Aggregator

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

The Apache Software Foundationが提供するApache ActiveMQシリーズでは、MQTTパケットの検証が適切に行われていません。

The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.

The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.

2026年04月23日（現地時間）、米国CISAがCISA ICS Advisory / ICS Medical Advisoryを公表しました。

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.