#kill-switch
#kill-switch

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

A Chinese national impersonated U.S. researchers to obtain sensitive information from NASA and other entities, violating export control laws.

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

Privacy technologies

fromThe Local Germany

4 hours ago

As phishing attacks hit Germany - how secure is Signal messenging app?

Signal, a secure messaging app, faces phishing attacks linked to Russian groups, raising concerns about its security despite its end-to-end encryption.

Software development

6 hours ago

Hot take: AI's not going to kill open source code security

Cal.com has shifted from AGPL-3.0 to a proprietary license, raising concerns about open source security in the AI era.

4 hours ago

Windows second-chance setup hurts IT, productivity

Windows 11 greets users with a confusing message: 'You're almost done setting up your PC.' This prompts frustration as users question what tasks remain incomplete.

Digital life

DevOps

2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

Business intelligence

How Physical Security Data Is Supporting Public Safety Challenges

Physical security data is primarily used for officer safety, situational awareness, and responding to public safety emergencies.

fromArs Technica

1 day ago

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.

#artificial-intelligence

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

fromFortune

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

fromFortune

more#artificial-intelligence

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

Remote teams

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

fromTechCrunch

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

2 weeks ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

fromTechCrunch

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

2 weeks ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Information security

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Software development

fromDevOps.com

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner - DevOps.com

Agentic AI proactively identifies and addresses security vulnerabilities in real-time during code development, enhancing application security significantly.

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

Software development

fromDevOps.com

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner - DevOps.com

Agentic AI proactively identifies and addresses security vulnerabilities in real-time during code development, enhancing application security significantly.

more#agentic-ai

fromTechCrunch

Another spyware maker caught distributing fake Android snooping apps | TechCrunch

Morpheus, a new malware identified by Osservatorio Nessuno, masquerades as a phone updating app and is capable of stealing a broad range of data from an intended target's device.

Privacy professionals

Toxic Combinations: When Cross-App Permissions Stack into Risk

Moltbook's database exposure revealed significant security risks, including unencrypted credentials and API tokens, due to poor oversight of AI agent integrations.

#ai-security

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromZDNET

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromZDNET

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

more#ai-security

Microsoft offers IT admins a way to remove Copilot

The Copilot app cannot be removed arbitrarily. Three cumulative conditions apply: Microsoft 365 Copilot must also be installed on the device, the Copilot app must not have been installed by the user themselves, and the app must not have been launched in the past 28 days.

Privacy technologies

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.

1 day ago

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.

more#malware

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

#ai

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

Information security

Microsoft is using Mythos to detect vulnerabilities

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

from24/7 Wall St.

Information security

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

fromComputerworld

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

fromwww.bbc.com

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

from24/7 Wall St.

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

AI surpasses most humans in finding software flaws, prompting a defensive coalition to enhance cybersecurity.

fromComputerworld

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

fromwww.bbc.com

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

#microsoft

Information security

Remote Desktop security beefed up with hard-to-read messages

fromArs Technica

Information security

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

fromArs Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.

Now, even ransomware is using post-quantum cryptography

Kyber's use of PQC key-exchange algorithms serves more as a marketing tactic than a practical security measure against imminent quantum threats.

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.

Information security

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability in LMDeploy is actively exploited, allowing attackers to access sensitive data and internal networks.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

1 day ago

Wiz founder: Hack yourself with AI, before the bad guys do | Computer Weekly

Security leaders should proactively use AI tools on their systems to gain an advantage against cyber threats.

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.

fromZero Day Initiative

Zero Day Initiative - CVE-2026-33824: Remote Code Execution in Windows IKEv2

Detection of attacks exploiting this vulnerability requires monitoring specific UDP ports and correlating IKE packets in sequence.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromSitePoint Forums | Web Development & Design Community

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

fromTNW | Anthropic

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

#cyber-security

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.

fromEngadget

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments.

Information security

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOMs and VEX statements fail to enhance software supply chain security due to poor decision-making and inconsistent interpretation of available data.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

fromInfoWorld

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

more#security

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromInfoWorld

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.