A Spyware Investigator Turned a Signal Hijack Attempt Into a 13,500-Target Russian Campaign Map

Russian government hackers tried to hijack the Signal account of the wrong person. Donncha Ó Cearbhaill investigates spyware for a living — so he reverse-engineered the campaign and found himself one of 13,500+ targets. The 'snowball' methodology is the lesson.

RubyGems Just Shut Down New Signups After 'Hundreds' of Malicious Packages Hit the Registry

RubyGems temporarily turned off new signups after what its security partner called a major malicious attack — hundreds of packages, DDoS, spam, and exploits hitting at once. The halt is the response model defenders should remember.

Germany Warns China Is Close to an AI 'Superhacker' — and Building It in Secret

Germany's top cybersecurity official told lawmakers that China is close to building an AI model with superhacking capabilities — developed in secret. The warning lands a month after Anthropic gated Mythos. AI cyber capability is now great-power competition.

Iranian Spies Are Pretending to Be Ransomware Operators — Inside MuddyWater's Chaos False Flag

An Iranian state-sponsored APT spent early 2026 conducting espionage while wearing the Chaos ransomware brand as a costume. Rapid7 pulled back the curtain. The Microsoft Teams screen-sharing tradecraft is why IR triage needs updating.

Three Unrelated Threat Actors Just Arrived at the Same Conclusion — Your Developers Are the Beachhead

Three unrelated threat actors arrived at the same conclusion in March and April: the developer workstation is the best ROI beachhead. CSO Online's framing — the Developer Credential Economy — is the editorial line CISOs should adopt this quarter.

Cerner Discovered the Breach in February 2025. Atrium Health Patients Found Out 15 Months Later

Cerner discovered the breach in February 2025. Atrium Health patients only learned this week. The 15-month gap — across 16 health systems through one Oracle-owned vendor — is the year's clearest HIPAA business-associate accountability test.

Comcast's $117.5M Xfinity Settlement Puts a Price Tag on Citrix Bleed — $10K Per Customer

Comcast just agreed to write a $117.5 million check over a vulnerability it didn't write. The Xfinity settlement is the first major Citrix Bleed bill to come due — the precedent it sets for shared customer-vendor liability is the part defenders should read twice.

Foxconn Hit by Nitrogen Ransomware — 11M Files Across Apple, NVIDIA, Google

Foxconn confirmed a cyberattack on its North American factories. Nitrogen ransomware claims 8TB and 11M+ files including Apple, NVIDIA, Google, Intel, and Dell project documentation. Mount Pleasant AI server factory was offline for a week.

Odido Refuses to Compensate 6.2M Breach Victims After ShinyHunters Attack

Odido's CEO confirmed May 12 that the Dutch telecom will not compensate 6.2 million ShinyHunters breach victims. Dutch prosecutors are investigating whether the company retained data beyond GDPR limits. The CRM compromise pattern matches the broader ShinyHunters Salesforce campaign.

ICE Agents Now Carry a 20 Million-Person Palantir List on Their iPhones

ICE Assistant Director Matthew Elliston disclosed at the Border Security Expo that agents now reach a 20-million-person list from their iPhones via Palantir's ELITE system. The Mobile Fortify accuracy claim is in tension with 404 Media's January reporting.

FCC Backs Off Foreign Router Ban — Updates Now Extended to 2029

The FCC extended the security update cutoff for foreign-made routers and drones from March 2027 to January 2029. The import ban on the Covered List remains. Netgear and Eero hold conditional approval through October 2027.

Ransomware Forces West Pharmaceutical to Take Global Systems Offline

West Pharmaceutical Services disclosed a disruptive ransomware attack via SEC Form 8-K on May 7, took global systems offline, and engaged Palo Alto Unit 42. The pharma-packaging CI adjacency just became a documented sector risk.