The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
DORA Article 9 turns credential hygiene into a binding EU financial control
The Digital Operational Resilience Act, in force across the EU since January 2025, recasts credential management as a supervised financial risk control rather t
FIRESTARTER implant persists on federal Cisco Firepower device through patching
A backdoor tracked as FIRESTARTER was recovered from a Cisco Firepower appliance in use at a U.S. federal agency, with the implant demonstrating the ability to
Glasswing Locks Down the Code, But Your Stack's Exposure Is Still Yours to Own
Glasswing's pitch centers on hardening application code itself, closing off a class of vulnerabilities at the source layer. That narrows one attack surface, but
Hidden Bluetooth tracker in postcard exposes Dutch warship's location
A journalist at Dutch outlet Omroep Gelderland followed a public mailing address on the Dutch government website and slipped a Bluetooth tracker inside a postca
Latin America Overtakes Africa as Most-Attacked Region in Q1 2026
Regional cyberattack rankings shifted this quarter, with Latin America surpassing Africa as the most-targeted region globally. The change reflects a measurable
Lazarus Group Pivots ClickFix Social Engineering to macOS Targets
North Korea's Lazarus Group has extended its ClickFix campaign to macOS, expanding a technique previously aimed at Windows users. ClickFix relies on social engi
Microsoft Entra passkeys land on Windows, closing a gap on unmanaged devices
Microsoft is rolling out Entra passkey support on Windows starting late April, with general availability targeted for mid-June 2026. The feature lets users crea
Pack2TheRoot: 12-year-old PackageKit flaw hands local users root on most Linux distros
A high-severity vulnerability in PackageKit, the daemon that brokers software install and update requests across most Linux distributions, lets unprivileged loc
Project Glasswing: AI Finds the Bugs, But Humans Still Bottleneck the Fix
Project Glasswing demonstrated that AI systems can surface software vulnerabilities at a pace and scale human auditors cannot match. The finding pipeline is no
Rituals breach exposes member data from 41M-strong loyalty database
Dutch cosmetics retailer Rituals confirmed that an attacker exfiltrated personal records from its My Rituals loyalty program database earlier this month. Expose
The AI Agent Authority Gap: Why Continuous Observability Must Drive Runtime Decisions
Enterprise AI agents are being granted production-level permissions—executing trades, modifying records, calling internal APIs—without the runtime controls that
ThreatsDay Roundup: $290M DeFi Heist, macOS LotL Abuse, ProxySmart SIM Farms
The latest ThreatsDay bulletin spans a wide threat surface in a single news cycle. A $290M DeFi exploit dominates the financial-crime beat, underscoring that on