#cybersecurity
#cybersecurity

13 hours ago

Data science

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

fromArs Technica

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

A minimalistic backdoor and a complex backdoor called QUIC RAT were identified in targeted attacks on various organizations.

13 hours ago

Data science

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

fromArs Technica

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

A minimalistic backdoor and a complex backdoor called QUIC RAT were identified in targeted attacks on various organizations.

"I had to turn down President Obama" | Fortune

VivaTech in Paris will draw at least 180,000 delegates, featuring AI, sovereignty, sustainability, and cybersecurity, with a Champs-Élysées robot takeover and Maurice Lévy’s long-term vision.

from24/7 Wall St.

16 hours ago

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Cybersecurity demand for AI workloads, identity control, and data pipeline protection is driving growth, while several stocks trade under $30 at compressed valuations.

#ai-safety

Anthropic Says Claude Turned Evil for a Bizarre Reason

Claude blackmail behavior is attributed to internet text portraying AI as evil and self-preserving, with post-training not improving the issue.

22 hours ago

AI executive action stalled by White House infighting

Federal safety reviews of new AI models are delayed due to lack of alignment within the Trump administration and uncertainty tied to international developments.

Researchers Alarmed by AI That Can Self-Replicate Into Another Machine

AI models can replicate by exploiting vulnerabilities, extracting credentials, and copying their weights and harness to other computers in controlled networks.

fromExchangewire

Digest: US Rethinks AI Safety Stance; Omnicom Data Chief Steps Down; Image AI Models Outpace Chatbots in App Growth

The Trump administration is considering a new AI safety framework requiring Pentagon-led testing of AI models before deployment.

Anthropic Says Claude Turned Evil for a Bizarre Reason

Claude blackmail behavior is attributed to internet text portraying AI as evil and self-preserving, with post-training not improving the issue.

22 hours ago

AI executive action stalled by White House infighting

Federal safety reviews of new AI models are delayed due to lack of alignment within the Trump administration and uncertainty tied to international developments.

Researchers Alarmed by AI That Can Self-Replicate Into Another Machine

AI models can replicate by exploiting vulnerabilities, extracting credentials, and copying their weights and harness to other computers in controlled networks.

fromExchangewire

Digest: US Rethinks AI Safety Stance; Omnicom Data Chief Steps Down; Image AI Models Outpace Chatbots in App Growth

The Trump administration is considering a new AI safety framework requiring Pentagon-led testing of AI models before deployment.

Privacy professionals

US lawmakers demand answers from Instructure after Canvas data breaches | TechCrunch

19 hours ago

Information security

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

20 hours ago

Privacy professionals

716,000 Impacted by OpenLoop Health Data Breach

Privacy professionals

Hackers tipped off Dutch telco Odido about its own data breach

fromwww.dw.com

Canvas owner secures student data in deal with hacking group

Instructure reached an agreement with ShinyHunters, received returned data, confirmed destruction, and said no customers will be extorted.

Canvas platform strikes deal with hackers to delete students' stolen data

Instructure reached an agreement with hackers to delete stolen Canvas data, returned it, and received shred-log confirmation, though complete certainty remains impossible.

US lawmakers demand answers from Instructure after Canvas data breaches | TechCrunch

House Homeland Security Committee lawmakers demand Instructure testimony about repeated cyberattacks, stolen student data, response actions, and coordination with CISA.

19 hours ago

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Instructure faced repeated Canvas intrusions, exploited Free-For-Teacher issues, and is temporarily shutting accounts while the House Homeland Security Committee demands incident details.

20 hours ago

716,000 Impacted by OpenLoop Health Data Breach

Hackers accessed OpenLoop Health systems in early January 2026 and stole personal information of 716,000 individuals, prompting security upgrades and identity monitoring for victims.

Hackers tipped off Dutch telco Odido about its own data breach

Odido learned two days late that a February hack caused a massive customer data breach, with phishing access and delayed discovery of stolen data.

fromwww.dw.com

Education

Canvas owner secures student data in deal with hacking group

Canvas platform strikes deal with hackers to delete students' stolen data

Instructure reached an agreement with hackers to delete stolen Canvas data, returned it, and received shred-log confirmation, though complete certainty remains impossible.

more#data-breach

fromwww.bbc.com

WhatsApp launches 'incognito' AI chat with private disappearing messages

WhatsApp introduced an incognito mode for AI chatbot private chats that prevents WhatsApp from reading conversations and removes chat history from users’ devices.

fromSecuritymagazine

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Cybersecurity is a top fast-growing skill and must be integrated into product delivery, since both protection gaps and misconfigured controls can cause outages, breaches, and lost trust.

European startups

fromTNW | Anthropic

22 hours ago

Mythos goes to Tokyo: Japanese banks to get Anthropic's vulnerability-hunting AI

MUFG, Mizuho, and SMFG are set to join Anthropic’s restricted Project Glasswing rollout within about two weeks, gaining access to Claude Mythos by end of May.

#ransomware

fromBusiness Matters

fromInside Higher Ed | Higher Education News, Events and Jobs

Information security

Stryker hack shows cyber intelligence is more important than ever

Information security

Instructure Pays Ransom to Canvas Hackers

Information security

Schools negotiate with hackers following Canvas data breach

fromwww.bbc.com

Information security

Cyber-crime increasingly coming with threats of physical violence

fromZDNET

Canvas breach disrupts schools nationwide: 6 steps to take now

Canvas experienced a cyberattack and data extortion attempt, with possible student data exposure and login disruption requiring immediate user defensive actions.

fromsfist.com

Hackers Breach Global Education Platform Used By SF State, UC Berkeley

Hackers shut down Canvas and threatened to release data unless ransom was paid, after breaching usernames, emails, and student IDs without evidence of passwords or highly sensitive data compromise.

fromBusiness Matters

Stryker hack shows cyber intelligence is more important than ever

A major medical device company’s devices were wiped after an Iran-linked ransomware attack, showing cyber threats can strike anytime and require urgent security priorities.

fromInside Higher Ed | Higher Education News, Events and Jobs

Instructure Pays Ransom to Canvas Hackers

Instructure paid ransom after Canvas was hacked twice, receiving confirmation of data destruction and assurance no customers will be extorted.

Schools negotiate with hackers following Canvas data breach

ShinyHunters claims to have stolen large volumes of Canvas data and schools are contacting the hackers to prevent public release during exam periods.

fromwww.bbc.com

Cyber-crime increasingly coming with threats of physical violence

Ransomware attacks increasingly include threats of physical violence, with a significant share of incidents involving harm to staff who refuse to pay.

fromZDNET

Canvas breach disrupts schools nationwide: 6 steps to take now

Canvas experienced a cyberattack and data extortion attempt, with possible student data exposure and login disruption requiring immediate user defensive actions.

fromsfist.com

Hackers Breach Global Education Platform Used By SF State, UC Berkeley

Hackers shut down Canvas and threatened to release data unless ransom was paid, after breaching usernames, emails, and student IDs without evidence of passwords or highly sensitive data compromise.

Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads

Vietnam plans a national cloud platform by 2035 to ensure data sovereignty, cybersecurity, and gradual replacement of foreign cloud services in state agencies.

Privacy technologies

fromMail Online

Experts issue urgent warning over doing a 'peace' sign in photos

Clear, well-lit selfies can let criminals extract fingerprints using AI and use them to access accounts and devices.

US politics

fromNextgov.com

'It would be insane' for spy agencies to not have AI model early access, lawmaker says

U.S. intelligence agencies should get early access to advanced AI models for hacking and cyberdefense, while Commerce should also help shape AI policy.

fromAlleyWatch

The AlleyWatch Startup Daily Funding Report: 5/12/2026

Frame Security - $50M Frame Security, a cybersecurity platform that trains employees to recognize and respond to AI-powered social engineering, deepfake, and phishing attacks, has raised $50M in Venture funding led by Index Ventures, Team8, and Picture Capital, with Assaf Rappaport and Gil Capital. Frame Security was founded by Tal Shlomo and Sharon Shmueli in 2025.

Venture

fromMedium

AI's Double-Edged Sword: Innovation, Risk, and the Expanding Attack Surface

AI capability is expanding cybersecurity risks by turning intelligence and autonomy into attack vectors for fraud, misinformation, and physical threats.

FCC walks back router update ban before it bricked America's network security

The FCC extended update waivers for certain foreign-made routers to prevent millions of devices from becoming unpatched through at least January 1, 2029.

Tech industry

from24/7 Wall St.

AI Rally May Have Gone Too Far With Some Stocks Up 70% in a Month

AI-driven gains have broadened beyond core AI leaders, raising froth concerns as valuations rise and software earnings must catch up.

US bank reports itself after slinging customer data at 'unauthorized AI app'

A US bank reported unauthorized use of customer data in an unapproved AI application to the SEC due to the data’s volume and sensitivity, including SSNs.

fromThe Verge

Canvas owner reaches 'agreement' with hackers to secure stolen data

Instructure reached an agreement with hackers after a Canvas breach, claiming stolen data was returned and customers will not be extorted.

fromComputerworld

fromInside Higher Ed | Higher Education News, Events and Jobs

OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

Daybreak automates vulnerability detection, patch testing, and audit-ready verification to continuously secure software across enterprise development lifecycles.

Higher education

Survey: CTOs on Cybersecurity, AI, the LMS and More

Nearly half of campus CTOs say technology change is unsustainable without new resources, with rising IT costs and major risks in talent, cybersecurity, and costs.

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Daybreak combines OpenAI frontier AI with Codex Security to help organizations find and patch vulnerabilities before attackers exploit them.

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.

Scammers Furious That Their Fellow Criminals Are Using AI, Saying It's Unethical

Generative AI is not fundamentally reshaping cybercrime, and many low-level scammers reject it to preserve social status and traditional attack methods.

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.

Scammers Furious That Their Fellow Criminals Are Using AI, Saying It's Unethical

Generative AI is not fundamentally reshaping cybercrime, and many low-level scammers reject it to preserve social status and traditional attack methods.

more#generative-ai

fromwww.theregister.com

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.

fromEngadget

Daybreak is OpenAI's response to Anthropic's Claude Mythos - Engadget

Daybreak applies OpenAI AI models to embed cybersecurity into software, prioritizing high-impact issues, accelerating patch creation, and returning audit-ready evidence to clients.

#education-technology

Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline

Instructure confirmed two Canvas intrusions, caused Canvas downtime, and reported stolen user and course metadata while stating core learning data was not compromised.

fromThe Washington Post

US news

Canvas hack exposes schools' vulnerability to cyberattacks

fromTechRepublic

ShinyHunters Extorts Universities in New Instructure Canvas Hack

ShinyHunters-linked attackers defaced Instructure Canvas login portals, locking students out during finals week and exposing SaaS security risks for schools.

Cyber-attack on system widely used in US education disrupts final exams

A major Canvas outage disrupted US schools and universities, forcing exam delays, workarounds, and phishing warnings as students lost access to course materials.

Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline

Instructure confirmed two Canvas intrusions, caused Canvas downtime, and reported stolen user and course metadata while stating core learning data was not compromised.

fromThe Washington Post

US news

Canvas hack exposes schools' vulnerability to cyberattacks

fromTechRepublic

ShinyHunters Extorts Universities in New Instructure Canvas Hack

ShinyHunters-linked attackers defaced Instructure Canvas login portals, locking students out during finals week and exposing SaaS security risks for schools.

more#education-technology

Cyber-attack on system widely used in US education disrupts final exams

A major Canvas outage disrupted US schools and universities, forcing exam delays, workarounds, and phishing warnings as students lost access to course materials.

Google Alarmed by Formidable AI-Powered Zero-Day Cyberattack

A cyberattack used AI to discover and weaponize an unknown zero-day flaw, potentially bypassing two-factor authentication on a web administration tool, but was thwarted.

London startup

fromComputerWeekly.com

Security chiefs 'too polite' for startups, says cyber flywheel founder Alastair Paterson | Computer Weekly

CISOs often avoid clear feedback to startups, slowing innovation; startups need specific conditions for future interest rather than vague non-commitment.

Exclusive: Index Ventures backs Frame's $50 million bet that employees are still cybersecurity's weakest link | Fortune

AI-enabled phishing makes employees a primary attack surface, driving demand for realistic, company-specific human risk security training.

fromEntrepreneur

Why Trained Employees Are Still Falling for Phishing Attacks

AI-generated phishing messages are increasingly sophisticated, making them harder to detect and leading employees to fall for them despite training.

fromFortune

Exclusive: Index Ventures backs Frame's $50 million bet that employees are still cybersecurity's weakest link | Fortune

AI-enabled phishing makes employees a primary attack surface, driving demand for realistic, company-specific human risk security training.

fromEntrepreneur

Why Trained Employees Are Still Falling for Phishing Attacks

AI-generated phishing messages are increasingly sophisticated, making them harder to detect and leading employees to fall for them despite training.

Digital Trust and Identity at ISC West

Adversaries exploit gaps across physical, digital, and human systems, making human trust and identity the primary security battlefield.

fromthenextweb.com

Anthropic Mythos AI finds thousands of zero-day vulnerabilities as Fed and Treasury convene bank CEOs on cyber rik

Claude Mythos Preview identified thousands of zero-day vulnerabilities, prompting urgent bank discussions and warning of a six-to-twelve month patch window before adversaries replicate capability.

Canada news

fromwww.cbc.ca

A cyberattack hit universities worldwide, including top Canadian schools. Here's what we know | CBC News

Canvas incident affected thousands of schools, potentially exposing student and instructor data, while Instructure reported no evidence of password, financial, or government-ID compromise.

UK news

Worried Britons prepping' for major disruption with stash of tins and cash, survey shows

Many people in the UK are preparing for major disruption by keeping cash and home supplies in case of payment failures, outages, or disasters.

Roam Research

Hacker Takes Over Robot Lawnmower, Runs Over Innocent Man

Autonomous lawn robots with shared default credentials and weak security can be remotely controlled, enabling widespread harm, theft, or spying.

U.S. defense contractor who sold hacking tools to Russian broker ordered to pay $10 million to former employers | TechCrunch

A cybersecurity executive ordered to pay $10 million in restitution for leaking advanced hacking and surveillance trade secrets to a Russian-linked broker.

#ai-regulation

What's behind Washington's AI safety pivot

The U.S. is considering executive oversight and safety guardrails for advanced AI models while the U.S. and China explore official AI discussions to avoid an arms race.

Trump jumps from 'anything goes' to 'strict regulation' AI policy

Trump dismantled Biden’s AI safety rules and is now considering government review for high-risk frontier models before public release.

What's behind Washington's AI safety pivot

The U.S. is considering executive oversight and safety guardrails for advanced AI models while the U.S. and China explore official AI discussions to avoid an arms race.

Trump jumps from 'anything goes' to 'strict regulation' AI policy

Trump dismantled Biden’s AI safety rules and is now considering government review for high-risk frontier models before public release.

Why the EU sees Chinese solar tech as a major security risk

EU blocks funding for Chinese-made solar inverters due to potential cybersecurity risks to Europe’s power grid, including possible large-scale blackouts.

fromFlowingData

State healthcare sites sending data to tech companies

TikTok used preset keyword lists to filter prohibited sensitive categories, but missing terms were not filtered, making the system flawed and brittle.

fromBuzzFeed

Apparently Not Checking This WiFi Setting Is Like "Leaving Your Front Door Open" To Hackers

Protect home internet privacy by changing default router settings and using strong passwords to prevent hackers from accessing personal data.

fromThe Cipher Brief

fromLondon Business News | Londonlovesbusiness.com

Corporate Cybersecurity Is the New Frontline of National Security

The battlefield is corporate, the targeting is consequential, and the effects are systemic. Ransomware campaigns now disrupt healthcare systems at scale, producing effects once associated with geopolitical bombing campaigns without crossing a border. Nation-state actors maintain persistent access inside critical infrastructure not to destroy, but to position.

Information security

Russo-Ukrainian War

Russia shuts down internet in capital as confidence in its own security collapses - London Business News | Londonlovesbusiness.com

Mobile internet, SMS, and pre-approved website access will be temporarily restricted in Moscow during Victory Day on May 9.

Digital life

fromFast Company

Tech spring-cleaning: How to declutter your devices and accounts

Removing dormant accounts, forgotten files, and unused apps reduces exposure to scammers and shrinks the digital attack surface.

Higher education

fromLos Angeles Times

Massive Canvas data breach hits colleges across California and nation, crippling student work

Canvas went offline during finals week after a cybersecurity breach at Instructure, locking students and faculty out of coursework while attackers demanded payment.

Tech industry

fromsfist.com

SF-Based Cloudflare Slashes 1,100 Jobs, Citing 'Agentic AI Era'

Cloudflare will lay off 1,100 employees globally, citing AI-driven changes that require reimagining internal processes, teams, and roles.

OpenAI makes its rival to Anthropic's Mythos more widely available to cyber defenders

OpenAI releases GPT-5.5-Cyber for vetted cyber defenders to enhance security practices.

SF politics

fromNextgov.com

Senator warns CISA election security pullback could leave midterms vulnerable

Mark Warner demands answers from DHS regarding reduced election security support ahead of the 2026 midterms, raising concerns about cyber threats and foreign interference.

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

A new Mirai-derived botnet named xlabs_v1 targets Android devices with exposed ADB for DDoS attacks.

fromComputerWeekly.com

UK financial security experts participate in sector-wide hackathon | Computer Weekly

The UK Financial Services Security Hackathon tested incident readiness and collaboration among banks, fintechs, and regulators to enhance cyber defense capabilities.

Arctic Wolf kicks 250 employees out of the pack to save money for AI

"We recently made an organizational restructuring to better align the company's structure and investments with our long‑term strategy. While these decisions are difficult, they position Arctic Wolf to operate more efficiently, continue investing in our Superintelligence platform and Agentic SOC, and deliver strong value to customers."

Tech industry

AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys | TechCrunch

Braintrust urged customers to revoke and replace API keys after unauthorized access to its AWS cloud account was confirmed.

Privacy technologies

fromZDNET

Why Edge stores your passwords in plaintext, according to Microsoft

Microsoft Edge stores passwords in plaintext in RAM when used as a password manager.

fromSecuritymagazine

Security Experts Discuss Proposed Government Patching Deadlines

U.S. cyber officials propose reducing vulnerability patching timelines from weeks to three days due to accelerated cyber threats from AI advancements.

fromSecuritymagazine

Cybersecurity Professionals Need to Think Like Business Leaders

Cybersecurity professionals must communicate in business terms to secure necessary resources and support from executive leadership.

fromwww.theregister.com

Denic sorry for DNSSEC error that crashed Germany's internet

Denic stated that the problems were first detected at 21:57 on April 5, and engineers rolled out fixes by 01:15. The issues were related to Domain Name System Security Extensions (DNSSEC), and faulty DNSSEC signatures were distributed.

Germany news

BTIG Just Got Bullish on Palo Alto Networks: Price Target Climbs to $216 on Improving Channel Checks

BTIG raised Palo Alto Networks' stock price target to $216, citing improved partner feedback and strong revenue growth.

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

A critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS allows unauthenticated remote code execution, affecting specific firewall versions.

from24/7 Wall St.

BTIG Just Got Bullish on Palo Alto Networks: Price Target Climbs to $216 on Improving Channel Checks

BTIG raised Palo Alto Networks' stock price target to $216, citing improved partner feedback and strong revenue growth.

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

A critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS allows unauthenticated remote code execution, affecting specific firewall versions.

more#palo-alto-networks

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

MuddyWater, an Iranian hacking group, executed a ransomware attack using social engineering techniques, disguising it as opportunistic extortion.

Iranian APT Intrusion Masquerades as Chaos Ransomware Attack

MuddyWater conducted a state-sponsored intrusion disguised as a ransomware attack without deploying actual ransomware.

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

MuddyWater, an Iranian hacking group, executed a ransomware attack using social engineering techniques, disguising it as opportunistic extortion.

Iranian APT Intrusion Masquerades as Chaos Ransomware Attack

MuddyWater conducted a state-sponsored intrusion disguised as a ransomware attack without deploying actual ransomware.

The Hacker News Launches 'Cybersecurity Stars Awards 2026' - Submissions Now Open

The CyberStars Awards 2026 recognize excellence in cybersecurity, highlighting often unnoticed contributions from individuals and organizations.

CISA: Critical Infrastructure Must Master Isolation, Recovery

CISA warns US critical infrastructure operators of persistent threats from nation-state actors and introduces CI Fortify to enhance resilience against cyberattacks.

Quasar Linux malware targets DevOps environments

A new Linux malware named Quasar Linux (QLNX) targets developers, employing stealth techniques and extensive espionage capabilities to remain undetected.

fromLondon Business News | Londonlovesbusiness.com

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

CloudZ RAT and Pheno plugin facilitate credential theft by exploiting Microsoft Phone Link, allowing interception of sensitive mobile data without malware on devices.

EU data protection

Britain's businesses hit by triple squeeze of costs and weak growth - London Business News | Londonlovesbusiness.com

UK organisations face rising costs, weak growth, and cybersecurity threats, hindering AI adoption due to skills shortages and data protection concerns.

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

A sophisticated supply chain attack targets organizations through malicious code in Daemon Tools software, affecting multiple countries and sectors.

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

Palo Alto Networks is addressing a critical zero-day vulnerability in PAN-OS affecting certain firewall models, allowing unauthorized code execution.

fromTheregister

India orders infosec red alert in case Mythos sparks crime

India's Securities and Exchange Board urges immediate review of information security systems due to potential risks from AI-driven vulnerability identification tools.

fromInside Higher Ed | Higher Education News, Events and Jobs

"PAY OR LEAK": Hackers Target Big Higher Ed Vendor

Higher education institutions are increasingly targeted by cybercriminals, with a recent breach affecting 275 million individuals through a third-party vendor.

fromEntrepreneur