#compliance-and-security
#compliance-and-security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromwww.npr.org

3 days ago

US news

How AI is getting better at finding security holes

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.

more#ai

fromNature

19 hours ago

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

Digital life

fromwww.dw.com

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.

fromThe Verge

Privacy advocates want Google to stop handing consumer data over to ICE

Google is being investigated for allegedly failing to notify users before disclosing their data to law enforcement.

#ai-governance

21 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

21 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

fromThe Cool Down

12 hours ago

AI chatbots are subtly trying to make you buy more stuff - here's how to protect yourself

AI can influence consumer purchasing decisions without their awareness, often through subtle persuasion methods.

Healthcare

fromMedCity News

2 days ago

Inside The DOJ's Hospital Contracting Crackdown: What Message Are the Feds Sending? - MedCity News

The Department of Justice is suing OhioHealth and NewYork-Presbyterian for anticompetitive contracting practices that limit patient access to affordable care.

SOMA, SF

fromKqed

3 hours ago

DOJ: Man Who Attacked Sam Altman's House Threatened to Kill Other Tech CEOs | KQED

A Texas man faces charges for attempted murder of OpenAI CEO Sam Altman after violent attacks at his home and company headquarters.

US news

fromwww.npr.org

Intellectual property law

Law enforcement is trying to combat abusive AI. Experts say easier said than done

An Ohio man was convicted under the 2025 Take It Down Act for creating and distributing AI-generated abusive sexual images.

fromWIRED

4 hours ago

Anthropic Opposes the Extreme AI Liability Bill That OpenAI Backed

Anthropic opposes Illinois bill SB 3444, which would shield AI labs from liability for large-scale harm caused by their systems.

Social justice

fromTheregister

8 hours ago

IBM pays up under Trump administration's diversity blitz

IBM settled with the US government for $17 million over allegations of violating anti-discrimination requirements in its diversity programs.

Privacy technologies

fromHer Campus

Why Website Cookies Aren't As Sweet As They Sound

Website cookies can raise serious privacy concerns due to their role in tracking user behavior and collecting personal data.

#digital-sovereignty

fromTheregister

Europe politics

Digital sovereignty isn't just a buzzword - it's the future

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

Europe politics

fromTheregister

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

more#digital-sovereignty

#cybersecurity

Remote teams

OPM seeks cybersecurity talent to join Tech Force

Information security

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Artificial intelligence

US summoned bank bosses to discuss cyber risks posed by Anthropic's latest AI model

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Privacy professionals

Nightclub Giant RCI Hospitality Reports Data Breach

Remote teams

OPM seeks cybersecurity talent to join Tech Force

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

US summoned bank bosses to discuss cyber risks posed by Anthropic's latest AI model

US Treasury secretary convened bank chiefs to address cybersecurity risks from Anthropic's AI model, Claude Mythos, which poses unprecedented threats.

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

Nightclub Giant RCI Hospitality Reports Data Breach

RCI Hospitality Holdings reported a cybersecurity incident exposing sensitive personal information of independent contractors due to an IDOR vulnerability.

more#cybersecurity

Business intelligence

Agencies are missing a step to share information on better AI acquisition, GAO finds

Agencies must enhance sharing of lessons learned in AI acquisition to improve the procurement process.

Law

fromIndependent

Computer engineer claims he was penalised for flagging Israeli links of firm given 'bananas' server access at top Irish cybersecurity company

A cyber-security firm reprimanded an engineer for discriminatory comments regarding an Israeli company's access to its servers amid concerns about Palestinian genocide.

fromElectronic Frontier Foundation

3 hours ago

Google Broke Its Promise to Me. Now ICE Has My Data.

Google provided user data to ICE without notification, violating a promise to users.

Europe's Largest Gym Chain Says Data Breach Impacts 1 Million Members

Basic-Fit experienced a data breach affecting personal information of approximately 1 million members across several European countries.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

Booking.com warns customers of hack that exposed their data

Booking.com experienced a data breach, allowing unauthorized access to customer booking information, but financial data remained secure.

Europe's Largest Gym Chain Says Data Breach Impacts 1 Million Members

Basic-Fit experienced a data breach affecting personal information of approximately 1 million members across several European countries.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

Booking.com warns customers of hack that exposed their data

Booking.com experienced a data breach, allowing unauthorized access to customer booking information, but financial data remained secure.

Meta Cases Put Social Media Platforms at Securities Fraud Risk

Social media platforms face new legal challenges regarding their role in facilitating fraudulent securities schemes.

Digital life

fromwww.dw.com

2 days ago

Does age verification for social media help protect kids?

Governments are implementing age limits on social media to protect minors, but experts question the effectiveness of such measures.

#data-security

Healthcare

Hospital modernizes data protection with Synology ActiveProtect

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromEntrepreneur

Information security

How to Keep Your Company's Data Out of the Wrong Hands

Healthcare

Hospital modernizes data protection with Synology ActiveProtect

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromEntrepreneur

Information security

How to Keep Your Company's Data Out of the Wrong Hands

more#data-security

from404 Media

Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit

Microsoft, Meta, and Google may be violating California privacy laws by failing to honor user opt-out requests for ad cookies.

fromSearch Engine Roundtable

8 hours ago

Google Ads Google Analytics Data Controls Update

Google is consolidating data controls between Google Ads and Google Analytics to simplify user settings and streamline consent processes.

fromPrivacy International

20 hours ago

UK reliance on US big tech companies is 'national security risk', claims report | Computer Weekly

The UK is at risk due to over-reliance on US tech companies for critical infrastructure, impacting national security.

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

fromLondon Business News | Londonlovesbusiness.com

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

AI Is Nothing Without Data Fidelity. Here's A Four-Step Approach to Protect It | AdExchanger

Data integrity is crucial for effective AI in advertising, as flawed data leads to poor outcomes.

2 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromAdExchanger

AI Is Nothing Without Data Fidelity. Here's A Four-Step Approach to Protect It | AdExchanger

Data integrity is crucial for effective AI in advertising, as flawed data leads to poor outcomes.

2 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

12 hours ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

more#openai

fromRoute Fifty

Getting privacy policy right in a competitive digital economy

State and local leaders aim to balance privacy protection with economic competitiveness, as inconsistent privacy laws can hinder business operations and consumer trust.

fromAcast

AI Governance Isn't a Barrier: It's Marketing's Growth Engine | Adspeak

AI is transforming marketing by enabling innovation through governance, clean data, and balancing automation with human creativity.

#linkedin

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.

fromComputerworld

Questions raised about how LinkedIn uses the petabytes of data it collects

LinkedIn users should limit identifiable data exposure and treat the platform as potentially hostile until BrowserGate allegations are verified.

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.

fromComputerworld

Questions raised about how LinkedIn uses the petabytes of data it collects

LinkedIn users should limit identifiable data exposure and treat the platform as potentially hostile until BrowserGate allegations are verified.

A framework for auditing generative AI outputs pre-launch | MarTech

Marketing teams should use a four-stage audit framework for Generative AI outputs to ensure brand voice consistency and copyright compliance.

fromFinbold

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

#microsoft

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

fromInfoWorld

3 weeks ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

fromwww.businessinsider.com

2 hours ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

We're in a new era of heightened CEO safety measures, security pros say

This attack is just shedding light on the fact that you're even more vulnerable outside of the office, said Don Aviv, CEO of Interfor International, a security consultancy.

Information security

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

fromTNW | Offers

10 Best SOC 2 Compliance Software for 2026

SOC 2 compliance software automates security controls, streamlining the audit process and ensuring readiness in weeks instead of months.

Mental health

1 month ago

Security Insights Delivered Through Podcasts

Security professionals face significant mental-health risks and team burnout, requiring leaders to integrate empathetic practices and psychological safety into security operations.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

fromMedCity News

3 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

World Cloud Security Day: Breaking Down the State of the Cloud Cybersecurity and Physical Security

"World Cloud Security Day is a useful reminder to recognize how much cloud risk now comes down to everyday access decisions and overlooked misconfigurations," says James Maude, Field CTO at BeyondTrust.

Information security

fromComputerworld

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

fromDbmaestro

4 years ago

5 Pillars of Database Compliance Automation |

There is a growing emphasis on database compliance today due to the stricter enforcement of compliance rules and regulations to safeguard user privacy. For example, GDPR fines can reach £17.5 million or 4% of annual global turnover (the higher of the two applies). Besides the direct monetary implications, companies also need to prioritize compliance to protect their brand reputation and achieve growth.

EU data protection

fromDataBreaches.Net

1 month ago

Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule - DataBreaches.Net

A partial government shutdown delays the DHS cybersecurity incident reporting rule, leaving companies uncertain about compliance requirements and enforcement timelines.

4 weeks ago

Why Security Validation Is Becoming Agentic

Security validation tools operate in silos while attackers exploit interconnected systems, creating a structural blind spot that Agentic Exposure Validation can address through continuous, autonomous, context-aware assessment.

fromBusiness Matters

1 month ago

7 Data Privacy Risks Leaders Miss in 2026

Organizations overlook seven critical privacy risks in 2026 that bypass security awareness, including public WiFi interception, malicious browser extensions, shadow AI tools, unencrypted messaging, credential reuse, unmanaged personal devices, and data retention gaps.

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.

fromAbove the Law

Think You Are Covered? Better Read Your Cybersecurity Policy - Carefully - Above the Law

Cyber insurance often fails to fully protect organizations due to exclusions, leaving law firms particularly vulnerable without proper cybersecurity and coverage review.