Security
2445 tech articles in this category
-
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helpsView the full article
- 0 comments
- 37 views
-
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows howView the full article
- 0 comments
- 34 views
-
Last year’s “PhantomRaven” supply-chain campaign is back, with security researchers uncovering 88 new malicious packages in what they describe as the second, third, and fourth waves of the operation. According to Endor Labs findings, the newly discovered packages were published between November 2025 and February 2026, with 81 of them still available on npm along with two active command and control (c2) servers. “PhantomRaven is a software supply chain attack that uses Remote Dynamic Depe
- 0 comments
- 46 views
-
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways thatView the full article
- 0 comments
- 34 views
-
In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The system, developed by Paradox.ai, featured a rookie-level security flaw: the backend for restaurant operators accepted “123456” as both username and password, and lacked multi-factor authentication. As a result, the personal data of around 64 million applicants was in danger. Luckily, the flaw was uncovered by security researchers Ian Carroll
- 0 comments
- 43 views
-
Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen. Pressmaster | shutterstock.com Eine neue Technik mit dem Namen „Zombie ZIP“ ist in der Lage, Payloads in komprimierten Dateien zu verbergen. Sicherheitslösungen wie Antiviren- und EDR-Produkte (Endpoint Detection and Response) können sie nicht entdecken, denn die digitalen Untoten wurden speziell geschaffen, um die Security zu umgehen. Entwickelt wurden sie von Chris Aziz, einem Sicherheitsforscher beim Securi
- 0 comments
- 64 views
-
Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen. Pressmaster | shutterstock.com Eine neue Technik mit dem Namen „Zombie ZIP“ ist in der Lage, Payloads in komprimierten Dateien zu verbergen. Sicherheitslösungen wie Antiviren- und EDR-Produkte (Endpoint Detection and Response) können sie nicht entdecken, denn die digitalen Untoten wurden speziell geschaffen, um die Security zu umgehen. Entwickelt wurden sie von Chris Aziz, einem Sicherheitsforscher beim Securi
- 0 comments
- 64 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patchedView the full article
- 0 comments
- 39 views
-
Ground Picture | shutterstock.com Security-Anbietern stehen viele Wege offen, um CISOs und Sicherheitsentscheider mit Lobpreisungen und Angeboten zu ihren jeweils aktuellen Produkten und Lösungen zu penetrieren. Und die nutzen sie auch: Manche Sicherheitsverantwortliche erhalten mehr als 30 solcher Anfragen pro Woche – per Telefon, E-Mail oder auch über LinkedIn. Um erkennen zu können, ob das potenzielle neue Produkt auch tatsächlich geeignet ist, müssen CISOs vor allem eines tun: die ri
- 0 comments
- 36 views
-
Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails. The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It’s delivered through recruitment channels, and hosted on what an employee, or an email gateway’s filters, would see as trusted cloud infrastructure. When the victim mounts the
- 0 comments
- 35 views
-
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day attacks. The Ivanti EPM vulnerability, tracked as CVE-2026-1603, impacts EPM versions prior to 2024 SU5. It allows a remote, unauthenticated att
- 0 comments
- 42 views
-
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, GuardioView the full article
- 0 comments
- 41 views
-
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency. In a lengthy statement posted to Tel
- 0 comments
- 41 views
-
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - UnauthenticatedView the full article
- 0 comments
- 45 views
-
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds uponView the full article
- 0 comments
- 44 views
-
Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments. With the updated Security Hub, the company said it will introduce a unified operations layer that provides security teams with near real-time risk analytics, automated analysis, and prioritized insights. As enterprise workloads have spread across multiple cloud providers, the expansion of Security Hub aims to addre
- 0 comments
- 45 views
-
Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments. With the updated Security Hub, the company said it will introduce a unified operations layer that provides security teams with near real-time risk analytics, automated analysis, and prioritized insights. As enterprise workloads have spread across multiple cloud providers, the expansion of Security Hub aims to addre
- 0 comments
- 34 views
-
Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations solution capable of aggregating risk signals across multicloud environments. With the updated Security Hub, the company said it will introduce a unified operations layer that provides security teams with near real-time risk analytics, automated analysis, and prioritized insights. As enterprise workloads have spread across multiple cloud providers, the expansion of Security Hub aims to addre
- 0 comments
- 41 views
-
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserializationView the full article
- 0 comments
- 41 views
-
Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Salesforce environments. The group recently posted screenshots on its leak site claiming breaches of “several hundreds” of organizations, including around 400 websites and roughly 100 “high profile companies.” The claims come amid a broader campaign targeting Salesforce deployments through misconfi
- 0 comments
- 36 views
-
Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Salesforce environments. The group recently posted screenshots on its leak site claiming breaches of “several hundreds” of organizations, including around 400 websites and roughly 100 “high profile companies.” The claims come amid a broader campaign targeting Salesforce deployments through misconfi
- 0 comments
- 30 views
-
“You knew, and you could have acted. Why didn’t you?” This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showingView the full article
- 0 comments
- 47 views
-
On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of kinetic battles. The later named “Siege of Petersburg,” was the first recorded instance of the Gatling gun being used in battle. With a rate of fire coming in at 200 plus rounds per minute, the opposing Confederate troops’ muskets were a meager retort to the high velocity barrage of bullets directed a
- 0 comments
- 37 views
-
Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so. Its core principles, never trust, always verify; assume breach; enforce least privilege, have reshaped how organizations think about identity, access and lateral movement. In enterprise IT environments, these principles have produced measurable gains. Identity is stronger. Access is more deliberate. Implicit trust has been reduced. Yet when zero trust is app
- 0 comments
- 43 views
-
HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on Tuesday, the vulnerability sits in the web-based management interface of AOS-CX switches. It requires no authentication, no privileg
- 0 comments
- 37 views
-
Now entering its eighth year, the CSO Hall of Fame spotlights outstanding leaders who have significantly contributed to the practice of information risk management and security. This award honors trailblazers (security leaders with 10+ years in a CSO, CISO or other C-level security position) whose careers have shaped the future of cybersecurity and risk management. Inductees are recognized for their lifetime achievements and enduring contributions to the profession. CSO invites industry
- 0 comments
- 48 views
-
For more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value. The award is an acknowledged mark of cybersecurity excellence. “This year’s award winners show how security teams have repositioned themselves as strategic business enablers,” Beth Kormanik, Content Director of the CSO Cybersecurity Awards & Conference said in a statement. “They tackle business challenges by leveraging new technology and ideas and
- 0 comments
- 39 views
-
AI is being leveraged across organizations to boost productivity, accelerate innovation and optimize business processes. The problem is that adoption has outpaced discipline. Only a minority (23.8%) of organizations have formal AI risk frameworks in place, which is precisely how unauthorized, “shadow AI” takes root, leading to untracked data exposure, compliance friction and poor decisions built on unreliable outputs. An AI risk assessment and management methodology, such as the NIST AI Risk
- 0 comments
- 35 views
-
Now entering its eighth year, the CSO Hall of Fame spotlights outstanding leaders who have significantly contributed to the practice of information risk management and security. This award honors trailblazers (security leaders with 10+ years in a CSO, CISO or other C-level security position) whose careers have shaped the future of cybersecurity and risk management. Inductees are recognized for their lifetime achievements and enduring contributions to the profession. CSO invites industry
- 0 comments
- 38 views
-
For more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value. The award is an acknowledged mark of cybersecurity excellence. “This year’s award winners show how security teams have repositioned themselves as strategic business enablers,” Beth Kormanik, Content Director of the CSO Cybersecurity Awards & Conference said in a statement. “They tackle business challenges by leveraging new technology and ideas and
- 0 comments
- 39 views
-
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, fourView the full article
- 0 comments
- 47 views
-
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used thisView the full article
- 0 comments
- 36 views
-
Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic. Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists. The shift from “living off the land” to “living off the cloud” reflects how attackers have adapted to the enterprise’s migration of IT infrastructure to h
- 0 comments
- 57 views
-
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early MarchView the full article
- 0 comments
- 41 views
-
View the full article
- 0 comments
- 41 views
-
View the full article
- 0 comments
- 42 views
-
What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even unexpectedly masquerades as Donald Trump to get its way. This was what CodeWall found in a recent red-teaming experiment when it pitted its autonomous AI agent against up-and-coming hiring startup Jack & Jill’s AI agents. Within an hour, the agent discovered four “seemingly harmless” bugs
- 0 comments
- 49 views
-
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday. Image: Shutterstock, @nwz. Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-2126
- 0 comments
- 42 views
-
Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most common entry points for attackers,” he explained, “and vulnerabilities that can be triggered through routine documen
- 0 comments
- 61 views
-
Cyber threats have gained the upper hand on many global organizations, attacking through a relentless cycle of new phishing scams, malware attacks and deepfake incidents. As new-age IT and cybersecurity projects continue to proliferate, CIOs, CISOs, and their teams are embracing a variety of cutting-edge strategies to add intelligence to the ever-growing volume of data, build a culture of innovation, and accelerate their cybersecurity road maps. According to ESET Telemetry, the overall volum
- 0 comments
- 35 views
-
AI and cybersecurity are proving to be extremely challenging for organisations. AI is a double-edged sword – as used by threat actors and under effectively by security companies to ward off AI-centric threats besides the traditional threats. Organizations are continuously ramping their cybersecurity skill sets and address a variety of pressing challenges to ensure they are well positioned to build cyber resilience during an era inundated with AI. The biggest challenge for CISOs and CIOs
- 0 comments
- 36 views
-
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topologyView the full article
- 0 comments
- 35 views
-
Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number ofView the full article
- 0 comments
- 43 views
-
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited inView the full article
- 0 comments
- 38 views
-
Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who hasView the full article
- 0 comments
- 45 views
-
A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser data, cryptocurrency wallets, SSH Keys, and Apple Keychain databases before establishing persistence. “The attack is
- 0 comments
- 43 views
-
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,View the full article
- 0 comments
- 37 views
-
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,View the full article
- 0 comments
- 38 views
-
When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing to touch it as long as it “still worked.” That mix of technical debt, operational pressure and regulatory risk makes legacy operational technology (OT) today a time bomb — especially in
- 0 comments
- 34 views
-
OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows. Promptfoo’s tools allow developers to test LLM applications against adversarial prompts, including prompt injection and jailbreak attempts, and to evaluate whether models follow safety and reliability guidelines. In a statement, OpenAI said Promptfoo’s technology will be integrated into Ope
- 0 comments
- 37 views
-
In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in. We often obsess over the perimeter and the sophistication of technical exploits, but many of the most damaging security failures I’ve witnessed didn’t involve a zero-day or an advanced technique. They involved a perfectly “legitimate,” authenticated access request approved by someone with little understanding of the risk they were a
- 0 comments
- 43 views
-
More accreditation and compliance requirements have been added in response to cyber incidents. While these frameworks play an important role in establishing security baselines, true security is more than just achieving a perfect compliance score. As I often say, “policies and procedures won’t stop an attacker, they’ll just have more documents to exfiltrate when they breach us.” Testing how our environments withstand a determined threat actor is the real validation of security posture. That’s
- 0 comments
- 39 views
-
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitiveView the full article
- 0 comments
- 39 views
-
Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows. Yet many of the most widely deployed, enterprise-approved AI systems struggle to support realistic defensive scenarios once prompts resemble real-world attack behavior. This is not because such activity is inherently malicious, but because mainstream AI safety models are designed to prevent broad misuse at scale, rather than distinguish authorized security work from abuse. Me
- 0 comments
- 53 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) thatView the full article
- 0 comments
- 41 views
-
Julien Tromeur | shutterstock.com Weil sich Generative-AI-Lösungen branchenübergreifend verbreiten, wächst das Sicherheitsbedürfnis der Anwender. Diesem gerecht zu werden, ist vor allem deshalb eine Challenge, weil die Technologie enormen Einfluss auf die IT-Infrastruktur und die Unternehmensdaten nimmt. Und weil kriminelle Cyberakteure längst erkannt haben, welches Potenzial für sie in diesem Umstand schlummert. Gefragt sind deshalb neue, breit gefächerte Schutz- und Notfallmaßnahmen un
- 0 comments
- 318 views
-
Julien Tromeur | shutterstock.com Weil sich Generative-AI-Lösungen branchenübergreifend verbreiten, wächst das Sicherheitsbedürfnis der Anwender. Diesem gerecht zu werden, ist vor allem deshalb eine Challenge, weil die Technologie enormen Einfluss auf die IT-Infrastruktur und die Unternehmensdaten nimmt. Und weil kriminelle Cyberakteure längst erkannt haben, welches Potenzial für sie in diesem Umstand schlummert. Gefragt sind deshalb neue, breit gefächerte Schutz- und Notfallmaßnahmen un
- 0 comments
- 57 views
-
A threat actor has found a new way to evade phishing detection defenses: Manipulate the .arpa top-level domain (TLD) and IPv6-to-IPv4 tunneling to host phishing content on domains that shouldn’t resolve to an IP address. For the uninitiated, the .arpa domain is an Address and Routing Parameter Area domain meant to be used exclusively for internet infrastructure purposes. Primarily this is for mapping IP addresses to domains, providing reverse records. However, according to a report from
- 0 comments
- 42 views
-
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available forView the full article
- 0 comments
- 41 views
-
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that eliminates the looming expiration that triggered panic across the security community in 2025. According to sources, the program appears to have moved from a discretionary funding item to a protected line in CISA’s budget, a structural change that could prevent the kind of dramatic crisis that threat
- 0 comments
- 42 views
-
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that eliminates the looming expiration that triggered panic across the security community in 2025. According to sources, the program appears to have moved from a discretionary funding item to a protected line in CISA’s budget, a structural change that could prevent the kind of dramatic crisis that threat
- 0 comments
- 43 views
-
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, andView the full article
- 0 comments
- 46 views
-
Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't alwaysView the full article
- 0 comments
- 294 views
-
OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing. The tool, designed to automatically find, validate, and fix vulnerabilities in software repositories, reportedly identified about 800 critical issues in more than a million scanned commits. According to an OpenAI blog post, the tool is meant to function more like a security researcher who studies a codebase, maps pot
- 0 comments
- 43 views
-
Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet theseView the full article
- 0 comments
- 38 views
-
Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6. Dezember 2025 in Kraft getreten. konstakorhonen – shutterstock.com Welche Auswirkungen IT-Sicherheitsvorfälle für die Bevölkerung haben können, hat sich etwa gezeigt, als im vergangenen Herbst ein Flughafen-Dienstleister Opfer eines Cyberangriffs wurde. Betroffen waren mehrere Flughäfen in Europa. Der Hackerangriff legte am Flughafen Berlin-Brandenburg (BER) elektronische Systeme lahm, die für die Passagier- und Gepäckabfertig
- 0 comments
- 295 views
-
Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6. Dezember 2025 in Kraft getreten. konstakorhonen – shutterstock.com Welche Auswirkungen IT-Sicherheitsvorfälle für die Bevölkerung haben können, hat sich etwa gezeigt, als im vergangenen Herbst ein Flughafen-Dienstleister Opfer eines Cyberangriffs wurde. Betroffen waren mehrere Flughäfen in Europa. Der Hackerangriff legte am Flughafen Berlin-Brandenburg (BER) elektronische Systeme lahm, die für die Passagier- und Gepäckabfertig
- 0 comments
- 253 views
-
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "[email protected]" (BuildMelon), are listed below - QuickLens - Search Screen withView the full article
- 0 comments
- 41 views
-
Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape. Law enforcement takedowns of groups such as LockBit have contributed to making the ransomware marketplace more fragmented, with emergent players attempting to muscle in on the action. Attackers range from nation-state actors to RaaS operations, lone operators, and data theft extortion groups. Over recent years, financially motivated ransomw
- 0 comments
- 78 views
-
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbedView the full article
- 0 comments
- 45 views
-
a way to automate alert triage, threat investigation and eventually higher-level functions. According to IDC, agentic AI is on track to become mainstream infrastructure. The analyst firm expects 45% of organizations to have autonomous agents operating at scale across critical business functions by 2030. In enterprise SOCs, AI is already reshaping functions like alert triage, enrichment, data correlation, IOC validation and initial containment. It could soon move up the stack to take on more
- 0 comments
- 45 views
-
Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent. That posture is beginning to shift. Earlier this year, Palo Alto Networks published a blog announcing a new “quantum-safe security” initiative, framing it as a way for enterprises to assess where quantum-vulnerable cryptography exists across their environments and begin planning a transition. While the announcement was light on technical specifics, it added
- 0 comments
- 56 views
-
Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen. mycteria – shutterstock.com Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist. Der jährliche Red-Teaming-Bericht von Picus Security zeigt, dass Angre
- 0 comments
- 50 views
-
Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen. mycteria – shutterstock.com Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist. Der jährliche Red-Teaming-Bericht von Picus Security zeigt, dass Angre
- 0 comments
- 50 views
-
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and nov
- 0 comments
- 45 views
-
OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identifyView the full article
- 0 comments
- 50 views
-
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period inView the full article
- 0 comments
- 49 views
-
The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center of US policy. Developed by the Office of the National Cyber Director (ONCD), the strategy emphasizes disrupting adversaries, deregulating industry, and accelerating the adoption of artificial intelligence while also addressing the defense of federal systems and critical infrastructure. “By m
- 0 comments
- 32 views
-
The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center of US policy. Developed by the Office of the National Cyber Director (ONCD), the strategy emphasizes disrupting adversaries, deregulating industry, and accelerating the adoption of artificial intelligence while also addressing the defense of federal systems and critical infrastructure. “By m
- 0 comments
- 39 views
-
Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows + X → I shortcut to launch Windows Terminal (wt.exe) directly. Once the terminal is opened, victims are prompted to paste in malicious PowerShell comman
- 0 comments
- 37 views
-
Cybersecurity is, as it should be in this era of AI-driven cyberattacks, a regular item on enterprise board agendas. However, the ways in which CISOs and boards interact, and the depth of those discussions, remain brief and superficial. According to a new report from IANS, Artico Search, and The CAP Group, CISO-board interactions remain short (typically 30 minutes per quarter), lack depth around threats, particularly those posed by AI and other emerging technologies, and are more about “list
- 0 comments
- 46 views
-
The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond.” The agency is not expanding on its statement but there will be concerns that this an attack prompted by a state
- 0 comments
- 35 views
-
A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered. Setting up OAuth allows n8n to connect to services such as Google Workspace, Microsoft 365, Slack, or GitHub without having to expose service passwords. This is core to automation platforms like n8n because it allows organizations to reduce multiple manual tasks to single automated workflows. A customer might submit a web form, w
- 0 comments
- 38 views
-
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services likeView the full article
- 0 comments
- 40 views
-
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a secondView the full article
- 0 comments
- 43 views
-
Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust. “Malvertising surpassed both email and direct hacks as the leading vector for malware delivery worldwide,” said Chris Olson, CEO of The Media Trust, an ad scanning and filtering company with, perhaps, a vested interest in playing up the threat posed by ads. Millions of copies of a single infected advertising creative or script can be distributed across pulblishers in se
- 0 comments
- 37 views
-
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.View the full article
- 0 comments
- 49 views
-
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the IranianView the full article
- 0 comments
- 42 views
-
The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange Cyberdefence. The Orange Group’s cybersecurity unit analysed 418 publicly announced law enforcement activities conducted between 2021 and mid-2025, finding that cyber offenders’ engagement in cr
- 0 comments
- 58 views
-
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It's worthView the full article
- 0 comments
- 39 views
-
Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when — not if — a cyberattack occurs. In the coming months, many of the key issues from previous years will recur, but there will also be specific challenges: “20
- 0 comments
- 38 views
-
Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies such as security appliances, VPNs, networking devices, and enterprise software platforms. “Increased exploitation of security and networking devices highlights the critical risk that can be posed by t
- 0 comments
- 34 views
-
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a commandView the full article
- 0 comments
- 41 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below - CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affectingView the full article
- 0 comments
- 36 views
-
Godlikeart | shutterstock.com Ein Managed Security Service Provider (MSSP) bietet seinen Kunden ein umfassendes Spektrum an Sicherheits-Services. Als Drittanbieter kann ein MSSP die Arbeitsbelastung der internen IT-Teams deutlich reduzieren und Zeit freisetzen, um sich mit essenziellen Unternehmensprozessen und strategischen Überlegungen auseinanderzusetzen. Darüber hinaus kann ein MSSP unter anderem auch dazu beitragen, Qualifikationslücken zu schließen und Alarmmeldungen zu reduzieren.
- 0 comments
- 34 views
-
Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen. Shutterstock Wie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder E-Mail-Zugängen. Klassische netzwerkbasierte Intrusionen machten 42 Prozent aus. M
- 0 comments
- 42 views
-
Godlikeart | shutterstock.com Ein Managed Security Service Provider (MSSP) bietet seinen Kunden ein umfassendes Spektrum an Sicherheits-Services. Als Drittanbieter kann ein MSSP die Arbeitsbelastung der internen IT-Teams deutlich reduzieren und Zeit freisetzen, um sich mit essenziellen Unternehmensprozessen und strategischen Überlegungen auseinanderzusetzen. Darüber hinaus kann ein MSSP unter anderem auch dazu beitragen, Qualifikationslücken zu schließen und Alarmmeldungen zu reduzieren.
- 0 comments
- 76 views
-
Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen. Shutterstock Wie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder E-Mail-Zugängen. Klassische netzwerkbasierte Intrusionen machten 42 Prozent aus. M
- 0 comments
- 72 views
-
The LeakBase cyberforum, considered one of the world’s largest online marketplaces for cybercriminals to buy and sell stolen data and cybercrime tools, has been seized by the US, and arrests have also been made in other countries. The US Department of Justice said Thursday that earlier this week, law enforcement agencies in 14 countries took synchronized action against the site and its 142,000 users, capturing its data and two of the domains used by the forum. Law enforcement also executed s
- 0 comments
- 41 views