#communications-anomaly
#communications-anomaly

6 hours ago

Privacy professionals

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

fromAxios

Information security

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

fromBoston.com

Healthcare

Services at Brockton hospital return to normal more than a week after cyberattack

17 hours ago

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

12 hours ago

More Cisco SD-WAN bugs battered in attacks

CISA warns of active attacks on three Cisco Catalyst SD-WAN Manager vulnerabilities, urging federal agencies to patch within four days.

6 hours ago

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Unauthorized users accessed Mythos, a cybersecurity tool by Anthropic, through a third-party vendor, raising concerns about its potential misuse.

fromAxios

Information security

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

Healthcare

fromBoston.com

Services at Brockton hospital return to normal more than a week after cyberattack

A Brockton hospital resumed normal operations after a cybersecurity incident caused temporary service shutdowns and diverted ambulances.

17 hours ago

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

12 hours ago

More Cisco SD-WAN bugs battered in attacks

CISA warns of active attacks on three Cisco Catalyst SD-WAN Manager vulnerabilities, urging federal agencies to patch within four days.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

15 hours ago

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

13 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

EU data protection

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Information security

Third US Security Expert Admits Helping Ransomware Gang

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

Healthcare

fromNextgov.com

15 hours ago

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

15 hours ago

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

13 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

EU data protection

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Information security

Third US Security Expert Admits Helping Ransomware Gang

fromwww.independent.co.uk

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

more#ransomware

UK politics

8 hours ago

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

NSA spies are reportedly using Anthropic's Mythos, despite Pentagon feud | TechCrunch

The NSA is reportedly using Anthropic's Mythos model for cybersecurity despite previous tensions over access to AI capabilities.

Fundraising

fromIndependent

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

Cisco Sovereign Critical Infrastructure now available in Europe

Cisco launches Sovereign Critical Infrastructure across EMEA, enabling organizations to innovate while maintaining control over their data and infrastructure.

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

European startups

Cisco Sovereign Critical Infrastructure now available in Europe

Cisco launches Sovereign Critical Infrastructure across EMEA, enabling organizations to innovate while maintaining control over their data and infrastructure.

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Intellectual property law

Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist

fromEngadget

The NSA is reportedly using Anthropic's new model Mythos

The NSA is using Anthropic's Mythos Preview despite ongoing tensions with the Pentagon over military use safeguards.

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

fromAxios

Intellectual property law

Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist

fromEngadget

The NSA is reportedly using Anthropic's new model Mythos

The NSA is using Anthropic's Mythos Preview despite ongoing tensions with the Pentagon over military use safeguards.

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

IPv6 may briefly have accounted for more than half of internet traffic

IPv6 usage has been slowly increasing, reaching over 50% of Google's internet traffic briefly in March 2023.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

EU data protection

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

Marketing tech

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

World politics

fromArs Technica

New undersea cable cutter risks Internet's backbone

China's cable-cutting technology showcases its dual role as a builder and potential disruptor of global submarine infrastructure.

19 hours ago

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

US Security Agency Leverages Claude Mythos Despite Pentagon Blacklist

The Pentagon has designated Anthropic as a supply-chain risk, yet the NSA is using its new model, Claude Mythos Preview.

fromPrivacy International

What is digital fingerprinting: Is my device ever truly anonymous?

Digital fingerprinting is a tracking technique that monitors how browsers and devices communicate online.

Apple

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

#data-breach

Privacy professionals

Lovable denies data leak, cites 'intentional behavior'

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

more#data-breach

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch

Nicholas Moore was sentenced to a year of probation for hacking the U.S. Supreme Court and other government systems.

#cyber-security

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

7 hours ago

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

7 hours ago

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

more#cyber-security

fromTelecompetitor

WBA releases Wi-Fi security standards

WBA's new Wi-Fi Security Guidelines aim to standardize security practices and enhance user trust in public and enterprise networks.

18 hours ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromWIRED

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

23 hours ago

Iran claims US used backdoors in networking equipment

Iran claims the US sabotaged its networking equipment during the war using backdoors or botnets.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

21 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

fromArs Technica

Anthropic's Mythos AI model sparks fears of turbocharged hacking

AI-enabled cyber attacks surged 89% in 2025, with attackers acting within 29 minutes of gaining access.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Information security

ZionSiphon Malware Targets ICS in Water Facilities

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

fromComputerworld

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

New technology to secure undersea cables

Governments and tech companies are enhancing undersea cable security through drones, sensors, and monitoring technologies to prevent sabotage.

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

3 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

3 weeks ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Security teams struggle to connect isolated tool data into coherent attack paths; CSMA platforms unify security tools to discover and prioritize viable threats to critical assets.

fromThe Cipher Brief

America Is Digitally Fragile - and Our Adversaries Know It

America faces unprecedented vulnerability as critical infrastructure systems are digitally dependent and interconnected, while adversaries possess capabilities to penetrate and pre-position for exploitation before conflict begins.

Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs

Storm-2561 cybercriminals distribute fake VPN clients through manipulated search results to steal user credentials via malicious MSI installers.

2 months ago

Infosec researchers mull curious case of Telnet ancient flaw

Tier-1 transit operators likely applied port 23 filtering after advance warning of a critical GNU InetUtils telnetd flaw (CVE-2026-24061), collapsing Telnet traffic.

2 months ago

Security in the Dark: Recognizing the Signs of Hidden Information

Withholding accurate or complete data undermines security decisions and increases organizational risk.

Why cyberattacks don't require advanced hacking

Poor cyber hygiene, weak identity security, overdue IT maintenance, and incomplete logging make organizations vulnerable to financially motivated attacks such as ransomware and email fraud.

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat actors impersonate IT support via email and phone calls to deliver Havoc C2 framework for data exfiltration or ransomware attacks across multiple organizations.