OVHcloud accelerates the quantum industry with Quandela’s Belenos

Posted in Commentary with tags on April 17, 2026 by itnerd

At the Quantum Defence Summit, OVHcloud and Quandela announce the availability of the Belenos computer on OVHcloud’s Quantum platform.

Unveiled last autumn, the OVHcloud Quantum Platform makes quantum computing, a breakthrough technology, more accessible through a Quantum-as-a-Service (QaaS) consumption model. With the addition of Belenos, OVHcloud continues to deploy its ambitious roadmap of quantum computers accessible through the cloud.

Quandela Belenos leverages photonic quantum technology to offer a compute power of 12 qubits. It helps organisations to experiment with new algorithms in innovative domains such as image sorting and generation, accelerated AI calculus, or quantum machine learning (QML). New use cases in the fields of electromagnetic simulation, structural mechanics, engine combustion, material simulation, meteorology, and earth observation also benefit from the advances in quantum computing.

Supporting the European and Canadian quantum ecosystem since 2022, the Group offers the widest range of quantum emulators leveraging its infrastructures with over a thousand users. With 15 affordable quantum emulators (including Perceval and MerLin) starting at $0.05 CAD per hour, the Group helps users to grow their familiarity with different quantum computing models.

The OVHcloud Quantum Platform gives access to full-fledged quantum computers, to support the acceleration and growing adoption of quantum computing within private organisations. The Belenos QPU is offered in a “as-a-service” mode and benefits from a pay-as-you-go billing with billing per second without commitment.

Learn more about OVHcloud Quantum Platform here.

Leave a comment »

Iran War Cyber Threat Outlook: Conflict Phases and What Comes Next 

Posted in Commentary with tags on April 17, 2026 by itnerd

Since the Iran War began on February 28th, the SOCRadar threat team has tracked 1,357 incidents prominent in the first month that spanned 25+ countries, 15+ sectors, and 40+ distinct attack groups.

In a threat outlook published this morning, SOCRadar’s up-to-date assessment of the conflict reveals a significant pattern: the cyber dimension of this conflict has moved through distinct, recognizable phases, each with a different threat profile for organizations operating in targeted regions and sectors.

According to the analysis, the phases of the Iran war have so far included: 

  1. Kinetic Shock & Cyber Reflection (Feb 28-Mar 6)
  2. Coalition Building & Geographic Expansion (Mar 7-16)
  3. Persistent Operations & Recon (Mar 16-31)
  4. Entrenchment & Escalation (Ongoing)

The analysis also covers a statistical breakdown of the most common attack types (DDoS by far the most prevalent), top targeted countries (Israel), and the top targeted sectors. 

For a full breakdown on how the cyber aspect of this war has unfolded since its onset, including an in-depth analysis of each phase, you can find the analysis here: https://socradar.io/blog/iran-war-cyber-threat-outlook-conflict-phases/

Leave a comment »

Here Is A Extortion Phishing Email Of A Different Sort

Posted in Commentary with tags on April 17, 2026 by itnerd

For years, I’ve been covering extortion phishing emails where they have a rather predictable pattern.

  • Some “hacker” claims to have bypassed your security
  • They have caught you watching “adult content”
  • They have proof that they will send to your friends and family unless you pay them in Bitcoin

Today I am going to detail something a bit different. My honeypot captured this email early this morning:

Now this kind of fits the pattern of other extortion emails that I have reported on. But what makes this different is the use of Grafana in the email. This is a company that does visualization and analysis of metrics, logs, traces, profiles, and beyond. Which means that if you are using their products, you can spot problems easier because those problems can be surface easier.

This is the first time that I have seen something like this. Which means other threat actors might try the same thing What I am thinking is that the threat actors are using Grafana’s name to try and give themselves some legitimacy. I guess I kind of stuffed that by going public with this. And I am going to stuff it some more by alerting the company to the fact that their name is being used like this.

Other than that, this your typical extortion email. There’s nothing new or different here. If it were not for the fact that the threat actors used the name of Grafana, it would almost not be worth reporting on. But it illustrates how far threat actors will go to steal your money.

My advice when it comes to these emails goes something like this:

  • You’ll note that you’re never named by your actual name in emails like this, that should be a big hint that this is a scam.
  • Never reply to the email as it will either result in telling the threat actor that your email is live, or the email might bounce.
  • f you see this or any email like it hit your inbox, delete and go on with your life.
  • If you are the least bit paranoid about a threat actor getting into your computer, have a computer professional check your computer over. They likely won’t find anything, but at least you will be able to sleep better at night.

Happy Friday!

Leave a comment »

Team Cymru Redefines the Threat Feed Category with Total Insights Feed

Posted in Commentary on April 17, 2026 by itnerd

Team Cymru today announced Total Insights Feeds (TIF), a unified threat intelligence framework that redefines what a threat feed is, what it covers, and what security teams can do with it. This is not an incremental update to Team Cymru’s existing feed portfolio. It is a structural departure from the category those feeds helped define.

For more than two decades, threat intelligence feeds have operated on a shared assumption: compile lists of known-bad infrastructure, distribute them, and enable defenders to act. That model no longer reflects reality. Adversaries now rotate infrastructure at machine speed, operate across tens of millions of IPs, and weaponize domains at a scale legacy reputation feeds were never designed to track. The indicator list alone is no longer sufficient, creating an urgent need for a fundamentally new approach.

Total Insights Feed is that new model. The platform evaluates more than 57 million IPs and CIDRs daily with weighted 0–100 risk scoring, analyzes over 400 million domains including phishing, DGA infrastructure, and malicious hosting, and enriches each indicator with more than 2,000 contextual attributes spanning malware families, C2 frameworks, botnet membership, attribution, and kill-chain stage. This intelligence is delivered in a structured format that enables security operations centers to act automatically, eliminating reliance on manual triage.

The need for this shift is driven by a fundamental breakdown in both coverage and context. Modern adversaries build and abandon infrastructure within hours, while command-and-control networks span millions of IPs and phishing campaigns operate across hundreds of millions of domains. Even highly accurate feeds that track hundreds of thousands of indicators leave most of the active threat surface unaddressed. At the same time, binary malicious classifications fail to provide the context needed to determine response. At today’s scale and velocity, human-driven analysis cannot keep pace, creating a widening gap between detection and action.Total Insights Feed is designed to close both gaps simultaneously.

The following core capabilities are powered by Team Cymru’s global network visibility across more than 700 ISPs and operators:

  • Surface Coverage: 57M+ IPs and CIDRs evaluated and risk-scored daily, covering the full routable internet, not a curated sample
  • Machine-Actionable Scoring: Weighted 0–100 risk scores with decay modeling, enabling automated block policies at configurable thresholds without analyst review
  • Domain Intelligence: 400M+ domains assessed daily, with 3.5M+ tagged malicious, including phishing infrastructure, algorithmically generated domains, and malicious hosting
  • Deep Contextual Tagging: 2,000+ contextual tags per indicator spanning malware families, botnets, C2 frameworks, scanners, anonymization infrastructure, and hosting classification
  • Live Analysis and Actor Attribution: Named actor and campaign associations where available, MITRE ATT&CK mapping, kill-chain stage, first and last observation, and external intelligence references
  • Unified Integration Architecture: A single JSON schema compatible with SIEM, SOAR, XDR, and TIP platforms, one integration, operational on day one, no custom parsing required

Total Insights Feed is built on three interconnected intelligence layers that converge into a single data stream, enabling a level of telemetry and coverage not accessible through traditional collection methods. Organizations migrating from legacy feeds gain broader coverage, richer context, and real-time analysis while maintaining the high-fidelity data their operations depend on. Total Insights Feed is offered in tiered configurations, including a risk-scoring tier for IP and domain reputation, a tags and analysis tier for deep contextual intelligence, and a complete tier that unifies all capabilities into a single stream, replacing fragmented feed architectures with a single, machine-ready data source.

Availability

Total Insights Feed is available immediately. Existing customers of Team Cymru’s Controller Feed, Reputation Feed, and BARS architectures are fully supported within Total Insights Feed, with current intelligence preserved and expanded and can contact their Team Cymru account representative to discuss migration. New customers and media inquiries should contact sales@cymru.com or visit team-cymru.com.

Leave a comment »

Sweden discloses failed 2025 cyberattack on thermal plant 

Posted in Commentary with tags on April 16, 2026 by itnerd

During a press conference (link requires translation) yesterday, Sweden publicly attributed a failed cyberattack on a thermal heating plant in western Sweden in 2025 to a pro-Russian group with links to Russian intelligence and security services.

The attack targeted energy infrastructure systems, though officials confirmed the attempt was unsuccessful and did not disrupt operations.

Swedish Civil Defense Minister Carl-Oskar Bohlin said the incident involved efforts to carry out a destructive cyberattack against the facility, reflecting a shift from earlier activity such as denial-of-service attacks toward operations aimed at impacting industrial control systems. The government did not disclose technical details of the intrusion or how access was attempted.

Officials compared the incident to other recent attacks in Europe, including cyberattacks on energy infrastructure in Poland affecting systems serving up to 500,000 customers.

Damon Small, Board of Directors, Xcape, Inc.:

   “Sweden’s attribution of the failed 2025 thermal plant attack to Russian-linked actors signals a chilling shift in the European threat landscape. It is the graduation from digital harassment to attempted kinetic destruction. By targeting Industrial Control Systems (ICS) rather than mere public-facing websites, these actors are signaling an intent to cause physical suffering. In this case, the adversary is doing so by attempting to disable heating during freezing temperatures.

   “The real danger, as seen in the parallel 2025 Polish power plant attacks, is not just a temporary service outage, but the deployment of destructive wiper malware like DynoWiper to permanently “brick” field devices such as Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs).

   “For infrastructure operators, this move from cyber vandalism to disrupting Operational Technology (OT) means the era of treating Information Technology (IT) and OT as separate security domains is over. Attacks against critical infrastructure must be expected as a primary instrument of modern geopolitical conflict. Where missiles cannot reach, packets sent across the Internet can.

   “The fact that this attack was successfully defended is a testament to Sweden’s “built-in protection mechanisms,” but it also serves as a final warning that national defense now begins at the firewall. Security teams must prioritize the immediate hardening of the IT/OT boundary.

   “If your thermal plant’s security is still relying on “security through obscurity,” you’re not a defender; you’re a volunteer for a Russian stress test.”

Steven Swift, Managing Director, Suzu Labs:

   “There’s not a lot of detail provided in the public statement from Sweden on this attack. That’s normal for this sort of thing, they don’t have an incentive to over share. In fact, the only meaningful thing they really shared was that 1) an attack was attempted and 2) they were prepared for it, resulting in no impact. That’s mostly just PR on their part.

   “Critical infrastructure has long been a high value target. Both for cyber as well as traditional attacks. Cyber is interesting here, in that these attacks can be launched with less fanfare, at higher frequency, against a larger number of targets.

   “While it’s obviously a win for Sweden that this attack failed, it should be noted that most attacks fail. Attackers don’t care that much about the success of individual campaigns. They solve this with scaling. Both by targeting a large number of targets, and by running a variety of independent campaigns.

   “Defenders have to get it right 100% of the time, or they experience a breach. Attackers are the opposite, they only need 1 success, it doesn’t matter much how many failures it takes to get there.”

Josh Marpet, Senior Product Security ConsultantFinite State:

   “Cyberattacks against utilities are common and increasing in number and sophistication. That curve doesn’t appear to be flattening, indicating that a stronger response is indicated. Since most utilities are municipal and revenue constrained, it’s difficult for them to up their defenses quickly. Larger utility companies can, but there are many municipal water and power transmission organizations that would have to do a bond issue in order to fund any such expenditures.

   “Effectively, power generation, power transmission, water, internet, and other such utilities are finding themselves increasingly targeted by attackers growing in sophistication and motivation.

   “Unless they outsource their defenses, it seems almost inevitable that they will have incidents and be breached. Whether it’s customer data or mass disruption, none of the outcomes are desirable.

   “Unless and until the federal government provides some help, it’s down to the states, municipalities, and utilities themselves to figure out this issue.

   “Raising prices is perpetually unpopular. So, outsourcing for maximum efficiency, and working as community members in the various ISAC’s and associations, is the way to go.

   “With the sheer volume of IoT and OT equipment in the utilities, they need to pick the right outsourced help, and get it soon.”

While this attack failed, the next one might not. Because threat actors will learn from their failure and refine how they launch attacks to that next one succeeds. Defenders should keep that in mind.

Leave a comment »

As AI-Powered Cybercrime Surges Past $10 Trillion, California Cyber Expert Unveils the Only Authentication System Built to Withstand It

Posted in Commentary with tags on April 16, 2026 by itnerd

The global cybersecurity crisis has entered a new and far more dangerous phase. Artificial intelligence has handed attackers the tools to automate credential theft at unprecedented speed, and the identity systems billions of people rely on every day — passwords, biometrics, and passkeys — are falling one by one. Netlok, LLC, a California-based cybersecurity innovator, is answering with Photolok, the first and only patented identity platform engineered from the ground up to be AI-resilient.

The numbers are staggering. The FBI’s Internet Crime Complaint Center reported $16.6 billion in cybercrime losses in 2024, a 33% surge over the prior year1. Industry researchers at Cybersecurity Ventures project global cybercrime damages will reach $10.5 trillion in 2025, up from $3 trillion in 2015 — the largest transfer of economic wealth in history2. According to Microsoft’s 2025 Digital Defense Report, more than 97% of identity attacks now rely on password spray or brute-force methods, and Microsoft alone blocks approximately 7,000 password attacks per second3.

Deepfake technology has rendered facial recognition, voice verification, and fingerprint scanning fundamentally unreliable — 47% of organizations reported experiencing deepfake-based attacks in the past year5. Passkeys, widely promoted as the successor to passwords, depend on those same compromised biometrics as their first step. According to Perez, incremental fixes no longer change attacker economics.

Photolok replaces the traditional identity and access methods with photo-based login designed around how the human brain naturally works. Users randomly receive three photos from Photolok’s custom library during setup. At login, they identify those photos from randomized visual portfolios — a process that takes ten to fifteen seconds and requires no passwords, no biometric data, and no memorized codes. Four layers of randomization — cryptographic, behavioral, temporal, and deceptive — protects the user’s identity from AI attacks with every session. Because nothing is static and nothing repeats, AI has nothing to learn, replicate, or predict.

Photolok also introduces Situational Security features that protect the person, not just the credential. Duress Photos act as a silent alarm if a user is logging in under coercion. One-Time Photos self-destruct after a single use to defeat shoulder-surfing. The technology is protected by granted patents spanning the United States, European Union, United Kingdom, Japan, Canada, Australia, and Mexico.

Netlok, LLC is a Santa Barbara, California-based cybersecurity company and creator of Photolok, a patented photo-based identity platform that eliminates passwords and resists AI-driven attacks. Founded by serial inventor Tony Perez — whose prior inventions include a patented safety syringe developed during the AIDS epidemic — ARP-IP (Perez) holds granted patents across the United States, European Union, United Kingdom, Japan, Canada, Australia, and Mexico. Photolok’s visual authentication method leverages the brain’s natural ability to recognize images, delivering an identity solution that is both ultra-secure and effortlessly human. For more information, visit www.netlok.com.  

Leave a comment »

Class of ‘26 is hard launching into the workforce and LinkedIn has the cheat sheet

Posted in Commentary with tags on April 16, 2026 by itnerd

The Class of 2026 is graduating into one of the toughest entry-level job markets in years, where ‘entry-level’ roles increasingly require experience, AI is reshaping expectations, and traditional career paths feel less reliable than ever. 

For many new grads, the challenge isn’t just competition. It’s knowing where to look, and how to get started in a market that no longer follows a clear path. 

To make sense of this shift, LinkedIn is releasing its annual Grad’s Guide, a data-backed look at how early-career opportunities are evolving and where they’re emerging for new grads today. The guide highlights the fastest-growing jobs and industries, offering insight into where opportunities are expanding and what new grads should prioritize as they enter the workforce. 

It also comes as LinkedIn rolls out AI-powered tools designed to tackle one of Gen Z’s biggest barriers: not knowing where to start. These tools help identify relevant roles, understand fit, and navigate a more fragmented job search. 

You can read the guide here: https://www.linkedin.com/pulse/linkedin-grads-guide-2026-linkedin-news-svpqe/

Leave a comment »

AgingFly Malware used in attacks on Ukraine government and hospitals

Posted in Commentary with tags on April 16, 2026 by itnerd

A new malware family named ‘AgingFly’ has been identified (the link requires you to translate into English) in attacks against Ukrainian governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.

Commenting on this news is Ensar Seker, CISO at SOCRadar:

“AgingFly reflects a continued shift toward credential-centric operations, where attackers prioritize access over disruption in the initial stages. By targeting Chromium-based browsers and messaging platforms like WhatsApp, actors are going after high-value session data that enables lateral movement, impersonation, and long-term persistence rather than immediate impact.

What’s notable here is the targeting profile, government, healthcare, and potentially defense-linked entities which suggests intelligence collection and pre-positioning rather than opportunistic cybercrime. Groups like UAC-0247 are increasingly blending espionage tactics with commodity malware techniques, making detection harder. Organizations should treat browser-stored credentials and messaging session tokens as sensitive assets and move toward stronger controls like device-bound authentication, reduced credential storage, and continuous session monitoring.”

Reading through this document makes one thing clear. This is a skilled threat actor who is clearly out to set up shop for the long term. That’s the most dangerous type of threat actor to deal with. And chances are, they won’t stop at Ukraine as I fully expect them to be using the same techniques elsewhere.

Leave a comment »

EPA proposes $19M cybersecurity funding increase to protect U.S. water systems 

Posted in Commentary on April 16, 2026 by itnerd

The U.S. Environmental Protection Agency (EPA) has proposed $19.1 million in funding for its Information Security Program in fiscal year 2027, representing a $9.6 million increase over 2026 levels, to strengthen cybersecurity protections across water systems, support controls and secure implementation of emerging technologies, including AI.

The proposal would expand the EPA’s Drinking Water Infrastructure Resilience Grant Program to include dedicated cybersecurity funding, enabling water systems to upgrade infrastructure, improve defenses, and enhance operational resilience against cyber threats. The agency also plans to continue providing technical assistance and support to states, Tribes, and local utilities responsible for water system operations.

The initiative comes as federal agencies continue to identify cybersecurity vulnerabilities in water and wastewater systems, which rely on interconnected operational and IT environments. Is also comes after the WH’s proposed budget suggests slashing the EPA’s budget by 52%, to $4.2 billion.

Doc McConnell, Head of Policy and Compliance, Finite State:

   “We know that US critical infrastructure is a visible target for our adversaries. It shouldn’t be a soft target too. It’s reassuring to see that the EPA is planning greater investment in the resilience and cybersecurity of our drinking water, especially given recent announcements about Iran-affiliated cyber actors targeting our water sector.

   “I hope that Congress appreciates the urgency of this threat and understands that these types of investments are national security imperatives, not just for the water sector, but across all our critical infrastructure. Infrastructure operators across the country need additional resources to understand their risk, secure their systems, and respond quickly to incidents when they occur.”

Phil Wylie, Senior Consultant & Evangelist, Suzu Labs:

   “EPA is clearly signaling that water system cybersecurity is now a critical infrastructure priority, not just an IT concern. The proposed increase, especially with dedicated funding tied to drinking water resilience, is a meaningful step. But it comes against the backdrop of a significantly reduced overall EPA budget, so the real challenge will be whether utilities and states have the resources and operational capacity to translate that funding into measurable security improvements.”

Damon Small, Board of Directors, Xcape, Inc.:

   “The EPA’s proposed $19.1 million cybersecurity budget for FY 2027, a nearly 100% increase, is a drop in the bucket compared to the systemic vulnerability of U.S. water infrastructure, yet it signals a critical shift toward direct federal intervention. 

   “By attempting to embed cybersecurity funding into the Drinking Water Infrastructure Resilience Grant Program, the agency is finally moving past “voluntary guidance” to address the chronic underfunding of operational technology (OT) security in small and medium-sized utilities. However, this progress is threatened by a paradoxical White House proposal to slash the overall EPA budget by 52%.

   “A move that would likely gut the very personnel needed to oversee these new grants and technical assistance programs. For security leaders and utility executives, the immediate priority remains securing the IT/OT boundary and remediating default credentials on Internet-exposed controllers (PLCs), as geopolitical actors continue to exploit these low-hanging fruits.

   “Relying on federal grants that may be dead on arrival in Congress is not a strategy; instead, utilities must leverage existing State Revolving Funds (SRFs) and CISA’s local grant programs to harden assets before the 2027 fiscal cycle begins. All of this comes on the heels of reports that cyberattacks from the Middle East against US critical infrastructure are on the rise.

   “Asking the EPA to defend national water systems while cutting half its staff is like asking a lifeguard to watch the pool from the parking lot.”

Given how critical and vulnerable that this infrastructure is, they need this and more funding. Otherwise things could easily go sideways in terms of this infrastructure getting pwned by someone.

Leave a comment »

McGraw Hill Pwned with 13.5 million accounts affected

Posted in Commentary with tags on April 16, 2026 by itnerd

The ShinyHunters extortion group has leaked data from 13.5 million edtech giant McGraw Hill user accounts, stolen after breaching the company’s Salesforce environment earlier this month.

You can get more details here: Data breach at edtech giant McGraw Hill affects 13.5 million accounts

Commenting on this news is Paul Bischoff, Consumer Privacy Advocate at Comparitech:

“Most of the compromised data is contact info like addresses, phone numbers, and email addresses. While that info probably can’t be used to directly steal from victims, cybercriminals could use it to craft convincing phishing messages that contain personal info. Breach victims should be on the lookout for targeted scam and phishing messages from cybercriminals posing as McGraw Hill or a related organization. Never click on links or attachments in unsolicited messages, and never send any sensitive private info in an email or text message.”

For additional context, Comparitech researchers in February published an in-depth study looking at all education ransomware attacks in 2025. This data and analysis can be seen here: https://www.comparitech.com/news/education-ransomware-roundup-2025-stats-on-attacks-ransoms-and-data-breaches/

Leave a comment »

« Older Entries