Data Breaches
America's largest home security provider confirms breach after vishing attackers claim 10M customer records. Okta SSO → Salesforce attack chain exposes PII and partial SSNs. BOCA RATON, FL — In a stinging blow to the world’s most recognized name in physical security, ADT Inc. (NASDAQ: ADT) has confirmed a
Spearphishing
AVIC engineer Song Wu impersonated U.S. researchers to harvest NASA aerospace modeling software. Faces 300+ years if convicted. NASA OIG exposes China’s IP theft pipeline. WASHINGTON, D.C. — In a staggering breach of national security, NASA’s Office of Inspector General (OIG) has detailed how a Chinese national
Decentralized Finance (DeFi)
Original $293M LayerZero bridge attack caused 43x larger $13B TVL crash across Aave (-43%) + 26 protocols. North Korea's Lazarus hits $578M in 18 days as bridges become primary attack vector. GLOBAL — The fallout from the Kelp DAO exploit has officially mutated from a singular protocol theft into a
AI Security
Federal adoption hits 82% vs 41% private sector as FedRAMP 20x accelerates unvetted agents into classified networks. WASHINGTON, D.C. — While the commercial world cautiously debates the ROI of agentic AI, the federal government has quietly surged ahead, creating a massive, unmanaged attack surface. According to recent IDC and Salesforce
Settlements
HHS cracks down on four healthcare entities after risk analysis failures allowed PYSA and other ransomware to encrypt servers and exfiltrate patient data. WASHINGTON, D.C. — In a decisive move against systemic negligence in the medical sector, the HHS Office for Civil Rights (OCR) has announced a collective $1.165
Critical Infrastructure
DEF CON researchers demonstrate physical attack that overwrites CCS Parameter Information Block, permanently disabling public charging infrastructure with no software fix available. LAS VEGAS, NEVADA — At DEF CON 33, security researchers have unveiled a devastating new physical cyber weapon targeting the backbone of municipal electric vehicle (EV) infrastructure. The attack,
Data Breaches
33.7M user leak → US investor lawsuits → Congressional intervention → Delayed security consultations. How a consumer data breach became a national security crisis. SEOUL — What began as a corporate data leak has spiraled into an unprecedented diplomatic standoff between Washington and Seoul. The Coupang data breach, which exposed the personal information
Cyber-Warfare
SentinelOne uncovers ShadowBrokers-referenced cyberweapon that silently corrupted engineering math; likely US/Israel operation against Iranian nuclear program. SINGAPORE — Everything we knew about the origins of state-sponsored cyber-sabotage was just rewritten. Today, at Black Hat Asia 2026, SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade unveiled FAST16, a precision-engineered malware sample
National Security
Internal DoD email outlines retaliation against allies refusing Iran war basing rights; UK reaffirms "unchanged" Falklands sovereignty amid diplomatic firestorm. WASHINGTON, D.C. — A high-level operational security breach has exposed a widening rift within the NATO alliance. A leaked internal Pentagon email, circulating since Thursday evening, outlines a
Malicious Docker images and VS Code extensions steal IaC secrets; Bitwarden npm trusted publishing abused in a sophisticated DevSecOps attack chain. TEL AVIV, IL — In a cascading security failure that strikes at the heart of modern DevSecOps, the prominent security vendor Checkmarx has confirmed a multi-stage supply chain compromise affecting
White House OSTP accuses DeepSeek and Moonshot AI of industrial-scale extraction attacks; bipartisan sanctions bill advances to protect American frontier models. WASHINGTON, D.C. — The Trump administration has officially signaled a major escalation in the AI arms race, shifting focus from hardware export controls to the protection of the software
Federal agency confirmed breached via unpatched Cisco ASA flaws; only a hard power cycle removes the persistent implant redeploying months after initial patches. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive following the discovery of a Firestarter malware infection within a U.S.
NATO CCDCOE launches the world's largest live-fire cyber defense exercise, bringing together 4,000 experts to protect fictional Berylia against 8,000 real-time threats. TALLINN, EE — More than 4,000 cyber defenders from 41 nations have concluded Locked Shields 2026, the world’s largest and most complex international
China-aligned espionage group G0081 evolves beyond traditional spear-phishing with SOHO router firmware attacks and domain-trust pivoting. TOKYO, JP — The persistent China-aligned threat actor known as Tropic Trooper (G0081) has significantly shifted its operational focus, moving beyond traditional spear-phishing to target Japanese government and critical infrastructure via router exploitation. Recent telemetry
Minidoka Memorial Hospital transferred emergency patients after an imaging outage; a new ransomware group demands payment for an alleged 2.3 million files. RUPERT, ID — A quiet Easter morning in rural Idaho was shattered on April 5, 2026, when Minidoka Memorial Hospital (MMH) fell victim to a cyberattack that paralyzed
Journalist demonstrates naval mail screening flaw by mailing a Bluetooth device to NATO frigate HNLMS Evertsen; envelopes were not X-rayed like standard packages. THE HAGUE, NL — In a staggering demonstration of security asymmetry, a Dutch journalist has exposed a critical physical vulnerability within NATO naval operations. By mailing a $5
The municipality of Epe confirms a massive exfiltration event impacting nearly all 32,000 residents; authorities offer free identity document replacements as theft concerns mount. EPE, NETHERLANDS — The municipality of Epe has officially confirmed that a cyberattack first detected in March 2026 resulted in the theft of personal data belonging
ESET discovers a new espionage group abusing legitimate cloud services for command-and-control against strategically sensitive Mongolian targets. ULAN BATOR, MN — Researchers at ESET have uncovered a sophisticated, China-aligned espionage campaign targeting the Mongolian government. The threat actor, dubbed GopherWhisper, has successfully infected at least 12 government systems since late 2023,
MIVD annual assessment warns Moscow is using artificial intelligence to target critical infrastructure across the continent as part of a broader "great power" pressure campaign. THE HAGUE, NL — The Dutch Military Intelligence and Security Service (MIVD) has issued a strategic warning regarding the escalation of Russian cyber operations,
UK Biobank's complete dataset exposed via three Chinese research institutions; listings removed after UK-China government intervention. LONDON, UK — In what is being described as a geopolitical health data security scandal, the UK government has confirmed that confidential medical and genomic data belonging to all 500,000 UK Biobank
Security Minister Dan Jarvis announces 3-year SME funding and mandatory board-level cyber accountability at CYBERUK 2026. BIRMINGHAM, UK — In a landmark move to fortify the nation’s digital borders, the UK government has committed £90m ($120m) in new funding to bolster the cyber resilience of small and medium-sized enterprises (SMEs)
