Security
2445 tech articles in this category
-
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system. Adam Kues at Assetnote, Searchlight Cyber's attack surface management arm, found the flaw and reportedView the full article
- 0 comments
- 5 views
-
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red Team, which reported the denial-of-service bug and named it, published theView the full article
- 0 comments
- 4 views
-
CISOs at government organizations and universities have an unexpected ally coming to their aid: OnlyFans models. For some time, hackers have exploited weaknesses in the websites of universities or government departments to host scams or malware, using content stolen from the OnlyFans website as bait to attract victims. Now, according to security researchers at Upguard, the fightback has begun: creators of adult content on OnlyFans are leveraging Google search results and the protection o
- 0 comments
- 4 views
-
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late. The intel feed behind that counterView the full article
- 0 comments
- 3 views
-
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors usingView the full article
- 0 comments
- 3 views
-
The European Union is stepping up its actions against US tech giants under the Digital Markets Act, which is intended to ensure fair competition between digital platforms. On Thursday, the European Commission issued two rulings to limit Google’s dominance. The Commission ordered Google to open up the Android operating system to AI assistants other than its own Gemini, ensuring that they had the same access to applications and operating system services. A second ruling ordered Google to share
- 0 comments
- 3 views
-
The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security. Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you wo
- 0 comments
- 3 views
-
Most organizations I work with have invested heavily in cloud security. They have endpoint detection tools, SIEM platforms, cloud security posture management, and skilled security teams running on a 24/7 shift. And yet, when I ask them a simple question — who has admin access in your Salesforce tenant right now? — The room goes quiet. Nobody knows. Not because they are negligent. Because they genuinely cannot see it. That is the SaaS blind spot. Figure 1: The Blind Spot and what SSPM cove
- 0 comments
- 3 views
-
Threat actors are now abusing an ordinary font file to deliver low-detection malware capable of stealing credentials and establishing persistence on compromised Windows systems. According to a new research from Fortinet’s FortiGuard Labs, a global phishing campaign is actively using heavily obfuscated JavaScript and a Lua-based loader posing as a TrueType Font (TTF) file to evade security and drop RATs and infostealers. A TTF file is a standard font file used by operating systems and app
- 0 comments
- 4 views
-
Shadow IT has long been a major problem for CISOs, but the biggest problem may be coming from the executive suite’s hunger for unsanctioned AI. Nearly two-thirds of senior decision-makers admit to using unapproved AI tools, compared to just 31% of lower-level employees, according to a survey by Microsoft solutions partner TrustedTech. The use of shadow AI is prevalent among senior executives even though three in four employees acknowledge security or data privacy risks related to the pra
- 0 comments
- 3 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question is CVE-2026-58644 (CVSS score: 9.8), a critical deserializationView the full article
- 0 comments
- 4 views
-
Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network access.” The issue is especially significant given Zoom’s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers. Given that reach, Zoom has been impacted by many other security incidents and France recently tried banning its use by French government users. Zoom security bulletins
- 0 comments
- 6 views
-
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities affecting the on-premises collaboration platform are being actively exploited. A recent advisory from the federal cybersecurity watchdog asked administrators to patch vulnerable servers, review Microsoft’s mitigation guidance, and assume that internet-facing SharePoint instances remain attractive targets for att
- 0 comments
- 7 views
-
The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging software manufacturers and online service providers to establish coordinated vulnerability disclosure (CVD) programs, saying structured engagement with security researchers can help improve vulnerability management and product security. Published jointly with the US National Security Agency (NSA), Japan Computer Emergency Response Team Coordination Center (
- 0 comments
- 5 views
-
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for security teams. It alsoView the full article
- 0 comments
- 5 views
-
Most security leaders I know working on AI robotics are being shown the same kind of video. A humanoid folds a shirt, sorts a bin, walks a warehouse aisle and a vendor uses the clip to move an embodied AI system from pitch to purchase order. Someone then has to sign off. Robot demos create procurement momentum before security teams receive the artifacts needed to evaluate the system as cyber-physical infrastructure. Before the book, I prepared cloud infrastructure operating in China and the
- 0 comments
- 6 views
-
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums heView the full article
- 0 comments
- 7 views
-
A few years ago, I was retained to conduct a digital risk review for the chief executive of a mid-sized financial services firm. The brief was standard. Assess what was publicly available about the executive, identify exposure and advise on remediation. The AI tools I used completed the substantive reconnaissance in under ten minutes. What came back was a synthesized profile. Board memberships and the dates they started. A pattern of public commentary that revealed which policy positions the
- 0 comments
- 8 views
-
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS score: 9.8), affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. "Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client forView the full article
- 0 comments
- 8 views
-
Security experts are calling on enterprises to revise their vulnerability management strategies and move towards “just in time” patching in response the increased pace of vulnerability exploitation. Attackers are turning to AI to increase the rate of vulnerability exploitation and supply chain compromise so that traditional forms of vulnerability management are no longer keeping pace. Muhammad Yahya Patel, vCISO and cybersecurity advisor for EMEA at managed security services vendor Huntr
- 0 comments
- 7 views
-
Attacks targeting developer ecosystems are increasing in frequency and sophistication, with Node.js developers firmly in this week’s crosshairs, as multiple npm packages belonging to the open-source AsyncAPI and Jscrambler Code Integrity were poisoned with malware following compromised development credentials. The incidents highlight the cascading effect of software supply chain attacks in which stolen credentials are then used to perpetrate additional compromises. Security researchers advis
- 0 comments
- 11 views
-
Attackers who already have administrator privileges on a Windows machine have newer ways to slip past endpoint security without exploiting a vulnerable driver or modifying trusted binaries. Bitdefender researchers have warned against three techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to occupy security tools with clean files while malicious ones execute undetected. The techniques can be used “to blind EDR sensors and bypass built-in Windows
- 0 comments
- 10 views
-
The White House is expanding the use of AI beyond cyber threat detection into vulnerability management, launching a new program that aims to help government agencies and critical infrastructure operators identify, prioritize, and remediate software vulnerabilities faster. Called Gold Eagle, the initiative will act as a centralized clearinghouse for cybersecurity vulnerabilities, coordinating vulnerability reporting, verification, and remediation across federal agencies, open-source software
- 0 comments
- 7 views
-
Two vulnerabilities found in Anthropic’s Claude for Chrome extension remain exploitable months after they were reported to the company, a research by Manifold Security noted. According to the researchers, the flaws can allow a malicious browser extension to trigger Claude into performing privileged actions, including reading Gmail messages, Google Docs content, and Calendar entries on behalf of a user. In a new blog post, the researchers said the issues are reproducible in Claude for Chr
- 0 comments
- 8 views
-
With the World Cup in full swing, stadiums across North America are currently accommodating thousands of fans every match day. That said, the stadiums’ biggest security challenge isn’t of a physical nature. It is not hyperbolic to say that football stadiums are some of the most chaotic endpoint environments in enterprise IT. On game days, tens of thousands of unmanaged, unknown devices connect to stadium networks, alongside payment systems, digital displays, operations platforms and venue st
- 0 comments
- 8 views
-
Ask any medical doctor, and they’ll tell you that prevention is better than cure. It’s more cost-effective and it has better outcomes. The same is true in cybersecurity. But we believe that our industry has veered too far away from this simple concept. We observe that most new tools are detection-focused, and we are calling for cyber innovators and venture capital to re-emphasize and invest resources into blocking rather than just discovering problems. The reasons that cybersecurity reli
- 0 comments
- 15 views
-
Security engineers play a pivotal role in enterprise cybersecurity, because they are the professionals who design, build, and deploy security systems to protect an organization’s data, applications, systems, networks, and other IT components against a variety of cyber threats. Finding not just qualified security engineers, but the best and brightest available, needs to be a priority for CISOs and others overseeing security at their organizations. That’s especially true with the rapid rise of
- 0 comments
- 8 views
-
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit toView the full article
- 0 comments
- 24 views
-
Passkeys have been around for some time, but enterprise-wide adoption to this point has been slow for a number of reasons. But soon, many Microsoft customers won’t have a choice. Starting September 1, Microsoft will roll out passkeys as the default authentication method in its cloud-based identity and access management (IAM) service Entra ID. And following a transition period, Microsoft-provided SMS and voice authentication will officially end on February 1, 2027. With this move, Microso
- 0 comments
- 9 views
-
Earlier this month Microsoft warned that, because the latest AI models can now help discover vulnerabilities, CSOs will see a higher volume of security updates every month. It wasn’t kidding. Today the company issued a record number of patches, with 59 rated as critical. And Microsoft is now recommending that customers accelerate their patching schedules to more quickly deal with critical flaws. “Normally we have to wait for October or November to determine if we’ll break the previous [a
- 0 comments
- 9 views
-
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware c
- 0 comments
- 8 views
-
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that couldView the full article
- 0 comments
- 8 views
-
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to the View the full article
- 0 comments
- 7 views
-
A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise. The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company ZeroBEC. Forg365 was offered with a five
- 0 comments
- 18 views
-
Seventy-one percent of organizations say AI has access to core business systems. Only 16% govern that access effectively, according to the 2026 CISO AI Risk Report. Ask your IR team three questions: Where is your AI system inventory? What happens if a production model starts generating harmful outputs? Who has the authority to take it offline? I’ve spent 14 years in security — energy, banking, telecom, manufacturing. Red team work, detection programs and the last several years focused on AI
- 0 comments
- 17 views
-
Enterprises have worked for years to improve detection and response times in the face of increasingly sophisticated attacks that relied on manual hacking and living-of-the-land techniques. AI is now threatening to undo those efforts. An increasing number of threat actors are automating all phases of attacks, including lateral movement by using LLM-powered agents, severely reducing the time from initial access to deep environment compromises. “The real shift is speed, scale, and orchestra
- 0 comments
- 15 views
-
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. In View the full article
- 0 comments
- 10 views
-
Global security agencies say enterprises must clean up their act as Russian government-sponsored attackers exploit weaknesses in routers. According to a new multinational cybersecurity advisory, cyberattackers continue to exploit inadequately-protected and/or poorly-configured network devices via age-old tactics. Threat actors scan for weakened devices, typically routers, allowing them to “opportunistically” compromise critical infrastructure networks, according to the bulletin from 19 feder
- 0 comments
- 10 views
-
The US authorities NSA, FBI, and CISA warn that Russian hackers have recently carried out a number of attacks on critical infrastructure in North America and Europe. Hackers are reportedly breaking into networks using vulnerable and misconfigured routers, making it extra important to install the latest security patches. The most vulnerable are infrastructure related to energy, communications, healthcare, industry, the economy, and defense. Authorities in Australia, the UK, Canada, New Ze
- 0 comments
- 10 views
-
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue tooView the full article
- 0 comments
- 10 views
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency’s initial response provide important lessons that all security teams should absorb. On May 15, 2026, the security firm GitGuardian asked for help in no
- 0 comments
- 10 views
-
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. TheView the full article
- 0 comments
- 10 views
-
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishingView the full article
- 0 comments
- 11 views
-
RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure. The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants. “RabbitMQ is the plumbing that moves data between services inside modern applic
- 0 comments
- 11 views
-
RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure. The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants. “RabbitMQ is the plumbing that moves data between services inside modern applic
- 0 comments
- 10 views
-
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using your phone. Some versions in the filing would listen all day; others wouldView the full article
- 0 comments
- 16 views
-
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped out the broader architecture, something kept nagging at me. The design they were buildingView the full article
- 0 comments
- 11 views
-
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of theView the full article
- 0 comments
- 10 views
-
Jurassic Park wasn’t really about dinosaurs. It was about arrogant people building systems they believed were controllable. “Life finds a way” is probably the most famous line from the entire franchise. Ian Malcolm’s warning that no matter how sophisticated the technology becomes, no matter how expensive the fences are, and no matter how confident the operators feel, nature eventually escapes containment. And in every movie, it does. The dinosaurs always get out. The system
- 0 comments
- 10 views
-
Jurassic Park wasn’t really about dinosaurs. It was about arrogant people building systems they believed were controllable. “Life finds a way” is probably the most famous line from the entire franchise. Ian Malcolm’s warning that no matter how sophisticated the technology becomes, no matter how expensive the fences are, and no matter how confident the operators feel, nature eventually escapes containment. And in every movie, it does. The dinosaurs always get out. The system
- 0 comments
- 9 views
-
Picture the moment after an AI issue is reported. A security analyst is reviewing a ticket reporting that an internal AI tool produced the wrong recommendation in a live business workflow. The risk is not theoretical anymore. Someone wants to know whether this is a security incident, a model issue, a privacy issue, a vendor issue or just “something the AI did.” The risk register has a line item for inaccurate output, and it may even have a severity rating. What it does not have is an ans
- 0 comments
- 14 views
-
Picture the moment after an AI issue is reported. A security analyst is reviewing a ticket reporting that an internal AI tool produced the wrong recommendation in a live business workflow. The risk is not theoretical anymore. Someone wants to know whether this is a security incident, a model issue, a privacy issue, a vendor issue or just “something the AI did.” The risk register has a line item for inaccurate output, and it may even have a severity rating. What it does not have is an ans
- 0 comments
- 9 views
-
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says. “Now with proper application of AI, we can ha
- 0 comments
- 12 views
-
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says. “Now with proper application of AI, we can ha
- 0 comments
- 9 views
-
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says. “Now with proper application of AI, we can ha
- 0 comments
- 10 views
-
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at Amazon, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says. “Now with proper application of AI, we can
- 0 comments
- 9 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below - CVE-2026-48939 - A vulnerability in theView the full article
- 0 comments
- 26 views
-
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it. Socket flagged the release six minutes after it wasView the full article
- 0 comments
- 22 views
-
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal andView the full article
- 0 comments
- 23 views
-
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "TheView the full article
- 0 comments
- 20 views
-
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version wasView the full article
- 0 comments
- 15 views
-
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external securityView the full article
- 0 comments
- 13 views
-
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious image in front of the bootloader run their own code, before the deviceView the full article
- 0 comments
- 12 views
-
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out. This is not an emergency for most owners. The attack needsView the full article
- 0 comments
- 21 views
-
Members of the European Parliament (MEPs) have failed to block a proposal extending the mass scanning of private communications, a measure they have previously rejected twice. This time too, more votes were cast against the proposal than in favor, but due to the absence of numerous MEPs on the eve of the summer recess, the motion to reject did not attain the necessary absolute majority. The proposal passed by default. Similarly, an amendment to require warrants for the scanning received
- 0 comments
- 14 views
-
Members of the European Parliament (MEPs) have failed to block a proposal extending the mass scanning of private communications, a measure they have previously rejected twice. This time too, more votes were cast against the proposal than in favor, but due to the absence of numerous MEPs on the eve of the summer recess, the motion to reject did not attain the necessary absolute majority. The proposal passed by default. Similarly, an amendment to require warrants for the scanning received
- 0 comments
- 9 views
-
Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious. The five new types of attack that CrowdStrike has added to its prompt injection taxonomy are: Trigger-Activated Rule Addition in which an attacker adds a new rule that looks innocuous at fi
- 0 comments
- 14 views
-
Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious. The five new types of attack that CrowdStrike has added to its prompt injection taxonomy are: Trigger-Activated Rule Addition in which an attacker adds a new rule that looks innocuous at fi
- 0 comments
- 9 views
-
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows - GHSA-hjr6-g723-hmfm (CVSS score: 8.8) - An operating systemView the full article
- 0 comments
- 14 views
-
Security leaders have made strong progress in visibility. Most organizations can now identify vulnerabilities across their applications, dependencies and development pipelines with far more consistency than in the past. Yet a fundamental imbalance remains: Vulnerabilities are being discovered faster than they can be remediated. That imbalance is growing. Today, 82% of organizations carry security debt, defined as accumulated vulnerabilities that have remained unresolved for more than a year.
- 0 comments
- 35 views
-
Security leaders have made strong progress in visibility. Most organizations can now identify vulnerabilities across their applications, dependencies and development pipelines with far more consistency than in the past. Yet a fundamental imbalance remains: Vulnerabilities are being discovered faster than they can be remediated. That imbalance is growing. Today, 82% of organizations carry security debt, defined as accumulated vulnerabilities that have remained unresolved for more than a year.
- 0 comments
- 10 views
-
Microsoft is warning defenders about a new backdoor that blurs the line between espionage malware and wipers. In a technical analysis published on Thursday, Microsoft Threat Intelligence detailed GigaWiper, a Golang-based implant first observed in October 2025 intrusions that combines remote administration capabilities with multiple disk-wiping and ransomware routines. Rather than building a new destructive tool from scratch, the operators assembled GigaWiper from several existing malwar
- 0 comments
- 11 views
-
Microsoft is warning defenders about a new backdoor that blurs the line between espionage malware and wipers. In a technical analysis published on Thursday, Microsoft Threat Intelligence detailed GigaWiper, a Golang-based implant first observed in October 2025 intrusions that combines remote administration capabilities with multiple disk-wiping and ransomware routines. Rather than building a new destructive tool from scratch, the operators assembled GigaWiper from several existing malwar
- 0 comments
- 10 views
-
Check Point Software CTO Jonathan Zanger met with CSO Spain during the software company’s Engage 2026 user conference last week in Paris. At the event, Check Point executives and representatives discussed how the company is dealing with various types of threats, how it is adopting AI securely, and how Check Point and others can leverage AI for their own benefit. “That’s why I believe 2026 is a fascinating year to work in this field. Every technological change drastically affects cybersec
- 0 comments
- 12 views
-
Check Point Software CTO Jonathan Zanger met with CSO Spain during the software company’s Engage 2026 user conference last week in Paris. At the event, Check Point executives and representatives discussed how the company is dealing with various types of threats, how it is adopting AI securely, and how Check Point and others can leverage AI for their own benefit. “That’s why I believe 2026 is a fascinating year to work in this field. Every technological change drastically affects cybersec
- 0 comments
- 8 views
-
A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz. “We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a ma
- 0 comments
- 15 views
-
A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz. “We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a ma
- 0 comments
- 10 views
-
A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system. Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI servic
- 0 comments
- 17 views
-
A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system. Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI servic
- 0 comments
- 11 views
-
The UK’s National Cyber Security Centre (NCSC) wants to deploy autonomous AI agents capable of finding and neutralizing cyberattacks on national networks in real time, marking Britain’s push toward a sovereign, machine-speed cyber defense system. The blueprint, called Cyber Shield, was developed jointly with the Department for Science, Innovation and Technology (DSIT). “The objective of Cyber Shield is to build a national-scale, collaborative approach to agentic cyber defence, using fron
- 0 comments
- 16 views
-
The UK’s National Cyber Security Centre (NCSC) wants to deploy autonomous AI agents capable of finding and neutralizing cyberattacks on national networks in real time, marking Britain’s push toward a sovereign, machine-speed cyber defense system. The blueprint, called Cyber Shield, was developed jointly with the Department for Science, Innovation and Technology (DSIT). “The objective of Cyber Shield is to build a national-scale, collaborative approach to agentic cyber defence, using fron
- 0 comments
- 9 views
-
In a client engagement last year, an LLM-based deployment agent with standing access to a production Kubernetes cluster triggered a four-hour outage through a malformed configuration push. In the IAM, the agent appeared as a service account with a long-lived API key, no MFA, no scoped revocation path. When the incident review team asked which human had authorized the agent’s last action, no one in the room could answer. I have watched a version of that question go unanswered in three engagements
- 0 comments
- 28 views
-
In a client engagement last year, an LLM-based deployment agent with standing access to a production Kubernetes cluster triggered a four-hour outage through a malformed configuration push. In the IAM, the agent appeared as a service account with a long-lived API key, no MFA, no scoped revocation path. When the incident review team asked which human had authorized the agent’s last action, no one in the room could answer. I have watched a version of that question go unanswered in three engagements
- 0 comments
- 9 views
-
Security leaders have been on a spending sprint. The global AI in cybersecurity market is valued at $44 billion in 2026 and is projected to reach $213 billion by 2034, a trajectory that reflects genuine belief that machine learning will close the gap between the volume of threats and the capacity of human analysts. That belief is not wrong. What is wrong is where most organizations focus when the tools stop working. When AI-driven detection underperforms, the instinct is to tune the algorith
- 0 comments
- 18 views
-
Security leaders have been on a spending sprint. The global AI in cybersecurity market is valued at $44 billion in 2026 and is projected to reach $213 billion by 2034, a trajectory that reflects genuine belief that machine learning will close the gap between the volume of threats and the capacity of human analysts. That belief is not wrong. What is wrong is where most organizations focus when the tools stop working. When AI-driven detection underperforms, the instinct is to tune the algorith
- 0 comments
- 8 views
-
Poorly segmented networks and weak security controls continue to undercut security organizations’ ability to identify and contain attacks, giving attackers free rein after initial compromise, according to a recent study based on real-world enterprise security telemetry. Zero Networks’ 2026 Lateral Movement Exposure Report — based on analysis of 54 trillion activities across 312 live enterprise environments — found that more than 80% of enterprise servers are reachable from anywhere inside th
- 0 comments
- 22 views
-
Poorly segmented networks and weak security controls continue to undercut security organizations’ ability to identify and contain attacks, giving attackers free rein after initial compromise, according to a recent study based on real-world enterprise security telemetry. Zero Networks’ 2026 Lateral Movement Exposure Report — based on analysis of 54 trillion activities across 312 live enterprise environments — found that more than 80% of enterprise servers are reachable from anywhere inside th
- 0 comments
- 9 views
-
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.View the full article
- 0 comments
- 15 views
-
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence firm Infoblox. Once such campaign, observed earlier this year, involved theView the full article
- 0 comments
- 14 views
-
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run amok in. Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members. While individually these requests are “unremarkable,” they become dangerous when they
- 0 comments
- 23 views
-
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run amok in. Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members. While individually these requests are “unremarkable,” they become dangerous when they
- 0 comments
- 8 views
-
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user'sView the full article
- 0 comments
- 14 views
-
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account IRIS C2 (@C2IRIS) has gained more than 4,000 followers since its creation in January 2025, posting frequently about security vulnerabilities, A
- 0 comments
- 14 views
-
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s preview Agentic Workflows by submitting a crafted
- 0 comments
- 15 views
-
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s preview Agentic Workflows by submitting a crafted
- 0 comments
- 8 views
-
Cybercriminals are exploiting India’s tax filing season with a new malware campaign that refuses to put all its eggs in one basket. Researchers at Cyderes have uncovered a sophisticated phishing operation that poses as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain, giving attackers persistent access to compromised systems. Indians receive fake tax assessment emails that pressure them into downloading what appears to be an offi
- 0 comments
- 12 views
-
Cybercriminals are exploiting India’s tax filing season with a new malware campaign that refuses to put all its eggs in one basket. Researchers at Cyderes have uncovered a sophisticated phishing operation that poses as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain, giving attackers persistent access to compromised systems. Indians receive fake tax assessment emails that pressure them into downloading what appears to be an offi
- 0 comments
- 9 views
-
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that's responsible for maintaining and proliferating LapDogs, an ORB network that first came to light in June 2025.View the full article
- 0 comments
- 10 views
-
I’ve spent two years doing incident response and threat intel, and the one habit I’d keep if I had to give up every other is also the most boring. I don’t act on a piece of intelligence until I’ve checked it against the thing it claims to describe. It’s slow. It’s tedious. Almost nobody does it, because checking costs the exact time the feed was supposed to save. So, we read the report, nod and move on. That works fine most weeks. The weeks it doesn’t are the ones I remember, and the one I keep
- 0 comments
- 14 views