This posting is here to collect cyber security news in April 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
84 Comments
Tomi Engdahl says:
Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks
But the effort to stop the spread of leaked Claude Code client code is an uphill battle.
https://arstechnica.com/ai/2026/04/anthropic-says-its-leak-focused-dmca-effort-unintentionally-hit-legit-github-forks/
An Anthropic-backed DMCA effort to remove its recently leaked Claude Code client source code from GitHub this week resulted in the accidental removal of many legitimate forks of its official public code repository. While that overzealous takedown has now been reversed, Anthropic still faces an extreme uphill battle in limiting the spread of its recently leaked code.
The DMCA notice that GitHub received late Tuesday focuses on a repository containing the leaked source code originally posted by GitHub user nirholas (archived here) and nearly 100 specifically named forks of that repository. In a note appended to that request, though, GitHub said it had acted to take down a network of 8,100 similar forked repositories because “the submitter alleged that all or most of the forks were infringing to the same extent as the parent repository.”
That expanded takedown affected many repositories that didn’t contain leaked code but instead forked Anthropic’s official public Claude Code repository, which the company shares to encourage public bug reports and fixes. Many coders took to social media to complain about being swept up in the DMCA dragnet despite not sharing any leaked code.
“I’m sorry that your people shipped your source code, and that your lawyers don’t know how to read a repo,” coder Robert McLaws wrote. “I will be filing a DCMA counter-notice.”
Tomi Engdahl says:
Secret passwords and crypto payments: Inside Iran’s mysterious new ‘tollbooth system’ in the Strait of Hormuz
Oil prices surged again on Thursday after Donald Trump dashed hopes of a swift resolution to the Middle East war
https://www.independent.co.uk/news/world/middle-east/iran-oil-tanker-strait-hormuz-tollbooth-crypto-b2950686.html
Tomi Engdahl says:
https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/?fbclid=IwdGRjcAQ-VAZjbGNrBD5T_GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHn98Oh0zYGnfqq4wjgWQCL-PzcyhlQKjwaEsyzaUmOuRdk8vMOS5vpOYUeOz_aem_y8URbBDhCIfXRqINXpm0iw
Tomi Engdahl says:
https://www.tomshardware.com/tech-industry/artificial-intelligence/iran-claims-it-has-hit-oracle-data-center-in-dubai-amazon-data-center-in-bahrain-country-has-threatened-to-attack-nvidia-intel-and-others-too
Tomi Engdahl says:
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
Tomi Engdahl says:
https://www.helpnetsecurity.com/2026/03/31/hottest-cybersecurity-open-source-tools-of-the-month-march-2026/
Tomi Engdahl says:
https://hackaday.com/2026/03/25/the-most-secure-modern-computer-might-be-a-mac/
Tomi Engdahl says:
Meta has “indefinitely” paused all work with AI recruiting startup Mercor after a breach that attackers claim exposed several terabytes of data.
Meta suspends work with Mercor after security breach
https://cybernews.com/tech/meta-suspends-work-with-mercor-after-security-breach/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUAQ_MC9leHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR4e93JlWYH06LuWsUwhn94x9UVGQ4_AeqmmpAZkX46JNsf0JVG7a7dsuosjlg_aem_shmGkLIS6gy7IJD_7B4aIA
Meta has “indefinitely” paused all work with AI recruiting startup Mercor after a breach that attackers claim exposed several terabytes of data.
Two sources confirmed the news to WIRED, adding that the pause is indefinite. Contractors who depended on those Meta projects cannot log hours until, or if, they resume, which could effectively mean they’re out of work. Internal conversations reviewed by WIRED suggest that the company is looking for additional projects for those affected.
Mercor contractors have reportedly not been told why their Meta projects were being paused.
Several other AI labs are also re-evaluating their relationship with Mercor as it investigates the incident, said people familiar with the matter.
The $10 billion AI startup Mercor supplies major AI companies like OpenAI, Meta, and Anthropic with specialized contractors to train and evaluate AI models. However, details about the specific projects and tasks involved are rarely disclosed amid heightened competition between tech giants.
A spokesperson told WIRED that OpenAI is investigating how its proprietary training data may have been exposed in the breach, adding that no user data has been affected. OpenAI has not paused its projects with Mercor.
On March 31st, Mercor confirmed the breach in a staff email: “There was a recent security incident that affected our systems along with thousands of other organizations worldwide.”
The company said it was impacted by a supply chain attack involving LiteLLM, a popular Python library used by AI developers, which was recently infected with credential harvesting malware. An attacker known as TeamPCP took credit for the breach, alleging it accessed 300GB of data from over 500,000 compromised systems.
Brian Wood says:
Man, it’s wild how much the cybersecurity landscape has shifted just in the first few days of April. Seeing those massive supply chain vulnerabilities pop up again makes me realize how fragile our “secure” systems actually are when one small piece of the puzzle goes sideways. It’s a constant cat-and-mouse game where the bad actors only have to be right once, while the rest of us have to be right every single second of the day. Honestly, reading through these updates is a bit of a wake-up call to finally go through and double-check all those “set it and forget it” security settings I haven’t looked at in months.
Tomi Engdahl says:
Russian government hackers broke into thousands of home routers to steal passwords
https://techcrunch.com/2026/04/07/russian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords/
A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim’s internet traffic to steal their passwords and access tokens, security researchers and government authorities warned on Tuesday.
This is the latest tactic by the long-running Russian hacking group known as Fancy Bear, or APT 28, known for its high-profile hacks and spying operations, including the breach of the Democratic National Committee in 2016 and the destructive hack that hit satellite provider Viasat in 2022. Fancy Bear is widely believed to be part of Russia’s intelligence agency GRU.
The hacking group targeted unpatched routers made by MikroTik and TP-Link using previously disclosed vulnerabilities according to the U.K. government’s cybersecurity unit NCSC and Lumen’s research arm Black Lotus Labs, which released new details of the campaign Tuesday.
According to the researchers, the hackers were able to spy on large numbers of people over the course of several years by compromising their routers, many of which run outdated software, leaving them vulnerable to remote attacks without their owners’ knowledge.
Tomi Engdahl says:
Kotireitittimen asianmukainen suojaaminen on tärkeä toimenpide taistelussa kybervakoilua vastaan.
https://www.iltalehti.fi/digiuutiset/a/031cf2c1-103f-4cf8-bf44-f40b1d6dcebf
Tomi Engdahl says:
Mike Cherney / Wall Street Journal:
A look at a global scramble to protect submarine cables vulnerable to potential sabotage, as new monitoring tech like distributed acoustic sensing is developed
Inside the Race to Protect Submarine Cables From Sabotage
U.S. and allies turn to tech, patrols and new routes to defend crucial underwater infrastructure against Russia and China
https://www.wsj.com/tech/inside-the-race-to-protect-submarine-cables-from-sabotage-c90ba18c?st=LKoi9Z&reflink=desktopwebshare_permalink
Tomi Engdahl says:
Isaac Yee / CNN:
A hacker claims to have stolen 10PB+ of data, including classified defense docs and missile schematics, from China’s National Supercomputing Center in Tianjin — A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics …
https://edition.cnn.com/2026/04/08/china/china-supercomputer-hackers-hnk-intl
Tomi Engdahl says:
Thomas L. Friedman / New York Times:
Mythos Preview’s hacking ability is not a publicity stunt; sources say tech companies privately spoke to Trump officials about the implications for US security
Anthropic’s Restraint Is a Terrifying Warning Sign
https://www.nytimes.com/2026/04/07/opinion/anthropic-ai-claude-mythos.html?unlocked_article_code=1.ZVA.Tz7m._0Ovd2LctbWs&smid=re-nytopinion
Normally right now I would be writing about the geopolitical implications of the war with Iran, and I am sure I will again soon. But I want to interrupt that thought to highlight a stunning advance in artificial intelligence — one that arrived sooner than expected and that will have equally profound geopolitical implications.
The artificial intelligence company Anthropic announced Tuesday that it was releasing the newest generation of its large language model, dubbed Claude Mythos Preview, but to only a limited consortium of roughly 40 technology companies, including Google, Broadcom, Nvidia, Cisco, Palo Alto Networks, Apple, JPMorganChase, Amazon and Microsoft. Some of its competitors are among these partners because this new A.I. model represents a “step change” in performance that has some critically important positive and negative implications for cybersecurity and America’s national security.
Tomi Engdahl says:
Ryan Gallagher / Bloomberg:
The UK says Russia-linked hacking group APT28 is hijacking popular internet routers from MikroTik, TP-Link, and others to steal credentials and redirect traffic
https://www.bloomberg.com/news/articles/2026-04-07/russia-linked-hackers-hijack-routers-to-steal-passwords-uk-says
Tomi Engdahl says:
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict.
https://www.securityweek.com/shaky-ceasefire-unlikely-to-stop-cyberattacks-from-iran-linked-hackers-for-long/
Tomi Engdahl says:
FBI: Cybercrime Losses Neared $21 Billion in 2025
The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses.
https://www.securityweek.com/fbi-cybercrime-losses-neared-21-billion-in-2025/
Tomi Engdahl says:
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.
https://www.securityweek.com/massachusetts-hospital-diverts-ambulances-as-cyberattack-causes-disruption/
Tomi Engdahl says:
The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and ‘human intel’ can make or break a security team.
https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/
Tomi Engdahl says:
How to 10x Your Vulnerability Management Program in the Agentic Era
The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation.
https://www.securityweek.com/how-to-10x-your-vulnerability-management-program-in-the-agentic-era/
Tomi Engdahl says:
The New Rules of Engagement: Matching Agentic Attack Speed
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural
https://www.securityweek.com/the-new-rules-of-engagement-matching-agentic-attack-speed/
Tomi Engdahl says:
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue.
https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/
There is a perceptible shift in how risk is seen across the organization. Data integrity is no longer only about keeping data safe; it’s also about data trust. Organizations are asking themselves, “Can we trust our data?”
In a new era shaped by AI-driven decisions, that question is difficult to answer, and it increasingly has operational significance. Even a minuscule change in training data can significantly increase the likelihood of inaccurate or harmful AI outputs. Organizations have built an operational framework where all decision-making, whether financial, operational, or strategic, is governed by data.
Data distortion, therefore, becomes a very clear and present integrity problem.
Tomi Engdahl says:
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access,
https://www.securityweek.com/why-agentic-ai-systems-need-better-governance-lessons-from-openclaw/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/18761-nyt-data-pysyy-salattuna-myoes-pilvessae
Ohiolainen Niobium tuo markkinoille uudenlaisen pilvialustan, jossa dataa voidaan käsitellä ilman, että sitä koskaan puretaan salauksesta. The Fog -niminen palvelu on nyt yksityisessä beeta-vaiheessa, ja sen julkinen julkaisu on suunniteltu tämän vuoden toiselle neljännekselle.
Alusta perustuu Fully Homomorphic Encryption -tekniikkaan, jonka idea on yksinkertainen mutta pitkään käytännössä hankala: laskenta tehdään suoraan salatulla datalla. Näin dataa ei tarvitse missään vaiheessa avata edes palveluntarjoajalle.
Käytännössä tämä tarkoittaa, että pilvipalvelu ei näe asiakkaan dataa lainkaan. Avaimet pysyvät datan omistajalla, eikä edes palvelun tarjoaja pääse käsiksi sisältöön. Samalla voidaan kuitenkin ajaa sovelluksia, analytiikkaa ja tekoälymalleja normaalisti.
Niobiumin ratkaisu ei ole pelkkä kiihdytinpiiri, vaan kokonainen alusta. The Fog yhdistää FPGA-pohjaisen laskentakiihdytyksen, kehittäjätyökalut ja pilviympäristön yhdeksi palveluksi. Yrityksen mukaan FHE-laskenta toimii sen mistic Core -kiihdyttimellä jopa kaksinkertaisella suorituskyvyllä verrattuna GPU-pohjaisiin ratkaisuihin.
Tomi Engdahl says:
Venäjällä operaatio Atlantilla – Britannian sotalaivat matkaan
Kolme venäläistä sukellusvenettä havaittiin merenalaisten kaapelien lähettyvillä.
https://www.iltalehti.fi/ulkomaat/a/f8618dbf-a684-4dbf-91ce-79774e1fdbec
Britanniassa epäillään, että sukellusveneoperaation tarkoitus oli vahingoittaa maan merenalaisia kaapeleita, yleisradioyhtiö BBC uutisoi.
Venäläiset sukellusveneet liikkuivat Britannian aluevesillä yli kuukauden ajan, kertoo uutistoimisto Reuters.
Britannia lähetti sota-aluksia estämään Venäjän mahdolliset tihutyöt, kertoo Britannian puolustusministeri John Healey.
– Presidentti Putin, me näemme teidät, Healey sanoi ja varoitti Venäjää, että maan infrastruktuurin vahingoittamispyrkimyksillä olisi vakavat seuraukset.
UK says Russia ran submarine operation over cables and pipelines
https://www.bbc.com/news/articles/cre13qn9z7do
Three Russian submarines conducted a “covert” operation over cables and pipelines in waters north of the UK, Defence Secretary John Healey said.
A British warship and aircraft were deployed to deter the “malign” activity by Moscow and there was “no evidence” of any damage to UK infrastructure in the Atlantic, he added.
Addressing Russian President Vladimir Putin directly, Healey said: “We see you. We see your activity over our cables and our pipelines, and you should know that any attempt to damage them will not be tolerated and will have serious consequences.”
Tomi Engdahl says:
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
https://www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/?fbclid=IwdGRjcARGAA1leHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6sLyx3347xf3idVKMKZt5XbsJnVWdZ6rorP9xpV56mWJI34mRyJsaG55jQ-g_aem_5ayBmYCOWHXtsG8J8wDE-g
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation.
According to a joint advisory issued by multiple U.S. federal agencies on Tuesday, Iranian state-backed hacking groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.
“Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel,” the authoring agencies warned.
“The FBI identified that this activity resulted in the extraction of the device’s project file and data manipulation on HMI and SCADA displays.”
“Censys data identifies 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices,” Censys said.
“The United States accounts for 74.6% of global exposure (3,891 hosts), with a disproportionate share on cellular carrier ASNs indicative of field-deployed devices on cellular modems.”
To defend against these ongoing attacks, network defenders are advised to secure PLCs using a firewall or disconnect them from the Internet, scan logs for signs of malicious activity, and check for suspicious traffic on OT ports (especially when it originates from overseas hosting providers).
Admins should also enforce multifactor authentication (MFA) for access to OT networks, keep all PLC devices up to date, and disable unused services and authentication methods.
This ongoing campaign follows similar attacks from nearly three years ago, when a threat group affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) and tracked as CyberAv3ngers targeted vulnerabilities in U.S.-based Unitronics operational technology (OT) systems.
Tomi Engdahl says:
This makes them easy targets for other hackers. Learn more: https://cnews.link/north-korean-hackers-123456-passwords-easy-targets/
#hack
Tomi Engdahl says:
An amendment to the Crime and Policing Bill will be debated next week
Tech bosses could face jail for failing to remove revenge porn from websites
An amendment to the Crime and Policing Bill will be debated next week
https://www.independent.co.uk/news/uk/politics/revenge-porn-law-labour-jail-b2955232.html?fbclid=IwdGRjcARGA-1jbGNrBEYDy2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHnBpeI40dRuPmRkMKfASPtTEGtTQMD5nuTBRRXUeozxsHgUQYppXfuYbiRZr_aem_FOYu6Q7v6oYmv8ArGf-DWg
Tech executives could face personal liability, including imprisonment or fines, if their platforms fail to remove revenge porn when it is reported.
New government proposals would hold bosses accountable if their companies do not comply with Ofcom’s enforcement decisions regarding such content, provided there is no reasonable excuse.
UK
Tomi Engdahl says:
https://www.facebook.com/share/p/1CgZc4aJmn/
This research paper, “Hiding an Ear in Plain Sight,” exposes a startling privacy vulnerability in Fiber-to-the-Home (FTTH) networks. While optical fibers are prized for their immunity to electromagnetic interference and low signal loss, the authors demonstrate a critical side channel that allows for acoustic eavesdropping.
Attackers with access to just one end of a telecom fiber can use commercially available Distributed Acoustic Sensing (DAS) systems to detect sound-induced vibrations along the cable. However, because bare fibers lack sufficient sensitivity to airborne sound, the team introduces a “Sensory Receptor” that dramatically improves acoustic capture.
Their results show the ability to reconstruct private conversations, identify human activities, and even localize speakers indoors-all through passive monitoring of fiber optic infrastructure. This side-channel attack effectively transforms the backbone of modern internet connectivity into a long-range listening device.
The paper raises urgent privacy concerns for residential and commercial buildings wired with fiber optics, warning that the very infrastructure enabling high-speed communications may inadvertently expose our most private acoustic environments to undetectable remote surveillance.
Source: CyberSecurityNews
Tomi Engdahl says:
https://cybersecuritynews.com/fiber-optic-cables-microphones/amp/?fbclid=IwVERDUARGOpFleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6c0_TEilfeSZd4A3l_e3CgGqzmvD6qrL6KAlxh7vlPuDjsjXaMPcX_ZX7F_g_aem_o5pjRLGJkntUzXqUIicGww
Tomi Engdahl says:
Who watches the watchers,
who hacks the hackers?
FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’
The designation suggests the hackers successfully compromised swathes of sensitive data stored directly on FBI systems.
https://www.politico.com/news/2026/04/01/fbi-hack-surveillance-system-major-incident-00854237?fbclid=IwY2xjawRG9rdleHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6lKXDvoiuaadsIeURg3GLQZ_sN14ESWkeQ_SLS57fCLfOIE-aEJxNu6bpfpw_aem_7H1du4TtEWunSzgbCRyenA
The FBI last week deemed a recent China-linked cyber intrusion into a sensitive agency surveillance system a “major incident,” meaning it poses significant risks to U.S. national security, according to one congressional aide and two U.S. officials with knowledge of the matter.
The bureau first told Congress on March 4 that it was investigating suspicious activity on an internal agency system that contained “law enforcement sensitive information.” The FBI did not publicly identify who was behind the activity at the time, but POLITICO previously reported that China is suspected.
Tomi Engdahl says:
https://www.igorslab.de/en/warning-cpuid-suspected-of-being-a-virus-suspicious-hwmonitor-downloads-are-causing-alarm/?fbclid=IwdGRjcARG-B9jbGNrBEb4DWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHlSw8fZlnPVwmZS9whSfLFb20eF2ksmYNPmga8auE7sh8QReky3vGsGbqKc8_aem_JuPE-zNxA8pZYscY03hmDw
Tomi Engdahl says:
Users report that the CPUID website has been compromised: https://cnews.link/cpuid-hwmonitor-hwinfo-cpuz-deliver-malware/
Tomi Engdahl says:
https://kinsta.com/blog/website-downtime-hidden-costs/
Tomi Engdahl says:
Thousands of consumer routers hacked by Russia’s military
End-of-life routers in homes and small offices hacked in 120 countries.
https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/
Tomi Engdahl says:
Iranilaiset iskivät USA:n kriittiseen infrastruktuuriin
Hakkerit ovat kaapanneet haltuunsa erilaisia infran kannalta tärkeitä laitteita.
https://www.iltalehti.fi/digiuutiset/a/5627fe35-d798-4eff-9cd3-8539f4464650
Iranilaishakkereiden hyökkäykset Yhdysvaltain kriittisen infrastruktuurin laitteistoihin ovat lisääntyneet tuntuvasti Yhdysvaltain ja Israelin aloittaman hyökkäyksen jälkeen, Reuters uutisoi.
Hakkerit kohdistavat hyökkäyksiä julkisen verkon logiikkaohjaimiin sekä valvonta- ja tiedonkeruujärjestelmien näyttöihin muun muassa hallinnon palveluissa sekä vesi- ja energiasektoreilla. Kohteena olevia laitteita käytetään kriittiseen infrastruktuuriin liittyvien laitteiden ja järjestelmien ohjaamiseen tai niiden kanssa vuorovaikuttamiseen.
Hakkerit ovat tiettävästi varastaneet projektidataa sekä kopeloineet järjestelmien datatiedostoja niin, että näyttöjen antamat tiedot ovat muuttuneet.
– Muutamissa tapauksissa tämä toiminta on jo aiheuttanut operatiivisia häiriöitä ja taloudellisia menetyksiä, viranomaiset kertovat.
Tomi Engdahl says:
Iranian hackers’ targeting of US critical infrastructure has escalated since start of war, US says
https://www.reuters.com/world/middle-east/iranian-hackers-targeting-us-critical-infrastructure-has-escalated-since-start-2026-04-07/
Tomi Engdahl says:
https://sydht.ai/
© 2026 SO-YOU-DONT-HAVE-TO INCORPORATED’); DROP TABLE companies; –
Tomi Engdahl says:
Booking.com varoittaa asiakkaita tietomurrosta
Hakkerit ovat saattaneet saada käsiinsä varaustietoja ja nimiä, sähköposteja, osoitteita, puhelinnumeroita ja muita tietoja.
https://yle.fi/a/74-20220334
Tomi Engdahl says:
https://www.theguardian.com/technology/2026/apr/13/booking-com-customers-hack-exposed-data
Tomi Engdahl says:
https://www.securityweek.com/mitre-releases-fight-fraud-framework/
Tomi Engdahl says:
https://www.securityweek.com/the-hidden-roi-of-visibility-better-decisions-better-behavior-better-security/
Tomi Engdahl says:
Tekoälyaikana pelkkä käyttäjätunnus ja salasana ei enää riitä
https://etn.fi/index.php/13-news/18781-tekoaelyaikana-pelkkae-kaeyttaejaetunnus-ja-salasana-ei-enaeae-riitae
Pelkkään käyttäjätunnukseen ja salasanaan perustuva tunnistautuminen näyttää jäävän historiaan. Kun tekoäly mahdollistaa entistä uskottavammat tietojenkalastelut ja identiteettihuijaukset, digitaalinen turvallisuus hakee nyt tukea yllättävän perinteisestä ratkaisusta eli fyysisestä tunnisteesta.
Suomalainen Aventra on saanut kansainvälisen Common Criteria EAL4+ -sertifikaatin MyEID-älykortilleen, joka perustuu julkisen avaimen infrastruktuuriin. Sertifiointi ei ole pelkkä muodollisuus, vaan se edellyttää tuotteen, valmistusprosessin ja koko toimitusketjun läpikäyntiä ulkopuolisten tietoturva-auditoijien toimesta. Yhtiön mukaan kyse on tällä hetkellä ainoasta pohjoismaisesta vahvaan tunnistautumiseen tarkoitetusta sirukortista, jolla on sekä EAL4+- että eIDAS-sertifiointi.
Kehityksen taustalla on selkeä muutos uhkakuvassa. Perinteiset tunnistetiedot eivät enää riitä, kun hyökkääjät voivat automatisoida ja skaalata hyökkäyksiä tekoälyn avulla. Yksikin onnistunut kalasteluviesti voi avata pääsyn koko järjestelmään, jos tunnistautuminen perustuu pelkkiin salasanoihin.
Aventran MyEID-kortti tallentaa yksityiset avaimet suojattuun mikrokontrolleriin ja hyödyntää vahvoja algoritmeja, kuten elliptisen käyrän kryptografiaa ja AES-salausta. Korttia käytetään kaksivaiheisessa tunnistautumisessa, mutta myös sähköisessä allekirjoittamisessa, jossa voidaan varmistaa tiedon eheys ja kiistämättömyys.
Muutos ei koske vain käyttäjiä. Samat mekanismit ovat siirtymässä myös laitteisiin. Älykorttia voidaan käyttää IoT-laitteiden tunnistamiseen ja hallintaan, mikä tekee identiteetistä keskeisen osan koko järjestelmän turvallisuutta.
Vahva tunnistautuminen ei enää tarkoita pelkkää lisäkoodia tai sovellusta, vaan yhä useammin fyysistä turvaelementtiä, joka sitoo digitaalisen identiteetin konkreettiseen laitteeseen.
Tomi Engdahl says:
Rachel Metz / Bloomberg:
OpenAI rolls out GPT-5.4-Cyber, a fine-tuned GPT-5.4 variant for defensive cybersecurity use cases, to some participants of its Trusted Access for Cyber program — OpenAI is letting a select group of users access a new artificial intelligence model that’s meant to be more adept …
https://www.bloomberg.com/news/articles/2026-04-14/openai-releases-cyber-model-to-limited-group-in-race-with-mythos
Tomi Engdahl says:
Sean Hollister / The Verge:
The FCC grants Netgear a conditional approval to import its future consumer routers, cable modems, and cable gateways into the US through October 1, 2027 — Make it make sense. Make it make sense. … The United States’ foreign router ban didn’t make a whole lot of sense, and today may not change that.
The FCC just saved Netgear from its router ban for no obvious reason
https://www.theverge.com/tech/911888/netgear-router-ban-conditional-approval
The United States’ foreign router ban didn’t make a whole lot of sense, and today may not change that. The FCC has just granted Netgear a conditional approval to import its future consumer routers, cable modems, and cable gateways into the US through October 1st, 2027 — even though the company builds those devices in Asia and has not announced any plan to bring manufacturing to the United States.
Neither the FCC’s announcement nor Netgear’s announcement explain why Netgear was granted the temporary exemption. The FCC only states that the Pentagon has now made “a specific determination” that “such devices do not pose risks to U.S. national security.”
That’s strange, given how the FCC’s original and exceptionally loose justification for the entire router ban was that foreign routers automatically pose a national security threat because of incidents like Volt Typhoon, where Netgear routers were among those primarily targeted by the Chinese hacking group. (The issue was arguably US telecom companies and router owners not following basic security best practices like updating firmware and changing default passwords, not the routers themselves.)
Tomi Engdahl says:
https://hackaday.com/2026/04/15/dont-trust-password-managers-hippo-may-be-the-answer/
Tomi Engdahl says:
This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool
https://hackaday.com/2026/04/10/this-week-in-security-flatpak-fixes-android-malware-and-scada-was-iot-before-iot-was-cool/
Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
Rowhammer attacks attach the electrical characteristics of RAM, using manipulation of the contents of RAM to cause changes in the contents of adjacent memory cells. Bit values are just voltage levels, after all, and if a little charge leaks across from one row to the next, you can potentially pull a bit high by writing repeatedly to its physical neighbors.
https://gddr.fail/
Tomi Engdahl says:
PLC takeover
Finally, this week’s “you hope it’s not your problem” is an advisory from CISA, the United States cyber security agency. It appears that Iranian state-sponsored agents have been attacking Programmable Logic Controller (PLC) systems. Usually outside the realm of the home hacker, PLC systems like these are used to control factories, power plants, water treatment facilities, and other industrial scale facilities.
https://hackaday.com/2026/04/10/this-week-in-security-flatpak-fixes-android-malware-and-scada-was-iot-before-iot-was-cool/
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a
Tomi Engdahl says:
https://www.securityweek.com/10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networks/
Tomi Engdahl says:
Telia estää asiakkaitaan menemästä näille sivustoille
Uusi suojaustoiminto estää huijaussivuja automaattisesti.
https://www.iltalehti.fi/digiuutiset/a/3a0b5a69-002a-4849-b6d5-791bb4d93674
Telia tuo liittymiinsä lisäturvaa haittasivuvahdin muodossa.
– Se estää tunnistetut huijaus- ja haittasivustot jo verkon tasolla ilman erillisiä sovelluksia tai asetuksia. Tämä on merkittävä askel kohti ennakoivaa tietoturvaa, Telian kuluttajatuotteista vastaava johtaja Jussi Vuorinen sanoo tiedotteessa.
Vuorinen kuitenkin korostaa, ettei uusi suojaus poista asiakkaan tarvetta valppauteen netissä. Ominaisuus auttaa estämään vain tiedossa olevat huijaussivustot.
Haittasivuvahti on osa uutta turvallisuuskeskeistä Rehti-liittymävalikoimaa. Liittymissä on mukana myös huijauspuheluvahti ja mobiilivarmenne.
Elisa ja DNA toivat huijaussivuja tunnistavan ja estävän toiminnon liittymiinsä vuosi sitten.
Telia kertoo, että haittasivuvahti on jo ollut sillä käytössä Norjassa, jossa se on auttanut estämään kuukausitasolla jopa 6,5 miljoonaa vierailua vaarallisilla verkkosivuilla.
Ratkaisu puree tunnettuun vitsaukseen ennaltaehkäisevästi. Koska rikollisten väärentämät verkkosivustot voivat olla pahimmassa tapauksessa käytännössä identtisiä aitojen sivujen kanssa, on parempi, ettei niille eksytä laisinkaan.
– Yhä useammin käyttäjä ohjataan huomaamattaan haitalliselle sivustolle hakukoneissa tai somekanavissa. Siksi suojauksen pitää toimia taustalla ja estää tilanne, ennen kuin vahinko ehtii tapahtua, Vuorinen sanoo.
Uusi suojaus estää huijaussivuja automaattisesti – Telia tuo turvallisuuden osaksi liittymiä
https://www.sttinfo.fi/tiedote/71956915/uusi-suojaus-estaa-huijaussivuja-automaattisesti-telia-tuo-turvallisuuden-osaksi-liittymia?publisherId=69820923&lang=fi
Telia vastaa verkkohuijauksiin uudella Telia Rehti -liittymävalikoimalla, jossa turvallisuus on rakennettu osaksi puhelinliittymää. Mobiilivarmenteen ja huijauspuheluvahdin rinnalle tuodaan haittasivuvahti.
Vuonna 2025 operaattori esti yli 16,5 miljoonaa huijauspuhelua asiakkaiden liittymiin ja huijarit etsivät jatkuvasti uusia keinoja. Huijaukset ovat siirtyneet yhä vahvemmin myös haitallisille verkkosivuille. Suomalaiset menettivät viime vuonna verkkorikollisille arviolta yli 70 miljoonaa euroa.
Telia vahvistaa asiakkaiden suojaa verkkohuijauksia vastaan tuomalla haittasivuvahdin osaksi puhelinliittymiä. Norjassa jo käytössä oleva ratkaisu on estänyt jopa 6,5 miljoonaa siirtymää kuukaudessa haitallisille verkkosivuille.
”Uusi suojaus ei poista asiakkaiden valppauden tarvetta netissä, mutta se tarjoaa tehokasta lisäturvaa. Se estää tunnistetut huijaus- ja haittasivustot jo verkon tasolla ilman erillisiä sovelluksia tai asetuksia. Tämä on merkittävä askel kohti ennakoivaa tietoturvaa”, kertoo Telian kuluttajatuotteista vastaava johtaja Jussi Vuorinen.