Security Domain
Security & Risk Management
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
22 Articles
← All domainsInstructure Confirms ShinyHunters Exploited Canvas LMS to Deface University Login Portals in Mass Extortion Campaign
Instructure has confirmed that the ShinyHunters threat group exploited a vulnerability in Canvas LMS to deface login portals across multiple university clients with extortion messages. The attack moved beyond the data exposure incident disclosed on May 3 into active defacement — university login pages were replaced with ransom demands visible to students and staff. Instructure is notifying affected institutions and has issued an emergency patch.
DOJ Indicts North Korean Developer for Leading Sales of DDoS and Cyberterrorism Tools for Regime Revenue
The US Department of Justice has indicted a North Korean software developer on charges of conspiracy to develop and sell cyberattack tools — including distributed denial-of-service infrastructure and cyberterrorism-enabling toolkits — through front companies operated by the Workers' Party of Korea. The indictment provides rare detail into how DPRK IT workers generate hard currency for the regime through offensive cyber tool sales, complementing the well-documented cryptocurrency theft and IT contractor programmes.
FTC Bans Kochava Subsidiary from Selling Sensitive Location Data in Landmark Enforcement Settlement
The US Federal Trade Commission has reached a settlement banning Kochava and its Collective Data Solutions subsidiary from selling sensitive location data derived from consumer mobile devices — marking the FTC's most significant enforcement action against the location data broker industry. The settlement establishes a precedent with direct implications for any organisation that monetises or purchases precise consumer location data, including advertising technology companies, retail analytics firms, and financial services using location data for fraud detection.
Fortinet 2026 Global Threat Landscape: Ransomware Victims Up 389% Year-over-Year, AI Crime Industrialising
Fortinet's 2026 Global Threat Landscape Report documents 7,831 confirmed ransomware victims in 2025 — a 389% increase over 2024's approximately 1,600 — alongside the first systematic evidence of AI-enabled cybercrime tooling (WormGPT, FraudGPT, BruteForceAI) being used at scale. Manufacturing, business services, and retail are the hardest-hit sectors. The report reframes the threat environment as fundamentally changed, not merely intensified.
KidsProtect Stalkerware Abuses VS Code Tunnels and Discord Webhooks as Covert C2 Infrastructure
A commercially marketed Android application called KidsProtect, presented as a parental control tool, has been analysed and found to function as stalkerware — secretly recording device location, SMS messages, call logs, and browser history without consent. The tool evades conventional network monitoring by routing command-and-control traffic through legitimate VS Code Remote Tunnels and Discord webhook endpoints. Its developer explicitly markets it as an undetectable monitoring solution on underground forums.
Europol Dismantles €50M Crypto Investment Fraud Network — 12 Arrested Across Six Countries
Europol has coordinated the dismantling of a €50 million cryptocurrency investment fraud network operating across six European countries, resulting in 12 arrests, 30 property searches, and the seizure of cryptocurrency holdings, luxury assets, and fraud operation infrastructure. The network ran AI-enhanced investment scam call centres and operated fraudulent crypto trading platforms that fabricated returns to sustain victim investment before executing exit scams.
Two Former Cybersecurity Professionals Sentenced to Four Years for BlackCat/ALPHV Ransomware Operations
A US federal court has sentenced two individuals with professional cybersecurity backgrounds to four-year prison terms for their roles in the BlackCat/ALPHV ransomware-as-a-service operation, marking a notable law enforcement outcome that demonstrates insider security knowledge is not a prosecution shield. The sentences follow guilty pleas and cooperation with investigators.
FBI Warns of $725M Cyber-Enabled Cargo Theft Wave Targeting Transportation and Logistics
The FBI has issued a warning documenting a sharp surge in cyber-enabled cargo theft targeting the US transportation and logistics industry, with losses exceeding $725 million in 2025. Criminal organisations use phishing, broker impersonation, and freight marketplace account takeovers to divert physical shipments. Supply chain security teams and freight brokers should treat this advisory as a direct threat to physical goods in transit.
WordPress Redirect Plugin Carried Dormant Backdoor for Three Years Before Activation
Researchers have uncovered a dormant backdoor in a widely-installed WordPress redirect management plugin that remained inactive for approximately three years before being activated by the attackers. The backdoor, present across an estimated 200,000+ active installations, highlights the long-game threat of supply chain compromise in the WordPress plugin ecosystem and the limits of periodic security scanning.
FTC: Americans Lost $2.1 Billion to Social Media Scams in 2025 — AI-Enhanced Fraud Doubles Investment Losses
The US Federal Trade Commission's annual consumer fraud report records $2.1 billion in social media scam losses in 2025, a 47% increase from 2024 driven by AI-generated deepfake impersonations, synthetic romance fraud accounts, and AI-personalised investment scam targeting. Investment scams account for 53% of losses at $1.1 billion. The report carries compliance implications for organisations under FTC Section 5 and EU AI Act Article 50 transparency obligations.
NIST Halts NVD Enrichment for Lowest-Priority CVEs as Submission Volume Surges 263% — Vulnerability Management Impact
NIST has announced it will no longer provide full CVSS scoring, CPE matching, and CWE classification for the lowest-priority tier of CVE submissions in the NVD. The change, driven by a 263% surge in annual CVE volumes since 2024, means thousands of CVE records will remain in an unenriched 'DEFERRED' state — with no CVSS score, no affected product mapping, and no severity rating. Enterprise vulnerability management programmes that rely on NVD as their authoritative source must adapt their workflows immediately.
Germany BKA Identifies REvil and GandCrab Leader 'UNKN' as Russian National Daniil Shchukin
Germany's federal criminal police (BKA) publicly attributed the REvil and GandCrab ransomware-as-a-service platforms to 31-year-old Russian national Daniil Shchukin, holding him responsible for 130+ attacks in Germany causing over €35 million in economic damage. Shchukin operates from Krasnodar and remains beyond extradition reach, but the attribution breaks the historical anonymity of top-tier RaaS operators and may precede US OFAC sanctions.
CISA Adds Four Exploited Flaws to KEV — SimpleHelp RMT and Samsung MagicINFO Head New Additions
CISA's Known Exploited Vulnerabilities catalogue has grown by four entries including critical flaws in SimpleHelp remote management tooling and Samsung's MagicINFO digital signage platform. Federal agencies face a May 2026 remediation deadline. Enterprise operators of RMM tools and display infrastructure should treat these as urgent.
NASA OIG: Chinese Spear-Phishing Campaign Targeted Defence Software Over Four Years
A newly released NASA OIG report details a sustained Chinese spear-phishing operation by Song Wu that targeted NASA, DoD contractors, and universities to steal defence software source code. The campaign ran from 2017 to 2021 — a defence supply chain IP theft template that remains relevant today.
SAP BPC SQL Injection (CVE-2026-27681, CVSS 9.9) Gives Low-Privilege Users Full Access to Financial ERP Data
A near-perfect CVSS 9.9 SQL injection vulnerability in SAP Business Planning and Consolidation and BW/4HANA allows any authenticated user with standard access to read, modify, and delete financial consolidation data. SAP patched the flaw in its April 2026 Security Patch Day; organisations should treat unpatched SAP financial systems as having their financial data integrity at risk from any internal user with SAP credentials.
Anthropic's Claude Mythos AI Discovers Thousands of Zero-Days Across Every Major OS — Project Glasswing Offers Private Access
Anthropic's specialised vulnerability-hunting AI, Claude Mythos, has systematically discovered thousands of zero-day vulnerabilities across Windows, macOS, Linux, and major browsers — including a 17-year-old NFS RCE in FreeBSD and a 27-year-old OpenBSD denial-of-service. Project Glasswing provides private early access to Microsoft, Google, Apple, and select others. The implications for enterprise risk governance are immediate.
ShinyHunters Leaks 78.6M Rockstar Records — The Real Story Is Anodot's Access
ShinyHunters has released 78.6 million records stolen from Rockstar Games, following the company's refusal to pay a ransom by the April 14 deadline. The breach did not involve Rockstar's own systems: attackers compromised Anodot, a third-party SaaS analytics vendor with direct access to Rockstar's Snowflake data warehouse. No player records were exposed, but the incident illustrates the persistent enterprise risk of SaaS vendor data access.
CISA Flags SharePoint Zero-Day CVE-2026-32201 as Actively Exploited — Patch Arrives Tomorrow
CISA has added CVE-2026-32201, a Microsoft SharePoint Server spoofing vulnerability under active exploitation, to the KEV catalogue with a 28 April remediation deadline. The timing is unusual: Microsoft has not yet released a patch as of this alert, with the fix expected in tomorrow's Patch Tuesday release. Organisations must decide whether to implement mitigations today or accept overnight exposure until the patch lands.
NIS2 Moves From Grace Period to Enforcement — Germany's BSI Registration Deadline Is Now
Eighteen months after the NIS2 transposition deadline, EU member states are moving from legislative implementation to active supervisory enforcement. Germany's BSI has set April 2026 as the registration deadline for essential and important entities under the national NIS2 implementation (NIS2UmsuCG). Organisations still treating NIS2 as a future requirement face immediate regulatory exposure as national competent authorities begin audit and penalty activity.
CIRCIA Final Rule Expected May 2026: What Critical Infrastructure Operators Must Do Now
CISA is expected to publish the long-awaited CIRCIA final rule in May 2026, mandating 72-hour cyber incident reporting and 24-hour ransomware payment reporting for critical infrastructure sectors. With weeks remaining, organisations that have not started preparing face significant compliance and legal exposure when the rule takes effect.
Handala Ransomware Surges to 23 Victims in March — Geopolitically-Motivated Wiper Threat Expands Beyond Israel
Handala ransomware claimed 23 victims in March 2026 — the group's most active month, accounting for more than half of its total 2026 activity to date. While predominantly targeting Israeli organisations with suspected IRGC ties, Handala has begun extending its reach into European financial services, healthcare, and utilities. The group deploys wiper functionality alongside ransomware, meaning recovery from an attack is frequently impossible even without a ransom payment.
March 2026 Patch Cycle: The Governance and Risk Metrics That CISOs Should Be Reporting
March 2026 has been an unusually demanding patch cycle — 83 Microsoft CVEs, three new CISA KEV additions across F5, Citrix, and Active Directory, and concurrent exploitable vulnerabilities across Linux, PAN-OS, and Dell hardware. CISOs face board-level questions about patching velocity and exposure windows. This analysis provides the governance framework and risk metrics to answer those questions accurately.