Noah News Tech Intelligence

US agencies urged to patch Windows flaw fueling zero-day exploits linked to Russian espionage

Fri, 01 May 2026 09:03:40 +0000

The US Cybersecurity and Infrastructure Security Agency has ordered federal departments to fix a critical Windows flaw, CVE-2026-32202, after it was linked to active zero-day attacks and espionage by Russian hackers, highlighting escalating cyber threat dynamics.

The US Cybersecurity and Infrastructure Security Agency has told federal departments to secure Windows systems after a flaw linked to active zero-day attacks was added to its Known Exploited Vulnerabilities catalogue. The issue, tracked as CVE-2026-32202, has been described by Akamai as a zero-click NTLM hash leak that remained after Microsoft’s February fix for a separate Windows Remote Code Execution bug proved incomplete.

According to CISA, the vulnerability was added to the catalogue on 28 April, with civilian agencies required to address it by 12 May. The agency said organisations should apply vendor mitigations where available, follow binding guidance for cloud services, or stop using the affected product if no workable mitigation exists.

Security researchers say the weakness is tied to an earlier chain of flaws that had already been abused by the Russian espionage group APT28, also known as Fancy Bear and UAC-0001. CERT-UA said that campaign hit targets in Ukraine and EU countries in December 2025 and relied on weaponised LNK files alongside a separate Windows Shell issue, CVE-2026-21513, to reach victims.

Help Net Security reported that the latest flaw can expose NTLMv2 hashes simply by a user browsing a folder, without needing to open the malicious file. That makes the issue especially dangerous in enterprise environments, where stolen authentication material can be used to move laterally through networks and escalate access.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[2], ^[3] - Paragraph 2: ^[6] - Paragraph 3: ^[2], ^[3], ^[4], ^[5] - Paragraph 4: ^[3]

Source: Noah Wire Services

VECT 2.0 ransomware acts as destructive file wiper due to critical encryption flaws

Fri, 01 May 2026 09:03:39 +0000

Security researchers warn that the VECT 2.0 ransomware, spreading across Windows, Linux, and VMware ESXi, is so poorly designed that it damages files beyond recovery, blurring the line between extortion and outright data wiping, with potential for future escalation.

Security researchers are warning that VECT 2.0, a ransomware-as-a-service operation that has been spreading across Windows, Linux and VMware ESXi systems, is so badly designed that it behaves less like extortionware and more like a file wiper. Check Point Research says the malware mishandles its encryption routine on files above roughly 131KB, overwriting the data needed for decryption and making recovery impossible even if victims pay.

That flaw matters because the vast majority of business data falls above that size threshold. According to reporting from The Hacker News and TechRadar, the bug means documents, spreadsheets, backups and other routinely targeted files are not merely locked but effectively destroyed, with only the last fragment of a file sometimes left intact. The decryption keys are discarded during the process, leaving neither victims nor the operators with a working way to restore the data.

The campaign has already developed into a more organised criminal operation. Secure.com reported that VECT 2.0 surfaced on Russian-language cybercrime forums in late 2025, then expanded into a broader RaaS model with affiliates and partnerships aimed at widening distribution. Its operators have also been linked by researchers to TeamPCP, while some reports say the group is charging an entry fee in Monero.

Researchers say the technical mistakes go beyond the nonce-handling bug, pointing to inconsistent cipher selection, flawed thread management and other signs that the code may have been assembled from older malware or partly generated with AI assistance. Even so, Check Point cautions that the current failures do not make the threat harmless: the group already has a distribution network in place, and a future update could turn the operation into a more effective tool for disruption and theft. The immediate advice from analysts is to rely on offline backups, tested recovery plans and rapid containment rather than any expectation of ransom payment buying data back.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[2], ^[6] - Paragraph 2: ^[3], ^[4] - Paragraph 3: ^[4], ^[5] - Paragraph 4: ^[2], ^[3], ^[4]

Source: Noah Wire Services

US and UK warn of increasing risks from overlooked home routers as Russian hackers exploit vulnerabilities

Fri, 01 May 2026 09:03:38 +0000

U.S. and British agencies raise alarms over the security of everyday routers following revelations of Russian cyber espionage activities exploiting known device vulnerabilities, urging simple yet critical safeguarding measures for households and small offices.

U.S. and British cyber agencies are again warning that one of the most overlooked devices in homes and small offices may also be one of the easiest to exploit: the internet router. In April, the National Security Agency said it supported an FBI public service announcement after U.S. and international law enforcement disrupted a network of compromised small-office and home-office routers tied to malicious hijacking activity.

The concern is not theoretical. According to the NSA, Russian military intelligence hackers have been collecting credentials and abusing vulnerable routers worldwide, including some TP-Link devices affected by a known flaw. The FBI said the routers were being used in DNS hijacking schemes, in which internet traffic is quietly diverted through attacker-controlled systems, making it possible to steal passwords, authentication tokens and other sensitive information.

The Justice Department and FBI said their court-authorised disruption targeted the U.S. portion of a broader router network linked to Russia’s GRU Military Unit 26165, better known as APT28, Fancy Bear or Forest Blizzard. The agencies said the compromised devices were being used against targets of intelligence interest, including people in the military, government and critical infrastructure sectors. The NSA had already warned in 2024 that the same unit was using compromised routers to harvest credentials, proxy traffic and host spearphishing pages.

For ordinary users, the message is to treat the router as a front door, not an afterthought. The NSA’s earlier home-network guidance and the latest warning both point to the same basic defences: reboot the router, install firmware updates, replace default administrator credentials, disable remote management unless it is genuinely needed and retire devices that no longer receive support. The agency says teleworkers should also make sure home access to employer systems is properly hardened, including through VPNs where appropriate.

The latest alert is less a call for alarm than for maintenance. A router that is patched, properly locked down and still supported by its maker is far harder to abuse than one left on autopilot for years. For households, churches, charities and small businesses alike, the practical fix may be as simple as closing the digital door before anyone tries the handle.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[2], ^[3] - Paragraph 2: ^[2], ^[3], ^[4] - Paragraph 3: ^[4], ^[6] - Paragraph 4: ^[5], ^[2] - Paragraph 5: ^[2], ^[5]

Source: Noah Wire Services

US Army accelerates integration of autonomous AI in cyber defence amid simulated enemy threat

Fri, 01 May 2026 09:03:36 +0000

The US Army is advancing its use of autonomous artificial intelligence to combat simulated cyber threats in the Indo-Pacific, signalling a shift towards machine-led defensive measures in future conflicts.

The US Army is treating artificial intelligence as a live operational threat, not just a productivity tool, after a recent tabletop exercise imagined an enemy AI probing communications and data networks in the Indo-Pacific and adjusting its tactics faster than human defenders could react. According to Business Insider, the scenario was designed around a hypothetical September 2027 crisis, with the aim of understanding how a machine-speed cyber campaign might unfold against Army systems.

The exercise brought together 14 companies, including Google, OpenAI, Microsoft, Amazon Web Services and Palo Alto Networks, alongside Army and Pentagon officials. Gen. Chris Eubank, who leads Army Cyber Command, said the discussion centred on how frontier models and AI agents could help defenders spot intrusions, misdirect hostile systems and buy time when adversaries are adapting continuously. Axios reported that participants also explored whether the Army can bypass slower procurement habits to field these tools more quickly.

The drill reflected a wider shift inside the service, which has already used earlier AI tabletop events to test ideas ranging from logistics to paperwork reduction. But this latest version pushed harder on the question of autonomy: where machines should be allowed to act on their own, and where a human must remain in control. Brandon Pugh, the Army's principal cyber adviser, said the premise was an adversary launching repeated waves of attacks that learned from each defensive response, exposing weaknesses in real time.

That concern fits a broader military effort to weave AI into Indo-Pacific planning. Defence One reported last year that Indo-Pacific Command had begun using AI in wargaming to improve speed and decision-making, while Army Pacific and Army Futures Command have been building out multi-domain exercises that span cyber, space, air, land and sea. The Army's latest message is clear: in a future conflict, cyber defence may move too quickly for people alone, and the service wants AI not only to assist, but eventually to shoulder some defensive tasks itself.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[1], ^[2] - Paragraph 2: ^[2], ^[3] - Paragraph 3: ^[1], ^[3] - Paragraph 4: ^[4], ^[5], ^[6], ^[7]

Source: Noah Wire Services

South Africa’s King V signals a decisive shift in AI governance for boards

Fri, 01 May 2026 09:03:31 +0000

South Africa's updated King V code and draft AI policy mark a pivotal move towards integrating artificial intelligence oversight into corporate governance, compelling boards to proactively oversee digital systems and ethical AI use amidst rising automation risks.

South Africa’s move to King V is being framed as a fresh chapter in corporate governance, but its real significance may lie in how directly it confronts the rise of artificial intelligence. The new code, effective for financial years beginning on or after 1 January 2026, broadens the boardroom’s brief beyond people and processes to include the digital systems increasingly shaping decisions, risks and outcomes, according to commentary from advisers on the code’s evolution.

At the centre of that shift is information governance. King V condenses governance expectations into a smaller set of core principles and places stronger emphasis on ethical leadership, compliance and the responsible use of technology. Recommended Practice 109, as described by governance specialists, makes clear that boards are expected to oversee the ethical acquisition, development and use of information systems, a framing that brings AI squarely into the board’s remit.

That is becoming more urgent as organisations embed machine-learning tools into forecasting, customer service, fraud detection and operational planning. The risks are not theoretical. In Australia, a government-commissioned report was found to contain AI-generated errors, including fabricated references, which triggered reputational harm and repayment obligations for the consultancy involved. In another case, reported in February 2026, a global consulting firm partner was fined for using AI to cheat during internal training, while more than two dozen staff were found to have misused AI in assessments. The lesson, governance experts say, is that technology can accelerate failure just as easily as efficiency if oversight is weak.

South Africa is also moving towards a broader policy framework. The Draft National AI Policy, approved by Cabinet in March 2026 and released for public comment in April, signals that government sees AI governance as a national priority rather than a niche technical issue. Legal commentators say the draft points to a sector-specific, multi-regulator model that would place oversight inside existing supervisory structures rather than create a single central AI regulator. Supporters argue that approach better reflects South Africa’s institutional landscape and the need for context-specific expertise.

For boards, the practical implication is clear: AI governance cannot be left to IT teams alone. Directors are being urged to identify where automated systems already influence decisions, define accountability for oversight and test whether the data feeding those systems is reliable, lawful and ethically sourced. As firms and regulators race to catch up with the speed of automation, King V is likely to be judged not just on compliance, but on whether it helps boards govern intelligent systems with the same seriousness they apply to executives and balance sheets.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[2], ^[6] - Paragraph 2: ^[1], ^[6] - Paragraph 3: ^[1], ^[7] - Paragraph 4: ^[4], ^[5], ^[3] - Paragraph 5: ^[1], ^[4], ^[7]

Source: Noah Wire Services

European AI project aims to transform air traffic control with trust-enhancing teamwork tools

Fri, 01 May 2026 09:03:28 +0000

The European DIALOG project is developing a 'Teamwork Assistant' to support air traffic controllers through real-time inference of intent and workload, promoting safer, more efficient skies without replacing human decision-making.

The European DIALOG project is exploring a deceptively simple idea: that artificial intelligence in air traffic control should behave less like a replacement and more like a dependable colleague. Coordinated by SINTEF and backed by EU research funding through the SESAR 3 Joint Undertaking, the initiative is building a "Teamwork Assistant" intended to support controllers rather than take decisions away from them. According to the project partners, the system is being designed to infer intent, track workload and respond to the controller’s needs in real time.

That ambition matters because aviation is one of the most demanding environments in which to introduce automation. As traffic grows and pressure rises to cut emissions, AI tools are being looked at for route optimisation, lower fuel burn and better use of airspace. But the DIALOG team argues that safety-critical operations depend on trust, transparency and human authority. The project’s central premise is that controllers must understand what the digital assistant is doing, be able to override it instantly and remain accountable for the final call.

The technical work is built around speech recognition, analysis of pilot-controller exchanges and machine-learning methods that assess attention and workload from voice, physiological signals and behavioural cues, according to SINTEF and the SESAR project pages. In practical terms, the assistant is meant to adapt to the controller’s state, the traffic picture and the wider operational context, rather than forcing staff to adapt to the machine’s logic. The aim is to preserve situational awareness while easing repetitive tasks that can drain focus over long shifts.

In March 2026, the project reached an important validation stage when Deep Blue led simulation exercises with licensed air traffic controllers in realistic test conditions. The early feedback, as described by the project, was positive: controllers said the assistant helped them stay oriented and reduce fatigue during routine work, while leaving them freer to concentrate on higher-risk decisions. The broader goal is not automation for its own sake, but a model of human-AI teaming that can support safer, more efficient airspace management and, in turn, contribute to lower-emissions flying.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph: - Paragraph 1: ^[2], ^[3] - Paragraph 2: ^[1] - Paragraph 3: ^[2], ^[3], ^[4] - Paragraph 4: ^[1], ^[2], ^[3]

Source: Noah Wire Services