TikTok has told the BBC it will not implement end-to-end encryption (E2EE) for direct messages on its platform, according to multiple reports published March 4–5, 2026. The ByteDance-owned app said E2EE would make users “less safe,” arguing that encrypting DMs would prevent its safety teams and law enforcement from accessing message content when needed. TikTok says messages remain protected by standard encryption and can be accessed by authorised employees in response to valid legal requests or reports of harmful behaviour. The company framed the choice as a deliberate safety measure, particularly to protect younger users. Rival platforms including WhatsApp, Apple’s iMessage, Meta’s Messenger (in some modes) and X already offer E2EE for many private chats. Reports note it is unclear whether TikTok’s US entity, spun off under the TikTok USDS joint venture, shares the same stance, and TikTok did not say whether its Beijing-based parent influenced the decision.

A multinational law enforcement operation dubbed Operation PowerOFF dismantled infrastructure supporting commercial distributed denial-of-service (DDoS)-for-hire services, seizing 53 domains, taking four people into custody and executing about 25 search warrants. Authorities from 21 countries, coordinated by Europol and partners, recovered databases containing more than 3 million user accounts and sent warning emails and letters to over 75,000 suspected users identified from the seized systems. The crackdown also removed more than 100 advertising URLs for booter services from search results and ran targeted search ads to deter would-be users. Officials said the action disrupted IP stressors and other technical components that allowed non-technical criminals to launch attacks on websites, servers and networks — activities tied to extortion, hacktivism and disruption of online services. The operation builds on earlier takedowns and follows a recent pattern of law enforcement targeting easily accessible DDoS-for-hire tools that can inflict large-scale outages and economic harm.

The U.S. Department of Justice on April 15 announced prison terms for two New Jersey men who helped a North Korean government-run operation place remote IT workers inside American companies. Kejia (Tony) Wang, 42, was sentenced to 108 months and Zhenxing (Danny) Wang, 39, to 92 months after pleading guilty to conspiracy charges including wire fraud, money laundering and identity theft. Prosecutors say the men ran or hosted so‑called “laptop farms,” created shell companies and used the stolen identities of at least 80 U.S. residents to secure jobs for North Korean operatives at more than 100 U.S. firms, including Fortune 500 companies and a California-based defense contractor. The scheme generated roughly $5 million for the DPRK and inflicted an estimated $3 million in remediation and legal costs on victim firms; the defendants and co‑facilitators collected about $696,000, of which $600,000 was ordered forfeited. Court filings say one overseas worker accessed export‑controlled data. Authorities continue to seek additional co‑conspirators and have offered rewards for information.

The U.S. National Institute of Standards and Technology (NIST) said this week it will drastically narrow which Common Vulnerabilities and Exposures (CVE) entries receive detailed analysis — or “enrichment” — in the National Vulnerability Database (NVD). Facing a swelling backlog and a 263% rise in CVE submissions between 2020 and 2025, NIST will prioritize enrichment only for CVEs listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, flaws affecting software used by the federal government, and defects in “critical software” defined under Executive Order 14028. All CVEs will still be listed, but many will be marked “Not Scheduled” and not receive NIST-authored CVSS scores; the agency will generally accept severity ratings supplied by CVE Numbering Authorities. NIST said it enriched nearly 42,000 CVEs in 2025 and that submissions in early 2026 are roughly one-third higher than a year earlier. The change follows a 2024 funding lapse and an operational strain amplified by AI-driven vulnerability discovery. Users can request case-by-case enrichment via nvd@nist.gov. The agency said the shift buys time to build automated tools and stabilize the NVD program.

Microsoft has deployed new protections in its April 2026 cumulative updates for Windows 10 and Windows 11 to block a growing phishing vector that abuses Remote Desktop Protocol (.rdp) files. The updates (including KB5082200 for Windows 10 and KB5083769 / KB5082052 for Windows 11) introduce a one‑time educational prompt when users first open an RDP file and then require a security dialog on subsequent opens. That dialog displays whether the file is digitally signed, the remote system address, and lists any requested local resource redirections (drives, clipboard, devices) which are disabled by default until explicitly approved. The protections apply only when RDP files are opened directly, not to connections initiated inside the Remote Desktop client. Administrators can temporarily disable the warnings via a registry policy, and Microsoft warns that file signatures do not guarantee safety. The change responds to real-world abuse — notably by state‑linked groups using rogue RDP files in phishing campaigns — and Microsoft says future updates may deprecate older connection settings.

Swedish authorities disclosed on April 15, 2026 that a pro‑Russian cyber group with links to Russian intelligence attempted to disrupt operations at a thermal/heating plant in western Sweden in spring 2025. Civil Defence Minister Carl‑Oskar Bohlin said the attack failed because a built‑in protection mechanism prevented serious consequences. The Swedish Security Service identified the actor and the Security Police later closed their investigation, according to officials. Moscow rejected the allegations. Swedish officials framed the incident as part of a rising wave of hybrid and cyber attacks across Europe since Russia’s full‑scale invasion of Ukraine in 2022, noting a shift from denial‑of‑service operations to more sophisticated strikes aimed at operational technology that controls physical infrastructure. The government linked the episode to similar disruption attempts in Poland, Denmark and Norway that targeted energy, water and transport systems. Authorities have not named the affected facility or released technical details of the intrusion publicly.