access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Qilin ransomware group claims the hack of German political party Die Linke
Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its…
-
AI models will deceive you to save their own kind
Tags: aiResearchers find leading frontier models all exhibit peer preservation behavior First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/ai_models_will_deceive_you/ also interesting: How Sonar is elevating code quality in the age of AI Global majority united on multilateral regulation of AI weapons Databricks adaptiert Claude-Modelle auf die eigene Data-Intelligence-Plattform Intensive KI-Nutzung in Unternehmen Entwicklung von Richtlinien und…
-
Google battles Chinese open-weights models with Gemma 4
Now with a more permissive license, multi-modality, and support for more than 140 languages First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/googles_gemma_4_open_weights/ also interesting: 7 biggest cybersecurity stories of 2024 Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure ‘ShadyPanda’ Hackers Weaponize Millions of Browsers China’s APT31 used Gemini to plan cyberattacks against US…
-
Microsoft shivs OpenAI with three new AI models for speech and images
About that partnership… First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/microsoft_models_homegrown_ai_models/ also interesting: AI Browsers That Beat Paywalls by Imitating Humans 9 top bug bounty programs launched in 2025 9 top bug bounty programs launched in 2025 What CISOs need to know about the OpenClaw security nightmare
-
US military contractor open sources tool for validating hidden communications networks
Maude-HCS from RTX (formerly Raytheon) helps model and validate hidden communication systems First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/maude_hcs_rtx_raytheon_hcn/ also interesting: Chinese hackers breached critical infrastructure globally using enterprise network gear Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks The Imperative of Tunnel-Free…
-
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in TrueConf Client, tracked as CVE-2026-3502 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. TrueConf is a videoconferencing platform often used in secure, offline…
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/ also interesting: UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles Top 12 ways hackers broke into your systems in 2024 That CISO job offer could…
-
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/ also interesting: UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles The most notorious and damaging ransomware of all time That CISO job offer could be…
-
Neuer Job als Fachgebietsleiter*in IT-Governance gesucht? Schau dir unsere Top Jobs an
First seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/ also interesting: CISOs no closer to containing shadow AI’s skyrocketing data risks The rise of the compliance super soldier: A new human-AI paradigm in GRC Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find Neuer Jobs als…
-
Anthropic will Code-Kopien löschen lassen und gerät dadurch selbst in die Kritik
Tags: unclassifiedFirst seen on t3n.de Jump to article: t3n.de/news/anthropic-will-code-kopien-loeschen-lassen-und-geraet-dadurch-selbst-in-die-kritik-1737244/ also interesting: Umstrittener Gesetzentwurf: Wissenschaftler verreißen Leistungsschutzrecht… Novel infostealers developed by Golden Chickens MaaS operation TrojAI launches TrojAI Defend for MCP Smart Factory ohne Air Gap – Warum Netzwerksichtbarkeit in der Produktion zur Pflicht werden sollte
-
KI übernimmt Täter-Suche: Private identifizieren Verdächtige schneller als die Polizei
Tags: aiKI verändert die Täter-Suche: Während die Polizei fahndet, identifizieren Privatpersonen mittels KI Verdächtige schneller als die Behörden. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/kuenstliche-intelligenz/ki-uebernimmt-taeter-suche-private-identifizieren-verdaechtige-schneller-als-die-polizei-327991.html also interesting: Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment For Enterprises It’s time to give AI security its own playbook and the people to run it KI greift…
-
prompted 2026 Security Guidance as a Service
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-security-guidance-as-a-service/ also interesting: Phishing click rates…
-
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretly-scans-for-6-000-plus-chrome-extensions-collects-data/ also interesting: LinkedIn secretely scans for 6,000+ Chrome extensions, collects data Privacy Roundup: Week 13 of Year 2025 Zoom Stealer…
-
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online/ also interesting: Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers Why domain-based…
-
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/04/forticlient-ems-zero-day-cve-2026-35616/ also interesting: Top 12 ways hackers broke into your systems in 2024 China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures…
-
Forking frenzy ensues after Euro-Office launch sparks OnlyOffice backlash
Tags: officeMeanwhile, Collabora splits from LibreOffice Online amid claims TDF ejected ‘all Collabora staff and partners’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/eurooffice_forks_onlyoffice/ also interesting: How Will Health Data Privacy, Cyber Regs Shape Up in 2025? CSO Awards 2025 showcase world-class security strategies Apple and Home Office agree to drop legal claim over encryption backdoor…
-
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/04/after-fighting-malware-for-decades-this-cybersecurity-veteran-is-now-hacking-drones/ also interesting: The 2024 cyberwar playbook: Tricks used…
-
Supply Chain Malware Alert: plainjs Compromises Axios Packages
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages also interesting: How One Phishing Email Compromised 18 npm Packages and Billions of Installs Recap of Our “Passkeys Pwned” Talk at DEF CON Self-propagating worm found in marketplaces for Visual Studio Code extensions Supply chain attack on Axios npm package: Scope, impact, and remediations
-
Using AI at Work? Here’s How to Avoid Accidentally Leaking Company Data
The rapid adoption of Generative AI Applications across enterprises has transformed productivity, automation, and decision-making. AI tools now power daily workflows by drafting emails, writing code, and analyzing data. But with this convenience comes a growing risk, unintentional data exposure. Unlike traditional systems, AI tools often process and retain contextual data. If not properly governed,……
-
Hackers Are Posting the Claude Code Leak With Bonus Malware
Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-are-posting-the-claude-code-leak-with-bonus-malware/ also interesting: Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About…
-
European Commission breach exposed data of 30 EU entities, CERT-EU says
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…
-
Mit KI gegen Fake-Shops: Akamai stellt Brand Guardian vor
Mit Brand Guardian reagiert Akamai auf eine Realität, in der digitale Markenführung längst auch eine Frage der Cybersicherheit ist. Die Lösung ist ab sofort verfügbar First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mit-ki-gegen-fake-shops-akamai-stellt-brand-guardian-vor/a44495/ also interesting: Generative AI erhöht Druck auf Cybersicherheit Möglichkeiten der künstlichen Intelligenz – Das steckt hinter dem KI-Hype in der Cybersicherheit Cybersecurity…
-
Top 10 Best Identity And Access Management (IAM) Companies 2026
In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeoning SaaS applications, and the relentless rise of cyber threats, the ability to accurately verify who (or what) is…
-
Top 10 Best Privileged Access Management (PAM) Solutions 2026
In the dynamic and increasingly complex cybersecurity landscape of 2026, privileged accounts remain the most coveted targets for cybercriminals and malicious insiders alike. From system administrators and database managers to automated scripts and applications, these >>digital crown jewels<< hold the keys to an organization's most sensitive data and critical infrastructure. A single compromised privileged credential…
-
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the >>BrowserGate<< report, hidden code on LinkedIn's website secretly scans the computers of its one billion users to detect installed software and browser extensions. This scanning reportedly happens without user consent, disclosure, or any mention…
-
Zunehmende technische Eskalation bei DDoS-Angriffen in der DACH-Region
Der neue NETSCOUT DDoS Threat Intelligence Report zeigt eine dramatische Verschärfung der Cyberbedrohungslage durch hacktivistische Aktivitäten und die Nutzung von DDoS-Attacken als präzisionsgelenkte Waffen mit geopolitischem Einfluss: In der zweiten Jahreshälfte 2025 wurden weltweit mehr als acht Millionen DDoS-Angriffe registriert [1]. Besonders auffällig ist der Druck auf kritische Infrastrukturen, ausgelöst durch Hacktivisten, DDoS-for-hire-Dienste und Botnetze….…
-
Supply-Chain-Angriff auf Python-Paket Telnyx
Sicherheitsforscher von JFrog haben eine Kompromittierung der Python-Bibliothek Telnyx aufgedeckt. Die Angreifer versteckten ihren Payload in WAV-Dateien. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/supply-chain-python-paket-telnyx also interesting: SoftwareChain-Angriff: xz-utils-Backdoor gefährdet Linux-Systeme How CISOs can balance business continuity with other responsibilities Oracle Health warnt vor Datenleck Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems,…
-
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords
We uncovered two job scams posing as legitimate offers from Coca-Cola and Ferrari that could pry into Google and Facebook accounts. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/that-dream-job-offer-from-coca-cola-or-ferrari-its-a-trap-for-your-passwords/ also interesting: Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find The deepfake threat just got…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Trump wants to take a battle axe to CISA again and slash $707M from budget
Ex-CISA official tells The Reg: ‘this would weaken the system for managing cyber risk’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/03/trump_cisa_budget/ also interesting: Security teams should act now to counter Chinese threat, says CISA US may plan legislation to contain Chinese cyber espionage US Cybercom, CISA retreat in fight against Russian cyber threats: reports…
-
Inconsistent Privacy Labels Don’t Tell Users What They Are Getting
Data privacy labels are a great idea for mobile apps, but the current versions just aren’t good enough. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/inconsistent-privacy-labels-not-enough also interesting: Privacy Roundup: Week 12 of Year 2025 Don’t Be a Statistic: Proactive API Security in the Age of AI Hundreds of Free VPN Apps Expose Android and…
-
The Theranos Playbook Is Quietly Returning in Cybersecurity
Market Pressures Are Rewarding Storytelling More Than Validation, Operational Value The fall of health tech company Theranos exposed how hype can outpace reality. In cybersecurity, similar pressures are emerging as vendors compete with bold claims and buyers struggle to verify outcomes. The result: a market where narrative can overshadow measurable operational value. First seen on…
-
Mercor Breach Linked to LiteLLM Supply-Chain Attack
AI Dependency Attack Reportedly Exposes Data and Source Code. A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility. First seen on govinfosecurity.com Jump to article:…
-
One-Time Passcodes Are Gateway for Financial Fraud Attacks
Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification. Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But OTP verification is less reliable as fraudsters increasingly exploit SMS-based verification weaknesses to carry out account takeover and payment fraud schemes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/one-time-passcodes-are-gateway-for-financial-fraud-attacks-a-31341…
-
Even Microsoft knows Copilot shouldn’t be trusted with anything important
Tags: microsoftTerms admit it is for entertainment only and may get things wrong First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/copilot_terms_of_service/ also interesting: Tanium gewinnt Microsoft US Rising Azure Technology Partner of the Year Award Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says Unprecedented: Cloud Giants, Feds Team on Unified Security…
-
Quantencomputing: Hohe Erwartungen bei deutschen Unternehmen mit bisher wenig Einsatz
Tags: unclassifiedFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/quantencomputing-erwartungen-deutschland-unternehmen-einsatz-abwarten also interesting: Stepping Up SMB Security To Satisfy Enterprise Customers Tor Browser 13.5.2 Released: What’s New! Wertachkliniken von Hackern lahmgelegt Smart-Home-Kameras: Wyze-Nutzer sehen nach Ausfall Bilder fremder Wohnräume
-
Finnlands Weg der NISUmsetzung: Pragmatische Lösungen und Bürokratie-Vermeidung
Tags: nis-2First seen on datensicherheit.de Jump to article: www.datensicherheit.de/finnland-nis-2-umsetzung-prgamatismus-buerokratie-vermeidung also interesting: Unternehmen haben bei NIS-2 wenig Zeit, offene Fragen und viel Arbeit – Countdown zur NISRichtline In zehn Schritten zur NISKonformität, Teil 2 – NISEinführung ist keine Zauberei NIS2-Richtlinie: Das müssen Unternehmen 2025 beachten NIS2 umsetzen ohne im Papierkrieg zu enden
-
How to protect your data with Agentic AI
How Secure is Your Organization’s Approach to Non-Human Identities? Have you ever considered the scale of machine identities within your organization? With the expansive growth of digital, Non-Human Identities (NHIs) are becoming crucial in effective data protection strategies. These machine identities are essentially technological constructs that necessitate vigilance, given their pivotal role in accessing sensitive……
-
What makes Non-Human Identities safe for companies
Have You Ever Considered How Securing Non-Human Identities Could Transform Your Organization? Non-Human Identities (NHIs) security is increasingly crucial across various sectors, from financial services to healthcare and beyond. These machine identities are not mere technical entities but fundamental components that define a company’s cybersecurity. By understanding and managing NHIs effectively, organizations can bridge the……
-
How reliable are NHIs in identity management
How Does NHI Management Enhance Security and Efficiency? Is your organization effectively tackling security gaps caused by machine identities? This question becomes critical with Non-Human Identities (NHIs) grows exponentially, driven by cloud adoption and automated systems. In cybersecurity, NHIs are machine identities comprising encrypted credentials”, like passwords, tokens, or keys”, paired with the permissions assigned…
-
Drift loses $280 million as North Korean hackers seize Security Council powers
The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drift-loses-280-million-north-korean-hackers-seize-security-council-powers/ also interesting: Privacy Roundup: Week 11 of Year 2025 North Korean Hackers Target Developers with 338 Malicious Software Packages Top 10 Cybersecurity…
-
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretely-scans-for-6-000-plus-chrome-extensions-collects-data/ also interesting: Privacy Roundup: Week 13 of Year 2025 TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy…
-
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. First seen on wired.com Jump to article: www.wired.com/story/meta-pauses-work-with-mercor-after-data-breach-puts-ai-industry-secrets-at-risk/ also interesting: Don’t Be a Statistic: Proactive API Security in the Age of AI What is the cost of…
-
RSAC 2026: Rethinking Trust in Agentic AI Security
Ahead of RSAC 2026, I spoke with David Brauchler, Technical Director and Head of AI/ML Security at NCC Group about how you can secure AI agents. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/rsac-2026-rethinking-trust-in-agentic-ai-security/ also interesting: Bipartisan Senators Endorse $32M Annually for AI Research Three Things AI Enthusiasts Can Teach Your Business About How to…
-
ShinyHunters Claims Rebooted BreachForums Now More Secure
Group Resurrects Hacker Site Despite Multiple Law Enforcement Disruptions Drama continues to come fast and furious in BreachForums land, as the ShinyHunters group announced that it’s rebooted the long-running and oft-disrupted forum yet again, just weeks after it got hacked and its databases dumped, leading the previous admin to allegedly exit scam and steal $4,000.…
-
AI’s Achilles Heel is an Oil Shipping Strait
A Shipping Crisis in the Middle East Is Now a Chip Crisis Everywhere Else. The Strait of Hormuz crisis is amplifying a supply crunch in the specialist memory chips that power AI, and analysts say the industry’s concentration in South Korea makes the timing particularly uncomfortable. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ais-achilles-heel-oil-shipping-strait-a-31332 also…
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ]The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run their…