All news with #news tag

🔎 Operation PowerOFF has notified more than 75,000 suspected users of DDoS-for-hire platforms and taken 53 domains offline as part of a coordinated international law enforcement effort. Supported by Europol and authorities across 21 countries, the action included four arrests, 25 search warrants, and the dismantling of critical booter infrastructure. The operation is now shifting into a prevention phase featuring awareness campaigns, search-engine ad interventions, URL removals, and on-chain payment warnings to deter future abuse.

🔒 At VulnCon26 in April, Lindsey Cerkovnik of CISA urged that AI firms like OpenAI and Anthropic be more directly represented in the CVE program to help manage a surge in reported vulnerabilities. She warned that new AI tools both accelerate discovery of valid flaws and generate lower-value noise, putting pressure on disclosure workflows. Recent vendor developments — Anthropic’s Mythos Preview and OpenAI’s GPT-5.4-Cyber — illustrate how automated research is already changing the threat landscape. Cerkovnik said CVE funding is secure and the program remains a CISA priority.

📅 Bruce Schneier will speak at a series of conferences and virtual events through June 2026. He appears at DemocracyXChange in Toronto on April 18 and at the SANS AI Cybersecurity Summit in Arlington on April 20 at 9:40 AM ET, with other engagements including the Nemertes [Next] Virtual Conference on April 29 and RightsCon in Lusaka on May 6–7. He will deliver a keynote and join a panel for ICTLuxembourg at the University of Luxembourg on May 12, and he will speak at the Potsdam Conference on National Cybersecurity the evening of June 24.

🔍 The Trump administration's proposed 2027 budget trims total civilian federal cybersecurity funding by about $227 million, falling from $12.455 billion in 2026 to $12.228 billion in 2027. The request directs the largest increases to the Department of Justice (+$312M) and State (+$174M) while cutting Department of Homeland Security cyber funding and imposing deep reductions at CISA and the NSF. Enterprises should reassess dependencies on federal cyber support, accelerate private-sector threat intelligence ties, and review compliance assumptions given reduced federal capacity.

🚀 Yael Nardi joins Minimus as Chief Business Officer, leading top-of-funnel growth, strategic operations, and corporate development in a newly created role. She will implement an operational model to scale marketing and strategic alliances and adapt to AI-influenced customer acquisition channels. Nardi brings 15+ years advising startups, investors, and law firms and led major M&A transactions including Twistlock's sale to Palo Alto Networks. Based in New York, she will help expand Minimus's near-zero CVE hardened container image offerings and go-to-market engine.

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.

🔒 The Hacker News is hosting a webinar that examines why identity programs can advance while enterprise risk rises. New Ponemon Institute research finds hundreds of applications remain disconnected from centralized identity, creating an unmanaged dark matter attack surface that AI agents now exploit. Join experts Mike Fitzpatrick and Matt Chiodi for tactical guidance to measure, prioritize, and close identity gaps.

🛡️ The Hacker News highlights that while headline breaches attract investment, recurring credential incidents—account lockouts, reused or exposed passwords, and frequent resets—impose persistent operational costs. Forrester estimates resets can account for up to 30% of helpdesk tickets, at roughly $70 each, and IBM’s 2025 report cites a $4.4M average breach cost. Poorly designed password policies and mandatory periodic resets often make the problem worse by prompting insecure user behavior. Practical measures include user-friendly, robust policies, breached-password screening, and shifting away from arbitrary expiration windows; vendors such as Specops Password Policy are presented as tools that detect exposed credentials and reduce incident volume.

🔒 The White House's new cyber strategy and recent moves by major tech firms mark a clear shift from reactive defense toward proactive cyber, emphasizing disruption of adversaries earlier in the attack chain. Industry leaders frame this as the legal, intelligence-driven use of takedowns, litigation, public exposure of tools, and product hardening to impose cost and friction on attackers. While large platform providers can act at scale, enterprises are urged to focus on fundamentals, share telemetry, and support coordinated disruption rather than conduct offensive operations themselves.

⚡ This week’s incidents include a supply-chain compromise of the popular Axios npm package by actors attributed to North Korea (UNC1069) and an actively exploited Chrome zero-day (CVE-2026-5281) in the Dawn/WebGPU component. Other notable events include active exploitation of Fortinet FortiClient EMS, a TrueConf update-integrity bypass, and an accidental large code leak from Anthropic’s Claude development. Organizations should treat developer tooling, CI/CD, and dependencies as part of the attack surface and apply patches and integrity checks promptly.

🔒 Google announced a plan to complete a transition to post-quantum cryptography across its services by 2029. Security expert Bruce Schneier welcomes the decision, arguing the primary benefit is improved crypto-agility rather than an imminent quantum threat. The timeline allows Google to test implementations, assess performance and interoperability impacts, and coordinate with evolving standards. Early adoption can reduce the risk of retrospective decryption and signals leadership that may accelerate broader industry migration.

🎣 In episode 461 of Smashing Security, host Graham Cluley and guest Danny Palmer discuss a remarkable Bitcoin mystery: an Irishman who converted drug proceeds into BTC in 2011 now allegedly controls $400 million, but the access codes were hidden in a fishing-rod case that disappeared — until one frozen wallet unexpectedly moved $35 million. The episode also covers a major data breach at Ajax Football Club that may have exposed the personal details of around 300,000 supporters, enabling ticket theft and manipulation of stadium ban lists. Additional topics include an Iran-linked compromise of the FBI director’s personal email, reliability differences between Windows and macOS, and a UK court case in which CCTV footage was used in a crypto theft claim.

📘 This PDF synthesizes insights from the Hamburg IT Strategy Days, Germany’s largest IT management congress, where senior CIOs present practical blueprints for digital transformation. Leaders from BMW, E.ON, Deutsche Börse and Kärcher share how they executed complex programs to modernize infrastructure, improve delivery speed and strengthen operational resilience. The document highlights concrete approaches to aligning IT strategy with business goals, governance adjustments, and the cultural changes needed to sustain outcomes. Readers will find pragmatic lessons on balancing innovation, risk management and cost efficiency as organizations prepare operations for future disruption.

🔒 RSA Conference 2026 made clear that AI dominated every conversation, reframing priorities for CISOs and security teams. Sessions and hallway discussions emphasized securing the AI stack, managing rampant shadow AI usage, and governing machine or non-human identities. Speakers warned that AI accelerates both attacks and defensive response, while capital and workforce dynamics are shifting rapidly.

🔒 In the March 2026 edition Tony Anscombe reviews several high-impact incidents and trends that should shape organizational defenses. He summarizes the reported Stryker intrusion claimed by the Iran-linked Handala group, new research from the Google Threat Intelligence Group showing a rise in data theft tied to ransomware, Instagram's plan to stop encrypting private messages in May, and a Europol-led takedown of the Tycoon 2FA phishing platform. Watch the video for practical lessons and related coverage.

🌐 Cybercrime functions as an industrialized ecosystem, with specialized actors and services that enable attacks to scale across borders. The RSAC panel highlighted the need to move from episodic takedowns to continuous, coordinated campaigns and showcased the Cybercrime Atlas as a tool to map actors, infrastructure, and financial flows. Operationalizing collaboration requires secure intelligence sharing, defined roles across industry and law enforcement, and repeatable governance to shift the economics of cybercrime.

🔒 The Alliance for Creativity and Entertainment (ACE) has shut down AnimePlay, a major illegal anime streaming platform that hosted over 60 terabytes of TV shows and movies and had more than 5 million registered users, mostly in Indonesia. ACE said it seized 15 domains, hosting servers, full source code, 29 GitHub repositories, databases, advertising tools, and other backend systems, taking the service offline. The developer and admin surrendered control of the backend ecosystem, and ACE said the action restricts the operator's ability to rebuild or relaunch the platform.

🛡️ Kali Linux 2026.1 is now available, introducing eight new tools, a refreshed visual theme, and a BackTrack mode for Kali-Undercover. The update adds 25 new packages, updates 183 others, and upgrades the kernel to 6.18, while polishing the installer, boot, and login experiences. New network-repository tools include AdaptixC2, Atomic-Operator, Fluxion, GEF, MetasploitMCP, SSTImap, WPProbe, and XSStrike. The release also delivers Kali NetHunter fixes and recommends WSL 2 for GUI support.

🔎Operation Henhouse V saw UK police and partners carry out a large-scale fraud crackdown, resulting in 557 arrests, 172 voluntary interviews and 249 cease-and-desist notices. Law enforcement secured account-freezing orders of £9m and seized £18.1m in cash and assets. The operation, led by the NCA and City of London Police, targeted online and offline scams and identified overseas call centres, demonstrating strengthened coordination amid rising digital fraud.

🎤 Infosecurity Europe has named former Ukrainian Foreign Minister Dr. Dmytro Kuleba as a headline keynote for its 2–4 June 2026 conference at ExCeL London. Kuleba will speak on 3 June at 10:05 about 'Ukraine's Hybrid War and the New Cyber Frontline,' sharing lessons on coordinated cyber‑kinetic attacks, disinformation and why Western enterprises are increasingly the primary cyber frontline. Attendees will hear practical insights for resilience.