#cybersecurity
#cybersecurity

New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert

A phishing scam mimics an Apple security alert to trick users into calling a fake support number and potentially compromising their accounts.

Germany politics

fromThe Local Germany

33 minutes ago

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.

Deliverability

New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert

A phishing scam mimics an Apple security alert to trick users into calling a fake support number and potentially compromising their accounts.

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

2 hours ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

more#vulnerabilities

fromArs Technica

13 hours ago

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.

from24/7 Wall St.

15 hours ago

Cybersecurity ETFs Face a Reckoning: Which 3 Will Weather the Downturn

Cybersecurity spending is essential for corporations, leading to increased investment in thematic ETFs focused on security budgets post-breach.

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

Copperhelm raised $7 million for its AI-driven cloud security platform that autonomously monitors and remediates threats in real time.

2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

Copperhelm raised $7 million for its AI-driven cloud security platform that autonomously monitors and remediates threats in real time.

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromThe Cipher Brief

America's Cyber Strategy Has a Budget Problem

The U.S. is underfunding cybersecurity efforts, particularly CISA, despite increasing cyberattack threats.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

fromComputerworld

14 hours ago

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

Trump's pick to run US cyber agency CISA asks to drop out | TechCrunch

Sean Plankey withdrew his nomination to lead CISA, leaving the agency without a permanent leader amid ongoing cybersecurity challenges.

fromThe Cipher Brief

America's Cyber Strategy Has a Budget Problem

The U.S. is underfunding cybersecurity efforts, particularly CISA, despite increasing cyberattack threats.

Plankey withdraws nomination to lead CISA

Sean Plankey has withdrawn his nomination to lead the Cybersecurity and Infrastructure Security Agency after a year of waiting for Senate confirmation.

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.

17 hours ago

Information security

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Information security

CISA, NCSC issue Firestarter backdoor warning

20 hours ago

Information security

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Information security

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Information security

Researchers find sabotage malware that may predate Stuxnet

15 hours ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.

17 hours ago

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

20 hours ago

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Malicious apps impersonating cryptocurrency wallets on the Apple App Store aim to steal recovery phrases and private keys.

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

A new campaign targets Chinese-speaking individuals using a trojanized SumatraPDF to deploy AdaptixC2 Beacon for remote access via VS Code tunnels.

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Netherlands Faces Greatest National Security Threat Since World War Two

The Netherlands faces its greatest national security threat since World War Two, primarily from Russia and China.

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

fromZDNET

Information security

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Information security

Anthropic's Mythos breach was humiliating

Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

fromZDNET

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

more#ai-security

16 hours ago

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

Privacy professionals

16 hours ago

BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly

BT and EE have blocked over a billion clicks to malicious websites using intelligence from the UK's National Cyber Security Centre.

17 hours ago

ShinyHunters claim they have cruise giant Carnival's booty

Carnival Corporation faces a significant data breach involving 7.5 million email addresses linked to its Mariner Society loyalty program.

#passkeys

fromwww.bbc.com

Privacy technologies

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

Privacy technologies

NCSC: Passkeys now good enough to be the default standard

The NCSC endorses passkeys as the default authentication standard, urging consumers to abandon passwords for enhanced security.

Privacy technologies

NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly

Consumers are urged to replace passwords with passkeys for better security and ease of access to online services.

fromwww.bbc.com

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

People in the UK are encouraged to use passkeys instead of passwords for better online security.

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

NCSC: Passkeys now good enough to be the default standard

The NCSC endorses passkeys as the default authentication standard, urging consumers to abandon passwords for enhanced security.

NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly

Consumers are urged to replace passwords with passkeys for better security and ease of access to online services.

Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune

Unauthorized access to AI models exposes vulnerabilities in cybersecurity, highlighting the rapid pace of AI-driven exploitation of flaws.

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

Project Glasswing reveals a significant gap in cybersecurity, as less than 1% of vulnerabilities discovered were patched.

Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune

Unauthorized access to AI models exposes vulnerabilities in cybersecurity, highlighting the rapid pace of AI-driven exploitation of flaws.

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

Project Glasswing reveals a significant gap in cybersecurity, as less than 1% of vulnerabilities discovered were patched.

more#ai-vulnerabilities

The Top 8 Enterprise VPN Solutions

Secure remote connections are critical for businesses to prevent data breaches, with enterprise VPN solutions being a top priority.

20 hours ago

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

21 hours ago

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

fromMail Online

21 hours ago

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

fromTechzine Global

Agentic AI is reshaping the network - and it's time to upgrade

Wireless connectivity is essential for AI, transforming industries and requiring strategic management to address complexity and security risks.

fromThe New Yorker

How Big a Threat Are Iranian-Backed Cyber Attacks?

Iranian cyber actors have accessed critical U.S. infrastructure, highlighting vulnerabilities in cybersecurity and the ongoing nature of nation-state hacking.

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike and Tenable reported serious vulnerabilities in their products, prompting customers to update to patched versions.

from24/7 Wall St.

Jim Cramer Says People Who Sold CrowdStrike on AI Fear Made the Biggest Mistake of 2026

Investors misjudged CrowdStrike's potential, as AI advancements create increased demand for cybersecurity rather than reducing it.

23 hours ago

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike and Tenable reported serious vulnerabilities in their products, prompting customers to update to patched versions.

from24/7 Wall St.

Jim Cramer Says People Who Sold CrowdStrike on AI Fear Made the Biggest Mistake of 2026

Investors misjudged CrowdStrike's potential, as AI advancements create increased demand for cybersecurity rather than reducing it.

more#crowdstrike

fromAxios

23 hours ago

The pope moves to police AI

The Vatican is enhancing cybersecurity and AI oversight, emphasizing ethical guidelines and human dignity in technology use.

fromBusiness Matters

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.

Cryptocurrency

fromThe Village Voice

Which VPN makes sense for crypto traders in 2026? - The Village Voice

Crypto traders must choose VPNs based on technical fundamentals like protocol choices, logging policies, and security features to protect their activities.

Claude Opus 4.7 has turned into an overzealous query cop

Opus 4.7's enhanced safeguards hinder legitimate use while aiming to prevent misuse.

fromIT Brew

fromTNW | Startups-Technology

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

#ai

Venture

Rilian raises $17.5 million to bring agentic AI to sovereign defence

Information security

Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos

Information security

Rilian Raises $17.5 Million for AI-Native Security Orchestration

fromTechzine Global

Information security

Microsoft is using Mythos to detect vulnerabilities

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

fromTNW | Startups-Technology

Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

Venture

Rilian raises $17.5 million to bring agentic AI to sovereign defence

Caspian platform automates threat detection and response in compliance-restricted environments using AI agents, enhancing cybersecurity for defense and national security.

Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos

A Chinese cybersecurity firm claims AI-driven vulnerability discovery capabilities rivaling Anthropic's Claude Mythos model.

Information security

Rilian Raises $17.5 Million for AI-Native Security Orchestration

fromTechzine Global

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

China-linked crews turn routers into covert attack proxies

China-linked threat actors exploit compromised routers and IoT devices to create proxy networks for cyber intrusions and data theft.

fromThe Cipher Brief

Anthropic Mythos - We've Opened Pandora's Box

Cybersecurity faces a new threat from AI systems like Anthropic Mythos, which can exploit vulnerabilities and shift the balance in favor of attackers.

A group of users leaked Anthropic's AI model Mythos by reportedly guessing where it was located | Fortune

Unauthorized access to Anthropic's Mythos model raises significant cybersecurity concerns.

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Supply chain vulnerabilities and AI tools exacerbate ongoing cyber threats, including state-backed crypto heists and active remote code execution exploits.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Luxury Cosmetics Giant Rituals Discloses Data Breach

Rituals experienced a data breach affecting My Rituals members' personal information, but no passwords or payment details were compromised.

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

Rituals confirmed a data breach affecting customers' personal information after hackers stole data from its membership database.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Luxury Cosmetics Giant Rituals Discloses Data Breach

Rituals experienced a data breach affecting My Rituals members' personal information, but no passwords or payment details were compromised.

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch

Rituals confirmed a data breach affecting customers' personal information after hackers stole data from its membership database.

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

Hybrid clouds have two attack surfaces - so watch both

Hybrid cloud management tools present significant security vulnerabilities that users often overlook.

#hacking

Chinese hackers are using everyday devices to hack UK firms, warns watchdog

British businesses must enhance vigilance against China-linked hacking using everyday devices for espionage.

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.

Chinese hackers are using everyday devices to hack UK firms, warns watchdog

British businesses must enhance vigilance against China-linked hacking using everyday devices for espionage.

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.

more#hacking

fromReadWrite

Caesars sued over 2026 data breach claims

Caesars Entertainment faces a class action lawsuit for failing to protect customer data during a second cyber incident after a previous breach in 2023.

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

NCSC's first gadget blocks malware transfer over HDMI cables

GCHQ's SilentGlass device protects display devices from cyberattacks by blocking malicious traffic between computers and monitors.

#artificial-intelligence

Information security

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Artificial intelligence

How Should Effective AI Red Teams Operate?

fromWIRED

Artificial intelligence

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

fromWIRED

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

Artificial intelligence is increasingly capable of executing sophisticated social engineering attacks, as demonstrated by the DeepSeek-V3 model.

more#artificial-intelligence

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.

fromTNW | Investors-Funding

Sharing isn't caring if it's an admin password: Pwned

The client wanted to 'keep things simple' for their team, so they used the same administrative password for both staging and production environments. That password was the hard-to-guess combination of 'admin123.'

Information security

#microsoft

European startups

Microsoft commits A$25 billion to Australia by 2029

Microsoft announces A$25 billion investment in Australia, expanding AI infrastructure and cybersecurity initiatives, and training three million Australians in AI skills by 2028.

fromTNW | Investors-Funding

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

European startups

Microsoft commits A$25 billion to Australia by 2029

Microsoft announces A$25 billion investment in Australia, expanding AI infrastructure and cybersecurity initiatives, and training three million Australians in AI skills by 2028.

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.

Microsoft: Most Windows 11 Users Don't Need Third-Party Antivirus

Windows 11's built-in security features may eliminate the need for third-party antivirus software for most users.

Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data

Hackers are increasingly using social engineering on Microsoft Teams to gain unauthorized access by impersonating IT support.

Cyber Command carried out over 8,000 missions in 2025, director says

U.S. Cyber Command conducted over 8,000 missions in 2025, marking a 25% increase from 2024, with expectations for further growth in 2026.

fromWIRED

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.

fromnews.bitcoin.com

Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign

North Korea's Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026.

After Bluesky, Mastodon Targeted in DDoS Attack

Mastodon experienced a major DDoS attack, causing significant outages, shortly after a similar attack on Bluesky.

UK government says 100 countries have spyware that can hack people's phones | TechCrunch

More than half of the world's governments now have access to commercial spyware, increasing risks for citizens and critical infrastructure.