The EU Gets Pwned By ShinyHunters

Posted in Commentary with tags , on March 30, 2026 by itnerd

Today is the day that I report on organizations and individuals getting pwned.

The European Commission has confirmed a cyberattack affecting its Europa.eu web platform, with early findings indicating that data was extracted from cloud infrastructure hosted on Amazon Web Services (AWS). The incident was discovered on March 24, 2026, and officials said the breach was contained while an investigation into the full scope remains ongoing.

Hackers linked to the ShinyHunters group have claimed responsibility, alleging they accessed and stole more than 350GB of data, including databases and internal documents. The European Commission has not verified the full extent of the stolen data but confirmed that some data was taken and that affected entities are being notified.

The Commission stated that its internal systems were not impacted, with the attack limited to externally hosted cloud services supporting its public-facing websites. Authorities continue to assess the incident and determine what information may have been accessed while implementing additional security measures.

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. served up this comment:

   “Continuously exposed external digital assets, such as public websites and AWS S3 buckets, have become prime attack targets, especially with the rise of AI-driven automated threats. Organizations must strengthen their security posture; continuously scanning, testing, and remediating vulnerabilities across these interfaces is no longer optional, but essential.”

Noelle Murata, Sr. Security Engineer, Xcape, Inc. provided this comment:

   “The business impact has escalated from a simple web defacement to a massive Identity and Access Management (IAM) crisis, as the breach likely involves the theft of DKIM keys and SSO directories. This means the adversary can now generate perfectly authenticated emails that bypass DMARC checks, turning the Commission’s own reputation into a weapon for secondary spear-phishing campaigns across the EU.

   “The technical post-mortem indicates a failure of “Identity Hygiene” rather than a cloud security flaw; AWS has publicly cleared its own name, pointing to compromised credentials – likely harvested via the group’s signature vishing tactics against IT helpdesks. For defenders, the priority is no longer just “containing” the breach but an immediate, wholesale rotation of all cloud-based signing keys and a mandatory password reset for the entire SSO tenant. Furthermore, organizations interacting with the EC should treat all incoming “official” correspondence with extreme skepticism, even if it passes cryptographic validation.

   “The reality is that if your identity provider is compromised, your “secure” cloud is effectively an open book.

   “The EU is about to find out that “GDPR Compliance” is a lot harder to enforce when you’re the one filling out the self-report form.”

Phil Wylie, Senior Consultant & Evangelist, Suzu Labs adds this:

   “This attack shows that threat actors do not always need to penetrate core internal networks to create risk. Public-facing cloud environments often contain valuable operational data that can support reconnaissance, social engineering, and follow-on attacks.

   “Most cloud breaches are not failures of the provider but issues around identity security, access management, or configuration. The real lesson here is that organizations need stronger visibility into how cloud data is accessed and moved, not just whether malware is present.

   “Even if the affected systems were isolated, any confirmed data exfiltration should be treated as potential intelligence exposure that could enable future targeting.”

Rajeev Raghunarayan, Head of GTM, Averlon had this to say:

   “Cloud breaches are rarely contained to the system where the compromise started. The real question is what that system had access to, regardless of whether it was considered external or internal. Public-facing applications are often connected to backend services, databases, and storage, and a compromise can expose far more than the initial entry point suggests. The separation between external and internal systems can limit blast radius, but only if access across those layers is tightly controlled, whether through network paths, vulnerabilities, misconfigurations, or identity permissions.

   “The priority for organizations is understanding what data and systems were reachable from the compromised environment, not just what was directly affected. That potential blast radius is what determines the true impact and guides an effective response.”

It’s days like this that make me wonder if there’s no going back and that organizations getting pwned is now the new normal. But we cannot believe that is true. Instead more effort needs to be put into making sure that this starts to get addressed so that pwnage becomes an edge case as opposed to the new normal.

Leave a comment »

Spring forward with these must-have tech essentials from Samsung

Posted in Commentary with tags on March 30, 2026 by itnerd

Spring is a natural moment to refresh the devices Canadians rely on every day. Samsung’s latest Galaxy lineup introduces updated AI capabilities, performance upgrades, and deeper ecosystem integration across mobile, audio, wearables, and PC. 

Here are a few standout devices, each defined by the core innovations driving them: 

  • For AI-powered mobile experiences, Galaxy S26 Series (Starting at $1,249.99 CAD) 
    Including Galaxy S26, S26+, and S26 Ultra, the latest S series is powered by Snapdragon® 8 Elite Gen 5 (3nm) and introduces expanded on-device AI. Features like Now Nudge enable context-aware assistance, Notification Intelligence prioritizes key alerts, and Circle to Search 3.0 supports multi-object recognition. Privacy Screen adds pixel-level display protection, while Nightography Video enhances low-light capture. 
  • For AI productivity and PC performance, Galaxy Book6 Series (Starting at $1,449.99 CAD) 
    Including Galaxy Book6 and Galaxy Book6 Pro, the lineup combines Intel® Core™ Ultra processors with AI-driven productivity tools. The Pro model features a high-resolution AMOLED display with HDR support and variable refresh rate, alongside extended battery life and seamless continuity across Galaxy devices. 
  • For advanced audio and intelligent controls, Galaxy Buds4 Series (Starting at $249.99 CAD) 
    Including Galaxy Buds4 and Galaxy Buds4 Pro, the series introduces upgraded 2-way speakers (Pro), 24-bit Hi-Fi sound, and adaptive noise control. AI integrations enable voice access to Gemini, Bixby, and Perplexity, with new head gesture controls offering hands-free call management. 
  • For health tracking and wearable performance, Galaxy Watch8 Series (Starting at $499.99 CAD) 
    Including Galaxy Watch8 (40mm/44mm) and Galaxy Watch8 Classic (46mm), the series features a new 3nm chipset, expanded storage, and enhanced sensor capabilities. Updates include improved sleep analysis, activity tracking, and gesture controls, with the Classic model adding a rotating bezel and quick-access button. 
  • For device protection and lifecycle value, Samsung Care+ 
    Samsung Care+ provides coverage with unlimited repairs using Samsung-certified parts, free device replacement for loss, and worldwide repair support. Designed to maintain device performance and value over time, it offers an alternative to traditional carrier insurance with broader global coverage. 

For a limited time, until April 2, Canadian customers can access launch offers including 25% off Samsung Care+ for Galaxy S26 Ultra and 15% off across Galaxy S26 and S26+, Galaxy Buds4 series, and Galaxy Book6 series

More details are available at samsung.com/ca . 

Leave a comment »

TELUS launches SmartEnergy for Good across Ontario

Posted in Commentary with tags on March 30, 2026 by itnerd

TELUS is expanding its Connecting for Good programming, which builds stronger and healthier communities across Canada by ensuring no citizen is left behind and has access to world-leading technology, to now include TELUS SmartEnergy for Good. A first-of-its-kind initiative in Canada, TELUS SmartEnergy for Good is designed to advance energy equity by providing vulnerable households with access to smart energy technology at a subsidized monthly service cost. The first phase of SmartEnergy for Good has launched in Ontario, equipping eligible low-income households with the tools and technology they need to reduce energy consumption, lower their utility bills, and contribute to Canada’s climate targets.

The program is open to qualifying low-income Ontario residents, including seniors, families, and youth aging out of government care. Through TELUS SmartEnergy for Good, qualifying customers will receive a subsidized comprehensive SmartHome Energy management package  including: a monthly TELUS SmartEnergy subscription, a smart thermostat rental, two energy monitoring plugs, and professional installation.

TELUS SmartEnergy is a subscription-based energy management solution helping Canadians save money on their energy bills and reduce their environmental footprint. Subscribers can save up to 15 per cent on energy bills by, among other things, automating temperature settings and powering down unused devices, while monitoring usage through personalized insights in the app.

Beyond subsidizing SmartHome technology, the initiative educates households on energy cost reduction while supporting Ontario’s emission reduction targets by reducing grid strain during peak demand. As part of its environmental commitment, TELUS will plant four trees per year on behalf of each participating household, contributing to carbon sequestration and climate resilience.

TELUS plans to bring SmartEnergy for Good to additional provinces across Canada later this year. To learn more, visit telus.com/smartenergyforgood.

Leave a comment »

The Director Of The FBI Has Had His Email Pwned By Iranian Hackers

Posted in Commentary with tags , , on March 30, 2026 by itnerd

The Iranian hacker group Handala has claimed another victim. After pwning this company, Handala has now apparently pwned the personal email account of FBI director Kash Patel. Cybernews suggests that this is in revenge for the FBI taking down the group’s leak site.

“Today, once again, the world witnessed the collapse of America’s so-called security legends. While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala Hack members, we decided to respond to this ridiculous show in a way that will be remembered forever,” the group wrote on its new leak site.

“All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download” Handala claimed, also boasting about the alleged “get” on its now 42nd Telegram channel.

The posted samples include nine personal photos of Patel and an alleged resume belonging to the FBI head.

The FBI has basically admitted that this is real, and if you’re Patel or the FBI, this has to be highly embarrassing. But honestly, I think that’s the least of their problems. Handala is clearly on a rampage and I fully expect to see more pwnage from this group over the coming weeks seeing as they are an Iran aligned group and will likely want to “flex” for those in the Iranian regime who back them.

Leave a comment »

Rogers & Fido Have Been Pwned

Posted in Commentary with tags , , on March 30, 2026 by itnerd

Over the weekend it came to light that Canadian telco Rogers and their flanker brand Fido have been pwned and customer data is out there. I first saw this here:

But Cybernews saw a lot more that should scare any current or former Rogers customer.

Attackers posted an ad on a mostly Russian-speaking hacker forum, alleging the database for sale belongs to Rogers Communications, a Canadian media behemoth providing wireless, cable, and internet services.

The ad supposedly includes three Rogers’ Active Directory (AD) databases: users, groups, and devices. Organizations use AD to connect users with network resources. Typically, AD includes critical data on the company’s environment, for example, what users can do and what devices operate within the system.

And:

Data samples of the three AD databases included in the ad, and seen by Cybernews, contain customer names and surnames, phone numbers, email addresses, locations, company names, account launch date, user device operating systems, user roles, device security status, and other sensitive data points.

While the sampled attackers provided don’t include employee data, the Cybernews researcher team believes the AD could also host information on the company’s employees that use Rogers’ network resources, as this type of data is usually included in AD databases.

Threat actors put a $14,000 price tag on the three databases mentioned in the ad. The ad doesn’t specify the size of the database or the number of the company’s users it exposed.

The harm that this could cause is huge. Now the company is downplaying the extent of this pwnage based on this comment from the company:

“Through proactive monitoring, we identified that business contact information, such as work email addresses and phone numbers, for Rogers employees was posted on the dark web. No personal details, including banking information, social insurance numbers or passwords, were accessed or posted. Our investigation also indicates no customer information was accessed or posted,” Rogers told Cybernews.

The thing is that all of this information can be used to launch attacks on all who are affected. And Rogers in their statement doesn’t say how long the threat actors had access to their systems. The cynic in me says that it could be years as I have personally had a threat actor use very specific information to attempt to execute a social engineering attack on my wife and I which I posted a story about here. And that incident was in 2023. So I would not be shocked that when all the details are made public that the threat actors were inside Rogers systems for at least that long. But I am free to be proven wrong on that front. All Rogers has to do is to post what happened, how long it has been happening and what they will do to stop it from happening in the future. It will be interesting to see if Rogers actually does that, or simply tries to sweep this under the nearest rug and hope that this goes away.

Leave a comment »

A Perspective On Russia linked threat actors targeting Signal, WhatsApp and Telegram From Detectify

Posted in Commentary with tags on March 27, 2026 by itnerd

Following up on the recent news of Russia linked threat actors targeting Signal, WhatsApp and Telegram Fredrik Almroth, co-founder and Security Researcher at appsec security firm Detectify serves up some perspective on how messaging apps and personal devices are becoming an increasingly important part of the real attack surface.

“The broader lesson is that organizations should stop treating secure messaging as a silver bullet. Strong encryption matters, but it does not protect you if the endpoint is compromised or the account itself is hijacked. What makes this trend so concerning is that it blurs the line between consumer technology and resilience infrastructure. Messaging apps, smartphones, and linked devices are now woven into how governments, companies, and critical sectors actually function – often adopted at a velocity that traditional security struggles to match.

Modern defense is no longer just about protecting official systems, but about protecting the communications reality people actually operate in. The attack point is often not the ‘secure bunker,’ but the phone in someone’s pocket. From an attacker’s perspective, these channels are attractive precisely because they are trusted, ubiquitous, and often far less visible to defenders than formal enterprise systems. If hostile actors can reach decision-makers, staff, or even suppliers through trusted channels, they can bypass a surprising amount of traditional security.

Often, they do not need to break encryption at all. They just need to compromise the device, hijack the account, abuse a linked-device workflow, or trick the user at the right moment. This is why the communications layer around sensitive institutions is now part of the real attack surface.

In practice, that means paying far more attention to mobile-device hygiene for executives and other high-risk personnel. You don’t just need to secure the network, but also improve the communications habits around your it. Smart attackers will always go for the points of least resistance.You can spend millions hardening formal systems, but if your most sensitive conversations are happening on poorly governed devices and trusted consumer apps, that’s where they’ll go.”

Leave a comment »

NCSC urges industry to secure “vibe coding” as AI-generated software adoption accelerates

Posted in Commentary with tags on March 27, 2026 by itnerd

This week at the RSA Conference, the UK’s National Cyber Security Centre (NCSC) CEO Richard Horne called on the cybersecurity community to develop safeguards around “vibe coding” as adoption of AI-assisted development tools continues to grow and presents both opportunities and risks.

Horne stated that while AI-generated code could help reduce vulnerabilities if implemented securely, it also has the potential to introduce or propagate weaknesses if not properly designed and reviewed. The NCSC emphasized that AI development tools must be secure by design and trained to avoid generating insecure code, as part of a broader effort to improve software security outcomes.

The agency also noted that the rapid growth of AI-assisted development is expected to drive wider adoption of “vibe coding,” making it critical for security professionals to establish controls and best practices early. The NCSC said the industry has both the opportunity and responsibility to ensure that AI-driven software development results in more secure systems over time.

   “To combat this “multi-dimensional” threat, our collective approach to defending our societies must match that, likening cyber defense to a full court press in basketball, where “collective pressure from all actions together” can have greatest impact,” Horne said.

Rajeev Raghunarayan, Head of GTM, Averlon had this to say:

   “Richard Horne is right to flag vibe coding as a security concern. The deeper risk is what it does to the underlying environment. More AI-generated code means more updates, more dependencies, and faster change across systems that security teams are still struggling to keep pace with.

   “The challenge isn’t just whether AI generates insecure code. Environments no longer stay stable long enough to evaluate risk the way teams operated traditionally through point-in-time scans, static prioritization, and backlog-driven remediation. Security must move at the same pace as the introduced changes, meaning it must evaluate and address risk as it happens, not weeks or months later.”

Ryan McCurdy, VP of Marketing, Liquibase adds this comment:

   “AI compresses the time between idea and production, raising the stakes for change control. When database changes reach production without policy enforcement, approvals, drift detection, and auditability, companies multiply risk with every release. The consequences show up in outages, compliance exposure, slower incident response, and inconsistent data that weakens execution across the business.

   “Leaders who govern change well can scale AI with more control, protect business-critical operations, and accelerate transformation without increasing operational risk.”

Michael Bell, Founder & CEO, Suzu Labs follows with this comment:

   “The NCSC’s Richard Horne is right that the cybersecurity community needs to get ahead of vibe coding rather than fight adoption. The commandments his team published at RSA this week are all individually correct. Secure model defaults. AI code reviews. Deterministic guardrails. Secure hosting. But treating them as a checklist misses how security actually works. No single control catches everything.

   “Vibe coding security needs to be defense in depth. Security checks at the model layer, at pre-commit, at the build pipeline, at deployment, and at runtime. Each layer catches what the previous one missed. We’ve already seen what happens when security depends on one check. When researchers examined vibe-coded applications, 10% of apps on one platform had the exact same security misconfiguration, and broader research shows only 10.5% of AI-generated code is secure even when 61% is functionally correct.

   “The NCSC’s CTO imagined a future where AI code ends up more locked down than any SaaS product ever was. That’s achievable. But only if we build layered security infrastructure to match the speed of AI-assisted development. One check at one stage is a half-court trap. The adversary gets around it. Defense in depth is the full court press.”

There a dangers in terms of using AI to write code. Organizations need to be aware of that and take the right mitigations before something really bad happens. And I do mean really bad.

Leave a comment »

Google Warns Q-Day Now Coming in 2029

Posted in Commentary with tags on March 27, 2026 by itnerd

Google has issued a new warning urging companies that they should now prepare for Q-Day in 2029:

As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.

Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures. The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat that require the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC). That’s why we’ve adjusted our threat model to prioritize PQC migration for authentication services — an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit.

The full statement can be found here: https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/

Lieutenant General Ross Coffman (U.S. Army, Ret.) who currently serves as President of Forward Edge-AI, provided the following comment:

“I am elated by Google’s announcement. We’ve been saying it for two years. The shot clock has started. We don’t know when, but we know Q-Day is coming. It’s time to get ready.” 

This is a real threat that organizations need to prepare for. And preparations need to begin today because 2029 seems like a long time. But it isn’t/

Leave a comment »

DH2i to Host Live Webinar “High Availability, Simplified: What’s New in DxEnterprise v26 & DxOperator v2”

Posted in Commentary with tags on March 26, 2026 by itnerd

DH2i today announced it will host a live webinar titled, “High Availability, Simplified: What’s New in DxEnterprise v26 & DxOperator v2.” This demo-driven event is intended to provide IT teams with a practical, real-world look at how to simplify and strengthen Microsoft SQL Server high availability across increasingly complex, multi-platform environments.

When: April 16 at 12:00 pm Eastern Time / 9:00 am Pacific Time

What: IT teams are under pressure to support more platforms, protect against increasingly diverse security threats, and fulfill higher uptime expectations for SQL Server – and they are often forced to do it with a complex patchwork of platform-limited solutions.

DH2i has unveiled the latest iteration of its high availability software and SQL Server operator for Kubernetes with DxEnterprise v26 and DxOperator v2. This all-in-one software solution introduces brand new capabilities and enhancements to simplify HA management for your most critical workloads, ensure robust network security against modern threats, and streamline cluster management across Windows, Linux, containers, and the cloud.

Join DH2i for this fast-paced session where they will walk through how its latest software release easily layers right on top of any mix of existing infrastructure to enable:

  • SQL Server K8s scale-up AND scale-down automation
  • Granular database-level monitoring with more predictable and reliable failover
  • Seamless integration with K8s StatefulSets for streamlined pod management
  • Optimized security & performance for heterogeneous environments

Featured Speaker: Sasindu Wickramasingha Gamachchige, Sr. Technical Engineer, DH2i 

Sasindu Wickramasingha Gamachchige is DH2i’s behind-the-scenes superhero. By day, a Sr. Technical Support Engineer, by night… still a Sr. Technical Support Engineer (because high availability never sleeps). Armed with deep expertise in complex IT environments and superhuman troubleshooting instincts, he protects mission-critical systems from chaos and downtime. Gamachchige brings calm confidence to even the most stubborn clusters. 

Learn more and register herehttps://dh2i.com/webinar-simplified-high-availability-solution/ 

Leave a comment »

Chinese Hackers Plant Digital Sleeper Cells in Telecom Backbone

Posted in Commentary with tags on March 26, 2026 by itnerd

Researchers at Rapid 7 have uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing stealthy digital sleeper cells in telecommunications networks to carry out high-level espionage, including against government networks.

Rapid 7 has a blog post on this here: https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/

Lieutenant General Ross Coffman (U.S. Army, Ret.) who currently serves as President of Forward Edge-AI, provided the following comment:

“Chinese hackers caught deep in the backbone of telecommunications infrastructure are doing so for high-level espionage.

Anyone that’s surprised by this news should be embarrassed. This is not the end nor the beginning. We’re in a fight to protect our data. PWC technologies that protect data inflight need to be deployed across verticals to protect the US and the free world against China and other malicious actors.”

This shows how far threat actors are willing to go to execute whatever plans that they have. This is crafty and stealthy and dangerous. Defenders should bear that in mind.

Leave a comment »

« Older Entries