AI Security
Germany's top cybersecurity official told lawmakers that China is close to building an AI model with superhacking capabilities — developed in secret. The warning lands a month after Anthropic gated Mythos. AI cyber capability is now great-power competition.
Policy & Government
ICE Assistant Director Matthew Elliston disclosed at the Border Security Expo that agents now reach a 20-million-person list from their iPhones via Palantir's ELITE system. The Mobile Fortify accuracy claim is in tension with 404 Media's January reporting.
Policy & Government
The FCC extended the security update cutoff for foreign-made routers and drones from March 2027 to January 2029. The import ban on the Covered List remains. Netgear and Eero hold conditional approval through October 2027.
Policy & Government
California AG Bonta announced a $12.75M civil penalty against GM and OnStar for selling driver data to data brokers 2020-2024. Largest CCPA penalty ever; first data minimization enforcement.
shinyhunters
Instructure paid ShinyHunters on May 11 to delete 3.65TB from 8,809 schools. Congress opened an investigation the same day. The vendor-paid-ransom precedent for SaaS is now set.
Trending
Participants in the CyberCorps Scholarship for Service program face hundreds of thousands of dollars in potential debt as Trump administration hiring freezes have led federal agencies to rescind job and internship offers. The Trump administration has proposed cutting SFS funding by 65 percent.
Trending
After more than a year of the second Trump administration, observers across the political spectrum told CyberScoop that CISA has been significantly diminished, losing roughly one-third of its personnel.
Policy & Government
The Cybersecurity and Infrastructure Security Agency launched a new initiative on Tuesday, May 5, 2026, called CI Fortify that pushes critical infrastructure operators across all 16 federally-designated sectors to prepare for sustained operations during geopolitical conflict, including scenarios in which third-party connections become unreliable and adversaries gain partial access to
Cyber Crime
A federal jury in Alexandria, Virginia convicted Sohaib Akhter on May 7, 2026 for his role in deleting roughly 96 U.S. government databases at federal contractor Opexus on the day he and his twin brother were fired in February 2025. The case is also notable for an unprecedented detail:
phishing
The Australian Signals Directorate's Australian Cyber Security Centre published an advisory on May 7, 2026 warning that pro-criminal threat actors are using compromised legitimate Australian WordPress websites as launch pads for ClickFix social-engineering attacks delivering the Vidar Stealer information-stealing malware. Visitors to compromised Australian business websites are shown
Vulnerabilities
Ivanti disclosed CVE-2026-6973 on May 7 — a CVSS 7.2 EPMM flaw under active exploitation. CISA gave federal agencies just three days to patch (May 10 deadline). It's the third EPMM zero-day of 2026, and Ivanti hints attackers are using credentials stolen during January's campaign. On
Cyber Crime
Marlon Ferro, a 20-year-old Santa Ana, California man also known online as "GothFerrari" and "Marlo," was sentenced to 78 months in federal prison on May 7, 2026 for serving as the home-invader and money-launderer for a 14-person "Social Engineering Enterprise" that stole more than