• [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
• $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
• Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
• Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
• Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
• NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
• Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
• Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
• Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
• ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
• Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
• Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
• UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
• n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
• Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
• April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
• Deterministic + Agentic AI: The Architecture Exposure Validation Requires
• Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
• OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
• New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

• Vercel confirms breach as hackers claim to be selling stolen data
• Apple account change alerts abused to send phishing emails
• NIST to stop rating non-priority flaws due to volume increase
• Critical flaw in Protobuf library enables JavaScript code execution
• Microsoft Teams right-click paste broken by Edge update bug
• NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
• Payouts King ransomware uses QEMU VMs to bypass endpoint security
• Grinex exchange blames "Western intelligence" for $13.7M crypto hack
• Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
• Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
• CISA flags Apache ActiveMQ flaw as actively exploited in attacks
• Microsoft: Some Windows servers enter reboot loops after April patches
• Man gets 30 months for selling thousands of hacked DraftKings accounts
• Recently leaked Windows zero-days now exploited in attacks
• Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

• Just like phishing for gullible humans, prompt injecting AIs is here to stay
• I meant to do that! AI vendors shrug off responsibility for vulns
• CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
• Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
• Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
• Claude Opus wrote a Chrome exploit for $2,283
• Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say
• North Korea targets macOS users in latest heist
• Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
• Git identity spoof fools Claude into giving bad code the nod
• Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
• Microsoft announces product it doesn't want anyone to buy
• Server-room lock was nothing but a crock
• Google Chrome lacks protection against one of the most basic and common ways to track users online
• Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
• Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
• Automotive data biz Autovista blames ransomware for service disruption
• French cops free mother and son after 20-hour crypto kidnap ordeal
• Ancient Excel bug comes out of retirement for active attacks
• Raspberry Pi OS ends open-door policy for sudo

• Critical sandbox bypass fixed in popular Thymeleaf Java template engine
• Flawed Cisco update threatens to stop APs from getting further patches
• White House moves to give federal agencies access to Anthropic’s Claude Mythos
• Another Microsoft Defender privilege escalation bug emerges days after patch
• Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
• Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten
• Cisco Webex SSO flaw needs manual certificate update to fix
• RCE by design: MCP architectural choice haunts AI agent ecosystem
• NIST cuts down CVE analysis amid vulnerability overload
• Microsoft’s Windows Recall still allows silent data extraction

• Friday Squid Blogging: New Giant Squid Video
• Mythos and Cybersecurity
• Human Trust of AI Agents
• Defense in Depth, Medieval Style
• Upcoming Speaking Engagements
• How Hackers Are Thinking About AI
• On Anthropic’s Mythos Preview and Project Glasswing
• AI Chatbots and Trust
• Friday Squid Blogging: Squid Overfishing in the South Pacific
• Sen. Sanders Talks to Claude About AI and Privacy

• Rate Limit Exceeded - Query Later