New ransom group blog post!Group name: chaosPost title: cadencepetroleum.comInfo: https://cti.fyi/groups/chaos.html#ransomware #cti #threatintelligence #cybersecurity #infosec

"'The data should be a wake-up call': Report finds cybersecurity workers feel underpaid, undervalued and overstressed — and that's putting everyone at risk""Shifting demands for AI skills plus its impact on security is putting cybersecurity workers in stressful positions."https://www.techradar.com/pro/the-data-should-be-a-wake-up-call-report-finds-cybersecurity-workers-feel-underpaid-undervalued-and-overstressed-and-thats-putting-everyone-at-risk#Cybersecurity

I continue to learn about so many things that many of us don't consider when we look at devices, use services, play games, or connect accounts, & the importance of cybersecurity is still surprisingly one of them. https://youtu.be/UaQpuZrydyw?si=RwhvP-5qIfM5xizE ️ On Security Boulevard, Tom Hollingsworth, Fernando Montenegro, & Jack Poller discuss shadow IT, shadow AI, & developer account issues, and how cloud and third-party dependencies are quietly expanding the attack surface.#SecurityBoulevard #Cybersecurity

@CVE_Program Who issues CVEs for OpenAI's SaaS offerings?

I love the things I get to learn about when I produce podcasts for work. AI, cybersecurity, networking, the way everything works. https://youtu.be/ta8HcGfYyq4 Part of that is the Tech Field Day Podcast, one of the podcasts I produce for my job at Tech Field Day and The Futurum Group.️ In this episode, host Tom Hollingsworth, Jack Poller, Karen Lopez, & Brett Wolmarans break down the truth behind Anthropic Mythos model.#TFDPodcast #XFD15 #Cybersecurity #Mythos #AISecurity #ClaudeSonnet

@halbwach @evawolfangel na, man braucht diese Leute bald wieder. Es zeigt sich ja wiederholt, dass das mit K"I" nicht funktioniert. Das ist die Chance der kleineren Firmen und mittelständischen Unternehmen.

New security advisory:CVE-2026-41409 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-41409-apache-mina-unauth-rce-via-deserialization#Cybersecurity #PatchNow #InfoSecCommunity

When I'm bored I like to call in sick to places I don't work.I'm getting written up at the Olive Garden. #Cybersecurity #infosec #womeninstem

Reflecting on Day 1 of the HTX CTF Finals here in Singapore.I didn't win, but the technical takeaway was clear: Precision is a force multiplier. By focusing on a high hit rate rather than just speed, I held 5th place for a good portion of the day. It’s a great reminder that in our field, being precise is a technical skill in itself.Looking forward to the Day 2 challenges tomorrow!#CTF #Cybersecurity #AISecurity #IoTSecurity #DEFCON #HTXsg #DEFCONSG #EthicalHacking #CaptureTheFlag #PublicSafety #HTXctf

Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra IDMicrosoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/microsoft-patches-critical-cvss-10-0-ssrf-vulnerability-in-entra-id-c-d-3-y-z/gD2P6Ple2L

(recordedfuture.com) Lazarus Group and the AI Access Paradox: Why North Korea Doesn’t Need AGI to Turbocharge Cyber TheftLazarus Group exploited third-party access to Anthropic’s Claude Mythos model, demonstrating how DPRK-aligned actors leverage AI for cyber-enabled theft—without needing AGI. This incident underscores systemic risks in AI supply chains and access controls.In brief - North Korea’s Lazarus Group and TraderTraitor actors are exploiting AI model access via contractor misuse, fraudulent hiring, and supply chain compromises to enhance cyber theft operations. With over $5B in cryptocurrency stolen since 2023, these TTPs fund WMD programs while evading sanctions. The Anthropic Mythos breach reveals structural vulnerabilities in AI access controls, particularly in third-party environments.Technically - The Mythos breach occurred via a third-party contractor’s environment, where attackers guessed the model endpoint using Anthropic’s naming conventions. DPRK-aligned groups (e.g., Lazarus, TraderTraitor) exploit these vectors through fraudulent IT worker schemes (PurpleBravo) and supply chain compromises (e.g., LiteLLM poisoning via TeamPCP). AI previews compress attack cycles, as seen in the $1.5B Bybit hack (2025), which involved spear-phishing and lateral movement. Defenses must include personnel vetting, behavioral monitoring, and build-pipeline integrity to mitigate third-party risks in AI deployments.Source: https://www.recordedfuture.com/blog/lazarus-does-not-need-agi#Cybersecurity #ThreatIntel

My Friend Made $40,000 Using Claude Code (Here's How)https://www.youtube.com/watch?v=pRPT_yrgRL0#cybersecurity #aisecurity #vulnerability

"Today's AI systems are much more capable, increasing their value as targets, while threat actors have simultaneously begun automating their operations with agentic AI, bringing down the cost of attack. As a result, we expect both the scale and sophistication of attempted [Indirect Prompt Injection] attacks to grow in the near future." -- Google's Threat Intelligence Grouphttps://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html#Cybersecurity #InfoSec #AI

Widely Used Browser Extensions Selling User Datahttps://www.infosecurity-magazine.com/news/browser-extensions-sell-user-data/Read on HackerWorkspace: https://hackerworkspace.com/article/widely-used-browser-extensions-selling-user-data#cybersecurity #privacy #threatintelligence

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense softwarehttps://securityaffairs.com/191347/intelligence/chinese-spy-posed-as-researcher-in-spear-phishing-campaign-targeting-nasa-to-steal-defense-software.htmlRead on HackerWorkspace: https://hackerworkspace.com/article/chinese-spy-posed-as-researcher-in-spear-phishing-campaign-targeting-nasa-to-steal-defense-software#cybersecurity #compliance #threatintelligence

PyPI package with 1.1M monthly downloads hacked to push infostealerhttps://www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/Read on HackerWorkspace: https://hackerworkspace.com/article/pypi-package-with-1-1m-monthly-downloads-hacked-to-push-infostealer#malware #cybersecurity #vulnerability

Shor's Algorithm in Plain English: How Quantum Breaks RSA and Why Post Quantum Cryptography Replaces Ithttps://quantumsequrity.com/blog/shor-algorithm-explained-layman#postquantumcryptography #harvestnowdecryptlater #cybersecurity

Medical, utility tech companies hit by intrudershttps://www.theregister.com/2026/04/27/itron_medtronic_hacked/Read on HackerWorkspace: https://hackerworkspace.com/article/medical-utility-tech-companies-hit-by-intruders#ransomware #databreach #cybersecurity

What is Post-Quantum Cryptography?https://quantumsequrity.com/blog/what-is-post-quantum-cryptography#postquantumcryptography #harvestnowdecryptlater #cybersecurity

#chrome extension Whatfix For Google seems malicious. Its #cybersecurity badness score is 98/100!```json{"id": "fepkmkdameafkbpknifgfhfmoogdcjck", "score": 98, "platform": "chrome", "name": "Whatfix For Google"}```