LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the

After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. [...]

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a ...

HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)

This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request:

Robinhood Vulnerability Exploited for Phishing Attacks

Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites. The post Robinhood Vulnerability Exploited for Phishing Attacks appeared first on SecurityWeek .

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Vulnerabilities in Zero Motorcycles electric motorcycles and Yadea electric scooters can pose physical security and safety risks. The post Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety appeared first on SecurityWeek .

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek .

CVE-2026-3854 GitHub flaw enables remote code execution

Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise [ ]

Microsoft fixes Entra ID flaw enabling privilege escalation

Microsoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administrator role, which manages AI agent identities and access, and could be abused [ ]

Why Sharing a Screenshot Can Get You Jailed in the UAE

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.

Get Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity Summit

Security teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge shifts. It becomes not just about making decisions under pressure, but how well that preparation has set teams up to make the right decisions when things heat up. At this year’s Rapid7 Global Cybersecurity Summit , Persistence Under Pressure explores that shift directly. Former Special Forces operator Jason Fox draws on real-world experience where timing, clarity, and execution all have immediate consequences, and shows how that min

Access control with IAM Identity Center session tags

As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS accounts. It simplifies authentication, enhances security, and provides a seamless user sign-in experience to AWS services across diverse environments. […]

[webapps] Xibo CMS 4.3.0 - RCE via SSTI

Xibo CMS 4.3.0 - RCE via SSTI

[local] Fedora - Local Privilege Escalation

Fedora - Local Privilege Escalation

[webapps] LangChain Core 1.2.4 - SSTI/RCE

LangChain Core 1.2.4 - SSTI/RCE

CI/CD pipeline abuse: the problem no one is watching

How we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure DevOps pipelines.

NSA GRASSMARLIN

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. The following versions of NSA GRASSMARLIN are affected: GRASSMARLIN vers:all/* CVSS Vendor Equipment Vulnerabilities v3 5.5 NSA NSA GRASSMARLIN Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-6807 A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper ha

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabil

Product showcase: SimpleX Chat removes user identifiers from messaging

SimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including iOS, Android, Windows, macOS, and Linux. After downloading the app, the user creates a profile by entering a display name. The profile is stored locally on the device. After setup, the app prompts users to choose a notification mode. On first use, it also asks them to enable system More The post Product showcase: SimpleX Chat removes user identifiers from messaging appeared first on Help Net Security .

Sevii unveils Cyber Swarm Defense Mode to stop AI-driven attacks at scale

Sevii has unveiled a new capability designed to stop high-volume, AI-powered cyberattacks at machine speed and scale, without the burden of unpredictable AI token costs. Sevii’s Cyber Swarm Defense Mode (CSD) addresses a critical gap created by AI, namely the inability to sustain cyber performance and cost efficiency during large-scale, AI-driven attack swarms. As technologies like Mythos expand attack surfaces and compress the window between vulnerability discovery and exploitation, legacy security tools struggle to keep More The post Sevii unveils Cyber Swarm Defense Mode to stop AI-driven a

Purple Team

Purple Team Simulation Contact Us Solution Brief Overview Today’s cyber threats are no longer theoretical. Attackers operate with patience, precision, and a clear understanding of how to exploit gaps across technology, process, and people. Traditional security assessments often identify vulnerabilities, but they do not always answer the questions executives and security leaders care about most: […] The post Purple Team appeared first on HolistiCyber . The post Purple Team appeared first on Security Boulevard .

Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul

While tech leaders think about how to strategically deploy AI tools to support human intelligence needs, rank and filers express concerns about their livelihoods. The post Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul appeared first on CyberScoop .

What the March 2026 Threat Technique Catalog update means for your AWS environment

The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security incidents. We’re passionate about making sure that information is widely accessible so that everyone can improve their security posture and their organization’s resilience to disruption. The primary method we use to share this […]

Simplifying AWS defense with Microsoft Sentinel UEBA

Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. The post Simplifying AWS defense with Microsoft Sentinel UEBA appeared first on Microsoft Security Blog .

Five defender priorities from the Talos Year in Review

With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.

The Exchange Online security controls organizations keep getting wrong

In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussion covers default settings worth changing tomorrow, including legacy protocols like SMTP AUTH that survive due to printer, scanner, and ERP dependencies. Schnoll highlights overlooked controls such as Conditional Access, PIM, and continuous monitoring, plus blind spots in audit logs around More The post The Exchange Online security controls organ

How a Long-Lived API Credential Let an AI Agent Delete Production Data

4 min read What began as a routine staging task for a SaaS startup ended in a disaster that would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a worst-case production failure. In a detailed X post, Jer Crane, founder of PocketOS, a software platform for the rental car […] The post How a Long-Lived API Credential Let an AI Agent Delete Production Data appeared first on Aembit . The post How a Long-Lived API Credential Let an AI Agent Delete Production Data appeared first on Security Boulevard .

U.S. companies hit with record fines for privacy in 2025

The increase is being driven by powerful privacy laws in states like California, new interstate partnerships and a renewed focus on the privacy impacts of AI and automation. The post U.S. companies hit with record fines for privacy in 2025 appeared first on CyberScoop .

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets. The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared first on SecurityWeek .

CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity Monitoring

Quoting OpenAI Codex base_instructions

Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant to the user's query. — OpenAI Codex base_instructions , for GPT-5.5 Tags: openai , ai , llms , system-prompts , prompt-engineering , codex-cli , generative-ai , gpt

[un]prompted 2026 – Flash Talks

Author, Creator Presenter: Gadi Evron, CEO, Knostic. CFP Chair, [un]prompted Various Respected Authors, Creators Presenters Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel . Permalink The post [un]prompted 2026 Flash Talks appeared first on Security Boulevard .

[un]prompted 2026 – Detection & Deception Engineering In The Matrix

Author, Creator Presenter: Bob Rudis, V.P. Data Science, Security Research, Detection+Deception Engineering At GreyNoise Labs Glenn Thorpe, Sr. Director, Security Research Detection Engineering At GreyNoise Intelligence Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel . Permalink The post [un]prompted 2026 Detection & Deception Engineering In The Matrix appeared first on Security Boulevard .

Don't pay Vect a ransom - your data's likely already wiped out

'Full recovery is impossible for anyone, including the attacker' Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB.…

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution,

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT's locker permanently destroys large files rather than encrypting them means even victims who opt to

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including

Broken VECT 2.0 ransomware acts as a data wiper for large files

Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. [...]

Inside an OPSEC Playbook: How Threat Actors Evade Detection

Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. [...]

ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)

Vimeo Confirms User and Customer Data Breach

The ShinyHunters group is threatening to leak stolen files unless Vimeo agrees to pay a ransom. The post Vimeo Confirms User and Customer Data Breach appeared first on SecurityWeek .

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 cloned Open VSX extensions are likely sleeper extensions designed to distribute malware. The post Dozens of Open VSX Extension Clones Linked to GlassWorm Malware appeared first on SecurityWeek .

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via [ ]

Medtronic Confirms Data Breach After ShinyHunters Claims

Medtronic confirms IT breach as ShinyHunters claims millions of records accesseda

Ransomware Turf War as 0APT and KryBit Groups Trade Blows

Ransomware groups 0APT and KryBit have doxxed each other online

Chinese National Extradited Over Silk Typhoon Cyber Campaign

Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage

North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group

Fake CAPTCHA scam turns a quick click into a costly phone bill

Scammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut.

VECT: Ransomware by design, Wiper by accident

Key Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks [ ] The post VECT: Ransomware by design, Wiper by accident appeared first on Check Point Research .

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research

Chinese national Xu Zewei was extradited from Italy to the United States to face charges tied to an alleged cyber espionage campaign that breached thousands of computers worldwide. Xu is charged alongside Zhang Yu, who remains at large. According to court documents, officers of China’s Ministry of State Security (MSS), including its Shanghai State Security Bureau (SSSB), directed the hacking. Xu allegedly carried out the intrusions while working for Shanghai Powerock Network Co. Ltd., a More The post Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research appeared

How Identity, Geopolitics and Data Integrity Define Cyber Resilience

A good cyber framework is built on the assumption that disruption is inevitable, so it must be capable of anticipating, absorbing, and adapting to it. The post How Identity, Geopolitics and Data Integrity Define Cyber Resilience appeared first on Security Boulevard .

Risky Business #835 -- Why the Fast16 malware is badass

On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technology Dmitri has an opinion or two about the US selling Nvidia chips to China Speaking of Chinese AI, Kimi’s new 2.6 is very interesting The US sanctions a Cambodian senator for earning mega bucks through scam compounds And a ransomware family is promoting itself as being … quantum-safe? This week’s show is sponsored by Trail of Bits. CEO and co-founder Dan Gu

Video service Vimeo confirms Anodot breach exposed user data

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device [ ]

Cequence Agent Personas bring granular control and governance to enterprise AI agents

Cequence Security has announced the general availability of Agent Personas in Cequence AI Gateway. These capabilities give enterprises granular, infrastructure-level control over what AI agents can do, down to individual tool calls, closing a critical privilege gap that identity alone cannot address. As organizations deploy AI agents to connect to enterprise applications via the Model Context Protocol (MCP), a dangerous assumption has taken hold: that authenticating who an agent is amounts to controlling what it More The post Cequence Agent Personas bring granular control and governance to ent

Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against major organizations.…

SUSE's sovereignty pitch meets an inconvenient $6 billion question

Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused pitch - even as reports swirl that its majority stakeholder is exploring a $6 billion sale which could land the Linux vendor in American hands.…

Untitled

Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.

Untitled

The world's first autonomous AI agent with built-in cybersecurity. By OTT Cybersecurity LLC.

Untitled

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents.

Untitled

Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing.

Untitled

Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs — CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more.

Untitled

The ultimate steganography and digital forensics toolkit. Hide and extract data across images, audio, video, documents, and network packets, or run 11 advanced detection engines to uncover hidden payloads.

Untitled

A minimal LLM-powered zero-day vulnerability scanner by AISLE.

Untitled

High-performance OSINT/CTI framework for automated identity pivoting and risk analysis across 120+ sources.

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. [...]

Microsoft to deprecate legacy TLS in Exchange Online starting July

Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. [...]

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]

Microsoft asks iPhone users to reauthenticate after Outlook outage

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. [...]

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

Boards may ignore alerts, but they listen to losses: new data from Resilience links security gaps directly to financial impact. The post Cyber Insurance Data Gives CISOs New Ammo for Budget Talks appeared first on SecurityWeek .

The Mythos Moment: Enterprises Must Fight Agents with Agents

Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. The post The Mythos Moment: Enterprises Must Fight Agents with Agents appeared first on SecurityWeek .

Webinar Today: A Step-by-Step Approach to AI Governance

Join the webinar to explore a practical, multi-layered roadmap to transition from fragmented AI usage to a governed, scalable ecosystem. The post Webinar Today: A Step-by-Step Approach to AI Governance appeared first on SecurityWeek .

Alleged Chinese State Hacker Extradited to US

A member of Silk Typhoon, Xu Zewei is accused of launching cyberattacks against universities in the US. The post Alleged Chinese State Hacker Extradited to US appeared first on SecurityWeek .

New Android spyware Morpheus linked to Italian surveillance firm

Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand [ ]

The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards

AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.

No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC

The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics

MDR Selection is a Partnership Decision

Managed Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 24/7. I write this as a Field CISO at Rapid7, but also as someone who has had to live with the operational reality of MDR on the customer side. I have seen what happens when a service is a black box, when technology and service drift apart, and when cost, retention, and accountability are misaligned. That experience shapes the view in this piece: MDR selection is not just about buying monitoring in isolation, but about choosing a partner th

Chinese engineer stole US military and NASA software for years

He created Gmail accounts, impersonated real US researchers, and convinced NASA, the military, and universities to hand over sensitive code.

[local] Atlona ATOMERX21 - Authenticated Command Injection

Atlona ATOMERX21 - Authenticated Command Injection

Quoting Matthew Yglesias

Five months in, I think I've decided that I don't want to vibecode — I want professionally managed software companies to use AI coding assistance to make more/better/cheaper software products that they sell to me for money. — Matthew Yglesias Tags: agentic-engineering , vibe-coding , ai-assisted-programming , ai

AI prompt confidentiality and false citations worry researchers

Academic researchers using commercial AI tools for literature review and idea generation are sending unpublished research questions, draft hypotheses, and proprietary domain knowledge into systems whose data handling they do not understand. A think-aloud study of 15 researchers documents the workarounds these users have built to manage what they see as unresolved confidentiality and output verification problems in tools including Research Rabbit and Elicit AI. The study, conducted by researchers at the University of Texas More The post AI prompt confidentiality and false citations worry resear

Identity discovery: The overlooked lever in strategic risk reduction

If you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an attacker could move once inside. Uncertainty about whether identity programs are actually reducing risk, or just managing symptoms. Identity discovery sits at the center of that uncertainty. It is not glamorous. It does not get the same attention as AI-driven detection or zero trust More The post Identity discovery: The overlooked lever in strategic risk reduction appeared first on Help Net Security .

FIDO Alliance wants to keep AI agents from going rogue on online payments

AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf. The FIDO Alliance has announced a set of initiatives to build shared standards for these interactions, covering how AI agents authenticate, follow instructions, and carry out transactions. “AI agents are quickly becoming part of how people get things done More The post FIDO Alliance wants to keep AI agents from going rogue on online payments appeared first on Help Net Security .

Police arrest 10 suspected members of Black Axe cybercrime gang

A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europe. Most of those arrested are reported to be of Nigerian origin. The suspects are accused of numerous crimes, including romance scams, other cyber fraud offences causing millions of Swiss francs in damages, and More The post Police arrest 10 suspected members of Black Axe cybercrime gang appeared first on Help Net Secu

ShinyHunters claims it stole 1.4 million records from Udemy

The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical addresses, phone numbers, employer information, and instructor payout methods, including PayPal, cheque, and bank transfer. “Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” ShinyHunters wrote on their More The post ShinyHunters claims it stole 1.4 million records from Udemy appea

Paragon is not collaborating with Italian authorities probing spyware attacks, report says

Despite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli American spyware maker Paragon has reportedly not responded to authorities’ requests for information.

US Supreme Court appears split over controversial use of ‘geofence’ search warrants

The U.S. top court is expected to rule on whether to allow police to identify criminal suspects by dragnet searching the databases of tech giants.

Post-Quantum Cryptographic Agility in Model Context Protocol Transport

Learn how to secure Model Context Protocol transport with post-quantum cryptographic agility. Explore hybrid encryption, ML-KEM integration, and AI infrastructure protection. The post Post-Quantum Cryptographic Agility in Model Context Protocol Transport appeared first on Security Boulevard .

How bail bond scams are using AI to target families

A call saying someone you love has been arrested and needs money ASAP can feel so real that you act before you think. Learn how bail bond scams work and what to watch for to help protect you and your family from falling for the scheme. The post How bail bond scams are using AI to target families appeared first on Security Boulevard .

Open is Not Costless: Reclaiming Sustainable Infrastructure

For years, the software industry treated public package registries like a law of nature. They were simply there. Immutable, invisible, and somehow outside the normal rules of cost, capacity, and responsibility. The post Open is Not Costless: Reclaiming Sustainable Infrastructure appeared first on Security Boulevard .

AI Tokenomics: Cost, Risk & AI Dependency (2026)

AI tokenomics is reshaping cost, risk, and control. Learn how token-based pricing impacts AI usage and how to prepare. The post AI Tokenomics: Cost, Risk & AI Dependency (2026) appeared first on Security Boulevard .

Minnesota’s CISOs: Homegrown Talent Securing Finance, Insurance, and Beyond

Minnesota has produced a quietly strong CISO community, particularly in financial services and insurance. The leaders in this feature are based in the Twin Cities metro or built the core of their careers there, and their work spans credit unions, community banking, wealth management, payment technology, title insurance, and one of the most consequential public […] The post Minnesota’s CISOs: Homegrown Talent Securing Finance, Insurance, and Beyond appeared first on CISO Whisperer . The post Minnesota’s CISOs: Homegrown Talent Securing Finance, Insurance, and Beyond appeared first on Security B

Federal CIO cautious on Anthropic’s Mythos despite planned rollout

Greg Barbaccia told CyberScoop that Anthropic's Mythos shows real promise for federal cyber defense, but warns that laboratory results and live network conditions are two very different things. The post Federal CIO cautious on Anthropic’s Mythos despite planned rollout appeared first on CyberScoop .

Rep. Delia Ramirez takes over as top House cybersecurity Dem

She replaces Rep. Eric Swalwell following his resignation, giving her the position of ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection. The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop .

Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It

3 points · 0 comments on Hacker News