FTC Warns 12 Major Tech Firms of Violating Take It Down Act
The Federal Trade Commission has issued warning letters to 12 leading tech platforms for failing to comply with the Take It Down Act (TIDA), a law that mandates rapid removal of non‑consensual intimate images. TIDA, effective since May 2025, requires firms to provide a simple request process and delete offending content within 48 hours, with penalties of up to $53,088 per violation. The FTC urged companies to adopt hashing technology, share hashes with child‑protection nonprofits, and display clear TIDA notices on their sites. Non‑compliance could trigger enforcement actions as the agency monitors adherence closely.
Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
Ukrainian prosecutors say an 18‑year‑old from Odesa managed the online infrastructure behind a cybercrime scheme that stole credentials from nearly 30,000 customers of a California‑based e‑commerce retailer. Between 2024 and 2025 the group used the data to make at least...
More than $10 Million Stolen From Crypto Platform THORChain
THORChain, the Swiss‑based decentralized liquidity protocol, reported a security breach that resulted in the theft of about $10.7 million. The loss included 36 Bitcoin—roughly $3 million—and $7 million in other cryptocurrencies, taken from one of its six on‑chain vaults. The platform’s automatic anomaly...
ODNI Taps Officials to Coordinate Response to Foreign Election Threats
The Office of the Director of National Intelligence has appointed Dave Mastro and James Cangialosi to serve as the intelligence community’s election‑threat executives, overseeing coordination across U.S. spy agencies for the 2026 midterm elections. The role, originally created during the...
European Commission Head Pushes Creation of New Law Delaying Teens’ Social Media Access
European Commission President Ursula von der Leyen announced that the EU could propose a law this summer to raise the minimum age for social‑media access, aiming to curb teenage exposure to addictive platforms. An expert panel will deliver recommendations in the coming...
Congressman Launches Inquiry Into How Food Retailers Use Surveillance Pricing
Chairman Frank Pallone Jr., ranking member of the House Energy and Commerce Committee, has sent a formal inquiry to 25 major food and drug retailers, including Albertsons, Walmart, and Amazon, asking how they collect and use personal data to set...
Dirty Frag: Linux Kernel Hit by Second Major Security Flaw in Two Weeks
An independent researcher disclosed a new Linux kernel vulnerability dubbed “Dirty Frag,” following the recent “Copy Fail” bug. The flaw, tracked as CVE‑2026‑43284 and CVE‑2026‑43500, lets a low‑privilege user corrupt in‑memory files and escape containers when both components are chained....
GM to Pay over $12 Million in California Privacy Settlement Involving Driver Data
General Motors agreed to pay $12.75 million to settle California's accusations that it collected and sold OnStar driving data without consumer consent, marking the largest fine ever under the California Consumer Privacy Act. The settlement bans GM from selling such data...
Virginia Man Found Guilty of Deleting 96 Government Databases
A federal jury convicted Virginia resident Sohaib Akhter of deleting 96 government databases and trafficking a stolen EEOC complainant password. Akhter and his twin brother accessed, write‑protected, and erased data across multiple agencies after the brother received the password. The...
Pro-Ukraine BO Team and Head Mare Hackers Appear to Team up in Attacks Against Russia
Pro‑Ukraine hacktivist groups BO Team and Head Mare appear to be coordinating cyber attacks against Russian and Belarusian entities, according to Kaspersky. The firms identified shared command‑and‑control infrastructure and overlapping malware toolsets, suggesting joint operations. BO Team, previously known for autonomous activity, now...
Polish Intelligence Warns Hackers Attacked Water Treatment Control Systems
Poland’s Internal Security Agency disclosed that hackers breached the control systems of water‑treatment facilities in five towns during 2025, gaining the ability to modify pump and alarm settings. The intrusions were linked to a broader surge in hostile cyber activity,...
European Leaders Unveil Tentative Deal for AI Act Simplification, Including a Ban on Nudification Tools
European lawmakers have reached a tentative agreement to ban AI nudification tools and push back the enforcement of high‑risk AI provisions until December 2027. The deal also permits personal‑data processing for bias detection and exempts mid‑cap companies, narrowing the AI...
Hackers Compromise Daemon Tools in Global Supply-Chain Attack, Researchers Say
Researchers at Kaspersky discovered that hackers compromised the installer files for Daemon Tools Lite, a popular disk‑image mounting program, by injecting backdoors into versions 12.5.0.2421 through 12.5.0.2434. The malicious installers were distributed via the official website and reached users in...
Forbes Preliminarily Agrees to Pay $10 Million to Settle California Wiretapping Lawsuit
Forbes Media has entered a preliminary settlement to pay $10 million and modify its data‑collection practices after a California class‑action lawsuit alleged illegal tracking of website visitors. The agreement mandates clearer notice and opt‑out mechanisms for California residents and acknowledges the...
Ransomware Group Claims Breach of Pro-Orbán Hungarian Media Firm
A ransomware group called World Leaks claimed responsibility for a breach of Hungarian media conglomerate Mediaworks, releasing about 8.5 terabytes of data that includes payroll records, contracts, financial statements, and internal communications. Mediaworks confirmed the incident, warned that the data...
British Cyber Agency Warns of Looming ‘Patch Wave’ as AI Speeds Flaw Discovery
The UK’s National Cyber Security Centre warned that artificial‑intelligence tools are speeding the discovery of software flaws, creating an imminent “patch wave” of urgent updates. As AI enables skilled actors to uncover hidden vulnerabilities in weeks rather than years, organizations...
Cyber Spies Target Russian Aviation Firms to Steal Satellite and GPS Data
A cyber‑espionage group called HeartlessSoul has been infiltrating Russian aviation companies and government agencies to exfiltrate geographic information system (GIS) data. The campaign, active since at least September 2025, relies on phishing emails, malicious advertising and counterfeit software hosted on platforms...
House Approves Spy Program on Second Attempt, Senate Fate Murky
The U.S. House approved a three‑year renewal of Section 702 of the Foreign Intelligence Surveillance Act, passing the measure 235‑191. The bill restores warrantless surveillance powers over non‑U.S. persons, while adding limited Fourth Amendment safeguards and higher penalties for privacy violations....
Cyber Command, NSA Chief Warns Foreign Adversaries Likely to Target Midterms
U.S. Cyber Command head Gen. Joshua Rudd told the Senate that foreign adversaries are likely to attempt interference in the 2024 midterm elections. He noted uncertainty about whether the Election Security Group, the joint task force used since 2018, has...
Ukrainian Police Detain Hackers Suspected of Stealing Thousands of Roblox Accounts for Resale
Ukrainian police have detained a group of hackers accused of stealing more than 610,000 Roblox user accounts and reselling them for cryptocurrency on Russian‑hosted sites. The operation, allegedly run by a 19‑year‑old who recruited accomplices via gaming forums, generated roughly...
China-Linked Hackers Led Phishing Campaigns Targeting Journalists and Activists, Researchers Say
Citizen Lab and the ICIJ uncovered two large‑scale phishing operations—GLITTER CARP and SEQUIN CARP—run by freelance hackers linked to the Chinese government. Over nine months the actors used more than 100 malicious domains to bait journalists, activists and diaspora members with fake...
Money Launderer for Crypto Thieves Given 5-Year Sentence
A California man, 22‑year‑old Evan Tangeman, received a 70‑month prison term for laundering at least $3.5 million of cryptocurrency stolen by the Social Engineering Enterprise, a cyber‑criminal group that stole roughly $260 million from high‑value crypto owners. Tangeman used fake identities to...
Iran’s Cyber Threat May Be Less ‘Shock and Awe’ than ‘Low and Slow,’ Officials Say
After a CISA advisory warned of Iranian‑linked cyber actors targeting U.S. critical infrastructure, officials say the threat is more likely low‑and‑slow opportunistic intrusions than a shock‑and‑awe campaign. Former NSA director Tim Haugh and cyber‑security veteran Kevin Mandia note Iran’s tactics...
ADT Says Customer Data Stolen in Cyber Intrusion
ADT disclosed a cyber intrusion that stole personal data—including names, addresses, dates of birth and the last four digits of Social Security numbers and tax IDs—from customers and prospects. The ShinyHunters group claimed to have taken 10 million records and threatened...
Norway's Prime Minister Proposes Ban on Social Media Access for Young Teens
Norway's prime minister Jonas Gahr Støre announced a draft law that would prohibit children under 16 from accessing social‑media platforms, with the ban slated to take effect by the end of 2026. The legislation would require big‑tech firms to implement...
Toronto Police Arrest Three in Canada’s First Mobile SMS Blaster Case
Toronto police have arrested three men in Canada’s first known case involving a mobile SMS blaster, a device that impersonates cellular towers to send mass phishing texts. The investigation, which began in November, uncovered tens of thousands of phones connecting...
CISA: US Agency Breached Through Cisco Vulnerability, FIRESTARTER Backdoor Allowed Access Through March
The Cybersecurity and Infrastructure Security Agency (CISA) disclosed that a U.S. federal agency was compromised through a Cisco firewall vulnerability and later accessed via a persistent backdoor named FIRESTARTER. The malware allowed threat actors to regain control of the device...
French Police Arrest Suspected Hacker Behind Dozens of Data Breaches
French police arrested a 20‑year‑old hacker known online as HexDex, suspected of orchestrating roughly 100 website breaches across public institutions, sports federations and private firms since late 2025. The suspect was detained in western France, and investigators seized his Darkforum...
China’s Cyber Capabilities Now Equal to the US, Warns Dutch Intelligence
Dutch Defence Intelligence (MIVD) reports China has reached parity with the United States in offensive cyber capabilities, noting that most Chinese operations against Dutch interests remain undetected. The assessment links the leap to the PLA’s 2024 restructuring into a standalone...
New Defense Department Cyber Strategy Imminent, Official Says
The U.S. Department of Defense is drafting a new cyber strategy that will align with the Trump administration’s aggressive digital‑adversary stance, aiming for completion this summer after the White House’s National Cyber Strategy rollout. Assistant Secretary Katie Sutton outlined three...
Italian Regulator Fines National Postal Service Orgs $15 Million for Data Privacy Violations
Italy’s data protection authority fined Poste Italiane and its digital‑payments subsidiary Postepay a total of €12.5 million ($14.7 million) for privacy breaches. The regulator said the Postepay and BancoPosta apps forced users to authorize invasive monitoring of device data, including installed applications,...
Crypto Infrastructure Company Blames $290 Million Theft on North Korean Hackers
Crypto infrastructure firm LayerZero says a North Korean hacking group, TraderTraitor, stole nearly $290 million from the Kelp platform by exploiting a single‑verifier (DVN) setup. The attackers minted counterfeit rsETH tokens without collateral, used them as loan collateral on platforms like...
Cyberattack at French Identity Document Agency May Have Exposed Personal Data
France’s National Agency for Secure Documents (ANTS) suffered a cyberattack on its portal that manages passports, ID cards, residence permits and driver’s licences. The breach, detected on April 15, may have exposed login credentials, names, email addresses, dates of birth and...
Ransomware Attack Continues to Disrupt Healthcare in London Nearly Two Years Later
In June 2024 a Qilin‑linked ransomware attack on Synnovis crippled blood‑testing services across South East London, forcing hospitals to cancel surgeries and postpone thousands of appointments. More than 18 months later South London and Maudsley NHS Foundation Trust (SLaM) still...
Ukraine Confirms Suspected APT28 Campaign Targeting Prosecutors, Anti-Corruption Agencies
Ukrainian officials confirmed that a Russian‑linked APT28 campaign has compromised more than 170 email accounts belonging to prosecutors and investigators. The attacks exploited a zero‑day in the open‑source Roundcube webmail platform, allowing code execution simply by opening an email. CERT‑UA...
In Defeat for Trump, House Extends Electronic Spying Program for Just 10 Days
The U.S. House approved a stopgap measure extending the warrantless Section 702 surveillance authority for just 10 days, after a failed effort by President Trump and GOP leaders to secure an 18‑month clean reauthorization. The Senate quickly passed the short‑term extension...
Cargo Thieving Hackers Running Sophisticated Remote Access Campaigns, Researchers Find
Proofpoint researchers observed sophisticated cybercriminal campaigns infiltrating load‑board platforms used by trucking and logistics firms. After compromising a load board, the attackers deployed six remote‑access tools, including four ScreenConnect instances, and leveraged a novel "signing‑as‑a‑service" to auto‑sign malware with trusted...
Ukrainian Emergency Services and Hospitals Hit by Espionage Campaign Using New AgingFly Malware
Ukrainian hospitals, emergency services and municipal authorities have been hit by a coordinated espionage campaign using a new malware suite dubbed AgingFly. The attacks, attributed to the Russian‑linked APT28 group, began with phishing emails masquerading as humanitarian‑aid proposals and delivered...
NIST to Limit Work on CVE Entries as Submissions Surge
The National Institute of Standards and Technology (NIST) announced it will limit enrichment of CVE entries to those meeting a new risk‑based threshold, ending its practice of adding details to every vulnerability. Submissions in the first quarter of 2026 are...
New ‘JanaWare’ Ransomware Targeting Turkish Citizens as Cybercriminal Ecosystem Fragments
Acronis has identified a new ransomware strain called JanaWare that exclusively targets computers in Turkey by checking system locale and IP geolocation. The malware, delivered mainly through phishing emails with malicious Java archives, demands low ransoms of roughly $200 to...
Russia Appears to Block Social Media Platform Bluesky Amid Wider Internet Restrictions
Russia’s communications watchdog Roskomnadzor has added the decentralized social network Bluesky to its registry of banned websites, extending a crackdown that has already targeted Telegram, WhatsApp, Discord, Signal and Viber. The move comes as the Kremlin tightens online controls amid...
Hack at Dutch Gym Chain Basic-Fit Exposes Customer Data in Several EU Countries
Dutch gym chain Basic‑Fit confirmed a cyber‑attack that led to the unauthorized download of personal data belonging to roughly 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany. The compromised information includes names, contact details, dates of birth,...
Senator Launches Inquiry Into 8 Tech Giants for Failures to Adequately Report CSAM
Senate Judiciary Committee chair Chuck Grassley has opened a congressional inquiry into eight major tech firms—Meta, Amazon AI Services, TikTok, Snapchat, Discord, X.AI, Grindr and Roblox—over alleged failures to provide complete child sexual abuse material (CSAM) reports to the National...
UK Government Threatens Tech Bosses with Jail Time if They Do Not Adequately Fight Nudification Tools
The UK government has tabled an amendment to its crime bill that would imprison tech executives who fail to remove non‑consensual intimate images from their platforms. The move follows the Grok scandal, which saw millions of "nudified" photos of women...
Russia Accuses Former Radio Free Europe Journalist of Aiding Cyberattacks for Ukraine
Russian Federal Security Service detained a former freelance journalist who contributed to Radio Free Europe, accusing him of treason for allegedly passing information to Ukraine that facilitated cyberattacks on Russian targets. The suspect reportedly joined a Telegram channel run by...
Cybercriminals Target Accountants to Drain Russian Firms’ Bank Accounts
Cybercriminal group Hive0117 launched a wave of phishing attacks on Russian accountants between February and March 2026, compromising over 3,000 firms. The campaign deployed the DarkWatchman remote‑access trojan, allowing hackers to log into corporate banking portals and create fake salary...
Passport Numbers for More than 300,000 Leaked During December Eurail Data Breach
Eurail B.V., the Dutch‑based rail‑pass provider, disclosed a December 26 cyber‑attack that exposed personal data for 308,777 customers, including passport numbers. Hackers copied the information and posted a sample on Telegram, while offering the full dataset for sale on the dark...
National Security Veterans Warn Against Delays in FISA 702 Reauthorization
A coalition of roughly 50 former national‑security officials sent a letter to Congress urging a clean, uninterrupted renewal of Section 702 of the Foreign Intelligence Surveillance Act before it expires on April 20. The group, which includes former DNI James Clapper and former...
Massachusetts Hospital Turning Ambulances Away After Cyberattack
A cyberattack on Signature Healthcare Brockton Hospital in Massachusetts forced the facility to turn away ambulances and activate downtime procedures, cancelling chemotherapy infusions while keeping emergency rooms and surgeries operational. The hospital is working with external experts to restore systems,...
UK Exposes Russian Cyber Unit Hacking Home Routers to Hijack Internet Traffic
British officials warned that Russian GRU‑linked hackers, known as Fancy Bear or APT28, are compromising home and small‑office routers to hijack internet traffic. The campaign exploits weak SNMP configurations and unpatched TP‑Link models, allowing attackers to alter DNS settings and conduct...