AI-analyzed cybersecurity news with IFF classification and defender context.
Research indicates that humans expect rationality and cooperation from LLM opponents in strategic games, leading them to choose significantly lower numbers and favor 'zero' Nash-equilibrium choices when playing against LLMs compared to human opponents. This behavior is particularly pronounced among subjects with high strategic reasoning ability, who rationalize their strategies by attributing reasoning ability and even cooperation to LLMs.
Autovista, a company specializing in automotive data and analysis, has been subjected to a ransomware attack. The company is currently collaborating with external cybersecurity professionals to investigate the incident.
The article discusses the persistent debate around the CISO's reporting line, arguing that this issue reflects a deeper organizational struggle with defining the CISO's role and authority. It emphasizes that the reporting line is less important than the CISO's organizational standing to influence decisions across various departments and that the ongoing debate highlights a tendency to view cybersecurity as a technical rather than a leadership issue.
A researcher has detailed a new AI attack method dubbed 'Comment and Control' which exploits prompt injection vulnerabilities in AI tools. This attack targets Claude Code, Gemini CLI, and GitHub Copilot Agents by leveraging comments to manipulate their behavior.
Two U.S. nationals have been sentenced to prison for facilitating North Korean IT workers to gain employment with over 100 U.S. companies by falsely posing as American residents. This operation allowed North Korea to circumvent sanctions and generate revenue through its IT sector. The individuals involved face significant prison sentences for their roles in this scheme.
This article highlights a severe physical security lapse where a server room's lock was easily bypassed, demonstrating how weak physical security can undermine even robust digital defenses. The author uses this incident as an example of a "pwned" situation, emphasizing that cybersecurity is only as strong as its weakest link, including physical access.
Microsoft is investigating an issue where the April security update KB5082063 is failing to install on some Windows Server 2025 systems. This problem prevents the update from being applied, potentially leaving servers vulnerable. Microsoft is actively working on a resolution.
CERT-UA has detailed a campaign by threat actor UAC-0247 that targeted Ukrainian government and healthcare institutions. The campaign used malware to steal sensitive data from Chromium-based browsers and WhatsApp, observed between March and April.
A six-year ransomware campaign has been discovered targeting Turkish homes and small to medium-sized businesses. This campaign has likely gone unnoticed for so long due to the under-reporting of smaller incidents compared to major enterprise breaches. Attackers leverage various tactics including phishing emails and exploit kits.
This article discusses the potential risks associated with the sale of precise geolocation data. The author argues for a ban on the sale of such data due to its potential misuse by malicious actors. The piece highlights the growing concern over privacy and security implications as this sensitive information becomes more widely accessible.
A recent Qualys report indicates that a significant percentage of businesses experienced cloud-related breaches in the past year, with misconfigured services being a primary concern. The study also found that a large proportion of virtual machines across AWS, GCP, and Azure exhibit misconfigured resources.
Privacy consultant Alexander Hanff claims that Google Chrome, despite its marketing, lacks protection against browser fingerprinting. This technique tracks users online by collecting specific technical details about their browser, and Hanff asserts that Chrome is vulnerable to this common tracking method.
This article details the process of identifying and locating compromised DVRs in the wild, as performed by an ISC intern. It highlights the methods used to find these devices and the challenges associated with them.
A critical vulnerability in Nginx UI, specifically affecting its Model Context Protocol (MCP) support, is actively being exploited in the wild. Attackers can leverage this flaw to gain full server control without needing any authentication.
A new malware family called 'AgingFly' has been detected targeting Ukrainian government entities and hospitals. This malware is designed to steal authentication data from Chromium-based browsers and WhatsApp, likely to facilitate further compromise or espionage.
A critical vulnerability in the nginx-ui component allows attackers to abuse a near-maximum severity flaw. This flaw enables attackers to restart, create, modify, and delete NGINX configuration files, posing a significant risk to web server security.
Anthropic's Project Glasswing allows over 50 organizations to test its Mythos LLM for security vulnerabilities in their own products. However, the exact number of vulnerabilities discovered remains undisclosed, mirroring the situation with other companies participating in similar initiatives.
A critical vulnerability, dubbed 'MCPwn' and identified as CVE-2026-33032, has been discovered in the nginx UI web server configuration tool. This flaw allows unauthenticated attackers to gain full control of web servers by injecting malicious configurations, with active exploitation noted since March.
A security researcher has developed a tool called "TotalRecall Reloaded" that can access the data stored by Windows 11's controversial Recall feature, even when encryption is enabled. This tool bypasses the intended security measures by exploiting a vulnerability in how the data is stored, allowing unauthorized access.
A suite of over 30 WordPress plugins, known as EssentialPlugin, has been compromised with malicious code. This allows attackers to gain unauthorized access to websites that use these plugins, potentially leading to further compromise or data theft.
The Maine Legislature has failed to pass the Maine Online Data Privacy Act, LD 1822, which would have provided significant privacy protections for residents. The bill mirrored Maryland's privacy law and included provisions for data minimization and enhanced protection of sensitive data.
EPIC (Electronic Privacy Information Center) is supporting two bills in South Carolina aimed at regulating chatbot harms. One bill, S. 896, is modeled after EPIC's People-First Chatbot Bill, indicating a focus on protecting individuals from potential negative impacts of AI chatbots.
Asia's digital supply chain faces unique security risks due to varying regulatory landscapes, highly interconnected digital ecosystems, and the increasing adoption of AI. These factors create a complex environment that organizations in the region must navigate to ensure security.
A digitally signed adware tool has been observed disabling antivirus protections on numerous endpoints across various critical sectors, including education, utilities, government, and healthcare. The malicious scripts ran with SYSTEM privileges, indicating a high level of access and control achieved by the attacker.
Two critical vulnerabilities have been discovered in Fortinet's sandbox solutions that could allow unauthenticated attackers to bypass login mechanisms and execute commands over HTTP. While there are no reports of active exploitation yet, these flaws present a significant risk to organizations using the affected Fortinet products.
Threat actors are exploiting n8n, an AI workflow automation platform, to conduct phishing campaigns and deliver malware. By using n8n, attackers can bypass traditional security filters and leverage trusted infrastructure to deliver malicious payloads or fingerprint devices via automated emails.
Sweden's minister for civil defense has publicly attributed a cyberattack that occurred last year to a pro-Russian group. The attack specifically targeted a heating plant located in western Sweden, marking the first official acknowledgment of the incident.
Microsoft's Zero Day Quest hacking contest concluded with $2.3 million awarded to researchers for identifying nearly 700 vulnerabilities. The program incentivized the discovery of flaws in Microsoft's cloud and AI products.
Automotive data provider Autovista has confirmed a ransomware attack is disrupting its services across Europe and Australia. The company has engaged external help to recover from the incident, and some of its customer organizations are advising their staff to block inbound emails from Autovista.
Quantum computers pose a future threat to current encryption methods, with experts warning that achieving 'quantum-safe' systems could take years. This necessitates proactive quantum risk management to prepare for the eventual obsolescence of widely used cryptographic algorithms.
The Electronic Frontier Foundation (EFF) is calling for the release of journalist Ahmed Shihab-Eldin, who was arrested in Kuwait on charges including spreading false information and harming national security. His arrest is believed to be related to his reporting on a U.S. military aircraft crash and subsequent social media posts. This incident occurs amidst a broader crackdown on reporting in Kuwait, with new decrees targeting information that could undermine the military.
CISA has issued a warning to U.S. government agencies regarding a Windows Task Host vulnerability that can be exploited for privilege escalation. Successful exploitation allows attackers to gain SYSTEM privileges on affected systems, posing a significant security risk.
Hackers are actively exploiting a critical remote takeover vulnerability, identified as CVE-2026-33032, affecting the Nginx UI management tool. This exploit allows unauthorized access and control over Nginx servers.
An audit found that major tech companies like Google, Meta, and Microsoft are failing to comply with California's privacy law by not honoring opt-out requests for online tracking. These companies only respected these requests about half the time, indicating a significant gap in their privacy compliance practices.
Modern trucks are increasingly complex, resembling 'rolling networks' due to their extensive sensors and connectivity. This technological evolution introduces significant cybersecurity risks to the transportation sector. Industry leaders are convening at NMFTA's Cybersecurity Conference to address these emerging threats.
Capsule Security, an Israeli startup, has secured $7 million in funding to develop solutions for securing AI agents at runtime. The company's approach focuses on continuous monitoring of AI agent behavior to prevent unsafe actions.
Researchers have identified a design flaw in Anthropic's Model Context Protocol (MCP) that allows for the silent execution of unsanitized commands. This vulnerability could be exploited to compromise entire AI systems and facilitate widespread AI supply chain attacks.
A mother and her ten-year-old son were held captive for approximately 20 hours during a cryptocurrency extortion scheme targeting the father. The father was forced to pay hundreds of thousands of euros to secure their release. This incident is part of a concerning trend in France involving such sophisticated criminal operations.
Over 100 Chrome extensions have been discovered to be stealing user data and creating backdoors into compromised systems. These malicious extensions appear to be part of a coordinated campaign, utilizing shared command-and-control infrastructure across multiple publishing accounts.
Sophos CISO Ross McKerchar discusses leadership challenges in scaling security operations, the importance of talent retention, and the evolving threat landscape, particularly concerning AI-enabled attacks. He also highlights a growing trust deficit within the cybersecurity industry.
A critical vulnerability, CVE-2026-33032, affecting the nginx-ui management tool is being actively exploited. This authentication bypass flaw allows attackers to gain full control of the Nginx server. The vulnerability has been nicknamed MCPwn by Pluto Security.
Microsoft's April Patch Tuesday addressed several critical vulnerabilities affecting major software vendors including Adobe, Fortinet, and SAP. A particularly severe SQL injection flaw in SAP Business Planning and Consolidation and SAP Business Warehouse is highlighted, carrying a CVSS score of 9.9. The patches aim to mitigate risks of unauthorized data access and code execution.
The Mirax RAT is being offered as a service (MaaS) to a select group of affiliates, primarily Russian speakers. This malware can compromise Android devices, turning them into residential proxy nodes and posing a threat to users in Europe.
Security researchers have discovered prompt-injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce, allowing attackers to exfiltrate sensitive data by tricking the AI agents into executing malicious instructions. These flaws exploit the way AI agents process user input, blurring the lines between trusted commands and untrusted data, leading to potential theft of PII and business information.
Microsoft Copilot and Salesforce Agentforce have been patched to address prompt injection vulnerabilities. These flaws could have allowed external attackers to access and leak sensitive data from the AI agents.
A 17-year-old critical vulnerability in Microsoft Excel has been added to CISA's list of actively exploited vulnerabilities. This flaw, despite its age, is now being leveraged by attackers.
Microsoft has acknowledged that the April 2026 security update (KB5082063) for Windows Server 2025 is causing some devices to unexpectedly prompt for BitLocker recovery keys upon booting. This issue appears to be triggered by the update, leading to potential operational disruptions for affected servers.
Governments worldwide are increasingly weaponizing internet connectivity through shutdowns, throttling, and selective restoration, a trend that has escalated significantly since the Arab uprisings of 2011. What began as emergency measures has evolved into a normalized infrastructure of control, with a record 304 internet shutdowns imposed across 54 countries in 2024. This practice restricts access to information, work, and essential services, shaping public discourse and dissent.
Ivanti has released patches for two vulnerabilities in its Neurons for ITSM product. These flaws could allow attackers to maintain access even after their accounts are disabled and to access sensitive information from other user sessions.
Raspberry Pi OS has updated its default configuration to require a password for the `sudo` command. This change aims to enhance security by preventing unauthorized privilege escalation on devices.
