#cybersecurity
#cybersecurity

1 hour ago

Information security

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Information security

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

6 hours ago

Information security

Researchers find sabotage malware that may predate Stuxnet

15 hours ago

Science

Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program-and Predates Stuxnet

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.

Information security

Malicious pgserve, automagik developer tools found in npm registry

1 hour ago

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Malicious apps impersonating cryptocurrency wallets on the Apple App Store aim to steal recovery phrases and private keys.

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

A new campaign targets Chinese-speaking individuals using a trojanized SumatraPDF to deploy AdaptixC2 Beacon for remote access via VS Code tunnels.

6 hours ago

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Science

15 hours ago

Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program-and Predates Stuxnet

Fast16 is a sophisticated malware capable of subtly tampering with calculation and simulation software, likely created by the US or an ally.

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Privacy technologies

fromMail Online

2 hours ago

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

Agentic AI is reshaping the network - and it's time to upgrade

Wireless connectivity is essential for AI, transforming industries and requiring strategic management to address complexity and security risks.

fromThe New Yorker

How Big a Threat Are Iranian-Backed Cyber Attacks?

Iranian cyber actors have accessed critical U.S. infrastructure, highlighting vulnerabilities in cybersecurity and the ongoing nature of nation-state hacking.

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike and Tenable reported serious vulnerabilities in their products, prompting customers to update to patched versions.

from24/7 Wall St.

Jim Cramer Says People Who Sold CrowdStrike on AI Fear Made the Biggest Mistake of 2026

Investors misjudged CrowdStrike's potential, as AI advancements create increased demand for cybersecurity rather than reducing it.

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike and Tenable reported serious vulnerabilities in their products, prompting customers to update to patched versions.

from24/7 Wall St.

Jim Cramer Says People Who Sold CrowdStrike on AI Fear Made the Biggest Mistake of 2026

Investors misjudged CrowdStrike's potential, as AI advancements create increased demand for cybersecurity rather than reducing it.

more#crowdstrike

fromAxios

The pope moves to police AI

The Vatican is enhancing cybersecurity and AI oversight, emphasizing ethical guidelines and human dignity in technology use.

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.

DevOps

The Security Metric That's Failing You

fromBusiness Matters

5 hours ago

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

more#patch-management

6 hours ago

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

Copperhelm raised $7 million for its AI-driven cloud security platform that autonomously monitors and remediates threats in real time.

9 hours ago

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.

Anthropic investigates report of rogue access to hack-enabling Mythos AI

Unauthorized access to Anthropic's Mythos model poses significant cybersecurity risks.

fromTNW | Anthropic

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

fromZDNET

13 hours ago

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.

Anthropic investigates report of rogue access to hack-enabling Mythos AI

Unauthorized access to Anthropic's Mythos model poses significant cybersecurity risks.

fromTNW | Anthropic

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

more#ai-security

Cryptocurrency

fromThe Village Voice

15 hours ago

Which VPN makes sense for crypto traders in 2026? - The Village Voice

Crypto traders must choose VPNs based on technical fundamentals like protocol choices, logging policies, and security features to protect their activities.

16 hours ago

Claude Opus 4.7 has turned into an overzealous query cop

Opus 4.7's enhanced safeguards hinder legitimate use while aiming to prevent misuse.

fromTNW | Startups-Technology

fromIT Brew

17 hours ago

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

#ai

Venture

Rilian raises $17.5 million to bring agentic AI to sovereign defence

Information security

Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos

Information security

Rilian Raises $17.5 Million for AI-Native Security Orchestration

Information security

Microsoft is using Mythos to detect vulnerabilities

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

fromTNW | Startups-Technology

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

Venture

Rilian raises $17.5 million to bring agentic AI to sovereign defence

Caspian platform automates threat detection and response in compliance-restricted environments using AI agents, enhancing cybersecurity for defense and national security.

Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos

A Chinese cybersecurity firm claims AI-driven vulnerability discovery capabilities rivaling Anthropic's Claude Mythos model.

Information security

Rilian Raises $17.5 Million for AI-Native Security Orchestration

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

China-linked crews turn routers into covert attack proxies

China-linked threat actors exploit compromised routers and IoT devices to create proxy networks for cyber intrusions and data theft.

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromThe Cipher Brief

America's Cyber Strategy Has a Budget Problem

The U.S. is underfunding cybersecurity efforts, particularly CISA, despite increasing cyberattack threats.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromThe Cipher Brief

America's Cyber Strategy Has a Budget Problem

The U.S. is underfunding cybersecurity efforts, particularly CISA, despite increasing cyberattack threats.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

Anthropic Mythos - We've Opened Pandora's Box

Cybersecurity faces a new threat from AI systems like Anthropic Mythos, which can exploit vulnerabilities and shift the balance in favor of attackers.

20 hours ago

A group of users leaked Anthropic's AI model Mythos by reportedly guessing where it was located | Fortune

Unauthorized access to Anthropic's Mythos model raises significant cybersecurity concerns.

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

22 hours ago

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Supply chain vulnerabilities and AI tools exacerbate ongoing cyber threats, including state-backed crypto heists and active remote code execution exploits.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Luxury Cosmetics Giant Rituals Discloses Data Breach

Rituals experienced a data breach affecting My Rituals members' personal information, but no passwords or payment details were compromised.

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

Rituals confirmed a data breach affecting customers' personal information after hackers stole data from its membership database.

France's 'Secure' ID agency probes claimed 19M record breach

A significant data breach may have exposed personal information of up to 19 million individuals in France.

22 hours ago

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Luxury Cosmetics Giant Rituals Discloses Data Breach

Rituals experienced a data breach affecting My Rituals members' personal information, but no passwords or payment details were compromised.

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

Rituals confirmed a data breach affecting customers' personal information after hackers stole data from its membership database.

France's 'Secure' ID agency probes claimed 19M record breach

A significant data breach may have exposed personal information of up to 19 million individuals in France.

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

Privacy technologies

NCSC: Passkeys now good enough to be the default standard

Privacy technologies

NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly

23 hours ago

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

Privacy technologies

NCSC: Passkeys now good enough to be the default standard

The NCSC endorses passkeys as the default authentication standard, urging consumers to abandon passwords for enhanced security.

Privacy technologies

NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly

Consumers are urged to replace passwords with passkeys for better security and ease of access to online services.

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

Project Glasswing reveals a significant gap in cybersecurity, as less than 1% of vulnerabilities discovered were patched.

Hybrid clouds have two attack surfaces - so watch both

Hybrid cloud management tools present significant security vulnerabilities that users often overlook.

#hacking

Chinese hackers are using everyday devices to hack UK firms, warns watchdog

British businesses must enhance vigilance against China-linked hacking using everyday devices for espionage.

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.

Chinese hackers are using everyday devices to hack UK firms, warns watchdog

British businesses must enhance vigilance against China-linked hacking using everyday devices for espionage.

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.

more#hacking

fromReadWrite

Caesars sued over 2026 data breach claims

Caesars Entertainment faces a class action lawsuit for failing to protect customer data during a second cyber incident after a previous breach in 2023.

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

NCSC's first gadget blocks malware transfer over HDMI cables

GCHQ's SilentGlass device protects display devices from cyberattacks by blocking malicious traffic between computers and monitors.

#artificial-intelligence

Information security

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Artificial intelligence

How Should Effective AI Red Teams Operate?

Artificial intelligence

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

Artificial intelligence is increasingly capable of executing sophisticated social engineering attacks, as demonstrated by the DeepSeek-V3 model.

more#artificial-intelligence

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.

fromTNW | Investors-Funding

Sharing isn't caring if it's an admin password: Pwned

The client wanted to 'keep things simple' for their team, so they used the same administrative password for both staging and production environments. That password was the hard-to-guess combination of 'admin123.'

Information security

#microsoft

European startups

Microsoft commits A$25 billion to Australia by 2029

Microsoft announces A$25 billion investment in Australia, expanding AI infrastructure and cybersecurity initiatives, and training three million Australians in AI skills by 2028.

fromTNW | Investors-Funding

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

European startups

Microsoft commits A$25 billion to Australia by 2029

Microsoft announces A$25 billion investment in Australia, expanding AI infrastructure and cybersecurity initiatives, and training three million Australians in AI skills by 2028.

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.

fromTechRepublic

Microsoft: Most Windows 11 Users Don't Need Third-Party Antivirus

Windows 11's built-in security features may eliminate the need for third-party antivirus software for most users.

Deliverability

fromTechRepublic

New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert

A phishing scam mimics an Apple security alert to trick users into calling a fake support number and potentially compromising their accounts.

fromTechRepublic

Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data

Hackers are increasingly using social engineering on Microsoft Teams to gain unauthorized access by impersonating IT support.

Cyber Command carried out over 8,000 missions in 2025, director says

U.S. Cyber Command conducted over 8,000 missions in 2025, marking a 25% increase from 2024, with expectations for further growth in 2026.

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.

fromnews.bitcoin.com

Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign

North Korea's Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026.

After Bluesky, Mastodon Targeted in DDoS Attack

Mastodon experienced a major DDoS attack, causing significant outages, shortly after a similar attack on Bluesky.

UK government says 100 countries have spyware that can hack people's phones | TechCrunch

More than half of the world's governments now have access to commercial spyware, increasing risks for citizens and critical infrastructure.

Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

Hostile nations like Russia, Iran, and China are the primary sources of serious cyberattacks in the U.K.

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

A Mirai botnet exploits a command injection vulnerability in discontinued D-Link routers, posing risks to connected devices.

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

A new data wiper named Lotus Wiper targets Venezuela's energy sector, erasing files and disrupting operations without financial motives.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

fromEngadget

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments.

Information security

Arctic Wolf introduces Decipio for rapid detection of credential theft

Decipio helps detect credential theft early, allowing security teams to identify attackers before they cause damage.

fromAxios

Exclusive: OpenAI briefs feds and Five Eyes on new cyber product

OpenAI demonstrated its GPT-5.4-Cyber model to federal cyber defense practitioners, emphasizing a dual-track access approach for government and commercial users.

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

fromInfoQ

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Centralized governance and remote infrastructure are essential for secure Model Context Protocol deployments, addressing risks like prompt injection and supply chain attacks.