Application Security
In a landmark moment for automated defense, Mozilla has patched 271 vulnerabilities in the latest version of Firefox — all identified by Anthropic’s specialized security model, Mythos. Mountain View, CA — Mozilla has released Firefox 150, an update that may represent the single largest leap in automated browser hardening to date.
Enterprise Infrastructure
A routine update to the Microsoft Graph API has inadvertently disrupted Universal Print services, highlighting the fragility of interconnected cloud ecosystems. Redmond, WA — Microsoft has officially identified the root cause of a series of persistent outages affecting its Universal Print service. According to technical bulletins from Microsoft Learn and reports
Artificial Intelligence (A.I.)
Security researchers have raised alarms regarding the background behavior of the Claude Desktop application for macOS, claiming the software installs persistent monitoring components that mirror spyware-like activity. San Francisco, CA — Anthropic, the AI safety and research company, has come under intense scrutiny following claims from independent security researchers that its
M&A (Mergers & Acquisitions)
In the largest acquisition in its history, Alphabet has completed its $32 billion takeover of cloud security leader Wiz, signaling an aggressive pivot toward autonomous, AI-driven defense systems. Mountain View, CA — Google has officially crossed the Rubicon in the cybersecurity arms race. By finalizing the $32 billion acquisition of Wiz,
Vulnerabilities
Oracle has released its massive April 2026 Critical Patch Update (CPU), addressing 450 security flaws across its global product suite, including critical vulnerabilities that allow for unauthorized remote code execution. Austin, TX — Oracle Corporation has issued its quarterly security offensive, releasing a comprehensive set of patches to address hundreds of
Cyber Attacks
A newly discovered and highly destructive wiper malware, dubbed "Lotus," has been deployed against Venezuela’s energy and utility sectors, timed strategically alongside periods of significant geopolitical friction. Caracas, Venezuela — Cybersecurity researchers have identified a sophisticated new strain of data-destroying malware, known as Lotus, targeting critical infrastructure within
Data Breaches
Citizens Financial Group has confirmed it is managing a data security incident involving a third-party vendor, following claims by the Everest ransomware group that they exfiltrated sensitive corporate and customer data. Providence, RI — Citizens Financial Group (CFG) has become the latest major financial institution to grapple with the fallout of
Data Breaches
International cosmetics giant Rituals has notified members of its "MyRituals" program that their personal information was unlawfully downloaded following a targeted breach of its customer systems. Amsterdam, Netherlands — Rituals Cosmetics, the Amsterdam-founded wellness and beauty brand, has become the latest high-profile victim in a wave of cyberattacks targeting
Data Breaches
Canada Life has confirmed a significant data breach after hackers successfully exploited a single employee account to access a high-value Salesforce environment, exposing the sensitive personal information of thousands. Winnipeg, MB — Canada Life, one of the nation's largest insurance and financial services providers, has begun notifying approximately 70,
The European Commission’s flagship age-verification tool, touted as a secure solution for protecting minors online, has faced a disastrous rollout after independent researchers bypassed its core security features in under 120 seconds. Brussels, Belgium — The European Union’s ambition to set a global standard for online safety has been
Insurance giant Humana has begun notifying customers across Texas and five other states of a significant data breach, marking the second time in 60 days that the company has confirmed the exposure of sensitive patient information. LOUISVILLE, KY — Humana Inc., one of the largest health insurance providers in the United
A sophisticated ad-fraud and scareware campaign dubbed "Pushpaganda" is successfully exploiting Google Discover’s recommendation algorithm, using AI-generated fake news to trick millions into enabling malicious push notifications. MOUNTAIN VIEW, UNITED STATES — Security researchers have uncovered a novel exploitation of the Google Discover ecosystem, where threat actors are
Tyler Robert Buchanan, a Scottish national and pivotal figure in the ‘Scattered Spider’ cybercrime syndicate, has entered a guilty plea in U.S. federal court, marking the second Scattered Spider guilty plea — Noah Michael Urban ("King Bob") pleaded guilty in April 2025 and was sentenced to 10 years
Mastodon.social, the primary gateway to the decentralized Fediverse, has successfully restored services following a sustained Distributed Denial of Service (DDoS) attack that disrupted access for millions of users. JENA, GERMANY — The resilience of decentralized social media was put to the test this week as Mastodon.social, the platform'
A widespread misconfiguration in Perforce Helix Core servers has left the proprietary source code and sensitive internal data of major global organizations accessible to the public internet. MINNEAPOLIS, MN — Security researchers have issued a stark warning regarding Perforce Helix Core, the industry-standard version control system used by gaming giants, automotive
New forensic details reveal that the massive data exfiltration at Vercel began with a single employee downloading a compromised Roblox game cheat, highlighting the catastrophic intersection of personal device use and enterprise SaaS permissions. SAN FRANCISCO, CA — The security community is processing the full scope of the breach involving Vercel
A joint forensic investigation has unmasked "The Gentlemen," a rapidly expanding ransomware operation that has successfully leveraged the SystemBC malware to automate enterprise-scale intrusions across 1,500 victims. TEL AVIV, ISR — Security researchers have exposed the inner workings of a high-volume ransomware-as-a-Service (RaaS) affiliate known as The Gentlemen.
Blockchain security researchers and protocol developers have identified the North Korean state-sponsored Lazarus Group as the primary suspect in the staggering $290 million theft from Kelp DAO. SEOUL, KOR — The decentralized finance (DeFi) ecosystem is reeling after a sophisticated exploit targeted Kelp DAO, a leading liquid restaking protocol. Early on
As the fallout from systemic attacks on healthcare providers continues to mount, federal lawmakers and former intelligence officials are pushing for a radical reclassification of ransomware: treating digital extortion as a capital crime. WASHINGTON, D.C. — The legal immunity traditionally enjoyed by cybercriminals — often shielded by international borders and the
The French National Agency for Secure Documents (ANTS) has confirmed a significant security incident targeting its central portal, as threat actors move to monetize a database allegedly containing millions of sensitive user records. PARIS, FRA — The French government is grappling with a severe compromise of its digital identity infrastructure. The
In a stark assessment of the global threat landscape, the UK’s lead cyber official warns that a coalition of nation-state adversaries — supercharged by artificial intelligence — now poses an unprecedented risk to critical national infrastructure. LONDON, UK — The United Kingdom is facing a "perfect storm" of cybersecurity challenges
