www.ncsc.gov.uk/passkeys

France confirms data breach at government agency that manages citizens' IDs | TechCrunch The French government agency that issues and manages national IDs, passports, and other documents, announced that hackers stole the personal information of an unspecified number of citizens.

The French government agency that issues and manages national IDs, passports, and other documents, announced that hackers stole the personal information of an unspecified number of citizens.

UK government says 100 countries have spyware that can hack people's phones | TechCrunch The U.K.'s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and other cyberthreats, with more governments having access to the powerful surveillance technology than ever.

The U.K.'s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and other cyberthreats, with more governments having access to the powerful surveillance technology than ever.

Is Claude Code going to cost $100/month? Probably not—it’s all very confusing Anthropic today quietly (as in silently, no announcement anywhere at all) updated their claude.com/pricing page (but not their Choosing a Claude plan page, which shows up first for me on …

Wrote up Anthropic's self-own about Claude Code pricing from this afternoon on my blog - it turned out they'd reversed course just as I hit publish, so I've tried to update it to reflect the current state
simonwillison.net/2026/Apr/22/...

Anthropic stealth-removed Claude Code from $20 Pro tier. Updated docs only, no announcement. Amazon's $25B investment apparently changed priorities fast. Classic www.implicator.ai/anthropic-built-its-repu...

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.

A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.

mastodon.social - Status mastodon.social Status

Mastodon.social is being DDoS right now. That's bad. It was bad when Bluesky was DDoSed. It's bad when open social platforms are attacked.

status.mastodon.social

Grafik in Blaugrün mit dem Hinweis, dass KI-Inhalte oft täuschend echt wirken. Empfohlen wird, genauer hinzuschauen und mehrere Prüfmethoden zu kombinieren, um sich besser vor Täuschungen zu schützen.

🤖 Echt oder nur täuschend echt?

📊 KI-Bilder und -Videos fluten das Netz. Gleichzeitig wird es immer schwerer, echte Inhalte von Fakes zu unterscheiden.

Die Ergebnisse aus dem #Cybersicherheitsmonitor zeigen wir hier:
https://www.bsi.bund.de/dok/1078326

#CybernationDeutschland #BSI

Debugging Multi-Agent AI: When the Failure is in the Space Between Agents Multi-agent observability is exponentially harder than single-agent monitoring. Here's how to trace, debug, and monitor AI systems where agents orchestrate other agents.

If you're building multi-agent AI systems, your existing monitoring probably isn't enough 🤷‍♀️

Our latest blog post outlines how to debug the space between agents. Check it out!

blog.sentry.io/debugging-multi-agent-ai-when-the-failure-is-in-the-space-between-agents

Deutschland im Visier – und der Mittelstand zahlt die Rechnung. Neue Daten des Google Threat Intelligence Group (April 2026) sind alarmierend: Deutschland ist 2025 wieder zur Nummer 1 unter den europäischen Zielen von Ransomware-Gruppen aufgestiegen. #Ransomware #Mittelstand #Google #Cybercrime

⚠️ #NIS2 betrifft nicht nur große Unternehmen, sondern ist abhängig von u.a. der Rolle eures Unternehmens, wie bestimmte Sektoren, KRITIS-Betreiber & Einrichtungen der Bundesverwaltung.

👉 Betroffenheitsprüfung:
www.bsi.bund.de/dok/nis-2-betroffenheits...

#NISverständnis #nis2know

Wer sich für Buy European interessiert und wissen möchte, was der Industrial Accelerator Act für die Industrie leisten kann --> Erklärungen & Einschätzungen in der neuen Podcast-Folge👇

& stay tuned - bald kommt auch ein JDC Policy Brief zum Thema

Anthropic's Mythos found zero-days in every major OS/browser for <$50 per run. 27-year-old OpenBSD TCP bug. 16-year FFmpeg flaw. 52 orgs get early access via $100M Glasswing program. #cybersecurity www.implicator.ai/the-50-exploit-the-eight...

Thanks to AI, and the 10x productivity gains, we are only 6 months away from being able to cancel our online accounts without having to call, email, or talk to someone offline first.

Warning to open source maintainers: the Axios supply chain attack started with some
very sophisticated social engineering targeted at one of their developers simonwillison.net/2026/Apr/3/s...

I just published a deep-dive into the 250-hour build behind syntaqlite, a SQLite formatter and LSP I built using AI agents.

AI agents were the only reason built this after 8 years of wanting but there's a psychological toll to AI-assisted engineering.

The post-mortem:
lalitm.com/post/buildin...

Highlights from my conversation about agentic engineering on Lenny’s Podcast I was a guest on Lenny Rachitsky’s podcast, in a new episode titled An AI state of the union: We’ve passed the inflection point, dark factories are coming, and automation …

I was a guest on @lennysan's podcast! We talked about agentic engineering and all sorts of other LLM-related topics for 1h39m(!), plus a little bit about kākāpō parrots - here's my selection of highlights from our conversation simonwillison.net/2026/Apr/2/l...

Ein Angriff über das kompromittierte Open-Source-Tool Trivy hat offenbar die IT-Infrastruktur von Sportradar – einem der weltweit führenden Sportdatenanbieter mit über 1 Mrd. € Umsatz – erschüttert. #SupplyChain #Sportradar #Trivy #Hackerangriff #Cybercrime

Europe’s cyber agency blames hacking gangs for massive data breach and leak | TechCrunch CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.

CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.

Supply chain attacks are becoming more frequent, and far more serious.

What are sensible practices to protect against these when using Node or Python packages?

I assume pinning versions is the bare minimum; for those with security teams / tools: why else do you do / can you do?

Illustration depicts a group of people happily connecting puzzle pieces. Text says "Become a Supporting Member!"

🔒 To continue our work towards a more #privacy-friendly future, noyb requires stable, long-term funding. Individuals like yourself can play an integral part in this task by joining noyb as a Supporting Member.

Follow the link to learn more 👉 https://noyb.eu/en/support-us

European Commission confirms cyberattack after hackers claim data breach  | TechCrunch The European Union's top executive body has confirmed a cyberattack after hackers reportedly stole reams of data from the European Commission's cloud storage.

The European Union's top executive body has confirmed a cyberattack after hackers reportedly stole reams of data from the European Commission's cloud storage.

Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks | TechCrunch Leaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.

Leaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.

"NIS-2? Kümmert sich darum nicht die IT?" NIS-Verständnis statt Missverständnis

❌ Falsch: Verantwortlich für die Umsetzung von NIS-2 im Unternehmen ist die Geschäftsleitung.

👉 Ist euer Unternehmen betroffen? Hier bekommt ihr eine erste Einschätzung: www.bsi.bund.de/dok/nis-2-betroffenheits...

#nis2know #CybernationDeutschland #Cybersicherheit #BSI

Delve did the security compliance on LiteLLM, an AI project hit by malware | TechCrunch LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

One thing I'm really proud of with MCP is that we actually document the security stuff that can go wrong instead of pretending it doesn't exist.

if you're building with MCP auth, the guide we have on the public docs is genuinely worth a read: dsc.ai/sbp

Today we’re launching a Safety Bug Bounty program focused on identifying AI abuse and safety risks across OpenAI products. (1/2)

Cyber Security Report 2026 | Schwarz Digits Der Cyberraum ist ein Schlachtfeld. Schwarz Digits liefert im Cyber Security Report 2026 die nötige Orientierung für eine sichere digitale Transformation.

202 Milliarden Euro Schaden. Jedes Jahr. Allein in Deutschland. Der Cyber Security Report 2026 von Schwarz Digits ist erschienen. Der Report liefert interessante Daten und Informationen. #CyberSecurity #Ransomware #SchwarzDigits #Cybercrime #Hackerangriff

schwarz-digits.de/publikatione...

Given today's LiteLLM supply chain attack, what are people's preferred development environment sandboxes on MacOS these days?

I think it's time I started running my development environments somewhere where rogue code can't steal all my ~/... credential files

Fazit: ❌ Zu klein für Cyberkriminelle gibt es nicht. ✅ Zu wichtig, um Cybersicherheit zu ignorieren, schon. Wir als BSI liefern wichtige Informationen für KMU, um Informations- und Cybersicherheit praxisnah umzusetzen. Mehr Infos im Link im Beitrag.

Gelbe Grafik mit binärem Zahlenmuster im Hintergrund mit einem orangenen Kreis und schwarzem Text: „Cyberangriffe treffen doch nur große Konzerne.“ Wiegt viele Betriebe in Sicherheit. Ist aber falsch.

99,3 % aller Unternehmen in Deutschland sind KMU.* Sie beschäftigen über die Hälfte aller Arbeitnehmenden. Viele sind Hidden Champions – hoch spezialisiert, wirtschaftlich relevant. Kurz: KMU sind kein Randthema. *Quelle: BSI Brosc

So werden KMU getroffen: Cyberangriffe auf KMU sind meist nicht gezielt; automatisiert und breit gestreut. Getroffen wird, wer schlecht geschützt ist; unvorbereitet reagiert. Größe schützt nicht. Vorbereitung schon.

„Zu klein für Cyberkriminelle?“

Leider ein Mythos. #KMU sind häufig betroffen, weil Angriffe heute automatisiert ablaufen.

Wir im #BSI klären auf und unterstützen bei #Cybersicherheit für Unternehmen.

Mehr Infos hier: https://www.bsi.bund.de/dok/KMU
#CybernationDeutschland