Microsoft Begins Removing Copilot Branding From Windows 11 Apps
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
https://techcrunch.com/2026/04/10/battery-recycler-ascend-elements-files-for-bankruptcy/
https://techcrunch.com/2026/04/10/france-to-ditch-windows-for-linux-to-reduce-reliance-on-us-tech/
As child social media bans spread across Europe and beyond, Estonia isn't having it. On Friday, the country's education minister said the bans won't "actually solve problems," while warning that the kids will find a way regardless.
Although companies like Meta would love for you to believe it’s a fairy tale, social media addiction is associated with tangible negative repercussions for children. Studies show that its harms range from depression and anxiety to sleep deprivation and obesity. (The latter is from all the targeted junk food advertising.) On the other hand, teens can find community and support from social media.
A growing list of countries looked at the negative data and concluded that the answer was to ban social media altogether for children. Although the age cutoff varies, legislation has been floated or enacted in Australia, Greece, France, Austria, Spain, Indonesia, Malaysia, the UK and Denmark — just to name a few.
Estonia's education minister believes these countries are coming at the very real problem from the wrong angle. "The way to approach this, to me, is not to make kids responsible for that harm and start self-regulating," Kristina Kallas said at a Politico forum in Barcelona. She added that "kids will find very quickly the ways to go around and to still use social media."
Instead, she said the responsibility lies with governments and corporations. "Europe pretends to be weak when it comes to big American and international corporations," she added. But she called that a "pretense," challenging the EU to "actually take this power and start regulating the big American corporations."
To be fair, the EU regulates the tech industry more effectively than anywhere else in the world. But the point on childhood social bans stands.
Another argument against the bans is that it’s a short path from the well-meaning to a more sinister erosion of basic freedoms. In February, France suggested that the next logical step after passing an under-15 social media ban would be to go after VPNs. After all, once you pass the ban, you need to enforce it — and that can mean snuffing out the tools children could use to work around it.
This article originally appeared on Engadget at https://www.engadget.com/social-media/estonia-is-the-rare-eu-country-opposing-child-social-media-bans-194620916.html?src=rssWhoop, the makers of a screen-free fitness tracker of the same name, could soon have some competition. Fitbit teased its take on a Whoop-style band with the help of Steph Curry at the end of March, and based on a trademark filing spotted by Gadgets & Wearables, Garmin appears to be working on its own band that tracks similar health metrics.
This new Garmin wearable, called "CIRQA" in the trademark filing submitted in February, is designed to measure "the body's physical parameters and other physiological data, bio-signals, and bodily behavior." That could broadly describe the smartwatches and fitness trackers Garmin already sells. But the CIRQA apparently goes further, by also measuring "recovery from physical and emotional stress, human alertness level, and performance," a set of more granular, wellness-focused features that could bring the unreleased wearable into the same ballpark as a Whoop.
Garmin accidentally leaked that it was working on a new wearable via a hastily removed store page in January, Android Authority reports. While some phantom web pages and a trademark do not guarantee Garmin is working on a new device, or that the band will be screen-free in the same way the Whoop is. If the company is preparing a competitor, though, the timing makes sense. Where other devices try to split the difference between tracking biometrics and offering real-time information or other smartwatch features, Whoop is decidedly data-first. Its wearables monitor as much information as possible through a nondescript band, and then analyze and display what it learned via a smartphone app. The approach is attractive to anyone tired of dealing with screens, and the growing number of people obsessed with optimizing their health. In fact, Whoop just raised $575 million on the back of its current success. It would make sense that Garmin and Google (via its Fitbit brand) would want a piece of the company's audience, too.
Whoop-style bands are also a perfect fit for future uses of AI in health and fitness tracking. Google is interested in having users turn to Fitbit's AI-powered health coach for everything from workout tracking to nutrition advice. If health data processing is going to happen in the cloud, and you're going to have to pull out your smartphone to view that data anyway, it makes sense to sell a tracker without a screen.
This article originally appeared on Engadget at https://www.engadget.com/wearables/garmin-may-be-working-on-a-whoop-competitor-191802041.html?src=rssAmazon is ending support for third-party integrations on its Luna cloud gaming service. The most immediate changes mean that it's no longer possible to buy Ubisoft+ and Jackbox Games subscriptions or standalone games through Luna.
Amazon will automatically any cancel active subscriptions bought through Luna at the end of customers' next billing cycle. If you have a Ubisoft+ subscription that you bought directly from Ubisoft instead, you’ll still be able to access games on that service through Luna until June 10.
The Bring Your Own Library option — which allows users to play games they own on the likes of EA, GOG and Ubisoft on Luna — is going away too. You won't be able to access games from on those storefronts via Amazon's streaming service after June 3.
If you bought any games outright on Luna, you'll still be able to play them there until June 10. Unlike Google did when it shut down Stadia, Amazon isn’t offering refunds for those purchases. However, you'll still have access to them through the respective third-party platform that's linked to your account, be it the EA App, GOG Galaxy or Ubisoft Connect.
That doesn't exactly help folks who don't have powerful-enough systems to play more demanding games and were relying on Luna. As such, some people might need to turn to the likes of GeForce Now in order to keep playing games they bought through Luna (and they’ll need to hope GFN actually supports their specific games).
Amazon has been reshaping Luna over the last several months. It rolled out a revamped version of the service back in October, with more of a focus on GameNight party games that you can play with a smartphone.
Prime subscribers will still be able to claim PC games and stream games on the Luna Standard tier at no extra cost. The Luna Premium subscription, which includes a wider range of third-party games, is still available too.
“We’re doubling down on a broad range of gaming experiences, including strong third-party titles, delivered in ways that make great games more accessible, as well as new and unique gaming experiences like GameNight,” Amazon wrote in an email to Luna users. The company also said it will offer some folks a free Luna Premium subscription.
This article originally appeared on Engadget at https://www.engadget.com/gaming/amazon-luna-ends-support-for-third-party-subscriptions-and-game-purchases-171329996.html?src=rssAmerica's Big Tech companies may soon learn that saddling up with Donald Trump doesn't tend to work out in the end. As the president sows chaos and distrust around the globe while taking aim at EU tech regulations, Europe is looking for ways to adopt its own alternatives. The latest example is France, which said it's dropping Microsoft Windows in favor of Linux.
On Wednesday, France said (via TechCrunch) it plans to move its workstations from Windows to the open-source Linux. It's part of a broader movement across Europe toward digital sovereignty, aimed at reducing reliance on foreign tech — especially American and Chinese. Although homegrown alternatives aren't available in many areas, the EU seems prepared to wean itself off where it can.
In January, France announced that it would move its videoconferencing from Zoom and Teams to the French-made Visio. As part of this week’s Linux announcement, France added that it would also migrate its health data to a new platform by the end of 2026.
Since taking office, Trump has used tariffs and other measures to try to bully European nations into dropping their regulations on America's tech industry. In August, he vowed to "stand up to Countries that attack our incredible American Tech Companies." (The strange capitalizations are his, not ours.) His administration has described laws like the EU's Digital Services Act as "censorship" and "a tax."
So far, Europe has stood firm. "I want to be very clear: our digital sovereignty is our digital sovereignty," European Commission President Ursula von der Leyen said at the Munich Security Conference in February. "We have a long tradition in freedom of speech. Actually, the Enlightenment started on our continent."
Christian Kroll, CEO of German search engine Ecosia, foresaw Europe's predicament soon after Trump's 2024 reelection. "We, as a European community, just need to make sure that nobody can blackmail us." He added that "if the US turned off access to search results tomorrow, we would have to go back to phone books." Granted, the guy is selling a European-made search engine, so his bias is clear. But the salience of his point stands.
Giorgos Verdi, policy fellow at the European Council on Foreign Relations, said the Trump administration's behavior underscores the need for Europe to break free. "Could the US use its dominance over AI chips, its dominance over cloud in Europe, its dominance over AI systems in order to exert more pressure?" Verdi asked CNN rhetorically in January. "In order to build more resilience for Europe... there is a geopolitical case for European innovations to emerge."
This article originally appeared on Engadget at https://www.engadget.com/big-tech/french-government-says-au-revoir-windows-bienvenue-linux-165407232.html?src=rssGoogle has announced that end-to-end encryption (E2EE) for Gmail on Android and iOS is now rolling out for its enterprise users. Emails that require E2EE in Workspace can be composed and read within the Gmail app, so eligible users won’t need additional apps or portals.
The new feature expands Google’s client-side encryption (CSE) offering, a little more than a year after E2EE was introduced to Gmail on the web. According to a Google blog post, any encrypted message sent to a recipient who uses the Gmail app will appear in their inbox as any email thread would. If they don’t have the app, they’re still able to read and reply to the email in their browser securely, regardless of their email address.
Google says the new functionality "combines the highest level of privacy and data encryption with a user-friendly experience for all users, enabling simple encrypted email for all customers from small businesses to enterprises and public sector." Of course, "all users" applies only to Enterprise Plus members here, with the millions of people who use Gmail as their personal email service currently unable to take advantage of the highest level of privacy and data protection.
In order for Gmail users to start using E2EE in the app, an admin must first enable Android and iOS clients in the CSE admin interface, which is available in the Admin Console. When sending an email, you have to click the lock icon and select additional encryption before sending. Attachments can then be added as normal.
E2EE is available straight away in the Rapid Release and Scheduled Release domains. Enterprise users will need the Assured Controls or Assured Controls Plus add-on, which provides businesses and organizations that handle sensitive data with extra security and compliance-related tools.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/google-adds-e2e-to-gmail-for-ios-and-android-enterprise-users-165345116.html?src=rssFirefox-maker Mozilla is calling out Microsoft after Redmond said it would scale back some Copilot features in Windows, arguing the rollback shows the company pushed AI too far without enough regard for user choice....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/mozilla_microsofts_copilot_strategy/
The Global Electronics Association (GEA) warns that the US ban on foreign-made network routers is impractical because few are made domestically, leaving consumers with little choice and delaying access to next-gen products, just as Wi-Fi 7 adoption should be ramping up....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/gea_fcc_routers/
Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/cpuid_site_hijacked/
Amazon's board of directors is urging shareholders to reject a proposal that would have the megacorp disclose more information on the impact of datacenters on its climate commitments....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/amazon_climate_goals/
Most UK business leaders will keep AI at the top of their spending priorities, with 65 percent planning to maintain investment whether they see immediate measurable returns or not....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/ai_roi_kpmg/
https://www.cnet.com/tech/gaming/todays-nyt-connections-hints-answers-and-help-for-april-11-1035/
https://www.cnet.com/tech/gaming/todays-nyt-strands-hints-answers-and-help-for-april-11-769/
https://www.cnet.com/tech/gaming/todays-wordle-hints-answer-and-help-for-april-11-1757/
https://www.cnet.com/news-live/nasa-artemis-ii-live-launch-historic-moon-mission-launch/
https://arstechnica.com/cars/2026/04/f1-moves-a-step-closer-to-fixing-its-2026-hybrid-problem/
https://arstechnica.com/science/2026/04/oobleck-still-holds-some-surprises/
https://www.wired.com/story/home-depot-spring-black-friday-deals-2026/
https://www.wired.com/story/the-future-of-the-artemis-program-is-riding-on-reentry/
https://www.wired.com/story/sam-altman-home-attack-openai-san-franisco-office-threat/
https://www.zdnet.com/article/fanttik-s1-pro-electric-screwdriver-deal/
https://www.zdnet.com/article/ryobi-power-tool-bundle-deal-home-depot-spring-black-friday-2026/
https://www.zdnet.com/article/ecoflow-delta-pro-ultra-x-review/
https://www.zdnet.com/article/microsoft-windows-insider-program-simplified/
Samsung is reportedly considering a $4 billion chip packaging and testing project in Vietnam, deepening the country’s role in the global semiconductor supply chain.
The post Samsung Eyes Vietnam for $4B Semiconductor Packaging Project appeared first on TechRepublic.
https://www.techrepublic.com/article/news-samsung-vietnam-semiconductor-packaging-apac/
Alibaba launches a new AI data center powered by 10,000 homegrown chips, signaling a major push toward self-reliance amid US export restrictions.
The post Alibaba Launches AI Data Center Powered by 10,000 Homegrown Chips appeared first on TechRepublic.
https://www.techrepublic.com/article/news-alibaba-10000-ai-chips-data-center-apac/
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data.
The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic.
https://www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/
Google is rolling out notebooks in Gemini, giving users a new way to organize chats, files, and instructions into AI-powered project hubs.
The post Google Brings NotebookLM to Gemini for Easy Project Organization appeared first on TechRepublic.
https://www.techrepublic.com/article/news-google-gemini-notebooks-update/
See what you missed in Daily Tech Insider from April 6–10.
The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic.
https://in.mashable.com/tech/108299/samsung-galaxy-a57-review-reliable-where-it-matters-most
https://www.geekwire.com/2026/mary-jo-foley-microsoft-windows-new-lease-on-life-why-now/
https://www.geekwire.com/2026/artemis-2-moon-watch-splashdown/
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/cpuid_site_hijacked/
Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."...
https://go.theregister.com/feed/www.theregister.com/2026/04/10/project_glasswing/
The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/signal_jammer_consultation/
Webinar Promo 2025 was the year of AI experimentation. In 2026, the bills are coming due. AI adoption has moved from isolated pilots to autonomous, enterprise wide deployment, bringing with it a sophisticated new generation of security challenges....
https://go.theregister.com/feed/www.theregister.com/2026/04/10/unpacking_ai_security_2026/
US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries....
https://go.theregister.com/feed/www.theregister.com/2026/04/09/crypto_fraud_scam_45_million/
NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 15
La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
https://ciso2ciso.com/thinking-about-becoming-a-licensed-engineer-start-here/
View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 14
La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
https://ciso2ciso.com/celebrate-hispanic-heritage-month-with-swe/
Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool [...]
La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s [...]
La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 11
La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
https://hackread.com/android-banking-trojan-cambodia-scam-compounds/
https://hackread.com/graphalgo-scam-lazarus-hackers-us-llcs-malware/
https://hackread.com/unc6783-hackers-fake-okta-pages-corporate-breach/
https://hackread.com/adobe-reader-zero-day-exploit-data-malicious-pdfs/
https://hackread.com/claude-code-claude-md-sql-injection-attacks/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5918
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5915
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5914
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5913
https://www.ncsc.nl/alerts/kwetsbaarheid-in-forticlient-ems-van-fortinet
https://www.ncsc.nl/alerts/ontwikkelaars-opgelet-gecompromitteerde-npm-en-python-packages
https://www.ncsc.nl/nieuws/ruim-twee-miljoen-bezoeken-aan-kwaadaardige-websites-voorkomen-in-pilot
https://www.ncsc.nl/alerts/ernstige-kwetsbaarheden-in-cisco-secure-firewall-management-center
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1050
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1049
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1048
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1030
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1047
https://thehackernews.com/2026/04/glassworm-campaign-uses-zig-dropper-to.html
https://thehackernews.com/2026/04/browser-extensions-are-new-ai.html
https://thehackernews.com/2026/04/google-rolls-out-dbsc-in-chrome-146-to.html
https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
https://thehackernews.com/2026/04/backdoored-smart-slider-3-pro-update.html
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data.
The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic.
https://www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/
See what you missed in Daily Tech Insider from April 6–10.
The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic.
A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available.
The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic.
https://www.techrepublic.com/article/news-adobe-acrobat-zero-day-pdf-exploit-months/
Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your account and finances.
The post New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts appeared first on TechRepublic.
https://www.techrepublic.com/article/news-apple-iphone-scam-targeting-millions-2026/
A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps.
The post Massive Data Breach Exposes 337K LAPD-Linked Records appeared first on TechRepublic.
https://www.techrepublic.com/article/news-lapd-data-breach-337k-files-exposed/
XDR detects threats. It does not investigate them. 80% of analyst time is investigation, and XDR provides zero autonomous capability. Here's the structural analysis.
The post MITRE Gave XDR a Perfect Score. Then the Analyst Had to Investigate Alone appeared first on D3 Security.
The post MITRE Gave XDR a Perfect Score. Then the Analyst Had to Investigate Alone appeared first on Security Boulevard.
Anthropic’s latest AI Model, Claude Mythos, will break the cybersecurity vulnerability management operational models. Mythos is so good at discovering and building viable exploits it is currently being rolled-out in a controlled manner under “Project Glasswing“. Those cybersecurity companies who have early access are attesting to the blazing speed and accuracy of the model and have declared the traditional processes the industry uses to manage vulnerabilities in their systems is no longer viable.
First, new AI models like Mythos, are incredibly proficient at identifying weaknesses in code that could be leveraged by cyber attackers. Mythos has found over 2000 high-severity vulnerabilities, including in every major operating system and web browser!
The second issue is how fast workable exploits can be created to take advantages of discovered vulnerabilities. The latest AI models are highly proficient and quickly figuring out how to leverage weakness and chain them together across multiple vulnerabilities to gain unprecedented access to targeted systems and infrastructures.
The speed of discovery and exploitation of vulnerabilities is now well beyond what defenders can address. Currently, the industry must become aware of vulnerabilities through industry announcements, direct notification by researchers, or in rare cases by self-discovery efforts. They must then verify the vulnerability and understand its potential applicability to their environment. It gets rated and based upon that rating; resources will be committed to develop a patch. The patch must be tested and then scheduled for roll-out in a way that it can be withdrawn if something unforeseen occurs.
This takes time and may incur downtime for impacted systems.
Most organizations have a cadence for addressing different severity vulnerabilities. A patch calendar may bundle fixes to control the disruption and prioritize the most urgent fixes. High risk may be fixed in weeks or a month, medium in several months, and low, perhaps every year if they choose to fix them at all.
The goal is simply to fix the vulnerabilities before the attackers could create and deploy an exploit in the wild, which typically took months.
No longer.
Now, what took months will take minutes with Mythos and other AI models.
That breaks the entire vulnerability management system that protects our digital world.
For those who read my annual cybersecurity predictions (video version), we can check off prediction number 2, which outlined how AI acceleration would shrink the time-to-patch window dramatically, beyond what is currently possible for cybersecurity teams.
First, organizations will cut corners to speed up patch release for the impactful vulnerabilities most likely to be exploited. This will shrink the patch window a little, but not enough, and introduce errors in patches which will have undesired impacts on users. Essentially, the number of ‘bad patches’ will increase.
Secondly, the increased attack velocity will drive software developers to commit much more to using AI tools to proactively detect and resolve vulnerabilities prior to product release. This should have happened long ago, but in the race to market, security vetting often gets deferred to later. The outcome will be slower product release timelines from responsible vendors. The haphazard companies will want to take advantage and continue to push vulnerable code to get into the market faster. But that will eventually have consequences.
Third, there will be massive shift for cybersecurity teams to adopt these AI tools to compete with attackers by trying to detect and address vulnerabilities before the hackers. The tools, processes, and operating models will need to be entirely redrawn. The window of exposure will be the metric that must shrink, from months to hours.
The latest AI tools will compress the vulnerability lifecycle from discovery to exploitation at a pace that challenges the foundations of today’s security operations. Organizations that continue to rely on legacy processes will find themselves operating outside the window of safety. Defenders can no longer rely on traditional disclosure cycles, patch cadences, or reactive security models when intelligent systems can discover and weaponize weaknesses in hours. To survive this new era, organizations must reinvent their processes around AI-driven velocity. The signals are clear; it is time to radically adapt vulnerability management or be victimized.
The post Anthropic Claude Mythos Will Break Vulnerability Management appeared first on Security Boulevard.
https://securityboulevard.com/2026/04/anthropic-claude-mythos-will-break-vulnerability-management/
Earlier this year, YouTube began rolling out a row of algorithmically recommended videos at the top of the Subscriptions page. The section, labeled "most relevant," surfaces content the algorithm predicts the user will engage with, pulled from channels the user already follows. The subscription feed still exists below it. But the default view, the first thing a user sees when navigating to a page they built through deliberate choices, now leads with what YouTube's algorithm thinks they should watch.
The post The Engagement Ratchet: How YouTube, Instagram, and Amazon Trained Users to Accept Less Control appeared first on Security Boulevard.
Earlier this year, YouTube began rolling out a row of algorithmically recommended videos at the top of the Subscriptions page. The section, labeled "most relevant," surfaces content the algorithm predicts the user will engage with, pulled from channels the user already follows. The subscription feed still exists below it. But the default view, the first thing a user sees when navigating to a page they built through deliberate choices, now leads with what YouTube's algorithm thinks they should watch.
The post The Engagement Ratchet: How YouTube, Instagram, and Amazon Trained Users to Accept Less Control appeared first on Security Boulevard.
Author, Creator & Presenter: Nicholas Carlini, Research Scientist, Anthropic
____________________________________________________
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Black-Hat LLMs appeared first on Security Boulevard.
https://securityboulevard.com/2026/04/unprompted-2026-black-hat-llms/
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
https://krebsonsecurity.com/2026/03/canisterworm-springs-wiper-attack-targeting-iran/
https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for now, will remain unnamed), who had invoices stacking back more than 6 months overdue and despite payment terms of
Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Significantly, we're shifting more and more of the workload to the latter
For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches. We&
Watching OpenClaw do its thing must be like watching the first plane take flight. It's a bit rickety and stuck together with a lot of sticky tape, but squint and you can see the potential for agentic AI to change the world as we know it. And I
In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers 🤷♂️), code on the edge, new data storage constructs and a completely different mechanism for even just querying a simple email address.
Claude is actually pretty good on the issues.
https://www.schneier.com/blog/archives/2026/04/sen-sanders-talks-to-claude-about-ai-and-privacy.html
ProPublica has a scoop:
In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.
The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.
Or, as one member of the team put it: “The package is a pile of shit.”
For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security...
https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html
This is news:
A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module.
There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them.
https://www.schneier.com/blog/archives/2026/04/python-supply-chain-compromise.html
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.
AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve...
https://www.schneier.com/blog/archives/2026/04/cybersecurity-in-the-age-of-instant-software.html
According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport.
In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic devices, including cellphones and laptops.
...https://securityaffairs.com/190570/data-breach/eurail-data-breach-impacted-308777-people.html
Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks
Categories: Threat Research
Tags: OpenClaw, LLM, AI, penetration testing, Red Team, CISO, Sophos X-Ops
https://www.sophos.com/en-us/blog/we-let-openclaw-loose-on-an-internal-network-here-s-what-it-found
No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements
Categories: Products & Services
Tags: CISO, Compliance
https://www.sophos.com/en-us/blog/is-compliance-complexity-outpacing-it-capacity
Third consecutive time being named a Customers’ Choice for MDR
Categories: Products & Services
Tags: Gartner, Gartner Peer Insights, MDR, Sophos MDR, Third-Party Reviews
https://www.sophos.com/en-us/blog/sophos-gartner-peer-insights-mdr
Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS).
Categories: Products & Services
Tags: AWS, Sophos Intelix, amazon, Amazon GuardDuty, Sophos OEM
New Sophos survey reveals only 5% of IT leaders say they fully trust their cybersecurity vendors
Categories: Products & Services, Sophos Insights
Tags: Trust, Privacy, Trust Center
https://www.sophos.com/en-us/blog/the-cybersecurity-trust-reality-in-2026