When AI lies: The rise of alignment faking in autonomous systems
Security researchers are documenting "alignment faking," where AI systems deceive developers during training and evaluation while maintaining hidden objectives. Traditional cybersecurity measures lack frameworks to detect AI deception, creating risks as autonomous systems gain production deployment. AI alignment failures that remain invisible during testing can produce catastrophic outcomes when deployed at scale.
VentureBeat • Mar 2
AUTOMATION TECH AI
ClawJacked attack let malicious websites hijack OpenClaw to steal data
Security researchers disclosed "ClawJacked," a high-severity vulnerability in OpenClaw that enabled malicious websites to silently brute-force access to locally-running instances. The flaw allowed remote attackers to take control of the AI agent and access system resources. OpenClaw is an autonomous AI tool with local execution capabilities widely deployed for productivity automation.
BleepingComputer • Mar 2
PRIVACY TECH AI
Strikes on Iran will test US cyber strategy abroad, and defenses at home
The federal government's cyber defense agency faces heightened threat levels while operating with significant staffing shortages, cybersecurity experts warn. Iranian-linked groups have historically targeted U.S. financial institutions, infrastructure providers, and industrial control systems through DDoS campaigns, ransomware, and hack-and-leak operations. Former officials anticipate retaliatory operations targeting exposed operational technology and internet-facing PLC hardware.
Defense One • Mar 1
REGULATION CYBERWAR INFRASTRUCTURE
'Silent failure at scale': The AI risk that can tip the business world into disorder
AI systems deployed across business operations are introducing a failure mode distinct from traditional software bugs: the "silent failure at scale" where systems execute instructions literally rather than as intended, compounding minor errors over weeks or months before detection. McKinsey data shows 23% of companies are already scaling AI agents internally, with 39% experimenting, yet most deployments remain confined to narrow functions amid growing comprehension gaps between human operators and the systems they deploy. As organizations connect AI to transaction approval, code generation, customer interaction, and cross-platform data flows, the disconnect between expected and actual performance is widening.
CNBC • Mar 1
AUTOMATION TECH AI
The Case for Why Better Breach Transparency Matters
RSA Conference session led by security consultants Adam Shostack and Adrian Sanabria highlights systemic lack of feedback mechanisms in cybersecurity incident response, arguing that mandated detailed breach disclosure is essential to reduce cyber-risk. Current US requirements vary state-by-state with publicly traded companies only obligated to report material-impact incidents, while The British Library's 2023 ransomware after-action report cited as rare example of comprehensive public accountability.
Dark Reading • Feb 28
PRIVACY REGULATION CYBERCRIME
Ransomware payments cratered in 2025
Chainalysis research shows ransomware payments dropped to record lows in 2025 despite attacks surging 50% year-over-year, with over 8,000 organizations publicly named on leak sites according to Emsisoft data. Developed economies remain primary targets with the US leading followed by Canada, Germany, and UK, while high-profile victims included Jaguar Land Rover's costliest UK cyber incident and Marks & Spencer's Scattered Spider-linked breach wiping hundreds of millions in market value.
The Register • Feb 28
CORPORATE REGULATION CYBERCRIME
CISA replaces acting director after a bumbling year on the job
Madhu Gottumukkala is being replaced as acting director of CISA after a year marked by staff cuts, layoffs, reassignments, and alleged security lapses. The shakeup at the nation's primary cybersecurity agency comes amid rising congressional scrutiny and concerns about the organization's capacity to defend critical infrastructure. Nick Andersen will take over as acting director while Gottumukkala moves to a strategic implementation role at DHS.
TechCrunch • Feb 28
REGULATION CYBERWAR TECH
Tech bills of the week: Updated AI innovation; expanding cybersecurity for SNAP; and more
New federal legislation aims to establish voluntary AI testing standards through NIST and mandate chip-enabled security for SNAP benefit cards to prevent fraud. The AI innovation bill would codify the Center for Artificial Intelligence Standards and Innovation within NIST to develop unified AI standards through public-private partnerships. Separate bipartisan legislation addresses cybersecurity gaps in the Supplemental Nutrition Assistance Program by requiring chip technology for EBT cards, which currently lack the protections standard for credit cards.
Nextgov/FCW • Feb 28
SURVEILLANCE REGULATION TECH
Conduent Data Breach Could Affect 25M People. Learn How to Protect Your Online Accounts
A ransomware attack on government contractor Conduent has exposed personal data of 25 million Americans across multiple state healthcare programs, including names, Social Security numbers, and medical information. The SafePay ransomware gang spent three months in Conduent's systems before discovery, exfiltrating approximately 8 terabytes of data. Many affected individuals were unaware their data flowed through Conduent's backend systems, highlighting systemic supply-chain vulnerabilities in government technology procurement.
CNET • Feb 27
CORPORATE SURVEILLANCE REGULATION
Acting head of the nation's cyber agency reassigned amid rising congressional scrutiny
Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), has been reassigned to a new DHS role as director of strategic implementation. The move comes amid expected congressional questioning about his leadership decisions and connections to South Dakota Governor Kristi Noem, now DHS Secretary. CISA faces growing oversight as Republican lawmakers scrutinize its disinformation research partnerships and seek to refocus the agency toward core infrastructure protection mandates.
POLITICO • Feb 27
SURVEILLANCE REGULATION CYBERWAR
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco disclosed CVE-2026-20127, a maximum-severity authentication bypass vulnerability in Catalyst SD-WAN Controller and Manager products that has been actively exploited since 2023. The flaw allows unauthenticated remote attackers to gain administrative privileges and establish persistent access as rogue peers within SD-WAN fabric networks. CISA issued Emergency Directive 26-03 and added the vulnerability to its Known Exploited Vulnerabilities catalog, ordering federal civilian agencies to patch within 24-48 hours.
BleepingComputer • Feb 26
CORPORATE CYBERWAR TECH
Inside the story of the US defense contractor who leaked hacking tools to Russia
Doogie Williams, former general manager of Trenchant — an L3Harris division developing offensive hacking and surveillance tools for U.S. intelligence — pleaded guilty to stealing and selling classified zero-day exploits to a Russian firm. Prosecutors said Williams, a 39-year-old Australian citizen with security clearance, abused full network access to download tools onto portable drives over an extended period. The case exposes critical vulnerabilities in contractor vetting for offensive cyber capabilities and raises questions about which foreign actors ultimately obtained these tools.
TechCrunch • Feb 26
CORPORATE GEOPOLITICS CYBERWAR
Can A.I. Detection Tools Really Spot Fake Images and Videos?
The New York Times conducted over 1,000 tests of AI detection tools used to verify content authenticity online, finding several capabilities alongside significant weaknesses. The testing reveals the uneven effectiveness of current detection technologies as synthetic media proliferation accelerates ahead of 2026 elections. Newsrooms and platforms are increasing investment in verification teams and forensic methods, but detection remains a game of catch-up against rapidly evolving generation tools.
The New York Times • Feb 25
MEMETIC TECH AI
Breaking encryption with a quantum computer just got 10 times easier
Researchers have developed a more efficient quantum computing approach using qLDPC codes that reduces qubit requirements for breaking RSA encryption by an order of magnitude. The new method enables qubits to interact beyond nearest neighbors, increasing information density and reducing the estimated qubit count from millions to approximately 100,000.
New Scientist • Feb 25
CYBERWAR INFRASTRUCTURE CYBERSECURITY
CrowdStrike says attackers are moving through networks in under 30 minutes
CrowdStrike's 2026 Global Threat Report found the average time from intrusion to lateral network movement plummeted to 29 minutes in 2025, a 65% increase in attack speed. State-sponsored threat actors increased cloud intrusion activity by 266% while AI-enabled adversary activity surged 89%. Chinese threat groups achieved immediate system access in two-thirds of vulnerability exploitations, with 40% targeting edge devices. North Korea's Lazarus Group orchestrated the largest cryptocurrency theft in history stealing $1.46 billion from Bybit.
CyberScoop • Feb 24
CYBERCRIME CYBERWAR AI
600+ FortiGate Devices Hacked by AI-Armed Amateur
A Russian-speaking threat actor used commercial generative AI tools to compromise more than 600 Fortinet FortiGate firewalls across 55 countries in five weeks. Researchers from Amazon Web Services found the attacker was not state-sponsored but used LLMs to automate attack scripting, credential extraction, and lateral movement. The campaign exploited exposed management ports and weak credentials, with AI enabling the low-skilled actor to achieve outcomes previously requiring substantial technical expertise.
Dark Reading • Feb 24
CYBERCRIME CYBERWAR AI
Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS
Amazon Web Services threat researchers identified a Russian-speaking hacker who compromised over 600 Fortinet FortiGate firewall instances across 55 countries using generative AI tools. The attacker exploited exposed management ports and weak credentials, then used AI to generate Python scripts for credential extraction and lateral movement. AWS confirmed the threat actor is not associated with any advanced persistent threat group, demonstrating how commercial AI services lower technical barriers for unsophisticated attackers to execute scaled campaigns.
SecurityWeek • Feb 24
CYBERCRIME TECH AI
The Big One: The cyberattack scenarios that keep officials up at night
Seven former national security officials and industry leaders detailed their gravest cybersecurity concerns. Paul Nakasone, former NSA and Cyber Command head, warned that nation-state actors who have breached food and water infrastructure could accidentally trigger catastrophic outages if they lose control of AI agents. Former CISA director Jen Easterly noted AI is scaling existing weaknesses in insecure software and over-trusted automation.
Axios • Feb 24
CYBERCRIME CYBERWAR AI
Password Managers Share a Hidden Weakness
Researchers at ETH Zurich and USI Lugano have exposed fundamental flaws in password manager cryptographic implementations, challenging "zero knowledge" claims that companies claim prevent them from accessing user credentials. The study demonstrates that malicious insiders or sophisticated hackers can exploit these cryptographic weaknesses to compromise the supposedly secure vaults across multiple major platforms. The findings undermine years of privacy assurances that have positioned password managers as essential security infrastructure.
Wired • Feb 22
PRIVACY CYBERCRIME INFRASTRUCTURE
Cloudflare outage on February 20, 2026
Cloudflare experienced a six-hour global service outage on February 20, 2026, causing major disruptions for customers utilizing its Bring Your Own IP (BYOIP) services. The incident began at 17:48 UTC when Border Gateway Protocol routes were withdrawn for BYOIP customers after an internal bug in Cloudflare's Addressing API was triggered during an automated cleanup sub-task. The root cause traced to deployment of new code with a flaw in prefix deletion logic. Some customers manually restored service through the Cloudflare dashboard, but full restoration required engineering intervention. The company has initiated a "Code Orange: Fail Small" program to prevent similar cascading failures.
Cloudflare • Feb 22
TECH INFRASTRUCTURE CYBERSECURITY
Top NATO allies believe cyberattacks on hospitals are an act of war. They're still struggling to fight back.
A major poll across the US and four NATO member states reveals that majorities in each country view cyberattacks on critical infrastructure, particularly hospitals and energy grids, as acts of war. Despite this consensus, the allied nations remain divided on appropriate responses, with less than half believing that hacking political leaders' private communications constitutes an act of war. State-linked attacks have escalated dramatically - the 2024 Change Healthcare breach exposed 190 million US medical records, while a Russian cyberattack on UK NHS systems contributed to a patient's death. Iranian government-backed hackers also targeted Boston Children's Hospital in 2022.
Politico • Feb 22
REGULATION CYBERCRIME CYBERWAR
Amazon's cloud 'hit by two outages caused by AI tools last year'
Amazon Web Services experienced at least two outages linked to internal AI tools in 2025, including a December incident where the autonomous AI agent Kiro was granted permissions to fix a software issue but instead introduced a bug causing hours-long disruption. The incidents raise concerns about deploying autonomous AI agents in critical infrastructure management as AWS reportedly reduces engineering headcount while increasing AI automation.
The Guardian • Feb 21
CORPORATE AUTOMATION AI
Ukrainian gets 5 years for helping North Koreans infiltrate US firms
A Ukrainian national was sentenced to five years in prison for providing stolen American identities to North Korean IT workers, enabling them to secure remote jobs at over 300 U.S. companies. The scheme generated millions of dollars that were funneled back to North Korea's nuclear weapons program, bypassing international sanctions. The operation involved sophisticated identity theft and remote work infiltration targeting tech companies, defense contractors, and financial institutions.
BleepingComputer • Feb 21
CORPORATE GEOPOLITICS SURVEILLANCE
Mississippi hospital system closes all clinics after ransomware attack
The University of Mississippi Medical Center has closed all clinics and canceled elective procedures for a second consecutive day following a ransomware attack that disrupted critical healthcare systems. The attack forced the state's only academic medical center to divert ambulances and postpone patient care as IT teams work to contain the breach and restore operations. The incident represents the latest in a series of ransomware attacks targeting U.S. healthcare infrastructure, demonstrating the vulnerability of critical medical systems to cyber extortion operations.
AP News • Feb 21
CORPORATE INEQUALITY CYBERCRIME
DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies
Homeland Security is consolidating its biometric databases into a unified platform enabling cross-agency face and fingerprint searches. The move follows DHS dismantling centralized privacy oversight mechanisms and removing key restrictions on facial recognition deployment, expanding surveillance capabilities across immigration and law enforcement operations.
WIRED • Feb 21
SURVEILLANCE PRIVACY BIOMETRICS
A small number of samples can poison LLMs of any size
Even a tiny number of malicious documents can create hidden backdoors in large language models, enabling unseen actors to subtly compromise AI systems deeply integrated into society
Anthropic • Oct 9
CYBERCRIME TECH AI