Microsoft 365 Users Targeted by New Phishing Threat that Bypasses MFA
The FBI has identified a new Phishing‑as‑a‑Service platform, Kali365, that targets Microsoft 365 access tokens and bypasses multi‑factor authentication. First seen in April 2026, the service is distributed via Telegram and provides AI‑generated lures, campaign templates, and OAuth token‑capture tools. By exploiting device‑code phishing, attackers obtain access and refresh tokens, granting persistent access to Outlook, Teams and OneDrive without needing passwords. Similar services such as EvilTokens are emerging, expanding the threat landscape for cloud productivity suites.
ArmorCode Gives Security Teams AI Workers for Exposure and Remediation
ArmorCode unveiled Anya Agents, an agentic AI framework built on its patented platform, to automate enterprise‑scale security workflows such as triage, exposure analysis, remediation, validation, and compliance. The agents draw on ArmorCode’s Context Risk Graph, merging CVE data, asset inventories,...
Encryption Consulting Launches CertSecure Manager v3.3 with Zero-Touch Certificate Renewals
Encryption Consulting unveiled CertSecure Manager v3.3, a certificate lifecycle management platform that automates zero‑touch renewals across all major web, load‑balancer and database servers. The update expands support to 11 certificate authorities, adding Google Public CA and AWS alongside existing providers. New...
The AI Backdoor Your Security Stack Is Not Built to See
Enterprises have built LLM defenses around detecting malicious tokens, but new research from Microsoft and the Institute of Science Tokyo uncovers MetaBackdoor—a length‑based trigger that evades content filters. By poisoning a model with as few as 90 examples, attackers can...
AI Shrinks Vulnerability Exploitation Window to Hours
Synack’s 2026 State of Vulnerabilities Report finds AI is compressing the gap between vulnerability disclosure and exploitation to a matter of hours. Mean time to remediation fell 47% in 2025, dropping from 63 to 38 days, while high‑severity findings rose...
Google Lets Workspace Admins Apply One Policy Across All SAML Apps
Google has upgraded Context‑Aware Access in Workspace with a default policy for SAML applications, establishing a universal security baseline for any SAML‑based app lacking a specific rule. Administrators can manually enable the feature at the organizational‑unit or group level, eliminating...
Rocky Linux Launches Opt-In Security Repository for Urgent Fixes
Rocky Linux has added an optional Security Repository that delivers urgent patches ahead of the upstream Enterprise Linux release when a vulnerability is publicly exploitable and no official fix exists. The repository is disabled by default and can be enabled...
Keycard Helps Developers Secure Autonomous AI Agents with Scoped Access
Keycard unveiled “Keycard for Multi‑Agent Apps,” a platform that gives each autonomous AI agent its own verifiable identity and session‑based, scoped access. The solution replaces static API keys with runtime‑issued tokens, enabling fine‑grained delegation and full auditability across agent‑to‑agent workflows....
Deepfake Detection Is Losing Ground to Generative Models
Deepfake detection, once anchored on visual and biometric cues, is faltering as diffusion‑based generators erase traditional artifacts. Researchers at the Vector Institute label this the "Generalization Illusion," noting that benchmark scores remain high while real‑world performance drops. Their paper proposes...
SAP Unveils Autonomous Enterprise for AI-Driven Business Operations
SAP unveiled its Autonomous Enterprise, a unified AI platform and suite that embeds intelligent agents into core business processes. The offering includes the SAP Business AI Platform, the Autonomous Suite with 50+ domain‑specific Joule Assistants, and a new Joule Work...
Stealthy Hackers Exploit cPanel Flaw in Active Backdoor Campaign (CVE-2026-41940)
Security researchers at XLab have uncovered an active campaign exploiting the newly disclosed CVE‑2026‑41940 flaw in cPanel & WHM. The vulnerability lets attackers log in without credentials, gain root control, and install persistent backdoors, web shells, and a custom trojan...
Amazon Quick Authorization Bypass Let Users Reach Blocked AI Chat Agents
Researchers at Fog Security discovered that Amazon Quick’s custom‑permission UI only blocked AI chat agents on the front end, while direct API calls still returned responses from disabled agents. The flaw, a missing server‑side authorization check (CWE‑862), allowed non‑admin users...
Zimperium Mobile App Response Agent Helps Security Teams Counter Mobile Attacks
Zimperium introduced the Mobile App Response Agent, a new component of its Mobile App Protection Suite designed to accelerate the detection and remediation of mobile‑based fraud and security threats. The tool reduces investigation cycles from hours or days to minutes...
Red Hat Extends Open Source Technology Into Space
Red Hat and Voyager Technologies have successfully deployed Red Hat Enterprise Linux 10.1 and the Red Hat Universal Base Image to Voyager’s LEOcloud Space Edge micro‑datacenter aboard the International Space Station. The container‑optimized Linux platform provides a hardened, immutable operating...
Linux Developers Weigh Emergency “Killswitch” For Vulnerable Kernel Functions
Linux kernel maintainers are evaluating a "killswitch" patch that lets privileged administrators disable individual kernel functions at runtime. The proposal, submitted by Sasha Levin, follows the public disclosure of two high‑impact privilege‑escalation bugs—Copy Fail (CVE‑2026‑31431) and Dirty Frag (CVE‑2026‑43284/43500). By...
SailPoint Agentic Fabric Expands Identity Governance to Autonomous AI Agents
SailPoint unveiled Agentic Fabric, a platform that extends its Identity Security Cloud to govern AI agents and other non‑human identities. The solution provides discovery, mapping, real‑time authorization and threat response, linking each agent to a human owner. It launches with...
Instagram Messaging Encryption Removed, and Privacy Advocates Are Pushing Back
Meta announced in March 2026 that Instagram will discontinue the optional end‑to‑end encryption introduced in 2023, removing the feature on May 8. The change means Meta can now access the content of direct messages, including images, videos and voice notes....
Google Is Turning Android Studio Into a Policy Watchdog
Google is embedding Play Policy Insights into Android Studio, giving developers real‑time warnings about policy violations and SDK compliance. The upgraded Play Integrity API and post‑quantum support boost fraud detection and cryptographic security. New privacy widgets, developer verification, and AI‑driven...
Snyk Integrates Claude to Advance AI-Native Application Security
Snyk has integrated Anthropic’s Claude large‑language model into its AI Security Platform, enabling automated discovery, prioritization, and developer‑ready remediation of vulnerabilities across code, dependencies, containers, and AI‑generated artifacts. The platform, called Evo, extends protection to AI models, agents, datasets, and...
Avantra’s New AI Can Diagnose SAP Failures in Seconds
Avantra unveiled Avantra 26, its latest AI‑driven operations suite that deepens native integration with SAP Cloud ALM and the SAP Business Technology Platform. The release includes Avantra AIR Root Cause Analyzer, an AI engine that automatically correlates logs and alerts...
Securonix Launches AI Threat Research Agent and ThreatWatch Validation Tool
Securonix unveiled two new capabilities – the AI‑driven Threat Research Agent and the ThreatWatch validation tool – built on its ThreatQ platform. The Research Agent transforms raw threat intelligence into structured, role‑specific findings with source attribution, while ThreatWatch automatically generates...
OpenAI Tunes GPT-5.5-Cyber for More Permissive Security Workflows
OpenAI has begun a limited preview of GPT‑5.5‑Cyber, a more permissive variant of its latest GPT‑5.5 model, available only to verified cybersecurity professionals through the Trusted Access for Cyber program. The new tier relaxes restrictions on security‑related prompts, enabling authorized...
Transilience AI Unveils Security Operating System for Cloud Remediation
Transilience AI announced the general availability of its Full Stack Security Operating System for cloud environments, aiming to close the gap between detection and remediation. The platform replaces fragmented CSPM, CNAPP, and CWPP tools with LLM‑powered agents that continuously collect,...
What Mozilla Learned Running an AI Security Bug Hunting Pipeline on Firefox
Mozilla deployed an agentic harness powered by Claude Mythos Preview to scan Firefox’s source code, uncovering 271 security bugs that were patched in Firefox 150 and earlier releases. The pipeline, built by a team of over 100 engineers, leveraged automated validation...
CallPhantom Android Scam Reached 7.3 Million Downloads on Google Play
A cluster of 28 fraudulent Android apps dubbed CallPhantom garnered more than 7.3 million downloads on Google Play before being removed. The apps claimed to provide call‑history, SMS and WhatsApp logs for any number, but delivered randomly generated data and charged...
Kloudfuse 4.0 Delivers AI-Governed Observability and Scalable Workload Isolation
Kloudfuse announced the general availability of version 4.0, a platform that combines AI‑driven observability with production‑grade governance while keeping all telemetry inside the customer’s cloud. The release addresses three urgent pressures: the 2026 FIPS 140‑2 sunset, the surge of AI agents...
Red Hat Enterprise Linux Adds Post-Quantum Security and AI-Driven Automation in Latest Releases
Red Hat announced the general availability of Red Hat Enterprise Linux (RHEL) 10.2 and 9.8, extensions of its flagship OS that embed post‑quantum cryptography, confidential computing and AI‑guided automation. The updates aim to protect AI workloads and sensitive data in...
Open-Source MCP Server Monitoring for Python Apps
BlueRock has open‑sourced MCP Python Hooks, a runtime sensor that captures Model Context Protocol (MCP) server events and Python import activity without requiring code changes. The sensor leverages native audit hooks, import hooks, and wrapt‑based framework hooks to emit structured...
Pipelock: Open-Source AI Agent Firewall
AI coding agents with shell access and unrestricted internet pose a single point of failure for credential leakage. Pipelock, an open‑source Go‑based firewall from the PipeLab project, inserts an enforcement layer between agents and the network, scanning all traffic through...
Spotting Third-Party Cyber Risk Before Attackers Do
Black Kite’s SVP Jeffrey Wheatman explains how firms can detect third‑party cyber risk before attackers exploit vulnerabilities. He urges a shift from a data‑loss mindset to resilience, ensuring operations stay functional when vendors are breached. Practical steps include early stakeholder...
What Researchers Learned About Building an LLM Security Workflow
Researchers from the University of Oslo and the Norwegian Defence Research Establishment demonstrated that large language models (LLMs) alone cannot reliably triage security alerts, missing every malicious case in a baseline test. When the same models were embedded in a...
Your Work Apps Are Quietly Handing 19 Data Points to Someone
A new Incogni study of the ten most‑used workplace apps on Google Play reveals each app gathers an average of 19 data points, with Gmail topping the list at 26 types. Notion stands out for sharing eight data categories with...
Week in Review: High-Severity LPE Vulnerability in the Linux Kernel, cPanel 0-Day Exploited for Months
A high‑severity local privilege escalation flaw dubbed “Copy Fail” (CVE‑2026‑31431) was disclosed in the Linux kernel, affecting virtually every major distribution released since 2017 and accompanied by a publicly available proof‑of‑concept exploit. At the same time, a critical authentication‑bypass zero‑day in...
Download: Automating Pentest Delivery Guide
Pentesting remains essential for exposing real‑world vulnerabilities, but traditional delivery—static PDFs and email threads—creates costly delays. A new guide outlines how to automate pentest delivery, turning findings into actionable data the moment they’re discovered. The five‑step framework introduces real‑time reporting,...
Identity Is the Control Plane for Distributed Infrastructure
Teleport CEO Ev Kontsevoy argues that identity should act as the control plane for today’s distributed infrastructure, spanning cloud services, Kubernetes clusters, databases, and traditional servers. He warns that layering additional security tools on fragmented identity systems only adds complexity...
AI Traffic Is Getting Bigger, Louder, and Less Predictable
Backblaze’s Q1 2026 network report reveals AI workloads are reshaping traffic patterns, shifting from diffuse internet‑style flows to large, high‑bandwidth transfers between a limited set of endpoints. The data shows a seasonal winter slowdown in neocloud and hyperscaler traffic, followed by...
Cisco Releases Open-Source Toolkit for Verifying AI Model Lineage
Cisco unveiled the open‑source Model Provenance Kit, a Python toolkit that verifies whether two transformer models share a common origin. The kit examines architecture metadata, tokenizer structure, and five weight‑based similarity signals to generate a provenance score. In internal testing...
Police Arrest 10 Suspected Members of Black Axe Cybercrime Gang
Swiss police, in coordination with Europol, arrested ten suspected members of the Black Axe criminal network on 28 April 2026. The raids across multiple cantons captured the group’s Southern Europe regional head and several individuals of Nigerian origin accused of romance scams,...
ShinyHunters Claims It Stole 1.4 Million Records From Udemy
Cybercrime group ShinyHunters says it exfiltrated 1.4 million Udemy records, including emails, physical addresses, phone numbers, employer information and payout details such as PayPal, cheque and bank transfers. The leak, listed on Have I Been Pwned, could enable large‑scale phishing and...
Sevii Unveils Cyber Swarm Defense Mode to Stop AI-Driven Attacks at Scale
Sevii introduced Cyber Swarm Defense Mode (CSD), a fixed‑price per‑asset capability that autonomously counters high‑volume, AI‑driven cyber attacks at machine speed. The solution leverages the company’s ADR platform and Myrmidon Defense Technology to spin up unlimited AI Cyber Warrior agents,...
Cequence Agent Personas Bring Granular Control and Governance to Enterprise AI Agents
Cequence Security has launched Agent Personas in its AI Gateway, giving enterprises fine‑grained, infrastructure‑level control over AI agents’ tool usage. The feature lets admins define a plain‑English job description that translates into a scoped virtual MCP endpoint, limiting each agent...
NowSecure MARI Gives Enterprises Evidence-Based Visibility Into Third-Party Mobile App Risk
NowSecure unveiled Mobile App Risk Intelligence (MARI), a platform that gives enterprises evidence‑based visibility into third‑party mobile apps. MARI detects hidden AI and large‑language‑model components, maps data flows by country, and inventories embedded SDKs and libraries. In testing of 50,000...
AI Is Speeding up Nation-State Cyber Programs
Microsoft’s senior cyber policy director Kaja Ciglic says nation‑state cyber programs have shifted from niche tools to a core element of national power, tightly linked with military, economic and diplomatic levers. Automation and AI‑enabled tooling now let adversaries scale reconnaissance, exploitation...
GitLab 18.11 Brings Agentic AI to Security Fixes, CI Pipelines, and Delivery Analytics
GitLab unveiled version 18.11, extending its agentic AI across security remediation, CI pipeline creation, and delivery analytics. The GA Agentic SAST Vulnerability Resolution automatically generates fixes for true‑positive findings and opens merge requests with confidence scores. Two new agents—CI Expert...
Android 17 Beta 4 Arrives with Post-Quantum Cryptography and New Memory Limits
Google released Android 17 Beta 4 on April 16, the final pre‑release build before the stable launch. The update focuses on app compatibility testing, introducing strict large‑screen resizability rules, read‑only requirements for native libraries, default Certificate Transparency, and new local‑network permissions. It also adds...
Apple AirTag Tracking Can Be Misled by Replayed Bluetooth Signals
Apple’s Find My network uses Bluetooth Low Energy signals from AirTags to report locations via nearby Apple devices. Security researchers demonstrated a relay attack that captures an AirTag’s BLE advertisements, replays them from a different location, and injects false location data...
Social Media Bans Might Steer Kids Into Riskier Corners of the Internet
Governments worldwide are moving to bar users under 16 from social‑media platforms, a trend sparked by Australia’s 2024 ban and now echoed in Europe and elsewhere. To enforce these rules, tech firms are proposing age‑verification systems that collect government IDs,...
Microsoft Ends Desktop Detour for Sensitivity Labels in Office Web Apps
Microsoft has updated Office for the web to let users apply sensitivity labels with custom permissions directly in Word, Excel and PowerPoint. The new Permissions dialog mirrors the desktop experience, enabling the assignment of Viewer, Editor or Owner roles without...
OpenSSL 4.0.0 Release Cuts Deprecated Protocols and Gains Post-Quantum Support
OpenSSL has released version 4.0.0, removing legacy protocols such as SSLv3 and the SSLv2 client hello, and eliminating the engine API. The update introduces Encrypted Client Hello (ECH) per RFC 9849 and adds several post‑quantum cryptographic primitives, including the hybrid curveSM2MLKEM768...
Claroty Advances CPS Security with Visibility Orchestration in xDome
Claroty has launched Visibility Orchestration within its SaaS platform Claroty xDome, turning vague asset visibility into a measurable score that drives security actions. The new capabilities automatically assess visibility gaps, prioritize remediation tasks, and enrich asset data using AI, Edge scans,...