Security News Digest - 2026-05-05 26 updates from 7 sources: BleepingComputer: Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison https://www.bleepingcomputer.com/news/security/karakurt-extortion-gang-negotiator-sentenced-to-85-years-in-prison/ The Hacker News: We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html SecurityWeek: Karakurt Ransomware Negotiator Sentenced to Prison https://www.securityweek.com/karakurt-ransomware-negotiator-sentenced-to-prison/ SecurityWeek: Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server https://www.securityweek.com/critical-high-severity-vulnerabilities-patched-in-apache-mina-http-server/ BleepingComputer: Google now offers up to $1.5 million for some Android exploits https://www.bleepingcomputer.com/news/security/google-now-offers-up-to-15-million-for-some-android-exploits/🦠 Malwarebytes: Update WhatsApp now: Two new flaws could expose you to malicious files https://www.malwarebytes.com/blog/news/2026/05/update-whatsapp-now-two-new-flaws-could-expose-you-to-malicious-files The Hacker News: MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks https://thehackernews.com/2026/05/metinfo-cms-cve-2026-29014-exploited.html darkreading: How the Story of a USB Penetration Test Went Viral https://www.darkreading.com/cyberattacks-data-breaches/how-story-usb-penetration-test-went-viral The Hacker News: The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed https://thehackernews.com/2026/05/the-back-door-attackers-know-about-and.html SecurityWeek: Critical Remote Code Execution Vulnerability Patched in Android https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/ SecurityWeek: Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft https://www.securityweek.com/critical-bug-could-expose-300000-ollama-deployments-to-information-theft/ The Record from Recorded Future News: Australia launches cyber review board modeled on version disbanded in US https://therecord.media/australia-launches-cyber-review-board BleepingComputer: Vimeo data breach exposes personal information of 119,000 people https://www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/ SecurityWeek: Hacker Conversations: Joey Melo on Hacking AI https://www.securityweek.com/hacker-conversations-joey-melo-on-hacking-ai/ Security News | TechCrunch: 4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals faster https://techcrunch.com/2026/05/05/4-days-left-get-50-off-a-second-techcrunch-disrupt-2026-pass-to-make-more-deals-faster/ BleepingComputer: The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check. https://www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/ The Hacker News: China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html Security News | TechCrunch: Hackers steal students’ data during breach at education tech giant Instructure https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/ BleepingComputer: FTC to ban data broker Kochava from selling Americans’ location data https://www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/ SecurityWeek: Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations https://www.securityweek.com/microsoft-warns-of-sophisticated-phishing-campaign-targeting-us-organizations/ darkreading: Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk https://www.darkreading.com/cyber-risk/microsoft-edge-passwords-enterprise-risk Security News | TechCrunch: Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack https://techcrunch.com/2026/05/05/kaspersky-suspects-chinese-hackers-planted-a-backdoor-into-daemon-tools-in-widespread-attack/ The Hacker News: DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html The Hacker News: Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html The Record from Recorded Future News: Conti, Akira ransomware affiliate given 8-year sentence https://therecord.media/conti-akira-ransomware-affiliate-sentenced BleepingComputer: Student hacked Taiwan high-speed rail to trigger emergency brakes https://www.bleepingcomputer.com/news/security/student-hacked-taiwan-high-speed-rail-to-trigger-emergency-brakes/#InfoSec #SecurityNews

Security News Digest - 2026-04-23 29 updates from 9 sources: Security Boulevard: What is Bring Your Own Encryption (BYOE)? https://securityboulevard.com/2026/04/what-is-bring-your-own-encryption-byoe/ darkreading: 'Zealot' Shows What AI's Capable of in Staged Cloud Attack https://www.darkreading.com/cyber-risk/zealot-shows-ai-execute-full-cloud-attacks Unit 42: AIはクラウドを攻撃できるのか?自律型クラウド攻撃型マルチエージェント システムの構築から得られた教訓 https://unit42.paloaltonetworks.com/autonomous-ai-cloud-attacks/ Unit 42: Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System https://unit42.paloaltonetworks.com/autonomous-ai-cloud-attacks/ SecurityWeek: AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers https://www.securityweek.com/ai-can-autonomously-hack-cloud-systems-with-minimal-oversight-researchers/ Security Boulevard: Supply Chain Resilience for UK SMEs: Practical Steps to Reduce Third-Party Risk https://securityboulevard.com/2026/04/supply-chain-resilience-for-uk-smes-practical-steps-to-reduce-third-party-risk/🦠 Malwarebytes: Apple fixes iOS bug that kept deleted notifications, including chat previews https://www.malwarebytes.com/blog/news/2026/04/apple-fixes-ios-bug-that-kept-deleted-notifications-including-chat-previews Security Boulevard: Apple fixes iOS bug that kept deleted notifications, including chat previews https://securityboulevard.com/2026/04/apple-fixes-ios-bug-that-kept-deleted-notifications-including-chat-previews/ SecurityWeek: Luxury Cosmetics Giant Rituals Discloses Data Breach https://www.securityweek.com/luxury-cosmetics-giant-rituals-discloses-data-breach/ BleepingComputer: CISA orders feds to patch BlueHammer flaw exploited as zero-day https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-microsoft-defender-flaw-exploited-in-zero-day-attacks/ SecurityWeek: The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface https://www.securityweek.com/the-behavioral-shift-why-trusted-relationships-are-the-newest-attack-surface/ Security Boulevard: Telco Privacy Violation? Fine! No, Telco Privacy Violation, Fine. Supreme Court to Determine if FCC Can Charge Telcos for Data Breaches https://securityboulevard.com/2026/04/telco-privacy-violation-fine-no-telco-privacy-violation-fine-supreme-court-to-determine-if-fcc-can-charge-telcos-for-data-breaches/ The Hacker News: Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them? https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html SecurityWeek: Rilian Raises $17.5 Million for AI-Native Security Orchestration https://www.securityweek.com/rilian-raises-17-5-million-for-ai-native-security-orchestration/ Security Boulevard: Threat on the Horizon – AI and Cybersecurity https://securityboulevard.com/2026/04/threat-on-the-horizon-ai-and-cybersecurity/ Security News | TechCrunch: Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say https://techcrunch.com/2026/04/23/surveillance-vendors-caught-abusing-access-to-telcos-to-track-peoples-phone-locations-researchers-say/ Security Boulevard: How Branded SSO Interfaces Improve User Trust And Experience https://securityboulevard.com/2026/04/how-branded-sso-interfaces-improve-user-trust-and-experience/ The Hacker News: [Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html BleepingComputer: New GopherWhisper APT group abuses Outlook, Slack, Discord for comms https://www.bleepingcomputer.com/news/security/new-gopherwhisper-apt-group-abuses-outlook-slack-discord-for-comms/ Security Boulevard: Managing AI Agents: Balancing Security and Productivity https://securityboulevard.com/2026/04/managing-ai-agents-balancing-security-and-productivity/ BleepingComputer: UK warns of Chinese hackers using proxy networks to evade detection https://www.bleepingcomputer.com/news/security/uk-warns-of-chinese-hackers-using-botnets-of-hijacked-consumer-devices-to-evade-detection/ SecurityWeek: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos https://www.securityweek.com/chinese-cybersecurity-firms-ai-hacking-claims-draw-comparisons-to-claude-mythos/ Security Boulevard: District Administration | How Cloud Monitoring Protects Districts From New Cyber Threats https://securityboulevard.com/2026/04/district-administration-how-cloud-monitoring-protects-districts-from-new-cyber-threats/ Security Boulevard: Why Chrome Zero-Days Keep Winning and What Enterprises Need to Change – Blog | Menlo Security https://securityboulevard.com/2026/04/why-chrome-zero-days-keep-winning-and-what-enterprises-need-to-change-blog-menlo-security/ Security Boulevard: Copperhelm Emerges to Launch Autonomous Cloud Security Platform https://securityboulevard.com/2026/04/copperhelm-emerges-to-launch-autonomous-cloud-security-platform/ The Record from Recorded Future News: Medical data of 500,000 Britons put up for sale on Chinese website https://therecord.media/medical-data-on-500000-britons-put-on-sale-alibaba BleepingComputer: Microsoft: Some Teams users can’t join meetings after Edge update https://www.bleepingcomputer.com/news/microsoft/microsoft-some-teams-users-cant-join-meetings-after-edge-update/ The Record from Recorded Future News: House Republicans unveil data privacy law that would override state protections https://therecord.media/house-republicans-unveil-data-privacy-law-override-state-measures The Record from Recorded Future News: Trump’s pick for CISA director withdraws from consideration https://therecord.media/trump-pick-to-lead-cisa-withdraws-from-consideration#InfoSec #SecurityNews

Security News Digest - 2026-04-22 15 updates from 7 sources: Security Boulevard: SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top https://securityboulevard.com/2026/04/snowfroc-2026-secure-defaults-real-trust-and-a-better-layer-on-top/ BleepingComputer: Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process https://www.bleepingcomputer.com/news/security/inside-caller-as-a-service-fraud-the-scam-economy-has-a-hiring-process/ Security News | TechCrunch: UK government says 100 countries have spyware that can hack people’s phones https://techcrunch.com/2026/04/22/uk-government-says-100-countries-have-spyware-that-can-hack-peoples-phones/ SecurityWeek: After Bluesky, Mastodon Targeted in DDoS Attack https://www.securityweek.com/after-bluesky-mastodon-targeted-in-ddos-attack/ darkreading: DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' https://www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview Security Boulevard: North Korea Stole 100,000 Identities to Infiltrate Global Companies https://securityboulevard.com/2026/04/north-korea-stole-100000-identities-to-infiltrate-global-companies/ Security Boulevard: News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category https://securityboulevard.com/2026/04/news-alert-breachlocks-integrated-attack-validation-platform-debuts-in-gartner-aev-category/ Security Boulevard: [un]prompted 2026 – 8 Minutes to Admin. We Caught It in the Wild. Welcome to VibeHacking. https://securityboulevard.com/2026/04/unprompted-2026-8-minutes-to-admin-we-caught-it-in-the-wild-welcome-to-vibehacking/ BleepingComputer: Spain dismantles major $4.7M manga piracy platform, arrests four https://www.bleepingcomputer.com/news/security/spain-dismantles-major-47m-manga-piracy-platform-arrests-four/ Security Boulevard: How to Attend Tech Conferences and Events for Free: The Complete Guide for Cybersecurity and AI Professionals https://securityboulevard.com/2026/04/how-to-attend-tech-conferences-and-events-for-free-the-complete-guide-for-cybersecurity-and-ai-professionals/ The Hacker News: Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html The Record from Recorded Future News: French police arrest suspected hacker behind dozens of data breaches https://therecord.media/french-hacker-cyberattacks-arrest Security Boulevard: CyberStrong Product Update: What’s New in Release 4.14 https://securityboulevard.com/2026/04/cyberstrong-product-update-whats-new-in-release-4-14/ Security News | TechCrunch: Cosmetics giant Rituals confirms data breach of customer membership records https://techcrunch.com/2026/04/22/cosmetics-giant-rituals-confirms-data-breach-of-customer-membership-records/ Security Boulevard: Is Your Network Ready for AI? A Practical Evaluation Framework https://securityboulevard.com/2026/04/is-your-network-ready-for-ai-a-practical-evaluation-framework/#InfoSec #SecurityNews

Security News Digest - 2026-04-17 18 updates from 7 sources: Security Boulevard: Randall Munroe’s XKCD ‘Home Remedies’ https://securityboulevard.com/2026/04/randall-munroes-xkcd-home-remedies/ Security Boulevard: The Wall Around Claude 4.7 Does Not Extend to Dread https://securityboulevard.com/2026/04/the-wall-around-claude-4-7-does-not-extend-to-dread/ Security Boulevard: The Wall Around Claude 4.7 Does Not Extend to Dread https://securityboulevard.com/2026/04/the-wall-around-claude-4-7-does-not-extend-to-dread-2/ Security Boulevard: Booking.com Breach Shows Exactly How Smishing Attacks Get Made https://securityboulevard.com/2026/04/booking-com-breach-shows-exactly-how-smishing-attacks-get-made/ Security News | TechCrunch: Hackers are abusing unpatched Windows security flaws to hack into organizations https://techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/ Security Boulevard: National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges https://securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/ Security Boulevard: NIST, Overrun by Massive Numbers of Submitted CVEs, Limits Analysis Work https://securityboulevard.com/2026/04/nist-overrun-by-massive-numbers-of-submitted-cves-limits-analysis-work/ Security Boulevard: When Geopolitics Writes Your Compliance Roadmap https://securityboulevard.com/2026/04/when-geopolitics-writes-your-compliance-roadmap/ The Record from Recorded Future News: Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown https://therecord.media/ddos-hire-europol-doj-crackdown The Record from Recorded Future News: Ransomware attack continues to disrupt healthcare in London nearly two years later https://therecord.media/ransomware-nhs-cyberattack-disruption Latest Bulletins: CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver https://aws.amazon.com/security/security-bulletins/rss/2026-016-aws/ SecurityWeek: White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology https://www.securityweek.com/white-house-chief-of-staff-to-meet-ith-anthropic-ceo-over-its-new-ai-technology/ Security Boulevard: [un]prompted 2026 – Kinetic Risk: Securing And Governing Physical Al In The Wild https://securityboulevard.com/2026/04/unprompted-2026-kinetic-risk-securing-and-governing-physical-al-in-the-wild/ darkreading: Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing BleepingComputer: Payouts King ransomware uses QEMU VMs to bypass endpoint security https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/ Security Boulevard: We Need a Shared Responsibility Model for AI https://securityboulevard.com/2026/04/we-need-a-shared-responsibility-model-for-ai/ darkreading: How NIST's Cutback of CVE Handling Impacts Cyber Teams https://www.darkreading.com/threat-intelligence/nist-cutbacks-nvd-handling-impacts-cyber-teams Security News | TechCrunch: Man who hacked US Supreme Court filing system sentenced to probation https://techcrunch.com/2026/04/17/man-who-hacked-us-supreme-court-filing-system-sentenced-to-probation/#InfoSec #SecurityNews

Security News Digest - 2026-04-15 20 updates from 6 sources: SecurityWeek: Capsule Security Emerges From Stealth With $7 Million in Funding https://www.securityweek.com/capsule-security-emerges-from-stealth-with-7-million-in-funding/ BleepingComputer: Rolling Networks: Securing the Transportation Sector https://www.bleepingcomputer.com/news/security/rolling-networks-securing-the-transportation-sector/ Security Boulevard: The Future Of GitHub Actions Security And What You Can Do Right Now https://securityboulevard.com/2026/04/the-future-of-github-actions-security-and-what-you-can-do-right-now/ Security News | TechCrunch: Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant https://techcrunch.com/2026/04/15/sweden-blames-russian-hackers-for-attempting-destructive-cyberattack-on-thermal-plant/ The Record from Recorded Future News: Educational company McGraw Hill says Salesforce misconfiguration led to data leak https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration Security Boulevard: Grip and Cyera Integration: Secure Sensitive Data Across AI https://securityboulevard.com/2026/04/grip-and-cyera-integration-secure-sensitive-data-across-ai/ darkreading: Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests https://www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests Security Boulevard: Claude Mythos and the AI Vulnerability Arms Race – What CISOs Must Know Now https://securityboulevard.com/2026/04/claude-mythos-and-the-ai-vulnerability-arms-race-what-cisos-must-know-now/ SecurityWeek: Exploited Vulnerability Exposes Nginx Servers to Hacking https://www.securityweek.com/exploited-vulnerability-exposes-nginx-servers-to-hacking/ BleepingComputer: CISA flags Windows Task Host vulnerability as exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-flags-windows-task-host-vulnerability-as-exploited-in-attacks/ Security Boulevard: [un]prompted 2026 – Detecting GenAI Threats at Scale With YARA-Like Semantic Rules https://securityboulevard.com/2026/04/unprompted-2026-detecting-genai-threats-at-scale-with-yara-like-semantic-rules/ darkreading: Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now https://www.darkreading.com/cyber-risk/preparing-q-day-quantum-risk-management Security Boulevard: GitHub Actions Supply Chain Attack: Trivy Breach & Workflow https://securityboulevard.com/2026/04/github-actions-supply-chain-attack-trivy-breach-workflow/ Security Boulevard: Cloud PAM for AI Agents: Why Traditional PAM Can’t Protect Agentic Workloads https://securityboulevard.com/2026/04/cloud-pam-for-ai-agents-why-traditional-pam-cant-protect-agentic-workloads/ Security Boulevard: Securing Today’s Cloud-Native Workloads https://securityboulevard.com/2026/04/securing-todays-cloud-native-workloads/ Security Boulevard: The Anthropic Mythos, Project Glasswing, and the Illusion of Patch-Based Security https://securityboulevard.com/2026/04/the-anthropic-mythos-project-glasswing-and-the-illusion-of-patch-based-security/ The Record from Recorded Future News: UK warns businesses to address cyber risks amid Anthropic AI panic https://therecord.media/anthropic-mythos-uk-cyber-risk BleepingComputer: Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-23-million-for-cloud-and-ai-flaws-at-zero-day-quest/ SecurityWeek: Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure https://www.securityweek.com/sweden-blames-pro-russian-group-for-cyberattack-last-year-on-its-energy-infrastructure/ The Record from Recorded Future News: Big tech fails to opt-out users requesting not to be tracked much of the time, new research says https://therecord.media/big-tech-fails-to-opt-out-users-requesting-not-to-be-tracked#InfoSec #SecurityNews