#cybersecurity
#cybersecurity

59 minutes ago

Privacy professionals

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

France news

France's 'Secure' ID agency probes claimed 19M record breach

Privacy professionals

Lovable left AI prompts and user data exposed, one researcher found

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

59 minutes ago

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

Rituals confirmed a data breach affecting customers' personal information after hackers stole data from its membership database.

France news

France's 'Secure' ID agency probes claimed 19M record breach

A significant data breach may have exposed personal information of up to 19 million individuals in France.

Lovable left AI prompts and user data exposed, one researcher found

Lovable's platform exposed users' private data, including chat histories and source code, to other users due to a significant data breach.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

Got personal financial, medical data you'd like to keep private? Good luck.Got personal financial, medical data you'd like to keep private? Good luck. - Harvard Gazette

New AI models may increase the risk of cybercriminals breaching secure systems, exposing personal data.

1 hour ago

Information security

UK to build 'national cyber shield' to protect against AI cyber threats | Computer Weekly

fromZDNET

Information security

Google bets $32B on AI agent cyber force as security arms race escalates

Information security

Claude Mythos Finds 271 Firefox Vulnerabilities

6 hours ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

Software development

12 hours ago

Mythos found 271 Firefox flaws - none a human couldn't spot

Mythos AI model significantly improves bug detection, identifying 271 vulnerabilities in Firefox 150, marking a pivotal moment for software security.

fromHarvard Gazette

56 minutes ago

Got personal financial, medical data you'd like to keep private? Good luck.Got personal financial, medical data you'd like to keep private? Good luck. - Harvard Gazette

New AI models may increase the risk of cybercriminals breaching secure systems, exposing personal data.

1 hour ago

UK to build 'national cyber shield' to protect against AI cyber threats | Computer Weekly

The UK is developing a national cyber defense strategy to combat threats from hostile states and AI-driven attacks.

fromZDNET

Google bets $32B on AI agent cyber force as security arms race escalates

Google introduces AI agents for cyber defense, enhancing threat detection and mitigation capabilities against increasingly sophisticated cyberattacks.

Claude Mythos Finds 271 Firefox Vulnerabilities

Claude Mythos AI model identified 271 vulnerabilities in Firefox, leading to the release of version 150 with multiple patches.

6 hours ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

Software development

12 hours ago

Mythos found 271 Firefox flaws - none a human couldn't spot

Mythos AI model significantly improves bug detection, identifying 271 vulnerabilities in Firefox 150, marking a pivotal moment for software security.

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester has deployed a new Linux version of its GoGra backdoor targeting entities in South Asia using Microsoft Graph API for covert operations.

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention

A new wiper malware, Lotus Wiper, targets the energy sector, disrupting operations and leaving systems unrecoverable.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

46 minutes ago

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester has deployed a new Linux version of its GoGra backdoor targeting entities in South Asia using Microsoft Graph API for covert operations.

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention

A new wiper malware, Lotus Wiper, targets the energy sector, disrupting operations and leaving systems unrecoverable.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign

North Korea's Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026.

2 hours ago

After Bluesky, Mastodon Targeted in DDoS Attack

Mastodon experienced a major DDoS attack, causing significant outages, shortly after a similar attack on Bluesky.

2 hours ago

UK government says 100 countries have spyware that can hack people's phones | TechCrunch

More than half of the world's governments now have access to commercial spyware, increasing risks for citizens and critical infrastructure.

3 hours ago

Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

Hostile nations like Russia, Iran, and China are the primary sources of serious cyberattacks in the U.K.

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

A Mirai botnet exploits a command injection vulnerability in discontinued D-Link routers, posing risks to connected devices.

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

A new data wiper named Lotus Wiper targets Venezuela's energy sector, erasing files and disrupting operations without financial motives.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

6 hours ago

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

#ai-security

fromThe Verge

Information security

Anthropic's most dangerous AI model just fell into the wrong hands

Artificial intelligence

Anthropic investigates report of rogue access to hack-enabling Mythos AI

fromTNW | Anthropic

9 hours ago

Information security

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Artificial intelligence

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

Information security

Prompt injection proves AI models are gullible like humans

fromThe Verge

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.

Anthropic investigates report of rogue access to hack-enabling Mythos AI

Unauthorized access to Anthropic's Mythos model poses significant cybersecurity risks.

fromTNW | Anthropic

9 hours ago

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

Anthropic is investigating unauthorized access to its Claude Mythos model, which is designed to identify cybersecurity flaws.

fromTNW | Us

Trump says Anthropic Pentagon deal is 'possible'

Anthropic's AI models may be used by the Department of Defense following positive discussions with the White House, despite previous federal restrictions.

Washington DC

Anthropic's relationship with the Trump administration seems to be thawing | TechCrunch

fromEngadget

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

Anthropic is investigating unauthorized access to its Claude Mythos model, which is designed to identify cybersecurity flaws.

fromTNW | Us

Trump says Anthropic Pentagon deal is 'possible'

Anthropic's AI models may be used by the Department of Defense following positive discussions with the White House, despite previous federal restrictions.

Washington DC

Anthropic's relationship with the Trump administration seems to be thawing | TechCrunch

Arctic Wolf introduces Decipio for rapid detection of credential theft

Decipio helps detect credential theft early, allowing security teams to identify attackers before they cause damage.

Exclusive: OpenAI briefs feds and Five Eyes on new cyber product

OpenAI demonstrated its GPT-5.4-Cyber model to federal cyber defense practitioners, emphasizing a dual-track access approach for government and commercial users.

21 hours ago

Sam Altman throws shade at Anthropic's cyber model, Mythos: 'fear-based marketing' | TechCrunch

OpenAI's Sam Altman criticizes Anthropic's fear-based marketing strategy regarding its new cybersecurity model, Mythos.

fromAxios

Exclusive: OpenAI briefs feds and Five Eyes on new cyber product

OpenAI demonstrated its GPT-5.4-Cyber model to federal cyber defense practitioners, emphasizing a dual-track access approach for government and commercial users.

21 hours ago

Sam Altman throws shade at Anthropic's cyber model, Mythos: 'fear-based marketing' | TechCrunch

OpenAI's Sam Altman criticizes Anthropic's fear-based marketing strategy regarding its new cybersecurity model, Mythos.

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

DevOps

fromInfoQ

16 hours ago

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Centralized governance and remote infrastructure are essential for secure Model Context Protocol deployments, addressing risks like prompt injection and supply chain attacks.

fromTechzine Global

9 hours ago

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.

DevOps

16 hours ago

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

11 hours ago

UK could face hacktivist attacks at scale', says head of security agency

Richard Horne stated that the UK could face hacktivist attacks at scale if it becomes embroiled in a conflict, with impacts similar to recent ransomware incidents.

Information security

16 hours ago

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

Europe news

fromwww.independent.co.uk

15 hours ago

Ukraine war briefing: Quick loan in pipeline as Druzhba reopens

The Druzhba pipeline is set to resume operations after repairs, while Ukraine anticipates EU approval for a significant loan following Hungary's political changes.

UK politics

19 hours ago

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

19 hours ago

Cheapskate cyber strategy won't stop Beijing's finest

State-sponsored cyberattacks from China represent a sophisticated and significant threat in modern warfare, necessitating preparedness for potential conflict.

#ransomware

Healthcare

Ex-FBI lead urges homicide charges against ransomware scum

Information security

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

fromNextgov.com

Healthcare

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Healthcare

Ex-FBI lead urges homicide charges against ransomware scum

Cyberattacks causing death should be treated as murder, urging felony homicide charges against ransomware actors targeting healthcare facilities.

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

more#ransomware

fromFuturism

22 hours ago

Chinese Workers Horrified as Bosses Direct Them to Train Their AI Replacements

Mercor hires job-seekers to train AI models that may replace them, reflecting a trend towards automation in the workforce.

22 hours ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

More Cisco SD-WAN bugs battered in attacks

CISA warns of active attacks on three Cisco Catalyst SD-WAN Manager vulnerabilities, urging federal agencies to patch within four days.

fromMail Online

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

fromDevOps.com

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable - DevOps.com

A critical vulnerability in a Microsoft GitHub repository allows attackers to exploit CI/CD infrastructure and run arbitrary code.

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

22 new vulnerabilities in serial-to-IP converters could allow attackers to hijack devices and tamper with data.

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

22 new vulnerabilities in serial-to-IP converters could allow attackers to hijack devices and tamper with data.

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

more#vulnerabilities

M&S one year on: turning anticipation into secure by design | Computer Weekly

Retailers must prioritize preparedness for cyber attacks, focusing on third-party risk and continuous visibility across their supply chains.

fromAxios

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

Anthropic decided against a public release of Mythos due to its unprecedented ability to quickly discover and exploit security vulnerabilities, providing it to more than 40 companies and organizations for testing.

Information security

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Cryptocurrency

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

North Korea-linked Lazarus Group executed a $290 million cryptocurrency heist from Kelp DAO using sophisticated attack methods.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Cryptocurrency

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

North Korea-linked Lazarus Group executed a $290 million cryptocurrency heist from Kelp DAO using sophisticated attack methods.

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

MTTR is impacted by structural issues in threat intelligence integration, not just analyst availability.

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

A vulnerability in Google's Antigravity IDE allowed code execution through insufficient input sanitization in the find_by_name tool.

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

A critical vulnerability in the Model Context Protocol allows remote code execution, affecting over 7,000 servers and compromising sensitive data.

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

A vulnerability in Google's Antigravity IDE allowed code execution through insufficient input sanitization in the find_by_name tool.

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

A critical vulnerability in the Model Context Protocol allows remote code execution, affecting over 7,000 servers and compromising sensitive data.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromWIRED

They Built a Legendary Privacy Tool. Now They're Sworn Enemies

GrapheneOS is highly regarded for mobile security, but its creator, Daniel Micay, has a controversial and enigmatic reputation within the cybersecurity community.

Iran claims US used backdoors in networking equipment

Iran claims the US sabotaged its networking equipment during the war using backdoors or botnets.

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

2026's Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable

2026 has seen significant cyber threats, including a major FBI hack and the discovery of the DarkSword iPhone exploit framework.

US Security Agency Leverages Claude Mythos Despite Pentagon Blacklist

The Pentagon has designated Anthropic as a supply-chain risk, yet the NSA is using its new model, Claude Mythos Preview.

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Mastodon's flagship server experienced a DDoS attack, causing significant outages and instability, but countermeasures were implemented to restore access.

fromMail Online

CrunchyRoll users slammed with lawsuit as millions of users exposed

Crunchyroll faces a class-action lawsuit after a data breach exposed personal information of 6.8 million users due to inadequate data security.

NSA spies are reportedly using Anthropic's Mythos, despite Pentagon feud | TechCrunch

The NSA is reportedly using Anthropic's Mythos model for cybersecurity despite previous tensions over access to AI capabilities.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

fromInfoWorld

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

fromInfoWorld

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

fromTechzine Global

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have targeted a vulnerability in discontinued TP-Link routers for a year without successful exploitation, according to Palo Alto Networks.

Venture

fromAlleyWatch

3 days ago

#NYCtech Week in Review: 4/12/26 - 4/18/26

NYC Tech News highlights recent startup funding, exits, and events, featuring companies like Chapter, Artemis, and Bluefish.

Software development

The hidden risks of vibe coding: 4 steps to protect your organization

Vibe coding democratizes software development but poses significant cybersecurity risks due to unknown origins of AI-generated code.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.