Collecting Cyber-News from over 60 sources

Tag: intelligence

Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit

Apr 29, 2026 4:39 PM

Tags: access, corporate, credentials, crypto, cyber, fintech, group, intelligence, lazarus, macOS, malware, social-engineering, threat

Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an offensive security expert and founder of BCA LTD, a company focused on threat intelligence and…
Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul

Apr 29, 2026 12:39 AM

Tags: ai, intelligence, jobs, spy, tool

While tech leaders think about how to strategically deploy AI tools to support human intelligence needs, rank and filers express concerns about their livelihoods. First seen on cyberscoop.com Jump to article: cyberscoop.com/national-geospatial-intelligence-ai-agency-leaders-say-job-loss-safety-top-concerns/
prompted 2026 Detection Deception Engineering In The Matrix

Apr 28, 2026 6:39 PM

Tags: ai, data, detection, intelligence

Author, Creator & Presenter: Bob Rudis, V.P. Data Science, Security Research, & Detection+Deception Engineering At GreyNoise Labs & Glenn Thorpe, Sr. Director, Security Research & Detection Engineering At GreyNoise Intelligence Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First…
prompted 2026 Detection Deception Engineering In The Matrix

Apr 28, 2026 6:39 PM

Tags: ai, data, detection, intelligence

Author, Creator & Presenter: Bob Rudis, V.P. Data Science, Security Research, & Detection+Deception Engineering At GreyNoise Labs & Glenn Thorpe, Sr. Director, Security Research & Detection Engineering At GreyNoise Intelligence Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First…
Databricks erweitert Agent-Bricks

Apr 28, 2026 4:38 PM

Tags: intelligence

Im Zuge der Week of Agents hat Databricks Agent-Bricks um Document-Intelligence und Custom-Agents auf Apps erweitert sowie Agent-Mode für Genie eingeführt. Databricks kündigt die allgemeine Verfügbarkeit von Document-Intelligence und Custom-Agents sowie neue Funktionen auf der gesamten Plattform an, darunter AI-Gateway, damit Unternehmen Agenten erstellen, verwalten und absichern können, die auf reichhaltigem Kontext aus den Firmendaten basieren.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Sandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term Persistence

Apr 28, 2026 11:39 AM

Tags: attack, cyber, government, group, intelligence, phishing, spear-phishing, threat

A significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group active since 2014. It has consistently targeted government bodies, energy firms, and research institutions, focusing on intelligence collection. The attack begins with spear-phishing…
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Apr 28, 2026 9:39 AM

Tags: ai, attack, flaw, identity, intelligence, microsoft, service

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations…
Chinese national extradited to US for pandemic-era Silk Typhoon attacks

Apr 28, 2026 5:39 AM

Tags: attack, china, data, espionage, intelligence, service

Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. First seen on cyberscoop.com Jump to article: cyberscoop.com/xu-zewei-extradited-china-national-silk-typhoon-hafnium/
Pentagon’s Anthropic Fight Draws Rebuke From Ex-DOD Leaders

Apr 28, 2026 1:39 AM

Tags: ai, defense, government, group, intelligence, risk, supply-chain

Former Officials, Tech Groups Say Anthropic Designation Is Illegal – and Dangerous. Former U.S. defense and intelligence officials argue the Pentagon’s designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem. First seen on govinfosecurity.com Jump to article:…
Top 7 Threat Intelligence Platforms Software in 2026

Apr 28, 2026 12:38 AM

Tags: intelligence, software, threat

Discover top threat intelligence platforms, including their features, use cases, and comparisons in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/threat-intelligence-platforms/
Alleged Silk Typhoon hacker extradited to US for cyberespionage

Apr 27, 2026 10:39 PM

Tags: china, cyberespionage, hacker, intelligence

A Chinese national accused of carrying out cyberespionage operations for China’s intelligence services has been extradited from Italy to the United States to face criminal charges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-silk-typhoon-hacker-extradited-to-us-for-cyberespionage/
AI Red Teaming Is Not Equal to Prompt Injection

Apr 27, 2026 8:39 PM

Tags: ai, attack, data, injection, intelligence, penetration-testing, RedTeam, risk

Why AI and Traditional Penetration Testing Must Converge As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/ai-red-teaming-equal-to-prompt-injection-p-4106
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know

Apr 27, 2026 5:39 PM

Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-day

NIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
Webinar: Spotting cyberattacks before they begin

Apr 27, 2026 5:39 PM

Tags: attack, cyberattack, intelligence, threat

On Thursday, April 30 at 2:00 PM ET, BleepingComputer will host a live webinar with threat intelligence company Flare and threat intelligence researcher Tammy Harper, exploring how security teams can identify early warning signs of attacks before they escalate into incidents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-spotting-cyberattacks-before-they-begin/
27th April Threat Intelligence Report

Apr 27, 2026 3:39 PM

Tags: access, breach, cloud, intelligence, security-incident, threat, unauthorized

Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens enabled unauthorized access through a connected app. The company reported access to employee […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/27th-april-threat-intelligence-report/
The ‘manager of agents’: How AI evolves the SOC analyst role

Apr 27, 2026 11:38 AM

Tags: ai, automation, business, control, credentials, cybersecurity, data, detection, intelligence, jobs, risk, skills, soc, technology, threat, tool

From doing the work to directing it: What agentic AI introduces into the SOC is the ability to delegate.Instead of analysts manually gathering evidence and stitching together context, AI agents can now autonomously execute investigative steps: Querying systems, correlating signals and building evidence chains in real time. It doesn’t remove the human from the process.…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94

Apr 26, 2026 2:38 PM

Tags: intelligence, international, iphone, malware, spyware, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Morpheus: A new Spyware linked to IPS Intelligence The iPhone, invincible no more: a look at DarkSword and Coruna Lotus Wiper: a new threat targeting the energy and utilities sector New NGate variant hides in […]…
ISMG Editors: The Push for AI Innovation – and the Fallout

Apr 26, 2026 5:38 AM

Tags: ai, apple, ceo, intelligence, threat

Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple’s CEO Change. In this week’s panel, four ISMG editors examine what’s really behind Apple’s CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond. First seen on…
Best of the Worst: Five Attacks That Looked Broken (and Worked)

Apr 25, 2026 2:40 PM

Tags: attack, dkim, dmarc, email, finance, intelligence, phishing, threat

<div cla I skipped last week’s roundup. Holiday weekend, family stuff, the usual. So this is a two-week-ish view of what we’ve published in the Threat Intelligence series since Edition 03 dropped on April 13. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/best-of-the-worst-five-attacks-that-looked-broken-and-worked/
Best of the Worst: Five Attacks That Looked Broken (and Worked)

Apr 25, 2026 2:40 PM

Tags: attack, dkim, dmarc, email, finance, intelligence, phishing, threat

<div cla I skipped last week’s roundup. Holiday weekend, family stuff, the usual. So this is a two-week-ish view of what we’ve published in the Threat Intelligence series since Edition 03 dropped on April 13. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/best-of-the-worst-five-attacks-that-looked-broken-and-worked/
NCSC chief warns of ‘perfect storm’ as cyber threats intensify at CyberUK

Apr 24, 2026 6:39 PM

Tags: ai, ceo, conference, cyber, intelligence, threat

At this week’s CyberUK conference in Glasgow, National Cyber Security Centre (NCSC) CEO Richard Horne delivered a stark assessment of the evolving cyber threat landscape, warning that organisations are facing a “perfect storm” driven by rapid advances in artificial intelligence and rising geopolitical tensions. In his keynote, Horne highlighted how emerging technologies are fundamentally reshaping…
GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance

Apr 24, 2026 2:39 PM

Tags: ai, bug-bounty, cyber, intelligence, malicious, openai, threat

OpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advanced persistent threats (APTs) and lone attackers could potentially misuse large language models to accelerate harmful biological research. To address…
When Research Becomes a Crime: The New Risk Landscape for OSINT and Dark Web Intelligence

Apr 24, 2026 9:39 AM

Tags: crime, dark-web, intelligence, risk

For decades, the “gray area” of undercover research was governed by internal policies. The SPLC indictment suggests that internal oversight is no longer a shield. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/when-research-becomes-a-crime-the-new-risk-landscape-for-osint-and-dark-web-intelligence/
Doctor Lobby Urges Congress to Set AI Chatbot Safeguards

Apr 24, 2026 12:38 AM

Tags: ai, breach, data, intelligence, privacy, risk, tool

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health. The American Medical Association says using artificial intelligence chatbots carries risks – including data privacy and security breaches – and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm. First seen…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
UK Cyber Spooks: ‘Is Your Computer Monitor Spying On You?’

Apr 23, 2026 8:39 PM

Tags: computer, computing, cyber, intelligence, technology, threat

NCSC Designs ‘SilentGlass’ Gadget to Protect Overlooked Computer Peripheral. A new device called SilentGlass is designed to safeguard users against an often overlooked threat in modern computing environments: backdoored or subverted HDMI and DisplayPort monitors. The technology was developed by British intelligence to safeguard sensitive environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-cyber-spooks-is-your-computer-monitor-spying-on-you-a-31489