Paul Moore Hacks EU App, Pentagon Signs Broad AI Deals

Researcher Paul Moore Breaches EU Age Verification App Within Hours

• The European Union launched its age verification app in mid April.
• Security researcher Paul Moore reportedly accessed it within hours of launch.
• The incident warns of risks in EUDI framework digital identity tools.

BRUSSELS, May 01 (TNGB) – The European Union deployed its age verification application as part of the EUDI framework in mid April to support online age checks across member states. Security researcher Paul Moore reportedly gained unauthorized access to the system within hours of its public availability, demonstrating a critical vulnerability in the authentication process. Reports on May 1 emphasized that the breach occurred well before widespread adoption and raised questions about security testing for similar tools planned in the United Kingdom.

The incident shows that even targeted verification systems require extensive pre launch validation to prevent early exploitation.

US Duo Sentenced for BlackCat Ransomware Affiliate Activities

• Ryan Goldberg and Kevin Martin received sentences on April 30.
• They allegedly deployed BlackCat against US medical and engineering firms.
• Angelo Martino reportedly used his negotiator role to leak victim data.

WASHINGTON D.C., May 01 (TNGB) – Ryan Goldberg of Georgia and Kevin Martin of Texas were sentenced on April 30 for operating as affiliates of the ALPHV BlackCat ransomware group. Between April and December 2023 the pair reportedly paid operators a twenty percent cut of proceeds while targeting American victims in the medical and engineering sectors. They allegedly split a one point two million dollar Bitcoin ransom three ways with co conspirator Angelo Martino after leaking confidential patient data from one victim to increase pressure for payment.

Federal authorities pursued Goldberg internationally before his capture, resulting in prison terms designed to deter similar insider enabled attacks.

Ubuntu Website Hit by DDoS Extortion Campaign From 313 Team

• Ubuntu services faced a DDoS attack that shifted to extortion on May 1.
• The 313 Team also known as Islamic Cyber Resistance claimed responsibility.
• The campaign reportedly demanded payment to restore access to ubuntu.com.

LONDON, May 01 (TNGB) – Canonical’s Ubuntu website and related services experienced a distributed denial of service attack on May 1 that disrupted downloads and support resources for users worldwide. Attackers from the 313 Team, also identified as Islamic Cyber Resistance operating from Iraq, reportedly transitioned the disruption into an extortion demand by threatening continued outages unless payment was made. The incident affected both individual developers and enterprise deployments reliant on the platform.

The shift from pure disruption to financial shakedown illustrates evolving tactics among state linked cyber groups.

CVE-2026-31431 Linux Copy Fail Flaw Prompts CERT-EU Patch Alerts

• A 2017 cryptography optimization error in Linux grants root access.
• The flaw CVE-2026-31431 was disclosed around April 29.
• Global researchers and CERT-EU issued urgent patch recommendations.

WORLDWIDE, May 01 (TNGB) – Security researchers identified a vulnerability in the Linux kernel stemming from a cryptography optimization flaw introduced in 2017 that allows local users to obtain root privileges on most major distributions. Designated CVE-2026-31431 and nicknamed Copy Fail, the issue was disclosed around April 29 with coordinated alerts from CERT-EU and international teams. Administrators received guidance to apply available patches immediately to prevent local privilege escalation.

The long hidden nature of the flaw underscores the value of ongoing code audits in foundational open source systems.

Reports Show Social Media Bans Ineffective Against Child Safety Risks Worldwide

• Multiple countries implemented social media age restrictions with limited success.
• Young users reportedly bypass controls through VPNs and alternate accounts.
• Ongoing analyses indicate persistent exposure to harmful content.

LONDON, May 01 (TNGB) – Evaluations of social media bans and age verification mandates in several nations reveal that such measures have not substantially reduced children’s encounters with inappropriate material online. Users as young as twelve reportedly continue accessing restricted platforms by employing virtual private networks or creating secondary profiles that evade detection. The pattern appears consistent across Europe, North America, and parts of Asia based on recent usage data.

Broad access restrictions alone fail to address the underlying challenges of content moderation at scale.

Pentagon Announces May 1 AI Deals With OpenAI Google Nvidia and Others Excluding Anthropic

• The Defense Department finalized classified AI contracts on May 1.
• Partners include OpenAI, Google, Nvidia, SpaceX, Microsoft, AWS and Reflection.
• Anthropic was excluded reportedly due to ongoing disputes over model access.

WASHINGTON D.C., May 01 (TNGB) – The Pentagon completed a series of classified artificial intelligence agreements on May 1 with OpenAI, Google, Nvidia, SpaceX, Microsoft, AWS, and Reflection to advance defense applications. Anthropic was notably omitted from the partnerships amid reported disagreements regarding usage terms and safety protocols for its models. The contracts focus on secure integration of advanced capabilities into military systems while maintaining strict classification controls.

The selective approach reflects deliberate choices in balancing innovation speed with security requirements.

Elon Musk Encounters Mixed Rulings in Ongoing OpenAI Court Case

• The OpenAI lawsuit against Elon Musk advanced with mixed outcomes.
• Proceedings began on April 27 and produced varied judicial decisions.
• Developments reportedly affect strategic directions for involved companies.

SAN FRANCISCO, May 01 (TNGB) – Elon Musk faced a series of court rulings in the ongoing OpenAI litigation that began on April 27, with some decisions favoring the company and others preserving aspects of his legal position. The case centers on governance and mission disputes at the artificial intelligence firm. Attorneys for both sides continue preparing additional arguments as the matter proceeds through federal court.

The mixed results highlight the complexity of disputes involving foundational technology organizations and their original stakeholders.

Britain’s NCSC Issues Recent Warnings on AI Accelerated Security Flaws

• The National Cyber Security Centre highlighted AI driven vulnerability discovery.
• Organizations must prepare for faster patch cycles according to recent guidance.
• Risks of widespread exploitation have reportedly increased.

LONDON, May 01 (TNGB) – Britain’s National Cyber Security Centre issued updated advisories in recent weeks urging organizations to accelerate software update processes in response to artificial intelligence tools that speed up the identification of security weaknesses. The guidance notes that AI capabilities have shortened the window between vulnerability discovery and potential exploitation by malicious actors. Entities are advised to enhance monitoring and automate patch deployment where feasible.

Preparation for compressed threat timelines has become a priority for both public and private sector operators.

Critical cPanel CVE-2026-41940 Vulnerability Shows Active Exploitation Since February

• A zero day authentication bypass in cPanel has affected millions of sites.
• Exploitation began in February with public disclosure on April 28.
• Active attacks continue as administrators apply remediation measures.

LONDON, May 01 (TNGB) – The critical cPanel vulnerability identified as CVE-2026-41940 permits unauthorized authentication bypass and has been under active exploitation since February despite its zero day status at the time. Public details emerged on April 28, prompting immediate warnings that millions of websites using the popular control panel could be exposed to data theft or defacement. Security firms continue tracking ongoing campaigns targeting unpatched installations.

Website operators face urgent pressure to update systems before additional compromises occur.

Apple Reports Multi Month Delays for Mac Mini and Studio Due to Supply Issues

• Apple confirmed extended wait times for Mac mini and Mac Studio orders.
• Chief executive Tim Cook addressed the delays during April 30 earnings.
• Component availability constraints reportedly extend fulfillment by several months.

CUPERTINO, May 01 (TNGB) – Apple acknowledged during its April 30 earnings discussion that customers ordering certain Mac mini and Mac Studio configurations face delays of several months due to ongoing component supply limitations. The company attributed the backlog to specific parts shortages affecting production volumes. Retail channels and direct sales both reflect the extended lead times for configured systems.

Strong demand for professional desktop models continues to test supply chain resilience at the company.