Security
2445 tech articles in this category
-
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint DetectionView the full article
- 0 comments
- 43 views
-
Elza Low – shutterstockcom Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management – MDM) . Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es gebe jedoch keine Hinweise darauf, dass mobile Endgeräte kompromittiert wurden, so die EU-Kommission. „Dank der schnell
- 0 comments
- 38 views
-
Elza Low – shutterstockcom Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management – MDM) . Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es gebe jedoch keine Hinweise darauf, dass mobile Endgeräte kompromittiert wurden, so die EU-Kommission. „Dank der schnell
- 0 comments
- 40 views
-
Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing forView the full article
- 0 comments
- 70 views
-
Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems. The campaign, observed in late 2024 and continuing into 2026, leverages a common email lure, with the subject “Your Document”, to trick recipients into opening a malicious LNK attachment. “By combining social engineering, stealthy execution, and Living-off-the-Land (LotL) techniques, the (.lnk) f
- 0 comments
- 41 views
-
January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alertView the full article
- 0 comments
- 54 views
-
A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized for enterprise use, according to Microsoft research. The technique, dubbed GRP-Obliteration, weaponizes a common AI training method called Group Relative Policy Optimization, normally used to make models more helpful and safer, to achieve the opposite effect, the researchers said in a blog post
- 0 comments
- 39 views
-
SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMsView the full article
- 0 comments
- 41 views
-
The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (View the full article
- 0 comments
- 45 views
-
This year will mark the turning point where artificial intelligence will stop assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security breach. According to ISACA
- 0 comments
- 46 views
-
Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely. A recent survey of security leaders from IANS Research and Artico Search found that 69% of security executives “are open to making a career move within the next year, often targeting CISO roles at a larger company or in a different industry, but also other non-CISO roles such as CTO, CIO, board member, or a second-in-command security leadership role at a
- 0 comments
- 49 views
-
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS mayView the full article
- 0 comments
- 43 views
-
When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Calendar invite to silently compromise an entire system,” analysts, consultants, security leaders, and even Anthropic didn’t dispute the facts. But the revelation did reignite the debate about whether it is the responsibility of AI vendors to ship buttoned-down secure products, or if it’s the CISO
- 0 comments
- 38 views
-
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, andView the full article
- 0 comments
- 101 views
-
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recentlyView the full article
- 0 comments
- 61 views
-
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, evenView the full article
- 0 comments
- 91 views
-
OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which security researchers documented malicious extensions and widespread unauthorized deployments in enterprises. The integration automatically scans all published skills before making them available for download, according to the announcement by OpenClaw founder Peter Steinberger, security advisor Jam
- 0 comments
- 74 views
-
A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traffic. According to Cisco Talos’ findings, the framework has been active since at least 2019 and remains operational as of early 2026. Rather than targeting endpoints directly, DKnife is deployed at the network edge, giving operators visibility into and control over the traffic passing through com
- 0 comments
- 40 views
-
Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearerView the full article
- 0 comments
- 42 views
-
The start of a new year means a fresh start for everyone, including cybersecurity teams. With budgets and plans now finalized, it’s time for CISOs and their teams to execute their strategies. But that doesn’t mean that innovation stops when the plan is finalized. In 2026, CISOs should focus on going beyond cybersecurity compliance standards to keep their organizations resilient to emerging threats. Historically, these standards, such as HIPAA, SOC2, ISO 27001 and others, have set the baselin
- 0 comments
- 39 views
-
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and ITView the full article
- 0 comments
- 46 views
-
Most security leaders quietly live with a paradox they rarely name out loud. Until you truly look inside the box of your environment, your organization is both secure and compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Meeting the cat — a paradox with teeth Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time
- 0 comments
- 79 views
-
Who is Danny – shutterstock.com Auch im Jahr 2026 bleibt die Cybersicherheitslage angespannt. Doch was sind die wichtigsten Themen, Risiken und Chancen, mit denen sich Security-Entscheider aktuell befassen sollten? Das Marktforschungsunternehmen Gartner hat dazu folgende sechs Trends ermittelt: Trend 1: Agentic AI erfordert Cybersicherheitsüberwachung KI-Agenten werden zunehmend von Mitarbeitern und Entwicklern genutzt, wodurch neue Angriffsflächen entstehen. No-Code-/Low-Code-
- 0 comments
- 85 views
-
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosedView the full article
- 0 comments
- 50 views
-
Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans, and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’s own system. The reality is quite different. Modern business models are virtually inconceivable without external IT service providers, cloud services, software vendors, and specialized subcontractors
- 0 comments
- 51 views
-
nikkimeel – shutterstock.com Mit gefälschten Chatnachrichten vor allem im Messengerdienst Signal nehmen Hacker zurzeit hochrangige deutsche Politiker, Soldaten, Diplomaten und auch Journalisten ins Visier – davor warnen die Bundesämter für Verfassungsschutz und für Sicherheit in der Informationstechnik. Ziel des “wahrscheinlich staatlich gesteuerten” Angriffs sei es, unbemerkt Zugriff auf Einzel- und Gruppenchats sowie Kontaktlisten der Betroffenen zu bekommen, heißt es in einem gemeinsamen
- 0 comments
- 119 views
-
nikkimeel – shutterstock.com Mit gefälschten Chatnachrichten vor allem im Messengerdienst Signal nehmen Hacker zurzeit hochrangige deutsche Politiker, Soldaten, Diplomaten und auch Journalisten ins Visier – davor warnen die Bundesämter für Verfassungsschutz und für Sicherheit in der Informationstechnik. Ziel des “wahrscheinlich staatlich gesteuerten” Angriffs sei es, unbemerkt Zugriff auf Einzel- und Gruppenchats sowie Kontaktlisten der Betroffenen zu bekommen, heißt es in einem gemeinsamen
- 0 comments
- 86 views
-
BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the companyView the full article
- 0 comments
- 44 views
-
Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. — with social engineering and AI-driven attacks. “Attackers are no lon
- 0 comments
- 82 views
-
Jackie Niam | shutterstock.com Customer Identity & Access Management (CIAM) bildet eine Unterkategorie von Identity & Access Management (IAM). CIAM wird dazu eingesetzt, die Authentifizierungs- und Autorisierungsprozesse von Applikationen zu managen, die öffentlich zugänglich sind, beziehungsweise von Kunden bedient werden. Geht es darum, die für Ihr Unternehmen passende CIAM-Lösung zu ermitteln, gilt es, die Benutzerfreundlichkeit mit einer langen Liste von Geschäftszielen und -
- 0 comments
- 43 views
-
OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"View the full article
- 0 comments
- 52 views
-
Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets inView the full article
- 0 comments
- 48 views
-
Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to secrets, credentials, internal APIs, and business-criti
- 0 comments
- 62 views
-
Anthropic only released its latest large language model, Claude Opus 4.6, on Thursday, but it has already been using it behind the scenes to identify zero-day vulnerabilities in open-source software. In the trial, it put Claude inside a virtual machine with access to the latest versions of open source projects, and provided it with a range of standard utilities and vulnerability analysis tools, but no instructions on how to use them nor how specifically to identify vulnerabilities. Despi
- 0 comments
- 69 views
-
A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the malicious files unthinkingly, enabling the malware they contain — in this case AsyncRAT, a remote-access Trojan — to take control of company computers. The emails in this phishing campaign don’t attach a document directly but include links to
- 0 comments
- 67 views
-
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem toView the full article
- 0 comments
- 45 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimizeView the full article
- 0 comments
- 68 views
-
The Chief Information Security Officer role has become one of the most precarious positions in the C-suite. According to a Hitch Partners study, the average CISO tenure is 39 months — a timeframe that reflects the intense pressure and high stakes of the position. With 77% of CISOs fearing dismissal after a major breach, the margin for error continues to shrink. The IANS/Artico Search CISO Compensation Report reveals that turnover rates hit 15% in 2025, up from 11% in 2024. Even a 6.7% compen
- 0 comments
- 71 views
-
A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155View the full article
- 0 comments
- 50 views
-
The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit network infrastructure rather than endpoints. The binding operational directive, BOD 26-02, requires Federal Civilian Executive Branch (FCEB) agencies to inventory, update where possible, and ultimately
- 0 comments
- 51 views
-
Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup. The deal will enable Zscaler to extend its Zero Trust Exchange capabilities directly into standard web browsers, across both managed and unmanaged devices. With Zscaler Private Access (ZPA), the company has been assisting enterprises adopt zero trust architecture using a lightweight agent. The SquareX acquisition is expected to further strengthen
- 0 comments
- 67 views
-
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specificallyView the full article
- 0 comments
- 48 views
-
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&View the full article
- 0 comments
- 51 views
-
khunkornStudio – shutterstock.com Forscher des Sicherheitsanbieters Sysdig haben einen Angriff aufgedeckt, bei dem kriminelle Angreifer eine AWS-Umgebung in weniger als acht Minuten vollständig kompromittieren konnten. Laut den Threat-Spezialisten nutzten die Bedrohungsakteure dabei eine Cloud-Fehlkonfiguration mit der Hilfe von Large Language Models (LLMs) aus, um den gesamten Angriffs-Lebenszyklus zu komprimieren – von Stunden auf wenige Minuten. „Sich gegen Angriffe dieser Art zu vert
- 0 comments
- 65 views
-
The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors. Indeed, the great majority of personnel are loyal. But, while small, the percentage of those who aren’t is still well above zero. Moreover, this conflation of loyalty and security overlooks a fundamental reality: Loyalty is not a static trait, but a dynamic human response shaped by perceived fairness, personal c
- 0 comments
- 55 views
-
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, alongView the full article
- 0 comments
- 55 views
-
Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke. So können CISOs diese Herausforderung bewältigen. Foto: Dapitart – shutterstock.com Die Anforderungen von Cybersicherheitsvorschriften können je nach Unternehmensgröße, Region, Branche, Datensensibilität und Programmreifegrad sehr unterschiedlich sein. Ein börsennotiertes Unternehmen hat beispielsweise keine andere Wahl, als mehrere Vorschriften einzuhalten sowie Risikobewertungen und Pläne für Abhilfemaßnahme
- 0 comments
- 145 views
-
Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by upgrading to the latest version. Of the four holes, two are more serious, because they carry CVSS scores of 8.8: CVE-2026-1580 is an improper input validation issue. If the Ingress NGINX controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, an
- 0 comments
- 70 views
-
A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of other tunneling and proxy tools. Researchers believe the group is expanding its activities and is conducting active reconnaissance on even more targets. “Between November and December 2025, we obser
- 0 comments
- 70 views
-
Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creators and subscribers. According to emails sent out this week to some users, on February 3 the company “identified evidence” that a third party had exploited an unspecified weakness in the company’s systems to gain access to user email addresses, phone numbers and, more vaguely, “other internal meta
- 0 comments
- 50 views
-
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. TheView the full article
- 0 comments
- 69 views
-
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming lessView the full article
- 0 comments
- 48 views
-
Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q4 2025, a report built on frontline threat intelligence from our global incident response investigations, enriched by noteworthy detections from our SOC. View the full article
- 0 comments
- 50 views
-
In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response. According to a Huntress report, the activity was observed during a customer investigation in early 2026 and involved the use of an old EnCase forensic driver (by Guidance Software) as part of the Bring Your Own Vulnerable Driver (BYOVD) technique to terminate Endpoint Detection and Response (EDR) processes from kernel mode. The
- 0 comments
- 315 views
-
Buhlmann Group Akira zählt zu den gefährlichsten Ransomware-Gruppen und ist bekannt für zahlreiche Angriffe auf deutsche Unternehmen. Nun hat es offenbar den Bremer Stahlhändler Buhlmann getroffen. In einem Darknet-Post verkündet die Hackergruppe, sensible Informationen von der Buhlmann Group gestohlen zu haben. Die Angreifer drohen dem Unternehmen damit, 55 Gigabyte Daten zu veröffentlichen. Die Buhlmann Gruppe hat sich bisher noch nicht offiziell dazu geäußert. Gegenüber dem Regionalma
- 0 comments
- 74 views
-
Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a wideningView the full article
- 0 comments
- 47 views
-
Most security leaders believe they know where their sensitive data lives and how it is protected. That confidence is increasingly misplaced. As enterprises deploy AI across customer support, software development, legal analysis and internal operations, a new data exposure surface has quietly emerged. It does not sit in databases, file systems or network links. It lives inside AI inference traffic an area that falls outside most traditional security models and visibility frameworks, as InfoWo
- 0 comments
- 55 views
-
The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since weView the full article
- 0 comments
- 55 views
-
Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly dependent on third-party LLMs. In a blog post, the company said its research focused on identifying hidden triggers and malicious behaviors embedded during the training or fine-tuning of language models, which can remain dormant until activated by specific inputs. Such backdoors can allow attackers to alter model behavior in subtle ways th
- 0 comments
- 54 views
-
Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table. Boards ask about cybersecurity investments and cyber resilience; they need answers rooted in reality, not prognostication. When cybersecurity leaders respond with a list of technologies deployed and potential risks that require additional investment, board members may get frustrated by a lack of clear answers and lose trust. This is a great opportunity for CISOs to take a different approach. Part of t
- 0 comments
- 55 views
-
FamVeld – shutterstock.com Wenige Tage vor Beginn der Olympischen Winterspiele in Mailand und Cortina d’Ampezzo hat Italien mehrere russische Hackerattacken abgewehrt. Die Cyberangriffe hätten unter anderem einige Standorte der Winterspiele, darunter Hotels in Cortina, zum Ziel gehabt, sagte Außenminister Antonio Tajani. Auch Einrichtungen seines Ministeriums seien betroffen gewesen. Tajani betonte während eines Besuchs in Washington, die Angriffe seien russischen Ursprungs gewesen. Er b
- 0 comments
- 56 views
-
Software supply chain failures and mishandling of exceptional conditions are some of the additions to the updated OWASP Top 10, a list of top web application vulnerabilities. Most of the list has remained unchanged since 2021. In fact, the top item, broken access control, has been on the Open Worldwide Application Security Project’s list since it was first released in 2003. “Everyone tries to craft their own authentication and access control mechanisms,” says Jeff Williams, CTO and cofou
- 0 comments
- 62 views
-
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect thatView the full article
- 0 comments
- 75 views
-
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINXView the full article
- 0 comments
- 50 views
-
A study released Wednesday by API management platform vendor Gravitee indicates that upwards of half of the three million agents currently in use by organizations in the US and UK “are ungoverned and at the risk of going rogue.” Based on a December 2025 survey of 750 IT executives and practitioners conducted by Opinion Matters, the results revealed that AI agents are being deployed faster than security teams can keep up. There are, said Rory Blundell, CEO of Gravitee, now over three million
- 0 comments
- 70 views
-
Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes. That’s the conclusion of researchers at Datadog Security Labs, who said in a blog Wednesday that the primary targets are sites running the NGINX open-source web server managed with Boato Panel. These include Asian organizations with top level domains ending in .in, .id, .pe, .bd, .edu, .gov, and .th, as well as C
- 0 comments
- 61 views
-
Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes. That’s the conclusion of researchers at Datadog Security Labs, who said in a blog Wednesday that the primary targets are sites running the NGINX open-source web server managed with Boato Panel. These include Asian organizations with top level domains ending in .in, .id, .pe, .bd, .edu, .gov, and .th, as well as C
- 0 comments
- 54 views
-
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positiveView the full article
- 0 comments
- 55 views
-
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memoryView the full article
- 0 comments
- 62 views
-
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,View the full article
- 0 comments
- 48 views
-
Russia-linked attackers are reportedly using a new Microsoft vulnerability as part of a coordinated espionage and malware campaign, Operation Neusploit. The campaign was spotted in January 2026 by Security researchers at ZScaler ThreatLabz, three days after Microsoft issued an urgent patch for the flaw. “In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain,” the resear
- 0 comments
- 53 views
-
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authenticationView the full article
- 0 comments
- 50 views
-
Romina Mineralbrunnen GmbH Der Getränke-Abfüller Romina mit Sitz in Reutlingen-Rommelsbach wurde kürzlich von einer Cyberattacke getroffen. Wie das Unternehmen auf seiner Website erklärt, sei man deshalb weder telefonisch noch per E-Mail erreichbar. Laut einem Bericht des Reutlinger General-Anzeiger steht auch die Produktion aktuell still. Weitere Details zu dem Vorfall gibt es bisher nicht. Daher ist unklar, wie der Angriff genau abgelaufen ist. Ebenfalls ist nicht bekannt, ob Daten ges
- 0 comments
- 78 views
-
Over the past three years, I’ve led passwordless migration initiatives at three Fortune 500 companies, and I can tell you with confidence that eliminating passwords from a hybrid Active Directory and Microsoft Entra ID environment is one of the most rewarding — and most underestimated — technical challenges in modern identity management. The theoretical appeal is obvious: no passwords means no credential compromise, phishing becomes exponentially harder and your security posture fundamentally sh
- 0 comments
- 51 views
-
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. TheView the full article
- 0 comments
- 49 views
-
Eye Security’s 2026 State of Incident Response Report shows that cyberattacks on companies are increasingly going undetected, and the damage occurs within minutes. According to the report, attackers are now focusing less on hacking systems and more on exploiting existing access points. Identity-based attacks dominate the field, with passwords being involved in 97% of incidents tracked by Eye Security. Abuse of legitimate accounts is a primary cause of cloud security incidents and drives the
- 0 comments
- 72 views
-
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix sinceView the full article
- 0 comments
- 67 views
-
Even the most seasoned CISOs sometimes run into insurmountable roadblocks at their organizations. Despite their best efforts at building relationships, and even with their technical depth and business acumen, they can’t garner the support needed to protect their organizations — and themselves — from pending disaster. In the big picture, CISO roles are hard, and so the majority of CISOs switch jobs every two to three years or less. Lack of support from senior leadership and lack of budget com
- 0 comments
- 55 views
-
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.View the full article
- 0 comments
- 63 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remoteView the full article
- 0 comments
- 62 views
-
Chim | shutterstock.com Die Softwarelieferkette – respektive ihre Schwachstellen – haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren. Zwar war die Attacke beileibe nicht die einzige auf Softwarelieferketten – sie führte jedoch zu einer Neubewertung der Frage, wer dafür verantwortlich zeichnet. Eine Reaktion auf den SolarWinds-
- 0 comments
- 101 views
-
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed byView the full article
- 0 comments
- 57 views
-
vectorfusionart – shutterstock.com Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter, die in Rente gehen. Diese Personen sind in der Regel engagiert, sachkundig und unersetzlich. Sie wissen, auf welchem unbesch
- 0 comments
- 51 views
-
vectorfusionart – shutterstock.com Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter, die in Rente gehen. Diese Personen sind in der Regel engagiert, sachkundig und unersetzlich. Sie wissen, auf welchem unbesch
- 0 comments
- 54 views
-
Threat actors tore through an Amazon Web Services environment in under eight minutes, chaining together credential theft, privilege escalation, lateral movement, and GPU resource abuse with the help of large language models, an attack so fast that defenders had virtually no time to react. According to new findings from Sysdig’s Threat Research Team, the intruders turned a single exposed credential in a public S3 bucket into full administrative control, demonstrating how AI‑assisted automati
- 0 comments
- 50 views
-
Threat actors tore through an Amazon Web Services environment in under eight minutes, chaining together credential theft, privilege escalation, lateral movement, and GPU resource abuse with the help of large language models, an attack so fast that defenders had virtually no time to react. According to new findings from Sysdig’s Threat Research Team, the intruders turned a single exposed credential in a public S3 bucket into full administrative control, demonstrating how AI‑assisted automati
- 0 comments
- 43 views
-
Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. ThisView the full article
- 0 comments
- 67 views
-
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitraryView the full article
- 0 comments
- 55 views
-
Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason Security Services investigates a fake installer attack we recently observed multiple times. We identified some findings that have not been documented in previous reports and obtained new threat intelligence insights from the malwares. View
- 0 comments
- 43 views
-
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day. For consumers, these outages areView the full article
- 0 comments
- 56 views
-
The popular open-source text editor Notepad++ was targeted in a sophisticated supply chain attack that allowed Chinese state-sponsored hackers to deliver malware through compromised software updates, the project’s maintainer disclosed in a blog post. The attack, which ran from June through December 2025, involved infrastructure-level compromise of Notepad++’s shared hosting provider that enabled threat actors to selectively intercept and redirect update traffic to servers under their control
- 0 comments
- 48 views
-
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, threeView the full article
- 0 comments
- 64 views
-
Early experimentation with agentic AI has given CISOs a preview of the possible cybersecurity nightmares ahead. But with autonomous agent adoption expected to soar throughout 2026, CISOs’ lack of visibility into agentic identities, activities, and decision-making is set to get far worse in quick measure. Agentic use will vary by enterprise, but analysts, consultants, and security vendors agree that their numbers will expand far beyond CISOs’ ability to maintain control as they simultaneously
- 0 comments
- 57 views
-
Today’s applications are based on numerous components, each of which, along with the development environments themselves, represents an attack surface. Regardless of whether companies develop code in-house or rely on third-party vendors, CISOs, security experts, and developers should pay particular attention to the software supply chain. These risks include, for example, React2Shell, Shai-Hulud, and XZ Utils — all vulnerabilities in the software supply chain that started small and later had
- 0 comments
- 55 views
-
intersoft consulting services AG Montagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand beginnt. Für Joanna Lang-Recht, Director IT Forensics und Prokuristin bei der intersoft consulting services AG in Hamburg, ist dies der
- 0 comments
- 46 views
-
intersoft consulting services AG Montagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand beginnt. Für Joanna Lang-Recht, Director IT Forensics und Prokuristin bei der intersoft consulting services AG in Hamburg, ist dies der
- 0 comments
- 41 views
-
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. ThisView the full article
- 0 comments
- 73 views
-
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortlyView the full article
- 0 comments
- 72 views
-
Even as they become ever more stealthy with AI-driven tools, threat actors are not giving up on simple, tried-and-true phishing — because it still works. According to new research, attackers are still making mischief with PDFs, the old business standby, and are exploiting growing trust in services like Dropbox. Forcepoint’s X-Labs team has uncovered a multi-stage phishing campaign that exploits PDF files and Dropbox storage through a layered redirection attack. After clicking on what loo
- 0 comments
- 67 views