#threat-intelligence-ecosystem
#threat-intelligence-ecosystem

Software development

Claude Opus wrote a Chrome exploit for $2,283

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

fromWIRED

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

fromTechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Software development

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

more#cybersecurity

fromwww.bbc.com

17 hours ago

Counter-terror police investigate another arson attack

Commander Helen Flanagan stated, 'At this stage last night's arson is not being linked to other incidents in the north-west London area over the last week or last month's arson in Golders Green but counter terrorism officers are leading due to the similarities of each attack.'

London politics

EU data protection

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

SF politics

fromNextgov.com

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

more#cisa

fromThe Verge

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

Cryptocurrency

fromArs Technica

Russia-friendly exchange says "western special service" behind $15 million cyberattack

Grinex halts operations after a $13 million heist attributed to western special services hackers, impacting Russian users and financial sovereignty.

Marketing tech

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

London startup

One year on from the M&S cyber attack: What did we learn? | Computer Weekly

Marks & Spencer experienced a significant cyber attack in April 2025, disrupting services and highlighting vulnerabilities in third-party tech suppliers.

Social media marketing

fromAxios

The first AI-era war is a "slopaganda" battle to control memes

AI-generated content is rapidly spreading propaganda, making it easier for influencers to adopt conspiracy theories.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

3 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

18 hours ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

3 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

more#phishing

#ai-governance

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromAbove the Law

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromAbove the Law

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

#nist

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

more#nist

fromTechRepublic

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

Software development

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

World politics

3 weeks ago

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

ZionSiphon Malware Targets ICS in Water Facilities

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

2 weeks ago

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

fromTechRepublic

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

2 weeks ago

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

fromDevOps.com

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

fromArs Technica

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

fromTechCrunch

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Miscellaneous

fromZDNET

AI threats will get worse: 6 ways to match the tenacity of your digital adversaries

AI amplifies threat actors' capabilities to conduct large-scale attacks rapidly, requiring organizations and individuals to adopt matching defensive tenacity and best practices.

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Cyber Insights 2026: Threat Hunting in an Age of Automation and AI

Threat hunting is in flux. What started as a largely reactive skill became proactive and is progressing toward automation. Threat hunting is the practice of finding threats within the system. It sits between external attack surface management (EASM), and the security operations center (SOC). EASM seeks to thwart attacks by protecting the interface between the network and the internet. If it fails, and an attacker gets into the system, threat hunting seeks to find and monitor the traces left by the adversary so the attack can be neutralized before damage can be done. SOC engineers take new threat hunter data and build new detection rules for the SIEM.

Science

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

#microsoft

Information security

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

fromFuturism

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

fromTNW | Apps

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

fromArs Technica

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

By mid-2026, at least one major global enterprise will fall to a breach caused or significantly advanced by a fully autonomous agentic AI system.

Artificial intelligence

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.

2 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Attackers deliberately overwhelm SOC analysts with high-volume phishing campaigns to delay investigations and create windows for successful breaches, making analyst capacity a critical vulnerability.

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.

Fake job applications pack malware that disables EDR

Russian cybercriminals target HR teams with malicious CVs disguised as job applications to install malware that disables security tools and steals corporate data.

Manage attack infrastructure? AI agents can now help

AI agents enable cybercriminals and nation-state hackers to automate reconnaissance, infrastructure management, and attack planning, significantly increasing the speed and scale of cyberattacks.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

Threat intelligence supply chain is full of weak links

China's ban on foreign security software threatens the global threat intelligence ecosystem by risking data fragmentation and weakening international cybersecurity collaboration.

In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators

Predator spyware suppresses iOS indicators through kernel-level access, Russian cyberattacks on Ukraine's energy grid gather intelligence for missile targeting, and Treasury launches AI cybersecurity initiative for financial services.

Living off the AI: The Next Evolution of Attacker Tradecraft

AI assistants and MCP-connected agents create new attack surfaces that allow attackers to misuse sanctioned workflows, enabling low-skill actors to exfiltrate data and execute code.

Cyber Insights 2026: Offensive Security; Where It is and Where Its Going

Red teaming and offensive security must accelerate and expand to proactively find and harden system weaknesses against increasingly frequent, sophisticated, and damaging attacks.

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Offensive AI and novel evasion techniques enable adversaries to autonomously generate, conceal, and adapt malware to bypass legacy endpoint defenses like EDR and AV.

BeyondTrust Vulnerability Exploited in Ransomware Attacks

Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.