Latest Internet & Cybersecurity News
NTP Time Warp Attack Disrupts Global Finance and Emergency Services
Attackers hijacked network time protocol nodes, shifting system clocks by 1.5 seconds to trigger high-frequency trading glitches and disrupt hospitals for eight hours. This synchronized attack highlights vulnerabilities in time synchronization infrastructure.
CISA issued emergency directive 26-47 for audits of modular data center controllers due to Liquid Logic exploit risks.
OpenAI Launches GPT-5.4 Cyber for Defensive Cybersecurity
OpenAI unveiled GPT 5.4 Cyber, a permissive AI model for cyber defense including binary reverse engineering, limited to vetted users via Trusted Access for Cyber. It follows Anthropic's Claude Mythos, amid concerns over AI-enabled threats.
OpenAI offers $10M in API grants to security firms.
Anthropic Restricts Claude Mythos Over Exploit Capabilities
Anthropic's Claude Mythos Preview identifies thousands of unknown vulnerabilities in OS like Linux kernel but is limited to 12 partners due to cyberattack risks. Released under Project Glasswing to harden critical software first.
Governments review risks from this powerful model.
Ransomware Hits Elevated New Normal in Q1 2026
GuidePoint reports steady ransomware volumes QoQ and YoY, with The Gentlemen rising to second most active at 182 victims. Qilin leads with 361 but down 25%, Akira down 22%.
Clop continues Oracle E-Business Suite exploitation claims.
PwC: Cyber Resilience Spending Lags Behind AI Threats
PwC’s 2026 Digital Trust Insights shows spending lags as AI-driven threats, ransomware, and insider risks rise. Organizations must boost investments amid intensifying attacks.
Report emphasizes need for updated strategies.
Nginx-ui MCP Authentication Flaw Actively Exploited
Missing authentication in Nginx-ui MCP allows same-network attackers to alter configurations for full takeover. Exploit is actively used in the wild.
Organizations urged to patch immediately.
Vishing Attacks Surge on Okta to Bypass MFA
Vishing targets Okta identity systems to bypass MFA and access SSO data broadly. Attackers exploit voice phishing for credentials.
Enhanced verification recommended.
Black Basta Affiliates Use Teams Phishing on Executives
Suspected ex-Black Basta groups impersonate help desks via Teams to deploy RMM software. Targets high-level executives for persistence.
Improved phishing training advised.
OpenAI macOS App Hit by Axios Supply Chain Attack
OpenAI revokes certificates after Axios supply chain attack on macOS app-signing. Action taken out of caution to prevent abuse.
Users should update apps.
Microsoft 365 Mailbox Rules Abused for Exfiltration
Attackers misuse M365 rules to hide data theft and persist post-reset. Enables stealthy exfiltration.
Monitoring rules critical for detection.
AI Browser Extensions Show Higher Vulnerability Risks
Report finds AI extensions more prone to known flaws and risky permissions like cookies. Increased scrutiny needed for AI tools.
Users should review permissions.
Bessent and Powell Meet Bankers on Claude Mythos Impact
Top officials discussed Claude Mythos cybersecurity effects with bankers. Urges firms to boost cyber spending like large banks.
Highlights AI threat urgency.