access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Your work apps are quietly handing 19 data points to someone
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/workplace-apps-data-collection-privacy/ also interesting: The most notorious and damaging ransomware of all time ICO Warns of Mobile…
-
Five Eyes spook shops warn agentic is too wonky for rapid rollout
Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada First seen on theregister.com Jump to article: www.theregister.com/2026/05/04/five_eyes_agentic_ai_recommendations/ also interesting: CISA’s New TIC 3.0 SCC Version Enhances Cybersecurity Resilience for Federal Agencies 71% of CISOs hit with third-party security incident this year Patch now: Attacker finds another zero day in Cisco…
-
Altman gegen Anthropic: OpenAI-Chef wirft Konkurrent Panikmache vor
Tags: openaiFirst seen on t3n.de Jump to article: t3n.de/news/altman-gegen-anthropic-openai-chef-wirft-konkurrent-panikmache-vor-1740759/ also interesting: Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign Hacker nutzen Google Gemini zur Verstärkung von Angriffen Deepseek tritt die nächste Welle des KI-Rushs los Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
-
BKA-Statistik: So sehr gefährden Kartenbetrug und Phishing dein Geld
Tags: phishingFirst seen on t3n.de Jump to article: t3n.de/news/bka-statistik-kartenbetrug-phishing-1739592/ also interesting: Achtung: Phishing-Mails von der DKB-Adresse @emails.dkb.de Chinese ‘Smishing Triad’ Group Targets Pakistanis with SMS Phishing Requesting Sensitive Data Via Google Docs: Phishing Really is That Easy Cyberkriminelle nutzen SVG-Dateien für raffinierte Phishing-Angriffe
-
Instructure confirms data breach, ShinyHunters claims attack
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/ also interesting: Operation 999: Ransomware tabletop tests cyber execs’ response Ransomware gang tells Ingram Micro, ‘Pay up by August 1’ Logitech confirms data breach after Clop extortion…
-
ChatGPT advanced account security adds passkeys and hardware keys
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/openai-chatgpt-advanced-account-security/ also interesting: Neues Phishing-Framework umgeht Multi-Faktor-Authentifizierung VoidProxy phishing-as-a-service operation steals Microsoft, Google login credentials Rethinking Identity Security in the Age of AI Security awareness is not a…
-
Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses
April 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The…
-
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Tags: microsoftMicrosoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/ also interesting: Novel Exploit Chain Enables Windows UAC Bypass 5 BCDR Essentials for Effective Ransomware Defense VoidProxy phishing-as-a-service operation steals Microsoft, Google login credentials Ransomware-Bande missbraucht…
-
Tuta Drive: Staatlich geförderter Angriff auf Google Drive und Dropbox
Tuta Drive startet als verschlüsselter Cloudspeicher. Dahinter steckt PQDrive, ein staatlich gefördertes Forschungsprojekt der Uni Wuppertal. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/tuta-drive-staatlich-gefoerderter-angriff-auf-google-drive-und-dropbox-328761.html also interesting: Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack Phishing Season 2025: The Latest Predictions Unveiled 0-Day RCE Flaw in SonicWall SMA Devices Exploited to Launch OVERSTEP Ransomware…
-
BSI-Cybersicherheitsmonitor zeigt: Selbstüberschätzung bei Deepfakes wird zum Sicherheitsrisiko
Nur so lässt sich sicherstellen, dass Vertrauen in die eigene Kompetenz auf tatsächlichen Fähigkeiten basiert und nicht auf gefährlicher Selbstüberschätzung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/bsi-cybersicherheitsmonitor-zeigt-selbstueberschaetzung-bei-deepfakes-wird-zum-sicherheitsrisiko/a44937/ also interesting: Nutzer überschätzen eigene Fähigkeit, Deepfakes zu erkennen Wiz CEO says company was targeted with deepfake attack that used his voice Microsoft targets AI deepfake cybercrime…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 – Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations An alarm clock you can’t ignore: How CapFix attacks…
-
Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly
VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide. First seen on hackread.com Jump to article: hackread.com/paying-ransom-vect-2-0-ransomware-destroys-data/ also interesting: 2025 Year of Browser Bugs Recap: How to create a ransomware playbook that works How to create a ransomware playbook that works How to…
-
prompted 2026 The Parseltongue Protocol: Textual Obfuscation Methods
Author, Creator & Presenter: Joey Melo, AI Red Teaming Specialist At CrowdStrike Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/unprompted-2026-the-parseltongue-protocol-textual-obfuscation-methods/ also interesting: 6 hot cybersecurity trends 6 hot cybersecurity trends Agentic…
-
U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog
Tags: cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. cPanel is a widely used web hosting control panel that lets…
-
Flock Safety: 80.000 Kameras das geheime Überwachungsnetz der US-Polizei
Tags: unclassifiedFlock Safety steht wegen Stalking-Vorwürfen, Protestüberwachung und sensiblen Kamerazugriffen massiv in der Kritik. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/flock-safety-ueberwachungsnetz-80-000-kameras-usa-328747.html also interesting: Mysteriöse Kreditkartenbuchungen durch shopify.com/-charge.com Splunk 5 Boosts Performance, Adds Features For Security Teams TD Synnex, Westcon-Comstor and Infinigate expand portfolios AnyDesk hacked, details unclear
-
Securing AI procurement and third-party models: a practical guide for UK SMEs
Securing AI procurement and third-party models: a practical guide for UK SMEs Third-party AI tools can be useful, but they also change the way your business handles data, makes decisions, and depends on suppliers. For many UK SMEs, the risk is not the model itself. It is the way the tool is bought, connected, configured,……
-
Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telegram-mini-apps-abused-for-crypto-scams-android-malware-delivery/ also interesting: That CISO job offer could be a ‘pig-butchering’ scam Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils…
-
Security Affairs newsletter Round 575 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling Trellix discloses the breach…
-
Usage-based pricing killing your vibe – here’s how to roll your own local AI coding agents
Take those token limits and shove them by vibe coding with a local LLM First seen on theregister.com Jump to article: www.theregister.com/2026/05/02/local_ai_coding_agents/ also interesting: UK cyber agency warns LLMs will always be vulnerable to prompt injection Gemini for Chrome gets a second AI agent to watch over it DataDome recognized in The Bot And Agent…
-
3 easymiss cybersecurity risks for small businesses
Small business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/3-easy-to-miss-cybersecurity-risks-for-small-businesses/ also interesting: 6 wichtige Punkte für Ihren Incident Response Plan Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems Empathetic policy engineering: The secret…
-
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/phantomraven-wave-5-new-undocumented-npm-supply-chain-campaign-targets-defi-cloud-and-ai-developers/ also interesting: Top 7 zero-day exploitation trends of 2024 Anton’s Security Blog Quarterly Q3 2025 OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted With CISOs stretched thin, re-envisioning enterprise risk may…
-
ServiceNow under siege as Atlassian adds to ITSM take-outs
Tags: ceoCEO Mike Cannon-Brookes touts ‘largest ever quarter for competitive displacements’ First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/servicenow_under_siege_atlassian_itsm/ also interesting: It’s Award Season, Again CEO’s Arrest Will Likely Not Dampen Cybercriminal Interest in Telegram Cohesity: We won’t abandon NetBackup customers or force migration Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the…
-
Congress Punts FISA Section 702 Renewal to June
Tags: intelligenceWhat happened Congress approved a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act on Thursday, hours before the program was set to lapse, pushing the next deadline to June 12. President Trump is expected to sign the legislation before the midnight deadline. The path to the extension was complicated. The day prior,…The…
-
Edtech Firm Instructure Discloses Cyber Incident, Probes Impact
What happened Instructure, the company behind the Canvas learning management system, has disclosed that it recently suffered a cybersecurity incident perpetrated by a criminal threat actor and is now investigating its scope with the help of outside forensics experts. The disclosure was made by Chief Security Officer Steve Proud, who committed to transparency as the…The…
-
FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks
What happened The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft…The…
-
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts
What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 authorization code flow to hijack accounts without passwords and despite multi-factor authentication being enabled. The original ConsentFix was documented by Push Security in December 2025 as an…The…
-
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing…The…
-
CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense
Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In CISO Diaries, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security…The…
-
A Tale of Two States: The 2026 Cybersecurity Paradox
The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly, with AI front and center. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/a-tale-of-two-states-the-2026-cybersecurity-paradox/ also interesting: TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader 6 key takeaways…
-
Ultimate Guide to PCI Compliance for SaaS Companies
While we talk a lot about governmental cybersecurity here on the Ignyte blog, programs like FedRAMP and CMMC are not the most common kind of security you’re likely to encounter. That honor goes to PCI DSS. PCI DSS is a security framework we all engage with on a near-daily basis. It’s the security framework used……
-
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field…
-
Cybersouveränität ist das neue Geschäftsmodell für digitale Vertrauenswürdigkeit
Cybersouveränität wird zur Vorstandsagenda: Nicht Regulierung, sondern die veränderte Natur von Daten (Cloud, Echtzeit-Replikation, KI) macht Souveränität zum zentralen Hebel für digitale Vertrauenswürdigkeit. »Kontrolle« ist oft nur eine Illusion: Region-Settings, Verschlüsselung und Backups reichen nicht, wenn Policy-Steuerung, Key-Ownership und Recovery-Prozesse nicht transparent und unter Realbedingungen getestet sind. Resilienz = nachweisbare Wiederherstellbarkeit: Prävention bleibt Pflicht ……
-
Unternehmen justieren Cloud-Strategie neu und stärken On-Premises
Die Migration in die Cloud sollte eigentlich eine Einbahnstraße sein. Für die meisten Unternehmen ist sie das offenbar nicht. Eine neue Studie von Cloudian zeigt, dass viele von ihnen der Cloud zwar nicht den Rücken kehren, aber angesichts von höheren Kosten und zunehmenden Anforderungen an die Datensouveränität ihre Workload-Aufteilung neu ausrichten. Eine neue Umfrage… First…
-
Wire-Chef Schilz: US-Investoren haben keinerlei Einfluss auf Wire
Tags: phishingNach den Phishing-Angriffen auf Signal-Nutzer plant der Bundestag einen Wechsel zu Wire. Firmenchef Schilz erläutert die Unterschiede zwischen beiden Messengern. First seen on golem.de Jump to article: www.golem.de/news/wire-chef-schilz-kein-produkt-auf-der-welt-bietet-absolute-sicherheit-2605-208222.html also interesting: Privacy Roundup: Week 13 of Year 2025 Earth Kasha Refines Spear-Phishing Tactics in Espionage Campaign Targeting Taiwan and Japan VoidProxy phishing-as-a-service operation steals Microsoft, Google…
-
(g+) GANs – Synthetik als Schlüssel: Von echten Daten zu besseren Modellen
Tags: unclassifiedZwischen Datenschutz und Datenhunger entsteht ein Spannungsfeld. Neue Ansätze versprechen einen Ausweg, bringen aber eigene Herausforderungen mit sich. First seen on golem.de Jump to article: www.golem.de/news/gans-synthetik-als-schluessel-von-echten-daten-zu-besseren-modellen-2605-208206.html also interesting: Telegram-Chef verspricht bessere Moderation von Inhalten Heute Abend werden die Gewinner der Leserumfrage ausgezeichnet – Große Bühne für die IT-Awards 2025 UK to demand social platforms take…
-
World Password Day 2026: Warum Passwörter zum Sicherheitsproblem werden
Passwörter waren lange ein notwendiges Übel. Heute sind sie vor allem eines: ein Sicherheitsrisiko. Wer Cyberangriffe wirksam reduzieren will, muss sie konsequent ersetzen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/world-password-day-2026-warum-passwoerter-zum-sicherheitsproblem-werden/a44882/ also interesting: The 10 most common IT security mistakes WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack OpenAI-Dienstleister gehackt 13 ways attackers use…
-
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts.The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000…
-
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an…
-
76% of All Crypto Stolen in 2026 Is Now in North Korea
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/crypto-stolen-2026-north-korea also interesting: Modern supply-chain attacks and their real-world impact Modern supply-chain attacks and their real-world impact Modern supply-chain attacks and their real-world impact The rise…
-
cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised
A critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide. The vulnerability, identified as CVE-2026-41940, is a severe authentication bypass flaw affecting cPanel and WHM. It carries…
-
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
Cybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vietnamese-linked operation abuses Google AppSheet to deliver fully authenticated malicious emails. Because the messages originate from legitimate Google infrastructure,…
-
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/edu-tech-firm-instructure-discloses-cyber-incident-probes-impact/ also interesting: Over 40% of schools have already experienced AI-related cyber incidents Volvo’s recent security breach: 5 tips to speed incident response…
-
Microsoft tests modern Windows Run, says it’s faster than legacy dialog
Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-modern-windows-run-says-its-faster-than-legacy-dialog/ also interesting: Novel Exploit Chain Enables Windows UAC Bypass New Windows updates fix Active Directory policy issues New Windows 11 Flaw Slips…
-
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/consentfix-v3-attacks-target-azure-with-automated-oauth-abuse/ also interesting: Top Four Considerations for Zero Trust in Critical Infrastructure Getting the Most Value Out of the OSCP: After the Exam Don’t…
-
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/consentfix-v3-attacks-target-azure-with-automated-oauth-abuse/ also interesting: Top Four Considerations for Zero Trust in Critical Infrastructure Getting the Most Value Out of the OSCP: After the Exam Don’t…
-
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/ also interesting: Top 7 zero-day exploitation trends of 2024 Top 12 ways hackers broke into your systems in 2024 Ransomware up 179%, credential theft up 800%:…
-
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched”, but many machines remain at risk. First seen on wired.com Jump to article: www.wired.com/story/dangerous-new-linux-exploit-gives-attackers-root-access-to-countless-computers/ also interesting: Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers…