“You’ve got this bifurcation of AI, the governed generative and the autonomous pieces,” he says. “It’s no longer, ‘Are you using AI?’ It’s asking, ‘Are you using governed AI? How are you governing it? How are you keeping it safe… Read More "Insurance carriers quietly back away from covering AI outputs"
Security researchers have warned of a “critical, systemic” vulnerability in the model context protocol (MCP) which could have a significant impact on the AI supply chain. MCP is a popular open source standard created by Anthropic which allows AI models… Read More "Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads"
Cisco on Wednesday announced patches for 15 vulnerabilities, including critical-severity flaws in Webex and Identity Services Engine (ISE). Tracked as CVE-2026-20184, the critical Webex bug impacts the single sign-on (SSO) integration with Control Hub and could allow remote, unauthenticated attackers… Read More "Cisco Patches Critical Vulnerabilities in Webex, ISE"
This argument may have had some relevance 20 years ago, when security functions were primarily responsible for auditing IT operations. But today, it increasingly reflects an outdated understanding of both roles. Modern cybersecurity is deeply intertwined with technology architecture, cloud… Read More "The endless CISO reporting line debate — and what it says about cybersecurity leadership"
Ransomware is now the fastest growing and most disruptive cyber threat facing the automotive sector, accounting for 44% of attacks on carmakers in 2025, according to Halcyon. The security vendor crunched data from multiple sources to compile a new report… Read More "Automotive Ransomware Attacks Double in a Year"
A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools. The attack method was discovered by security engineer and… Read More "Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments"
The European Commission has admitted that hackers may have taken data from the cloud infrastructure hosting its Europa.eu platform. The executive body released a statement on March 27 confirming it had discovered the cyber-attack on March 24 and took “immediate steps”… Read More "European Commission Confirms Cloud Data Breach"
Ravie LakshmananApr 16, 2026Malware / Threat Intelligence The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data… Read More "UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign"
A software defect at Lloyds Banking Group exposed the personal data of up to 447,936 customers after an IT glitch allowed users to see other customers’ transactions and account information. The incident, which occurred on 12 March during an overnight… Read More "Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers"
A wave of tax-themed cyber campaigns delivering malware, remote access tools, fraud schemes and credential phishing has been detected in early 2026. Proofpoint researchers identified more than a hundred such operations, highlighting how attackers continue to exploit the pressures and expectations… Read More "Cybercriminals Exploit Tax Season With New Phishing Tactics"
