UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and […]
Why Collaboration Friction is the Hidden Driver of Lost Control
Recent European incident reviews, cyber-crisis exercises, and regulatory assessments point to the same pattern: information-sharing fragments, escalation pathways become unclear, and leadership teams struggle to maintain a coherent operational picture as reporting clocks start running. In practice, response timelines are shaped less by detection and more by friction inside the coordination and decision chain. When […]
Lessons for life: Why children’s data is a long-term identity risk
When we talk about cybersecurity and digital safety in the context of our children, it’s often framed in one of two ways. Either it’s about inappropriate or unsafe content – of the sort that COPPA is meant to regulate in the US. Or it’s about managing the psychological and social impacts of excessive screen time. […]
The AI security race needs accountability, not overregulation
Skip to main content Partnership between policymakers and tech companies, not government oversight, offers the best path forward for responsible AI innovation. Listen to this article 0:00 Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. (Getty Images) AI models such as Anthropic’s Claude Mythos […]
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agencies to address it by June 19, 2026, either by implementing a patch or implementing […]
Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns
Prompt injection remains an unsolved architectural problem that could hamper the development of AI, said Ariel Fogel, a contributor to the Open Worldwide Application Security Project (OWASP), during Infosecurity Europe 2026. Fogel, an AI security researcher at Pillar Security’s office of the CTO, said that while AI and security practitioners have long known about prompt […]
2.5 million people were affected, in a breach that could spell more trouble down the line.
EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter. Nelnet revealed the breach […]
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant†bot into resetting account passwords. A screenshot from a video released on […]
You do surprise me.exe: An unexpected executable in Hola Browser
Oxford University discloses data breach after careers platform hack
The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. This platform is also used by other UK educational organizations, such as King’s College London and the University of Manchester, to run their institution-specific career hubs. […]