#government-cyber-tools-proliferation
#government-cyber-tools-proliferation

15 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromBusiness Matters

Information security

5 IT Mistakes That Still Catch Small Businesses Off Guard

4 hours ago

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

fromTNW | Eu

11 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

15 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

4 hours ago

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

Intellectual property law

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

more#cybersecurity

fromNextgov.com

Tech bills of the week: Limiting adversaries' access to US tech; and boosting cyber apprenticeships

New legislation aims to strengthen U.S. export controls on sensitive technologies to prevent adversaries from exploiting them for economic gain.

#privacy

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

fromThe Washington Post

16 hours ago

Chinese firms market Iran war intelligence 'exposing' U.S. forces

Chinese firms are leveraging AI and open-source data to track U.S. military movements, posing potential security risks amid the Iran conflict.

Cryptocurrency

fromnews.bitcoin.com

14 hours ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

fromwww.npr.org

As DOJ prepares to share state voter data with DHS, a key privacy officer resigns

The DOJ is acquiring sensitive voter registration data, raising privacy concerns, as a key privacy officer resigns amid ongoing legal challenges.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

more#openclaw

Artificial intelligence

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

Tech industry faces rapid AI advancements alongside significant security vulnerabilities and human costs.

#ai

fromFortune

Digital life

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Digital life

fromFortune

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

AI-generated child sexual abuse material is surging, fundamentally changing targeting methods and overwhelming investigators.

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

'Uncanny Valley': Iran's Threats on US Tech, Trump's Plans for Midterms, and Polymarket's Pop-up Flop

Iran threatens US tech firms amid ongoing tensions and preparations for midterm elections are underway.

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Iran's IRGC plans to attack American companies in the Middle East in retaliation for the killing of Iranian citizens.

fromEngadget

Iran threatens imminent attacks on US tech companies in the Middle East

The Islamic Revolutionary Guard Corps threatens to target major US tech companies in the Middle East, urging employees to evacuate for safety.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

Podcast

'Uncanny Valley': Iran's Threats on US Tech, Trump's Plans for Midterms, and Polymarket's Pop-up Flop

Iran threatens US tech firms amid ongoing tensions and preparations for midterm elections are underway.

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Iran's IRGC plans to attack American companies in the Middle East in retaliation for the killing of Iranian citizens.

fromEngadget

Iran threatens imminent attacks on US tech companies in the Middle East

The Islamic Revolutionary Guard Corps threatens to target major US tech companies in the Middle East, urging employees to evacuate for safety.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

more#iran

Digital Hopes, Real Power: From Revolution to Regulation

66% of internet users live where political or social sites are blocked, and 78% are in countries where people have been arrested for online posts. New social media regulations have emerged in dozens of countries in the past year alone.

World politics

Node JS

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

#data-integrity

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

fromNextgov.com

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

Artificial intelligence

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

more#ice

DevOps

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

World politics

fromThe Hacker News

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromwww.aljazeera.com

Cambodia parliament approves law to combat cybercrime scam rings

Cambodia's National Assembly approved a law targeting scam centres to combat online fraud and protect the economy and citizens.

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.

Privacy professionals

fromwww.aljazeera.com

US Homeland Security shutdown to stretch on, despite Senate passing funding

The House has not voted on the Senate bill, prolonging the partial government shutdown affecting DHS funding and federal workers.

Artificial intelligence

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

#cyberattack

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

6 days ago

The real US surveillance threat isn't AI - it's the data infrastructure we already built - Silicon Canals

The infrastructure for mass surveillance already exists, relying on pre-existing technology and data rather than new AI advancements.

fromnews.bitcoin.com

18 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Guy Zyskind emphasized that the whitepaper reframes the conversation around quantum threats, stating that the traditional 10-year migration window now seems dangerously optimistic given Google's findings.

Information security

fromTechzine Global

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

fromMedCity News

2 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromThe Hacker News

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

2 months ago

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

fromTechzine Global

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

fromTechzine Global

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

#malware

Information security

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

fromThe Hacker News

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromEntrepreneur

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

fromThe Cipher Brief

2 weeks ago

America Is Digitally Fragile - and Our Adversaries Know It

America faces unprecedented vulnerability as critical infrastructure systems are digitally dependent and interconnected, while adversaries possess capabilities to penetrate and pre-position for exploitation before conflict begins.

3 weeks ago

Hackers: Democracy's last line of cyber defense

The hacker mindset—analytical curiosity combined with systemic thinking—can defend democracy by creating decentralized communication tools that resist censorship and empower oppressed communities.