Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).

In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

No content preview

No content preview

No content preview

Hi everyone. With AI on the rise, I’ve seen a lot of vibe coded applications and applications built solely by AI agents (with no Human… Continue reading on InfoSec Write-ups »

No content preview

No content preview

Hackers are shifting tactics. Learn how fake Web3 job postings and malicious interview apps are used to compromise high-value crypto… Continue reading on InfoSec Write-ups »

No content preview

No content preview

In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.

📖 [The CloudSecList] Issue 333 was originally published by Marco Lancini at CloudSecList on April 12, 2026.  ( 5 min )

Sebagai seorang peneliti keamanan siber, rutinitas harian saya sering kali bersinggungan dengan berbagai anomali digital. Baru-baru ini… Continue reading on InfoSec Write-ups »

A re-examination of a 300-million-year-old fossil that was long thought to be the earliest octopus revealed that the animal was actually part of the nautilus family.

TL;DR Bloomberg reported on April 1, 2026 that Iran’s Islamic Revolutionary Guard Corps (IRGC) was already extracting transit tolls from… The post Iran’s Strait of Hormuz Crypto Toll: An Evolution of Tehran’s Expanding Use of Digital Assets appeared first on Chainalysis.  ( 13 min )

We found a convincing fake site that installs a trojanized Claude app while quietly deploying PlugX malware.

ClickFix campaigns have found a way around macOS Tahoe's warnings against pasting commands in the Terminal. They're using Script Editor instead.

This week, we discuss gun violence and chatbots and acceptance of depravity.

No content preview

Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. Following our previous discussion on "Deploying Rust in Existing Firmware Codebases", this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware. The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also lay…

No content preview

No content preview

No content preview

No content preview

AI Security Insights – April 2026

Cloud risk doesn’t live in a single permission, it lives in the relationships between them. Discover how Cirro maps hidden attack paths across Azure identities, resources, and data to reveal what attackers actually see.

In the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on judgment, risk, and outcomes. The post The agentic SOC—Rethinking SecOps for the next decade appeared first on Microsoft Security Blog.

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. The post Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees appeared first on Microsoft Security Blog.

A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how developers can mitigate similar risks by updating affected SDKs. The post Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk appeared first on Microsoft Security Blog.

At least 24 chimpanzees have been killed in a war that has split the Ngogo group of wild chimpanzees in two, turning former kin into enemies.

Darren Blanchard went a few seconds over his three minute time limit and found himself in handcuffs.

The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape. Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer ma…

Last week, Chainalysis joined a proactive joint operation co-hosted by the UK’s National Crime Agency (NCA), the US Secret Service,… The post Operation Atlantic: How Public-Private Collaboration Is Freezing Millions in Crypto Scam Proceeds appeared first on Chainalysis.  ( 12 min )

TL;DR On April 1, 2026, Solana’s Drift Protocol was drained of $285 million (over 50% of its TVL) in a… The post The Drift Protocol Hack: How Privileged Access Led to a $285 Million Loss appeared first on Chainalysis.  ( 15 min )

A new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages.

MyLovelyAI leaked personal data, explicit prompts, and images of over 100,000 users, exposing many to sextortion and doxxing.

The accused didn't just browse around; he built a custom script designed to circumvent Meta's internal detection systems.

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

No content preview

No content preview

We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code. We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C and C++ codebases and organized them into sections covering Linux, Windows, and seccomp. Whereas other handbook chapters focus on static and dynamic analysis, this chapter offers a strong basis for manual code review. LLM enthusiasts rejoice: we’re also developing a Claude skill based on this new chapter. It will turn the checklist into bug-finding prompts that an LLM can run against a codebase, and it’ll be platform and threat-model aware. Be sure to give it a try when we release it. And after reading the chapter, you can test your C/C++ review skills against two challenges at the end of this p…

From hardware analysis to OSINT: how we retrieved information about a BYD car crash by analyzing the TCU embedded memory.

When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and validate remediation efforts. NIST 800-86, Guide to Integrating Forensic Techniques into Incident Response, defines digital forensics as a process comprised of four basic phases: collection, examination, analysis, and reporting. This blog post focuses […]  ( 119 min )

These are the top threats you should know about this week.

No content preview

No content preview

In September of 2024, ZDI received a vulnerability submission from an anonymous researcher affecting npm CLI that revealed a fundamental design issue in Node.js. This blog details how it continues to expose applications to local privilege escalation (LPE) attacks on Windows systems, including the Discord desktop app (CVE-2026-0776 0-Day), which remains unpatched and vulnerable. The issue is straightforward: when Node.js resolves modules, the runtime searches for packages in C:\node_modules as part of its default behavior. Since low-privileged Windows users can create this directory and plant malicious modules there, any Node.js application with missing or optional dependencies becomes vulnerable to privilege escalation. This issue is not new. Concerned discussions about Node.js's module se…

Your browser extensions can be used to build a profile of you for advertisers and scammers. We're making sure our Browser Guard extension stays private.

The FBI, NCSC, and Microsoft warn of an ongoing Russian campaign hijacking DNS settings on home and small office routers to spy on users.

Authorities warn that Mexican drug cartels are targeting timeshare owners with advance-fee fraud. Here’s what to watch for.

How Florida conservation police are tapping into Flock for ICE; Wikipedia's AI ban; and how the app TeleGuard uploads users' private keys.

At a New York party, attendees spent Trans Day of Visibility dancing, DJing, and learning how to become less visible online.

Marathon is a great game for uncs. As signs of a crash change the video game industry, there might not be a lot of those left.

Updates to VeraCrypt, a popular and long-running piece of encryption, are now thrown into doubt because of a seemingly unexplained Microsoft decision.

No content preview

The Citizen Lab submitted recommendations to the UN Working Group on the Use of Mercenaries. The post Submission to the UN Working Group on the Use of Mercenaries appeared first on The Citizen Lab.

Senior researcher Ksenia Ermoshina spoke to the New York Times about how Russians may start acquiescing to the limits imposed by state censorship. The post A Cat-and-Mouse Game of Russian Internet Restrictions and Evasion appeared first on The Citizen Lab.

This blog is a preview of our forthcoming report, “The New Rails: How Digital Assets Are Reshaping the Foundations of… The post The $100 Trillion Wealth Shift: Stablecoin Utility and the Future of Payments appeared first on Chainalysis.  ( 13 min )

No content preview

In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

At AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. AI has been an extremely helpful addition to the automation our security and threat intelligence teams do every day, and we’re still early in this journey. Our AI-powered log analysis system […]  ( 110 min )

The proposed legislation would be the first of its kind passed in the country, but there are similar bills popping up everywhere this year.

Cisco, IBM, and major lobbying groups are trying to exempt "critical infrastructure" from an existing Colorado law.

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure. The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

No content preview

Akamai Object Storage provides high-performance, cost-effective Amazon S3–compatible object storage. Here's what it's used for and how to set it up.

No content preview

Bishop Fox researchers expanded on Fortinet's disclosure of CVE-2026-35616 by identifying the root cause via the released hotfix.

Phishers are using QR codes on official-looking notices to level up their traffic and toll scams.

Healthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers.

WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our now-public audit, conducted before launch, identified several vulnerabilities that compromised WhatsApp’s privacy model, all of which Meta has patched. Our findings show that TEEs aren’t a silver bullet: every unmeasured input and missing validation can become a vulnerability, and to securely deploy TEEs, developers need to measure critical data, validate and never trust any unmeasured data, and test…

Exploitation of an arbitrary directory deletion via symlink following in the antivirus Intego.

No content preview

No content preview

At least three different people notified the popular app that wants to help men stop watching porn that it was jeopardizing user data.

“I am vetoing this bill in its entirety because I object to this bill's intrusion into the personal privacy of Wisconsin residents,” Governor Tony Evers wrote.

Ron DeSantis has empowered hundreds of Florida conservation police to work directly with ICE.

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access. The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware. The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.

In June 2023, the Citizen Lab submitted recommendations on combatting mercenary spyware risks to NSICOP. The post Submission to the National Security and Intelligence Committee of Parliamentarians appeared first on The Citizen Lab.

Senior researcher John Scott-Railton speaks with GIJN about strategies journalists can employ to improve their digital hygiene and protect themselves from targeted attacks. The post John Scott-Railton Shares Tips and Tools to Protect Yourself Digitally appeared first on The Citizen Lab.

A trusted package turned into an attacker’s gateway overnight. The Axios supply chain breach shows how quickly risk can spread—and why security leaders must rethink trust in modern development.

No content preview

A list of topics we covered in the week of March 30 to April 5 of 2026

This week on the Lock and Code podcast, we speak with Peter Asaro about killer robots, how to stop them, and their obvious consequences.

No content preview

No content preview

📖 [The CloudSecList] Issue 332 was originally published by Marco Lancini at CloudSecList on April 05, 2026.  ( 5 min )

November 20, 2025: Original publication date of this post. This post has been updated to reference the most recent version of the LZA Compliance Workbook published to AWS Artifact in March 2026. We’re pleased to announce the availability of the latest sample security baseline from Landing Zone Accelerator on AWS (LZA)—the Universal Configuration. Developed from […]  ( 108 min )

No content preview

No content preview

No content preview

Native Americans were playing dice and other games of chance many millennia before any known cultures elsewhere.

No content preview

In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.

In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.

We uncovered two job scams posing as legitimate offers from Coca-Cola and Ferrari that could pry into Google and Facebook accounts.

Governments are each inventing their own flavor of an age based ban for social media. Is the cure worse than the disease?

No content preview

If you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys. This post explains how AWS Key Management Service (AWS KMS) and the AWS Encryption SDK handle Advanced Encryption Standard in Galois Counter Mode’s (AES-GCM) encryption limits or bounds automatically by using derived key […]  ( 110 min )

No content preview

No content preview

No content preview

Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simplifiers don’t understand bitwise logic, and Boolean minimizers can’t handle arithmetic. We’re releasing CoBRA, an open-source tool that simplifies the full range of MBA expressions used in the wild. Point it at an obfuscated expression and it recovers a simplified equivalent: $ cobra-cli --mba "(x&y)+(x|y)" x + y $ cobra-cli --mba "((a^b)|(a^c)) + 65469 * ~((a&(b&c))) + 65470 * (a&(b&c))" --bitwidth 16 67 + (a | b | c) CoBRA simplifies 99.86% of the 73,000+ expressions drawn from seven independent datasets. It ship…

Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output that humans review and use at their discretion. Agentic AI differs from both. Agents connect to software tools and APIs and uses large language models (LLMs) as reasoning engines to plan and […]  ( 112 min )

Chainalysis Links 2026 brought together the brightest minds across cryptocurrency exchanges, global law enforcement, and traditional finance (TradFi) for an… The post Chainalysis Links NYC 2026: AI Amplification, TradFi Convergence, and the Power of Networked Intelligence appeared first on Chainalysis.  ( 12 min )

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 悪意のあるアクターはすでに AI を駆使し、詐欺、窃盗、マネーロンダリングを加速させています。対抗する側には、それを上回るスピードが求められます。 本日、イベント Links にて、Chainalysis の新たなステージとなるブロックチェーン・インテリジェンス・エージェント、「Chainalysis Agent（エージェント）」を発表しました。単独の新製品でも、後付けのチャットボット機能でもありません。数十億件のスクリーニング済みトランザクション、1,000 万件以上の捜査、10 年以上にわたるブロックチェーン分析で培った知見、これらすべてを基盤として進化したプラットフォーム機能であり、お客様のチームの一員として機能します。 ブロックチェーン分析を組織全体へ Chainalysis は、政府、金融機関、暗号資産事業者が捜査、規制対応、資産保護のために信頼を寄せる、世界で最も包括的なブロックチェーンデータセットを構築してきました。当社のデータは法廷で唯一信頼性を認められ、証拠として採用されています。そして当社のツールは、暗号資産史上最も重要な捜査を支えてきました。 しかし、その分析能力を最大限に活かすには、高度な専門スキルが求められていました。Chainalysis エージェントは、プラットフォームの全機能、つまりデータ、製品、専門知識を組織内の誰もが活用できるようにします。熟練の捜査官やコンプライアンスアナリストから経営層まで、Chainalysis エージェントを通じて的確なインサイトを得られるようになり、チームの対応力を飛躍的に高めます。 エージェントの力を引き出すプラットフォーム 今、あらゆる企業が AI… The post Chainalysis、初のブロックチェーン・インテリジェンス・エージェントを発表 appeared first on Chainalysis.  ( 8 min )

No content preview

Learn how enabling PGBouncer reduces connection overhead, frees up server resources for query execution and disk caching, and improves performance at scale.

No content preview

Posted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query. This may even be possible without any input directly from the user. IPI is not the kind of technical problem you “solve” and move on. Sophisticated LLMs with increasing use of agentic automation combined with a wide range of content create an ultra-dynamic and evolving playground for adversarial attacks. That’s why Google takes a sophisticated and comprehensive approach to these attacks. We’re contin…

Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accelerates from tool to cyberattack surface appeared first on Microsoft Security Blog.

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies. The post Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments appeared first on Microsoft Security Blog.

Apple has quietly expanded patches against the vulnerabilities in the DarkSword exploit kit to include iOS and iPadOS 18.7.7

We commissioned a third-party audit for the infrastructure behind our VPNs. Here are the results.

In this blog post we present SightHouse, an open-source tool designed to assist reverse engineers by retrieving information and metadata from programs and identifying similar functions already known from other libraries, binaries or any other source codes that can be found online.

An AI agent was banned from editing Wikipedia pages... and that's when things got weird, with the agent publishing its complaints publicly.

Microsoft warns WhatsApp on Windows users about an ongoing campaign that tries to gain permanent access to your machine

Scams are so convincing that two in three people can't tell them from the real thing. It's why we're not adding to the noise for April Fools.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. Although the malicious versions are no longer available for download, since Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, this compromise exposed hundreds to potentially millions of users. The post Mitigating the Axios npm supply chain compromise appeared first on Microsoft Security Blog.

These are the top threats you should know about this week.

In an essay for Lawfare, Citizen Lab director Ron Deibert warns that the Trump administration may authorize private firms to undertake offensive cyber operations with major consequences. The post The Perils of Privatized Cyberwarfare appeared first on The Citizen Lab.

No content preview

No content preview

Code coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untested as software develops over time. We saw this when mutation testing uncovered a high-severity Arkis protocol vulnerability, overlooked by coverage metrics, that would have allowed attackers to drain funds. Today, we’re announcing MuTON and mewt, two new mutation testing tools optimized for agentic use, along with a configuration optimization skill to help agents set up campaigns efficiently. MuTON provides first-class support for TON blockchain languages (FunC, Tolk, and Tact), while mewt is the language-agnostic…

In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.

We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designing and operating an Information Security Management System (ISMS) using AWS services. As organizations migrate critical workloads to the cloud, aligning with globally recognized standards such as ISO/IEC 27001:2022 becomes an important step toward […]  ( 106 min )

AWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This milestone transforms penetration testing from a periodic bottleneck into an on-demand capability that scales with your development velocity across AWS, Azure, GCP, other cloud-providers, and on-premises. With […]  ( 113 min )

Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastructure has changed. Has your readiness? appeared first on Microsoft Security Blog.

Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward program (VRP) has seen constant additions and expansions over the past decade and a half, clearly indicating the value the programs under this umbrella contribute to the safety and security of Google and its users, but also highlighting their acceptance by the external research community, without which such programs cannot function. Coming back to 2025 specifically, our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer. This was more eviden…

Bad actors are already using AI to accelerate fraud, theft, money laundering, and more. We need to move fast to… The post Chainalysis Introduces the First Blockchain Intelligence Agents appeared first on Chainalysis.  ( 10 min )

No content preview

This post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead. A year ago, about 5% of Trail of Bits was on board with our AI initiative. The other 95% ranged from passively skeptical to actively resistant. Today we have 94 plugins, 201 skills, 84 specialized agents, and on the right engagements, AI-augmented auditors finding 200 bugs a week. This post is the playbook for how we got there. We open sourced most of it, so you can steal it today. A recent Fortune article reported that a National Bureau of Economic Research stud…

No content preview

No content preview

In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.

In this blog, we present how QBDI and TritonDSE can be used to attack a complex C++ binary implementing a VM.

TL;DR Low-cost, commercially available drones have become central to modern conflict, allowing state and non-state actors, such as pro-Russia militias… The post From the Battlefield to the Blockchain: How Cryptocurrency Is Helping Finance the Drone Revolution appeared first on Chainalysis.  ( 11 min )

Chainalysis is excited to announce support for Tempo, an EVM-compatible Layer 1 blockchain purpose-built for stablecoin payments at scale. Tempo… The post Chainalysis Supports Tempo with Automatic Token Coverage appeared first on Chainalysis.  ( 5 min )

No content preview

📖 [The CloudSecList] Issue 331 was originally published by Marco Lancini at CloudSecList on March 29, 2026.  ( 5 min )

No content preview

No content preview

No content preview

No content preview

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 英国外務・英連邦・開発省（FCDO）が中国語圏の主要な不正担保マーケットプレイス Xinbi を制裁指定。個別の加害者のみを対象とする従来の手法から、大規模詐欺エコシステムを支える金融「担保プラットフォーム」そのものに切り込む戦略的転換 Chainalysis のデータによると、Xinbi は 2021 年から 2025 年にかけて 199 億ドル超の決済を仲介。「Black U」マネーロンダリング、無許可 OTC 取引、個人情報データベース販売、詐欺インフラの提供など、あらゆる不正取引を仲介 FCDO はグローバル人権制裁制度に基づき Xinbi… The post 英国政府が Xinbi を制裁：中国語圏の暗号資産詐欺を支えるインフラの中核を指定 appeared first on Chainalysis.  ( 9 min )

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.

Deploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine-grained access controls—two critical capabilities for maintaining explainability and accountability in AI systems. You will learn seven design principles and get implementation guidance for meeting regulatory requirements while deploying secure AI solutions. Financial […]  ( 112 min )

No content preview

Bishop Fox researchers took a deep dive into a new strongSwan vulnerability that allows unauthenticated attackers to take VPN services offline. We created an easy tool to test your strongSwan deployment & recommend upgrading to version 6.0.5 and later.

In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.

In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data including hashed passwords may have been exposed, and that no financial or credit card information was impacted.

Deep dive into Web Application Firewall (WAF) bypasses, from misconfiguration exploitation to crafting obfuscated payloads. We show the impact of the parsing discrepancy between how a WAF reads a request and how a backend executes it. It is not a bug, it is a feature.

These are the top threats you should know about this week.

Senior researcher Alberto Fittarelli spoke with the New York Times about the double threat of AI-produced disinformation. The post Netanyahu Posts ‘Proof of Life’ Video: AI Sows Doubts About What’s Real appeared first on The Citizen Lab.

Posted by Eric Lynch, Product Manager, Android and Dom Elliott, Group Product Manager, Google Play Modern digital security is at a turning point. We are on the threshold of using quantum computers to solve "impossible" problems in drug discovery, materials science, and energy—tasks that even the most powerful classical supercomputers cannot handle. However, the same unique ability to consider different options simultaneously also allows these machines to bypass our current digital locks. This puts the public-key cryptography we’ve relied on for decades at risk, potentially compromising everything from bank transfers to trade secrets. To secure our future, it is vital to adopt the new Post-Quantum Cryptography (PQC) standards National Institute of Standards and Technology (NIST) is urging…

Akamai Guardicore Segmentation, a Leader and Fast Mover in the 2026 GigaOm Radar for Microsegmentation report, balances innovation with platform strength.

No content preview

We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post. Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with dimensional types, then flags mismatches mechanically. In testing against real audit findings, it achieved 93% recall versus 50% for baseline prompts. You can download and use our new dimensional-analysis plugin by running these commands: How our plugin differs from most skills This plugin release is quite different from the wave of security analysis skills released over the past few weeks. The skills we’ve seen tend to take a relatively simple appr…

No content preview

Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first lessons in physics is learning to think in terms of dimensions. Physicists can often spot a flawed formula in seconds just by checking whether the dimensions make sense. I once had a teacher who even kept a stamp that said “non-homogeneous formula” for that purpose (and it was used a lot on students’ work). Developers can use the same approach to spot incorrect arithmetic in smart contracts. In this post, we’ll start with the basics of dimensional analysis in physics and then apply the same reasoning to real DeFi formulas. We’ll also show you how this can be implemented in practice, using Reserv…

In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.

June 3, 2022: Original publication date of this post. This post has been updated to add the additional IAM policy types: Resource control policies. You manage access in AWS by creating policies and attaching them to AWS Identity and Access Management (IAM) principals (roles, users, or groups of users) or AWS resources. AWS evaluates these […]  ( 119 min )

No content preview

On March 23, Citizen Lab director Ron Deibert will appear before the House of Commons to testify on transnational repression.  The post Canadians Will Face ‘Tsunami’ of Transnational Repression in Coming Years appeared first on The Citizen Lab.

📖 [The CloudSecList] Issue 330 was originally published by Marco Lancini at CloudSecList on March 22, 2026.  ( 5 min )

No content preview

No content preview

No content preview

No content preview

This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from insecure XPC communications and time-of-check to time-of-use (TOCTOU) Race Conditions to a range of implementation and configuration oversights. We will explore how attackers can exploit these weaknesses to escalate privileges, and highlight real-world examples to illustrate recurring patterns. This post ends the series on Intego products on macOS by revealing vulnerabilities that can lead to Local Privilege Escalation, as well as a surprise bonus.

The U.S. DOJ recently disrupted several large and powerful DDoS botnets and shut down their related DDoS-for-hire services with Akamai’s help.

Read about the top 10 critical threats related to Agent Skills that security teams should consider while building and evaluating agents.

Italian prosecutors have confirmed the hacking of journalist Francesco Cancellato, who was alerted of a suspected attack last year. The post Italian Prosecutors Confirm Journalist Was Hacked with Paragon Spyware appeared first on The Citizen Lab.

These are the top threats you should know about this week.

Amazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device, which was disclosed by Cisco on March 4, 2026. After Cisco’s disclosure, Amazon threat […]  ( 113 min )

No content preview

No content preview

No content preview

In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.

We’re excited to announce that Amazon Web Services (AWS) has completed its second GDV (German Insurance Association) community audit with 36 members from the Germany insurance industry participating, corresponding to over 63% coverage of the German market in terms of insurance premiums. Community audits are an efficient method to provide additional assurance to a group […]  ( 107 min )

The Citizen Lab has submitted an input on digital transnational repression to the OHCHR report on ‘Protecting Human Rights Defenders in the Digital Age’. The post Submission to the OHCHR: Protecting Human Rights Defenders in the Digital Age appeared first on The Citizen Lab.

Akamai is sponsoring Wasm IO 2026 as part of our commitment to WebAssembly. Get all the details.

No content preview

No content preview

No content preview

I set out to build a rugged badge-cloning tool for field use, with zero hardware background. This is the story of learning electrical engineering from scratch, navigating bad assumptions, and discovering that curiosity, persistence, and hands-on testing can take you further than you think.

No content preview

No content preview

No content preview

In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.

In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.

📖 [The CloudSecList] Issue 329 was originally published by Marco Lancini at CloudSecList on March 15, 2026.  ( 5 min )

If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions with multi-Region replication. Previously, AWS access portal was only available in one Region, when you add an additional Region, users get an active access portal endpoint there. If the primary Region experiences a […]  ( 117 min )