Policy

CISA orders U.S. federal agencies to patch exploited Ivanti EPMM flaw by Sunday.

CISA adds CVE-2026-1340 Ivanti EPMM code injection to Known Exploited Vulnerabilities Catalog.

DOJ disrupts Russian military intelligence DNS hijacking operation via court order.

Anthropic launches Project Glasswing consortium with 45+ orgs to test Claude Mythos Preview's cybersecurity

FBI releases joint advisory on Iranian cyber actors exploiting PLCs in US critical infrastructure.

US agencies warn of Iranian APT targeting internet-exposed industrial control systems.

German authorities identify two Russian nationals as leaders of GandCrab and REvil ransomware operations.

CISA orders federal agencies to patch actively exploited Fortinet EMS vulnerability by Friday.

CISA adds Fortinet FortiClient EMS improper access control flaw to KEV catalog.

Google commits to post-quantum cryptography transition by 2029.

LinkedIn accused of tracking 6,000+ browser extensions on users' PCs via hidden scripts.

Insikt Group report on 2025 LAC cybercrime landscape reveals 452 ransomware incidents targeting Brazil, Mexico,

FBI declares suspected Chinese hack of US surveillance system a major cyber incident.

Iran's Revolutionary Guard Corps threatens to attack 18 US tech firms starting April 1 if leaders killed.

CISA adds CVE-2026-3502 TrueConf Client code integrity vulnerability to KEV Catalog.

CISA adds CVE-2026-5281 Google Dawn use-after-free vulnerability to Known Exploited Vulnerabilities Catalog.

Spain's AEPD fines utilities company €220,000 for unlawful direct marketing and lack of legal basis under GDPR.

Italian DPA fines Enel Energia €563,052 for unlawful marketing calls and processor oversight failures.

Iran's IRGC threatens coordinated cyberattacks on US tech firms starting April 1.

Dutch court bans X's Grok from generating non-consensual intimate and child sexual abuse material.

Dutch court bans X's Grok from generating non-consensual intimate and CSAM imagery.

Spanish DPA fines utilities company €220,000 for unlawful direct marketing and lack of consent

Dutch Finance Ministry takes treasury banking portal offline after cyberattack affecting 1,600 public institutions.

CISA orders federal agencies to patch actively exploited Citrix NetScaler flaw CVE-2026-3055 by Thursday.

LLMs can generate syntactically valid but semantically flawed access control policies, quietly expanding organizational

NCSC urges UK organizations to mitigate recategorized F5 BIG-IP Access Policy Manager vulnerability.

ShinyHunters claims 350GB breach of European Commission systems with mail, databases, and documents.

Lyca Mobile France dataset of 26M customers leaked on cybercrime forum.

Ransomware broker sentenced to 7 years; malware in resumes and package repository hijacks reported.

Google sets 2029 deadline for post-quantum cryptography migration ahead of quantum computing threats.

Security leaders warn AI will discover vulnerabilities exponentially faster than organizations can patch them over next

Google commits to quantum-safe cryptography migration by 2029.

Google accelerates post-quantum cryptography migration to 2029 amid faster quantum computing progress.

CISA adds F5 BIG-IP RCE vulnerability CVE-2025-53521 to Known Exploited Vulnerabilities catalog.

Geopolitical tensions drive state-sponsored cyber operations targeting critical infrastructure globally.

UK sanctions Xinbi cryptocurrency marketplace linked to Asian scam centers and North Korean laundering.

U.S. Air Force Air Mobility Command operations logs allegedly leaked on cybercrime forum.

UK sanctions Xinbi Guarantee, a $20B Telegram-based crypto marketplace fueling scams and human trafficking.

LeakBase admin 'Chucky' arrested for operating stolen data marketplace.

Russian police arrest suspected LeakBase cybercrime forum owner in joint FBI-Europol operation.

Intermediary resellers enable global spyware market expansion despite government restrictions.

Armenian suspect extradited to US for allegedly managing RedLine infostealer malware operation.

Google accelerates post-quantum encryption migration timeline from 2035 to 2029.

BreachForums resurfaces with new .bb domain registration and associated IP.

NCSC alerts UK organisations to patch two critical Citrix NetScaler ADC/Gateway vulnerabilities.

NCSC urges UK orgs to mitigate two Citrix NetScaler vulnerabilities immediately.

Iran uses AI-manipulated satellite imagery for disinformation as Gulf conflict threatens commercial and state satellite

CISA adds CVE-2026-33017 Langflow code injection vulnerability to Known Exploited Vulnerabilities catalog.

TP-Link patches critical authentication bypass in Archer NX routers allowing firmware upload

Spanish DPA fines BBVA €100,000 for unlawfully redirecting SEPA payments without consent.