Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Trend Micro’s latest research reveals that Russia’s Fancy Bear (APT28) continues to run sophisticated espionage and sabotage campaigns worldwide. The group deployed the Prismex malware suite against Ukraine’s defense supply chain and used NTLMv2 hash‑relay attacks via a patched Outlook vulnerability to steal credentials from diverse targets. FBI and international agencies also warned of GRU‑linked compromises of TP‑Link routers, enabling DNS hijacking and man‑in‑the‑middle attacks. Despite two decades of activity, Fancy Bear’s tactics still hinge on classic phishing and credential theft.
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
A researcher using the alias Chaotic Eclipse publicly released exploit code for a Windows zero‑day flaw dubbed “BlueHammer,” which targets a race condition in Windows Defender’s signature update system. The PoC, posted on GitHub on April 2, claims the vulnerability remains...
Do Ceasefires Slow Cyberattacks? History Suggests Not
A fragile US‑Iran cease‑fire was announced, prompting Iran‑aligned hacktivist group Handala to claim a temporary pause in its cyber operations against the United States. Experts, however, warn that historical evidence shows cease‑fires rarely translate into a digital stand‑down; cyber activity...
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Russian GRU‑backed APT28, also known as Fancy Bear, has been exploiting long‑standing bugs in consumer‑grade SOHO routers such as MikroTik and TP‑Link to intercept web traffic worldwide. By reconfiguring DNS settings on compromised devices, the group silently siphons email credentials and...
Threat Actors Get Crafty With Emojis to Escape Detection
Threat actors are increasingly embedding emojis in malicious communications to evade detection and streamline coordination across platforms such as Telegram, Discord, and underground forums. Flashpoint’s latest analysis highlights the Pakistan‑linked APT group UTA0137 using the Disgomoji malware, which interprets simple...
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HackerOne announced on March 27 that it will pause new vulnerability submissions to its Internet Bug Bounty (IBB) program, citing an unsustainable surge of AI‑generated reports that outpace open‑source maintainers' remediation capacity. The influx has driven valid findings down from roughly...
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
Full Sail University announced the opening of its IBM Cyber Defense Range, a cloud‑enabled training facility powered by AWS and Cloud Range, slated for April 16, 2026. The 1,463‑square‑foot space includes 28 workstations equipped with HP hardware, allowing cybersecurity and IT students to...
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Pluralsight unveiled SecureReady, an end‑to‑end cybersecurity skill development platform aimed at closing talent gaps for CISOs and IT leaders. The solution pairs a constantly refreshed library of on‑demand courses with more than 350 hands‑on labs and expert‑led seminars, releasing new...
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Iran‑affiliated advanced persistent threat actors have begun disrupting U.S. critical infrastructure by exploiting internet‑exposed programmable logic controllers, especially Rockwell Automation/Allen‑Bradley devices. The campaign, launched after a U.S.–Israel strike on Iran, manipulates PLC project files and SCADA displays, causing operational downtime...
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
The RSAC 2026 conference opened with AI taking center stage, as vendors aggressively promote AI‑driven security solutions, including ambitious agentic AI that could augment or replace traditional security‑operations centers. Executives debated the scalability of the "human‑in‑the‑loop" model, with Vodafone’s CISO Emma Smith...
Lies, Damned Lies, and Cybersecurity Metrics
A panel of cybersecurity leaders in Las Vegas exposed five pervasive myths that keep the industry stuck, despite rising spend and talent. They argued that measuring activity instead of threat reduction, over‑relying on prevention, assuming accurate threat models, banking on...
Focusing on the People in Cybersecurity at RSAC 2026 Conference
The RSAC 2026 conference highlighted the critical role of people in cybersecurity amid rapid AI adoption. New ISSA research revealed low job satisfaction—only 28% of professionals are very satisfied—and rising stress, with 62% reporting frequent stress. Attendees discussed the growing skills...
AI-Assisted Supply Chain Attack Targets GitHub
A threat actor used AI‑assisted automation to launch the "prt‑scan" supply‑chain campaign on GitHub, opening over 500 malicious pull requests between March 11 and early April. The campaign targeted repositories that use the vulnerable pull_request_target workflow, compromising fewer than 10 %...
Axios Attack Shows Complex Social Engineering Is Industrialized
The popular JavaScript HTTP client Axios was compromised when North Korean state‑linked group UNC1069 socially engineered lead maintainer Jason Saayman into installing a malicious dependency. The attackers delivered a remote‑access Trojan via a fake Slack workspace and Microsoft Teams call,...
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet issued an emergency hotfix for the critical CVE‑2026‑35616 zero‑day in its FortiClient Endpoint Management Server, a 9.1‑CVSS flaw that enables unauthenticated code execution. The vulnerability has already been exploited in the wild, prompting a security advisory that recommends immediate...
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
App‑store privacy labels, introduced by Apple in 2020 and soon after by Google, aim to inform users about data collection, usage, and sharing. Experts Lorrie Cranor and Kelly Peterson argue the labels are inconsistent, often inaccurate, and provide little real...
Apple Breaks Precedent, Patches DarkSword for iOS 18
Apple has extended a back‑ported patch for the DarkSword exploit chain to iOS 18 devices, a move previously reserved for the newest iOS 26 release. The fix arrived on April 1, days after the tool leaked on GitHub, and covers vulnerabilities that span...
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
TeamPCP’s supply‑chain campaign has broadened, compromising open‑source tools like Trivy and LiteLLM and giving attackers stolen AWS credentials. The breaches surfaced at AI startup Mercor and the European Commission, where compromised code‑scanning utilities enabled unauthorized cloud access. Third‑party groups ShinyHunters...
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
Chainguard introduced Factory 2.0 at the Assemble conference, revamping its supply‑chain hardening platform with an AI‑powered control plane and agentic reconciliation bots. The new DriftlessAF framework continuously updates and patches approved open‑source artifacts across containers, libraries, and CI/CD workflows. Chainguard also...
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
CrowdStrike announced that its Falcon Next‑Gen SIEM now ingests telemetry from Microsoft Defender for Endpoint, making Defender the first EDR integrated with the platform. The integration enables real‑time analytics, intelligent filtering and faster threat detection across heterogeneous endpoint stacks. CrowdStrike...
RSAC 2026: AI Dominates, But Community Remains Key to Security
The RSAC 2026 conference placed artificial intelligence at the forefront of cybersecurity discussions, while its official theme emphasized the "Power of Community." Notably, the U.S. federal government was absent, leaving a void in public‑private collaboration and prompting concerns about AI governance....
Cyberattacks Intensify Pressure on Latin American Governments
Latin American governments are confronting a surge in cyber attacks, with organizations in the region experiencing about 3,050 incidents per week in March—well above the global average of roughly 2,000. Government agencies face even higher pressure, enduring around 4,200 weekly...
Are We Training AI Too Late?
GreyNoise warns that AI‑driven security models are trained on data that arrives after attacks have succeeded, creating a reactive lag. Their 2026 State of the Edge report shows over half of remote‑code‑execution traffic originates from IPs with no prior reputation,...
_Brian_Jackson_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Forgotten Endpoint: Security Risks of Dormant Devices
Consultants are left holding corporate laptops long after projects pause, creating hidden entry points into enterprise networks. A Kensington study shows 76 % of IT leaders faced device theft and 46 % suffered breaches from unsecured hardware. Organizations repeatedly fail endpoint visibility,...
Black Hat USA
Black Hat USA 2026 returns to Las Vegas for a six‑day cybersecurity showcase, featuring four days of expert‑led trainings, a summit day, and a two‑day conference with briefings, Arsenal tool demos, and a Business Hall. Attendees can use promo code...
Rethinking Vulnerability Management Strategies for Mid-Market Security
Mid‑market security teams are confronting a widening gap between the surge in disclosed vulnerabilities—rising from roughly 30,000 to 50,000 CVEs annually—and their ability to remediate them quickly. Chris Wallis, founder of Intruder, argues that counting CVEs is insufficient; the real...
AI and Quantum Are Forcing a Rethink of Digital Trust
Enterprises are confronting a seismic shift in digital trust as AI agents multiply, pushing machine‑to‑human identity ratios from 100:1 toward 1,000:1. At the same time, digital certificates are being issued with ever‑shorter lifespans, complicating lifecycle management and increasing the risk...
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iran has resurrected the state‑backed Pay2Key ransomware operation, enlisting Russian cybercriminal affiliates to target high‑impact U.S. and Israeli entities. The campaign employs “pseudo‑ransomware,” encrypting data while delivering destructive wiper payloads to obscure motives. Affiliate rewards have been boosted to 80%...
AI-Driven Code Surge Is Forcing a Rethink of AppSec
AI‑driven code generation is causing organizations to produce ten to twenty times more software than a year ago, overwhelming traditional application‑security tools. The surge expands the attack surface, making vulnerabilities easier for adversaries to exploit. Black Duck’s CEO Jason Schmitt...
Google Sets 2029 Deadline for Quantum-Safe Cryptography
Google announced it will complete a post‑quantum cryptography (PQC) migration across its products and services by the end of 2029. The timeline aligns with NIST’s 2024 PQC standards, which the company is already using for internal rollouts. Google’s roadmap emphasizes...
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
High‑grade iOS exploit kits Coruna and DarkSword, originally built for espionage, have been leaked to cybercriminals and a Russian state actor UNC6353. Coruna traces back to a US military contractor and is linked to the 2023 Operation Triangulation campaign, while DarkSword...
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
At RSAC 2026, experts warned that the rise of connected and autonomous vehicles is amplifying automotive cyber threats. They recalled the 2015 Jeep Cherokee hack that led to a 1.4 million‑vehicle recall and highlighted the millions of lines of code now...
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
Sonatype’s latest research reveals that even the most advanced AI models—referred to as frontier models—frequently generate erroneous software‑dependency recommendations, with nearly 28% of suggestions being outright hallucinations. The study examined 258,000 recommendations across Maven, npm, PyPI and NuGet, finding that...
Intermediaries Driving Global Spyware Market Expansion
Intermediaries such as brokers, resellers, and exploit engineers are expanding the global spyware market by obscuring supply chains and facilitating sales to sanctioned or low‑tech nations. A recent Atlantic Council report highlights examples like a South African intermediary for Memento...
At RSAC, the EU Leads While US Officials Are Sidelined
At RSAC 2026 in San Francisco, U.S. agencies such as the FBI, CISA and NSA were absent, while European cyber officials dominated the stage. EU representatives used the forum to push AI‑code guardrails, discuss the upcoming Cybersecurity Resilience Act, and court...
_Panther_Media_GmbH_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
Unit 42 at Palo Alto Networks has uncovered a seven‑month phishing campaign in which attackers impersonated the company’s recruiters to target senior professionals. The scammers harvest LinkedIn data to craft highly personalized emails that claim a candidate’s résumé failed an...
Why a 'Near Miss' Database Is Key to Improving Information Sharing
At RSAC 2026, security leaders Wendy Nather and Bob Lord urged the cybersecurity community to treat near‑miss incidents with the same transparency as full breaches. They defined a near miss as an event that almost succeeded, highlighting that many organizations lack...
Ex-NSA Directors Discuss 'Red Line' For Offensive Cyberattacks
At RSAC 2026, four former NSA directors and Cyber Command leaders debated the “red line” that would trigger a kinetic response to a cyberattack. The panel, held shortly after President Trump released a new offensive cyber strategy, emphasized that the...
_imageBROKER.com_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
CSA Launches CSAI Foundation for AI Security
The Cloud Security Alliance unveiled CSAI, a new 501(c)3 nonprofit dedicated to AI security and safety, with a focus on governing the emerging "agentic control plane" that manages identity, authorization, and trust for autonomous AI agents. CSAI will run six...
How a Large Bank Uses AI Digital Twins for Threat Hunting
JPMorgan Chase is deploying an AI‑driven system that creates digital fingerprints and digital twins to monitor employee and AI‑agent behavior across its global workforce. The technology flags anomalous actions, rates their malicious potential, and contextualizes them against external events, aiming...
AI Dominates RSAC Innovation Sandbox
The RSAC Innovation Sandbox returned to the RSA Conference with a full slate of AI‑powered finalists, each pitching a three‑minute solution to a panel of top‑tier investors and security leaders. All ten startups—ranging from social‑engineering detection to AI‑driven code review—qualify...
AI Conundrum: Why MCP Security Can't Be Patched Away
Enterprises are rapidly wiring large language models to external services through the Model Context Protocol (MCP), unlocking powerful automation but also exposing a novel attack surface. Because MCP turns LLMs from passive responders into autonomous agents, they can execute actions...
Post-Quantum Web Could Be Safer, Faster
The IETF’s draft Merkle tree certificates (MTCs) promise a quantum‑resistant web that is both smaller and faster than existing post‑quantum solutions. By compressing certificate data to roughly 840 bytes, MTCs cut bandwidth and latency compared with ML‑DSA signatures that can exceed...
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
Researchers at Oasis Security uncovered a trio of vulnerabilities in Anthropic's Claude AI that can be chained into a full‑scale attack dubbed “Claudy Day.” The chain combines an invisible prompt‑injection via URL parameters, an open‑redirect flaw, and a data‑exfiltration route through...
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Researchers from Jscrambler allege that Meta and TikTok advertising pixels harvest extensive personal and financial data from users who click ads, even when users explicitly opt out. The pixels collect PII, credit‑card details, and granular shopping‑flow information, running before consent...
SideWinder Espionage Campaign Expands Across Southeast Asia
The India‑linked SideWinder APT group has broadened its espionage campaign into Southeast Asia, adding Indonesia and Thailand to its target list. Researchers note the group continues to use low‑complexity intrusion methods—government‑audit phishing, stolen credentials, and DLL hijacking—while rotating domains and...
Clear Communication: The Missing Link in Cybersecurity Success
At RSAC 2026, husband‑and‑wife team Rebecca and Kevin Grapsy will present on the critical role of clear communication in cybersecurity. Their talk highlights how technical brilliance alone fails without translating insights for non‑technical stakeholders. They introduce the “Five Points of...
_Tithi_Luadthong_alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Warlock Ransomware Group Augments Post-Exploitation Activities
Warlock ransomware group is expanding its post‑exploitation tactics, leveraging a bring‑your‑own‑vulnerable‑driver (BYOVD) exploit against Microsoft SharePoint servers and deploying tools such as TightVNC and the Yuze reverse‑proxy. The group now uses the NSecKrnl.sys driver to disable security products at the...
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
Researchers at Cofense have uncovered a new phishing campaign that hijacks the LiveChat SaaS support platform to steal sensitive data. The attackers impersonate Amazon or PayPal, using email lures that direct victims to a LiveChat‑hosted page where a human‑operated operator...
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
Cisco disclosed six new SD‑WAN Manager vulnerabilities, with CVE‑2026‑20127 receiving a perfect 10‑score and confirmed zero‑day exploitation for three years. Researchers warn that the focus on this high‑profile bug has eclipsed CVE‑2026‑20133, a 7.5‑score information‑disclosure flaw that can expose admin...
