Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

No content preview

The former Crown Prince of Iran is meeting with Iranian diaspora tech and business leaders on Saturday to discuss the future of the country. Attendees include the CEO of Uber.

The change comes as arXiv and others struggle to manage an influx of AI-generated materials masquerading as rigorous science.

This week, we discuss developers' AI woes, how the magic happens, and the Beach Boys.

Mayo Clinic's "Ambient Listening" has been around for a couple of years, but clearly not all patients know their interactions with nurses are being passively recorded and processed by AI.

TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement to baseline your posture and build a prioritized roadmap. Phase 1 – Foundational (zero to […]

No content preview

The JDownloader website was compromised and installer download links served malware for several days.

WhatsApp now offers disappearing AI chats Meta says it cannot read. While Instagram just removed the feature that stopped Meta reading your messages.

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, customers can replicate their IAM Identity Center instance across multiple AWS Regions to improve resilience and reduce latency for a globally distributed […]

Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventories your Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway endpoints and continuously monitors their TLS configurations for PQC readiness. The […]

Senior research associate Kate Robertson says Bill C-22 could lead to the rollout of forced metadata collection for messaging apps. The post Signal Warns It Would Pull Out of Canada if Made to Comply with Lawful Access Bill appeared first on The Citizen Lab.

No content preview

The dismantling of the United States Agency for International Development (USAID) is associated with measurable increases in Africa, especially in areas most dependent on the agency’s support.

"I hoarded a large database of something valuable, just not what you expect… 150k stools images."

As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first on Microsoft Security Blog.

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments. The post Kazuar: Anatomy of a nation-state botnet appeared first on Microsoft Security Blog.

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.

Recent improvements in the capabilities of the edge network have created a smarter, more connected edge. These changes call for a reassessment of edge strategy.

If any of the MCP attack classes in this series happened in your environment today, would you detect it? Most MCP servers log only a tool name and a timestamp. This post walks through what that gap looks like in practice, how EchoLeak exploited it, and what proper audit logging actually requires.

Hi, I’m Vipul 👋 — the human behind TheHackersLog Continue reading on InfoSec Write-ups »

No content preview

No content preview

Some Yahoo Mail users may see repeated Malwarebytes alerts caused by background connections to suspicious third-party domains. Here’s why.

Experts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK schools.

In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".

This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense strategy that protects your infrastructure costs and security posture. Understanding the crypto mining challenge […]

The financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers […]

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment Cryptography compliance portfolio, with AWS now validated as a component provider for Key Management (KMCP) and […]

No content preview

Citizen Lab director Ron Deibert recently spoke at the OSCE Supplementary Human Dimension Meeting II on Safeguarding Civil Space in the Digital Age. The post Ron Deibert Speaks at the OSCE: Supplementary Human Dimension Meeting II appeared first on The Citizen Lab.

Jeff Bezos learns being good at YouTube is not so easy.

Spools of cable are critical for internet infrastructure and jam-proof drones but skyrocketing costs are making it hard to field them.

We got Haotian AI, the Chinese-language deepfake software powering scams. We also talk about a man finding $1 million of Yu-Gi-Oh cards, and how the AI hard drive shortage is impacting internet archiving.

“It's making me dumber for sure.”

The Texas AG sued Netflix, accusing the company of secretly tracking viewers, selling user data, and using addictive features targeted at minors.

May’s Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn’t be ignored.

What if the MCP server itself is the attacker? Supply chain risk in MCP tools is structural, and the postmark-mcp and ClawHub compromises made it concrete. This post pairs those case studies with otto-support's selfpwn module to show exactly what a hostile MCP server can access the moment it runs.

In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.

No content preview

No content preview

What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data. The post Accelerating detection engineering using AI-assisted synthetic attack logs generation appeared first on Microsoft Security Blog.

Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). The post Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark appeared first on Microsoft Security Blog.

Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation. The post Defending consumer web properties against modern DDoS attacks appeared first on Microsoft Security Blog.

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that organizations already trust within their environments. The post Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise appeared first on Microsoft Security Blog.

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a […]

Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach their full potential, customers need control over their data and choices for how and […]

No content preview

Researchers found a ClickFix campaign that uses fake Claude setup guides to trick Mac users into infecting themselves.

Cifas just published research that should bother anyone who runs a business, or buys from one.

Instructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.

No content preview

The comments made by a senior ICE official at a trade show highlight how Palantir is increasing the speed at which ICE operates. Most people detained by ICE have no criminal conviction.

Bishop Fox is releasing Joro, a collaborative web exploitation framework built almost entirely with AI. From intercepting proxy to C2 integration, this post covers how it was built, what it does, and what AI-assisted security tool development actually looks like in practice.

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.

If you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AWS security services in a single session. What to expect Each Security Activation Day […]

The logic behind Polymarket, Kalshi and sports betting apps can be traced back to the inner workings of the slot machine.

AI writing is impossible to avoid, is making everything sound the same, and is driving us crazy.

A commencement speaker at the University of Central Florida was booed, with graduating humanities students yelling out, "AI SUCKS!"

A researcher found a host of vulnerabilities in Yarbo garden robots that could expose Wi-Fi passwords, hijack cameras, and run over their owners on command.

A list of topics we covered in the week of May 4 to May 10 of 2026

No content preview

📖 [The CloudSecList] Issue 337 was originally published by Marco Lancini at CloudSecList on May 10, 2026.

Scientists analyzed over 900 marriages within the ’Ndrangheta, one of the most infamous mafia syndicates, to understand how “matrimonial ties relate to power and cohesion within the organization.”

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unprivileged user to root and may be leveraged after initial compromise through SSH access, web shells, containers, or low-privileged accounts. Microsoft Defender is actively monitoring limited in-the-wild activity and provides detection coverage for exploitation attempts. The post Active attack: Dirty Frag Linux vulnerability expands post-compromise risk appeared first on Microsoft Security Blog.

When an agent reads attacker-controlled content and acts on it using its own privileges, the user's name ends up on every audit log entry. From Microsoft Copilot to ConfusedPilot, this post walks through how confused deputy attacks work and the layered controls that help contain them.

A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.

Days after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.

Read the technical details of a security vulnerability (CVE-2026-34354) in Akamai Guardicore Platform Agent for Windows — and get clear guidance on mitigation.

In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.

No content preview

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. The post When prompts become shells: RCE vulnerabilities in AI agent frameworks appeared first on Microsoft Security Blog.

This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins. The post World Passkey Day: Advancing passwordless authentication appeared first on Microsoft Security Blog.

Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, identity and access management, threat intelligence, data protection, and multicloud operations. […]

Amazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards that are broadly applicable across industries within the country. These certifications further demonstrate that AWS services meet nationally recognized […]

TL;DR Crypto prediction markets use blockchain technology to create liquid platforms for forecasting and hedging real-world events, driving massive growth… The post Crypto Prediction Markets Explained: How the Blockchain Is Reshaping Forecasting appeared first on Chainalysis.  ( 15 min )

AI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets.

A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.

SSRF and token passthrough are not new, but MCP servers are reintroducing them at scale. From a chained SSRF-to-RCE in mcp-atlassian to Microsoft's MarkItDown and OpenClaw, this post walks through three recent disclosures and the controls that actually prevent them.

In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.

This article presents the structure of the Independent Guest Virtual Machine (IGVM) file format, a binary file designed to define and securely launch the initial state of a virtual machine. It bundles all necessary components such as the BIOS/OVMF, kernel, and initial ramdisk, into a single file. We'll focus on a concrete example to understand the main structure of the file format.

We have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artificial Intelligence Management System (AIMS) using AWS services. As organizations deploy AI and generative AI workloads in the cloud, aligning with globally recognized standards such as ISO/IEC 42001:2023 becomes an important step toward strengthening […]

The Akamai State of AI Inference report captures real data from the field that describes how AI inference is being built and scaled in production today.

Read why Akamai was named the only Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for API Protection.

No content preview

Google Chrome writes a 4GB AI model to users’ devices without asking, and reinstalls it if you delete it.

A legitimate developer tool is being repurposed by attackers to package and spread this Windows infostealer in harder-to-detect ways.

ShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.

AI agents connected to too many tools don't just create risk, they've already caused real damage. From deleted databases to mass-wiped mailboxes, excessive agency has a track record. This post breaks down what it looks like in practice and how role-aware tool registration can help contain it.

Bishop Fox researchers confirmed a critical pre-authentication SQL injection in LiteLLM proxy affecting versions 1.81.16 through 1.83.6. Attackers can exploit it without credentials, and it blends into normal logs. In-the-wild exploitation was observed within 36 hours of the advisory going public.

This blog is a preview of our forthcoming report, “The New Rails: How Digital Assets Are Reshaping the Foundations of… The post Where to Build: A Data-Driven Guide to Blockchain Infrastructure for TradFi Tokenization appeared first on Chainalysis.  ( 15 min )

In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

As AI agents, bots, and programmatic access become an increasingly significant portion of web traffic, organizations need better tools to understand, analyze, and manage this activity. Today, we’re excited to announce AI Traffic Analysis dashboards for AWS WAF protection packs—also known as web access control lists (web ACLs)—providing comprehensive visibility into AI bot and agent […]

A Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy violations. Your team needs answers fast. Security teams are using Kiro and Amazon Q Developer to handle repetitive tasks—scanning resources, drafting policies, and researching Common Vulnerabilities and Exposures (CVEs)—so engineers can focus on risk decisions […]

No content preview

No content preview

No content preview

WhatsApp patches flaws that could expose users to malicious content and disguised malware.

In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.

No content preview

This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs. An open proxy is a server that forwards traffic on behalf of internet users without requiring authentication. While proxies can support legitimate use cases such as load balancing or […]

This week on the Lock and Code podcast, we speak with Eva Velasquez about small business cyberattacks and the "cyber tax" coming for us all.

No content preview

No content preview

Cloudfoxable started as a hands-on AWS security training tool. Now it's expanding. Bishop Fox has launched the first set of Azure challenges, giving security professionals a safe, intentionally misconfigured environment to explore identity-driven attack paths and privilege escalation in Azure.

In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".

📖 [The CloudSecList] Issue 336 was originally published by Marco Lancini at CloudSecList on May 03, 2026.

No content preview

In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.

It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other leading organizations. This has generated a lot of discussion about the future of cybersecurity and what the ever-increasing capabilities of foundation models mean to organizations. As AWS CISO Amy Herzog pointed out in […]

AWS Security Assurance Services is announcing the release of our latest compliance guide, ISO 31000:2018 Risk Management on AWS, which provides practical guidance for organizations establishing and operating a risk management program in AWS environments using ISO 31000:2018 principles. The guide explains how organizations can integrate AWS services into their risk management processes to support […]

No content preview

In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.

Senior research fellow Jon Penney spoke with Michael Geist on the Law Bytes podcast about his new book. The post Chilling Effects in the Digital Age appeared first on The Citizen Lab.

No content preview

Attackers can already find, connect to, and probe your exposed AI agent infrastructure. AIMap gives defenders that same visibility. Built by Bishop Fox, this open-source tool discovers, scores, and tests exposed AI endpoints so you can understand your real attack surface before someone else does.

This blog post explores Entra ID applications, the complexities of auditing application permissions in Microsoft Entra ID, highlighting hidden risks and pitfalls. It introduces Quarkslab's QAZPT tool, designed to compute and visualize effective permissions in an Entra ID tenant, providing insights into the full picture of permissions and inheritance paths.

No content preview

Generative AI brings promising innovation, transforming how individuals and organizations approach everything from customer service to content creation and more. As AI continues to expand its capabilities, organizations are increasingly focused on how they can integrate the responsible AI concepts into the development lifecycle of their AI applications. Research from Accenture and Amazon Web Services […]

Citizen Lab director Ron Deibert recently spoke on All Things Considered about the Lab’s new investigation of Webloc, a geolocation surveillance system. The post A New Study Shows How Ad-Based Technology is Used for Surveillance appeared first on The Citizen Lab.

A group of 25 rights and privacy organizations and experts delivered an open letter to Parliament calling for the full withdrawal of Bill C-22. The post Kill Bill C-22: Says Civil Society to Parliament appeared first on The Citizen Lab.

TL;DR Australian exchanges should not treat April 2027 as the first compliance date. AUSTRAC obligations and readiness expectations are already… The post Australia’s Crypto Crossroads: Regulation is Here, Now Comes the Hard Part appeared first on Chainalysis.  ( 9 min )

The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security incidents. We’re passionate about making sure that information is widely accessible so that everyone can improve their security posture and their organization’s resilience to disruption. The primary method we use to share this […]

As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS accounts. It simplifies authentication, enhances security, and provides a seamless user sign-in experience to AWS services across diverse environments. […]

No content preview

Nearly 90% of businesses faced API security incidents last year at an average cost of US$700,000. A new study shows how AI is increasing API risks.

In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.

In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.

No content preview

No content preview

No content preview

No content preview

On April 24, 2026, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) updated its designation of… The post OFAC Updates Central Bank of Iran Designation Following Record $344 Million Tether Seizure amid Strait of Hormuz Toll Controversy appeared first on Chainalysis.  ( 8 min )

No content preview

No content preview

No content preview

In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.

No content preview

No content preview

📖 [The CloudSecList] Issue 335 was originally published by Marco Lancini at CloudSecList on April 26, 2026.

No content preview

No content preview

No content preview

TL;DR In a massive coordinated interagency effort, the Department of Justice (DOJ), the Department of the Treasury’s Office of Foreign… The post U.S. Government Unveils Sweeping Enforcement Actions Against Southeast Asian Scam Centers and Crypto Fraud Networks appeared first on Chainalysis.  ( 10 min )

TL;DR The EU’s 20th Russia sanctions package introduces a total sectoral ban on Russia-based crypto service providers and decentralized platforms,… The post EU’s 20th Russia Sanctions Package Signals a New Era of Crypto-Specific Enforcement appeared first on Chainalysis.  ( 11 min )

No content preview

No content preview

Today, vulnerabilities can be discovered, connected, and operationalized at a speed that traditional security processes were never designed to match. Learn more.

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

Posted by Thomas Brunner, Yu-Han Liu, Moni Pande At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top priority for the security community, anticipating it as a primary attack vector for adversaries to target and compromise AI agents. But while the danger of IPI is widely discussed, are threat actors actually exploiting this vector today – and if so, how? To answer these questions and to uncover real-world abuse, we initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found.  The threat of indirect prompt injection Unlike a direct injection where a user …

TL;DR On April 18, 2026, attackers linked to North Korea’s Lazarus Group stole ~$292 million (116,500 rsETH) from KelpDAO’s LayerZero… The post Inside the KelpDAO Bridge Exploit: How ~$292 Million in rsETH Was Released Against a Non-Existent Burn appeared first on Chainalysis.  ( 11 min )

This blog is a preview of our forthcoming report, “The New Rails: How Digital Assets Are Reshaping the Foundations of… The post $30 Billion and Counting: How Tokenized RWAs Are Becoming a Mainstream Investment for Institutional Capital appeared first on Chainalysis.  ( 11 min )

The Edmonton Police Service is trialing new bodycam facial recognition technology to identify what they have deemed “high-risk offenders.” Speaking to the CBC, senior research associate Kate Robertson says, “As someone who has been studying algorithmic policing technologies for nearly a decade, and [previously] a lawyer in Canada’s justice system, I have to say that […] The post Edmonton Police Trial AI Facial Recognition Bodycams appeared first on The Citizen Lab.

No content preview

No content preview

No content preview

Bishop Fox built a vulnerable MCP-based customer support tool and turned it into a security challenge. Explore how AI agents interact with tools, escalate privileges, and expose sensitive data. If you work with AI systems, this CTF shows exactly how these architectures fail in the real world.

Senior researcher Noura Aljizawi spoke to WIRED about a hack that revealed Syria’s fragile cybersecurity. The post The Hack That Exposed Syria’s Sweeping Security Failures appeared first on The Citizen Lab.

NIST just announced it's prioritizing CVE enrichment for government systems and deprioritizing everything else. For security teams that rely on NVD data, the gap is real. Here's what changed, why it's been coming for years, and what your team should do to stay ahead of the risk.

No content preview

No content preview

No content preview

No content preview

No content preview

AI has put an end to the era of evaluating CVEs in isolation. The most critical risks now emerge when legacy state machines meet asynchronous execution.

📖 [The CloudSecList] Issue 334 was originally published by Marco Lancini at CloudSecList on April 19, 2026.

TL;DR Grinex, the sanctioned successor to the Russian exchange Garantex, suspended operations yesterday following a claimed 1 billion ruble ($13.7… The post Sanctioned Russia-Linked Exchange Grinex Suspends Operations Following Alleged Cyberattack appeared first on Chainalysis.  ( 8 min )

No content preview

No content preview

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.