• Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
• Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
• SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
• 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
• Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
• 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
• NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
• No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
• Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
• CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
• SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
• ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
• Why Most AI Deployments Stall After the Demo
• Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
• Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
• Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
• [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
• $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
• Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
• Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

• Microsoft releases emergency patches for critical ASP.NET flaw
• Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
• French govt agency confirms breach as hacker offers to sell data
• New Lotus data wiper used against Venezuelan energy, utility firms
• Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
• UK probes Telegram, teen chat sites over CSAM sharing concerns
• CISA flags new SD-WAN flaw as actively exploited in attacks
• Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
• Former ransomware negotiator pleads guilty to BlackCat attacks
• NGate Android malware uses HandyPay NFC app to steal card data
• KelpDAO suffers $290 million heist tied to Lazarus hackers
• China's Apple App Store infiltrated by crypto-stealing wallet apps
• The Gentlemen ransomware now uses SystemBC for bot-powered attacks
• Seiko USA website defaced as hacker claims customer data theft
• Microsoft: Teams increasingly abused in helpdesk impersonation attacks

• Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
• Mythos found 271 Firefox flaws – but none a human couldn’t spot
• Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor
• Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
• More Cisco SD-WAN bugs battered in attacks
• macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
• Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
• AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
• Crook claims to leak 'video surveillance footage' of companies
• Met police trials snoop tech platform in push to cuff more London shoplifters
• Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
• Panasonic creates device-locked QR codes to speed facial biometric capture
• Iran claims US used backdoors to knock out networking equipment during war
• Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
• Claude Desktop changes app access settings for browsers you don't even have installed yet
• Scot becomes second Scattered Spider-linked crook to plead guilty in US
• Microsoft releases Windows Server update fix to fix its April update fixes
• Next.js developer Vercel warns of customer credential compromise
• Just like phishing for gullible humans, prompt injecting AIs is here to stay
• I meant to do that! AI vendors shrug off responsibility for vulns

• Anthropic bets on EPSS for the coming bug surge
• SBOM erklärt: Was ist eine Software Bill of Materials?
• Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
• Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
• Prompt injection turned Google’s Antigravity file search into RCE
• Why identity is the driving force behind digital transformation
• Top techniques attackers use to infiltrate your systems today
• The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
• Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
• Hackers exploit Vercel’s trust in AI integration

• Mexican Surveillance Company
• Is “Satoshi Nakamoto” Really Adam Back?
• Friday Squid Blogging: New Giant Squid Video
• Mythos and Cybersecurity
• Human Trust of AI Agents
• Defense in Depth, Medieval Style
• Upcoming Speaking Engagements
• How Hackers Are Thinking About AI
• On Anthropic’s Mythos Preview and Project Glasswing
• AI Chatbots and Trust

• Thinking About Becoming a Licensed Engineer? Start Here.
• Celebrate Hispanic Heritage Month With SWE
• The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com
• Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com
• French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com
• Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com
• Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com
• Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com
• CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com
• Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com