#operation-padlock
#operation-padlock

17 hours ago

How Physical Security Data Is Supporting Public Safety Challenges

Physical security data is primarily used for officer safety, situational awareness, and responding to public safety emergencies.

#cybersecurity

fromMail Online

Privacy technologies

How to create secure passwords - it might be time to switch to passkey

Privacy professionals

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

fromWIRED

19 hours ago

Science

Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program-and Predates Stuxnet

DevOps

The Security Metric That's Failing You

Privacy technologies

fromwww.theguardian.com

3 hours ago

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

fromComputerWeekly.com

BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly

BT and EE have blocked over a billion clicks to malicious websites using intelligence from the UK's National Cyber Security Centre.

Privacy technologies

fromMail Online

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

A Chinese national impersonated U.S. researchers to obtain sensitive information from NASA and other entities, violating export control laws.

Science

fromWIRED

19 hours ago

Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program-and Predates Stuxnet

Fast16 is a sophisticated malware capable of subtly tampering with calculation and simulation software, likely created by the US or an ally.

DevOps

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

Privacy technologies

fromwww.theguardian.com

3 hours ago

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

fromComputerWeekly.com

BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly

BT and EE have blocked over a billion clicks to malicious websites using intelligence from the UK's National Cyber Security Centre.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner - DevOps.com

Agentic AI proactively identifies and addresses security vulnerabilities in real-time during code development, enhancing application security significantly.

4 hours ago

Information security

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Software development

fromDevOps.com

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner - DevOps.com

Agentic AI proactively identifies and addresses security vulnerabilities in real-time during code development, enhancing application security significantly.

4 hours ago

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

Apple just fixed an iOS flaw exploited by the FBI - here's what happened

iOS 26.4.2 fixes a vulnerability that allowed the FBI to access deleted Signal messages via push notifications.

fromwww.cbc.ca

23 hours ago

Police arrest 3 people in cybercrime investigation, seize SMS blasters' used to defraud victims | CBC News

The investigation began in November 2025, when police were alerted to a suspected SMS blaster operating in downtown Toronto. Police later determined that the blaster was operating out of a car, which allowed it to move around the city and Greater Toronto Area.

Canada news

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

#artificial-intelligence

Artificial intelligence

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

fromFortune

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

Artificial intelligence

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

fromFortune

more#artificial-intelligence

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

fromArs Technica

20 hours ago

Now, even ransomware is using post-quantum cryptography

Kyber's use of PQC key-exchange algorithms serves more as a marketing tactic than a practical security measure against imminent quantum threats.

3 hours ago

Another spyware maker caught distributing fake Android snooping apps | TechCrunch

Morpheus, a new malware identified by Osservatorio Nessuno, masquerades as a phone updating app and is capable of stealing a broad range of data from an intended target's device.

Privacy professionals

Apple

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple has released a software update to fix a flaw in iOS and iPadOS that retained deleted notifications on devices.

ShinyHunters claim they have cruise giant Carnival's booty

Carnival Corporation faces a significant data breach involving 7.5 million email addresses linked to its Mariner Society loyalty program.

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

fromArs Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

fromArs Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.

more#microsoft

4 hours ago

Microsoft offers IT admins a way to remove Copilot

The Copilot app cannot be removed arbitrarily. Three cumulative conditions apply: Microsoft 365 Copilot must also be installed on the device, the Copilot app must not have been installed by the user themselves, and the app must not have been launched in the past 28 days.

Privacy technologies

Another customer of troubled startup Delve suffered a big security incident | TechCrunch

Delve faces multiple allegations and security incidents, leading to loss of customers and damaged reputation.

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

#malware

Information security

CISA, NCSC issue Firestarter backdoor warning

10 hours ago

Information security

Researchers find sabotage malware that may predate Stuxnet

Information security

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Information security

Fake Google Antigravity Installer Can Steal Accounts in Minutes

fromInfoWorld

Information security

Malicious pgserve, automagik developer tools found in npm registry

1 week ago

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

10 hours ago

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.

fromInfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

1 week ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability in LMDeploy is actively exploited, allowing attackers to access sensitive data and internal networks.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

#ai

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

Information security

Microsoft is using Mythos to detect vulnerabilities

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

from24/7 Wall St.

Information security

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

AI surpasses most humans in finding software flaws, prompting a defensive coalition to enhance cybersecurity.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

from24/7 Wall St.

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

AI surpasses most humans in finding software flaws, prompting a defensive coalition to enhance cybersecurity.

more#ai

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

12 hours ago

The Top 8 Enterprise VPN Solutions

Secure remote connections are critical for businesses to prevent data breaches, with enterprise VPN solutions being a top priority.

7 hours ago

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.

Information security

fromZero Day Initiative

Zero Day Initiative - CVE-2026-33824: Remote Code Execution in Windows IKEv2

Detection of attacks exploiting this vulnerability requires monitoring specific UDP ports and correlating IKE packets in sequence.

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.

#bitwarden

Information security

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

9 hours ago

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

9 hours ago

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.

fromSitePoint Forums | Web Development & Design Community

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromZDNET

16 hours ago

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

#data-breach

Information security

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign

North Korea's Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.

fromWIRED

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.

fromEngadget

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments.

Information security

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOMs and VEX statements fail to enhance software supply chain security due to poor decision-making and inconsistent interpretation of available data.

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

fromComputerWeekly.com

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromInfoWorld

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

4 days ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

4 days ago

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

4 days ago

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

6 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.