Guardz’s latest research shows AI is turbo‑charging cyberattacks on small and midsize businesses, letting threat actors exploit classic weaknesses—identity gaps, weak authentication, and cloud misconfigurations—at unprecedented speed. Over a six‑month window, nearly nine‑in‑ten SMBs experienced at least one credential compromise, while session‑hijacking attacks that bypass MFA rose 23%. Machine identities now outnumber human users 25‑to‑1 in Microsoft 365, creating a blind spot that attackers leverage alongside RMM tool abuse, which represents 26.2% of all threats. Guardz argues MSPs must adopt AI‑assisted, unified security operations to match the attackers’ scale.
AI and an Absent Government: Takeaways From RSAC 2026
The 2026 RSA Conference highlighted AI as the dominant cybersecurity theme, with executives touting agentic AI’s ability to automate SOC tasks while researchers warned of new attack vectors such as AI‑driven ransomware and credential‑hijacking. Attendees also noted a stark absence...
Second Canvas Data Breach Causes Major Disruptions for Schools, Colleges
Instructure confirmed a second unauthorized intrusion into its Canvas learning management system on May 7, just days after a May 1 breach. The attack exploited vulnerabilities in the platform's Free‑For‑Teacher accounts, forcing temporary shutdowns and causing widespread outages during final‑exam week. Schools...
New Cybersecurity Industry Coalition Aims to Lead US Critical Infrastructure Protection
Private-sector leaders JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI) in February to fill a coordination void as federal support wanes. The nonprofit coalition will create working groups and pilot projects focused on...
Businesses Hide Vast Majority of Ransomware Attacks, Report Finds
BlackFog’s Q1 2026 report shows a massive disparity between disclosed and hidden ransomware attacks, with 2,160 incidents kept secret versus 264 publicly reported. The United States accounted for half of the undisclosed attacks and 61 % of disclosed ones, making it the...
Businesses Eager but Unprepared for AI to Transform Their Security Strategies
Zoho’s State of Workforce Password Security report finds 90% of firms believe AI will boost cyber defenses, yet only 8% feel ready to deploy AI‑powered tools. The study also reveals a widespread lack of basic security controls: 75% lack full...
CISA Urges Critical Infrastructure Firms to ‘Fortify’ Before It’s Too Late
The Cybersecurity and Infrastructure Security Agency (CISA) released new guidance under its international “CI Fortify” initiative to help critical infrastructure operators isolate and recover from cyber intrusions. The advice, modeled on Australian 2025 guidance, stresses preparing for unreliable third‑party connections...
How OpenClaw’s Agent Skills Become an Attack Surface
OpenClaw’s AI agent offers deep integration with a user’s local machine, granting access to files, browsers, and long‑term memory, but it stores configuration and credentials in plain‑text files. This design lets attackers who compromise the host quickly exfiltrate API keys,...
White House Questions Tech Industry on Defensive AI Use, Cybersecurity Resilience
The White House Office of the National Cyber Director sent an 11‑question probe to major U.S. tech firms, asking how they use AI to protect networks and prepare for AI‑driven cyber crises. The questions cover AI detection tools, model integration,...
US and Allies Urge ‘Careful Adoption’ of AI Agents
The Australian, U.S., British, Canadian and New Zealand governments released joint guidance urging careful deployment of agentic AI systems. The document warns that unrestricted access can cause productivity loss, service disruption, privacy breaches and cybersecurity incidents. It recommends limiting AI agents...
PwC Partners with Google Cloud to Take on the Managed Security Market
PwC has unveiled an AI‑driven managed security service built on Google Cloud’s Security Operations platform. The offering leverages agentic AI agents for threat detection, triage and mitigation, while retaining human checkpoints for oversight. Targeting mid‑size and smaller enterprises, the service...
CISA Adds Microsoft, ConnectWise Vulnerabilities to Active Exploitation Catalog
On April 29, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added two actively exploited software flaws to its Known Exploited Vulnerabilities (KEV) catalog: CVE‑2024‑1708 in ConnectWise’s ScreenConnect remote‑access tool and CVE‑2026‑32202 in the Windows Shell UI. The high‑severity ConnectWise bug enables...
State CISOs Losing Confidence in Ability to Manage Cyber Risks
Statewide chief information security officers are losing confidence in their ability to manage cyber risk, with only about 25% feeling "extremely" or "very" confident that state assets are protected—a sharp drop from nearly half in 2022. The decline coincides with...
‘Fundamental Tension’ Undermines Manufacturers’ Cybersecurity
A Resilience report released on April 28, 2026 finds manufacturing was the most targeted sector in 2025, accounting for one in four cyberattacks. Ransomware incidents rose 61% in the industry, outpacing the 46% overall increase across all sectors. The study...
North Korea-Linked Actor Targets Web3 Execs in Social-Engineering Campaign
Researchers at Arctic Wolf have identified a new social‑engineering campaign by North Korea’s Lazarus Group unit, BlueNoroff, targeting senior executives in the Web3 ecosystem. The attackers sent fake Zoom or Teams meeting invites—often typo‑squatted—to about 100 founders, wallet developers and exchange...