Microsoft Defender Zero-Day Exploited in the Wild; Vercel Hit by Supply Chain Attack; AI-Discovered Vulnerabilities Surge

Rituals Cosmetics Data Breach Exposes Personal Info of 'My Rituals' Members

Amsterdam-based luxury cosmetics company Rituals has confirmed a data breach impacting members of its 'My Rituals' loyalty program, which has over 40 million members. The company began notifying affected customers on April 22, 2026, after discovering the incid...

UK Biobank Breach: Health Data of 500,000 Volunteers Found for Sale on Alibaba

The UK government has confirmed a severe data breach involving the UK Biobank, where de-identified but confidential health data from all 500,000 of its volunteers was listed for sale on e-commerce platforms owned by Alibaba. The breach originated from three Ch...

UK's NCSC Launches 'SilentGlass' Hardware to Block HDMI-Based Cyber Espionage

The UK's National Cyber Security Centre (NCSC) has developed a new hardware device called 'SilentGlass' to protect against cyberattacks transmitted through video display cables. Unveiled at the CYBERUK conference, the plug-and-play device secures HDMI and Disp...

Ransomware Shifts to Infrastructure: 73% of Attacks Exploit VPNs, At-Bay Reports

A new report from cyber insurance provider At-Bay reveals a dramatic shift in ransomware tactics, with attackers increasingly targeting core infrastructure like Virtual Private Networks (VPNs). The report, based on over 6,500 claims, found that a staggering 73...

CrowdStrike's 'Project QuiltWorks' Unites Industry to Tackle AI-Driven Vulnerability Surge

CrowdStrike has launched 'Project QuiltWorks,' a new industry coalition designed to address the security risks arising from the accelerated discovery of software vulnerabilities by frontier AI models. Recognizing that models like those from OpenAI and Anthropi...

Major US Cement Producer Taps Aria Cybersecurity to Protect Critical Plant Operations

Aria Cybersecurity, a business unit of CSPi, has announced an agreement to deploy its AZT PROTECT™ solution to secure the critical operational technology (OT) environments of a major, unnamed US cement producer. The cement industry is considered a high-value t...

Anthropic's 'Mythos' AI Deemed Too Dangerous for Public Release After Finding Novel Exploits

Update:New information reveals Anthropic's 'Mythos' AI can autonomously discover zero-day vulnerabilities, generate functional exploits, and execute multi-stage cyberattacks, significantly escalating its threat profile. Concerns are heightened by reports of potential...

Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched

Update:The CISA has added CVE-2026-33825 (BlueHammer), a critical Microsoft Defender privilege escalation vulnerability, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by May 6, 2026. This confirms active, in-the-wild exploitation...

Vercel Breach: Supply Chain Attack via AI Tool Exposes Customer Credentials

Update:This update provides a more in-depth technical analysis of the Vercel supply chain attack, including expanded MITRE ATT&CK mappings (T1199, T1550.001, T1528, T1069.003, T1530) and new 'Cyber Observables' for hunting OAuth abuse. It also reinforces mitigation s...

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security

Update:Palo Alto Networks' Unit 42 has released new research demonstrating the practical application of AI in offensive cloud operations. Their 'Zealot' multi-agent AI system autonomously executed a multi-stage attack against a Google Cloud Platform (GCP) sandbox. Th...