Security
2445 tech articles in this category
-
I’ve spent two years doing incident response and threat intel, and the one habit I’d keep if I had to give up every other is also the most boring. I don’t act on a piece of intelligence until I’ve checked it against the thing it claims to describe. It’s slow. It’s tedious. Almost nobody does it, because checking costs the exact time the feed was supposed to save. So, we read the report, nod and move on. That works fine most weeks. The weeks it doesn’t are the ones I remember, and the one I keep
- 0 comments
- 10 views
-
With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average
- 0 comments
- 13 views
-
With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average
- 0 comments
- 10 views
-
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no networkView the full article
- 0 comments
- 19 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of theView the full article
- 0 comments
- 22 views
-
A critical vulnerability in the Kernel-based Virtual Machine (KVM) module of the Linux kernel allows attackers with root access in a guest VM to execute arbitrary code on the host system. This violates the most important security boundary that cloud providers and enterprises rely on to isolate sensitive processes on servers. The vulnerability, tracked as CVE-2026-53359, stems from a use-after-free memory bug in the shadow MMU emulation of KVM on x86 CPU architecture. According to Hyunwoo Kim
- 0 comments
- 24 views
-
Palo Alto Networks’ security division, Unit 42, is warning of yet another campaign targeting Microsoft Teams users. The new campaign begins with Teams users receiving an email asking if they would like to participate in a survey. If they open the attached PDF file, they will shortly thereafter receive a voice call purporting to be from Microsoft Support. The fake support representative then attempts to gain permission to install a remote access tool, and in the process, Ether RAT — a T
- 0 comments
- 11 views
-
Faster detection and response are two of the clearest promises in the move toward an agentic SOC, but speed on its own is not the point. What matters is whether managed SOC providers can reduce the time it takes to qualify, investigate, escalate, and act without making the workflow harder to trust. In this blog, we look at how agentic workflows can improve MTTD and MTTR, and what that actually means in day-to-day managed security operations. View the full article
- 0 comments
- 14 views
-
The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows management tools while simultaneously attempting to weaken security and recovery systems. A report from Picus Security shows the malware combines self-propagation with the abuse of trusted administrative tools and attempts to impair recovery systems before encryption begins. The rep
- 0 comments
- 21 views
-
At some point, every security leader gets asked a version of the same question: Are we good? It tends to arrive when something is at stake and the person asking needs to know they can rely on the answer. I learned what that question really means at a firm I was with earlier in my career. We had received intelligence that threat actors were preparing to go after financial services firms over the holidays, counting on skeleton staffing and slower response times. We had procedures for exactly t
- 0 comments
- 17 views
-
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification processView the full article
- 0 comments
- 18 views
-
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in theView the full article
- 0 comments
- 22 views
-
Most software composition analysis tools read what developers declare. Insignary Clarity’s patented binary-first platform analyzes what is actually built, shipped, and deployed — including the open-source components that never appear in any manifest. Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering
- 0 comments
- 13 views
-
In a test of major LLMs, Zscaler found that some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans. The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings. The Zscaler testing found, for example, that four models were
- 0 comments
- 13 views
-
Some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans, Zscaler found in a test of major LLMs. The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings. The Zscaler testing found, for example, that four models were foun
- 0 comments
- 12 views
-
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point ResearchView the full article
- 0 comments
- 20 views
-
Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, likens AI agents to “really smart kindergartners.” “They know how to do something, but they have no clue as to why they should do it,” Wilson says. This combination of superior execution power and lack of judgment can create a significant challenge for organizations trying to fit AI agents into their existing zero trust architectures. In a robust zero trust environment, Wilson notes, human users are first authe
- 0 comments
- 19 views
-
Existing security controls weren’t designed for AI agents. Static credentials and standing privileges aren’t sufficient for an emerging model where organizations need to rapidly authorize, limit, and revoke permissions from autonomous agents, sometimes more than once within a single workflow. Agentic AI requires organizations to carefully consider how to govern agentic identity, agent-to-agent communication, secrets management, privileged access, and workforce identity. Agentic ident
- 0 comments
- 19 views
-
Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption. Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While this freewheeling activity presents obvious risks, many users and businesses have so far been spared from catastrophic consequences. Stephen W
- 0 comments
- 19 views
-
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trustView the full article
- 0 comments
- 17 views
-
A fully autonomous AI agent conducted an end-to-end cyber intrusion and extortion campaign after exploiting a vulnerable Langflow server, demonstrating how large language models could accelerate ransomware operations, according to research published by Sysdig. Sysdig detailed the operation in a research paper, saying the AI agent, dubbed JadePuffer, completed the entire intrusion chain, from initial access to database extortion, using an LLM to adapt its actions and execute more than 600 coo
- 0 comments
- 11 views
-
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes forView the full article
- 0 comments
- 15 views
-
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.View the full article
- 0 comments
- 11 views
-
Higher education has consolidated its entire academic operation into a handful of massive SaaS platforms. The LMS manages instruction, grading and communication. The SIS owns enrollment, records and financial aid. Identity and productivity live in a small number of cloud providers. These are not peripheral tools — they are the operational infrastructure of the institution. As IT stewards, we manage platforms we do not own, cannot restore ourselves and cannot directly control — which makes contin
- 0 comments
- 15 views
-
If you wanted to become a basketball star, how would you get started? You wouldn’t read a book on basketball and take an online course. You’d set up a hoop in your driveway, join a local team to train, and play in real matches. So why do we expect cybersecurity professionals to learn their skills from theory and static training? The cybersecurity industry talks constantly about the “skills gap.” The recent World Economic Forum’s Global Cybersecurity Outlook report revealed skills and budgets
- 0 comments
- 16 views
-
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence thatView the full article
- 0 comments
- 16 views
-
A cyber risk assessment helps security teams identify, estimate, and prioritize potential threats and vulnerabilities to key enterprise digital and physical assets. Yet, despite its importance, many CISOs fall victim to several types of “gotchas” that prevent them from fully achieving their risk assessment goals. An assessment should be an essential part of every organization’s overall cybersecurity strategy. The process helps security leaders understand risks to business objectives, evaluat
- 0 comments
- 26 views
-
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of theView the full article
- 0 comments
- 19 views
-
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a singleView the full article
- 0 comments
- 28 views
-
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts,View the full article
- 0 comments
- 27 views
-
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built onView the full article
- 0 comments
- 39 views
-
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missedView the full article
- 0 comments
- 18 views
-
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under oneView the full article
- 0 comments
- 21 views
-
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, andView the full article
- 0 comments
- 27 views
-
Microsoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients of security company Huntress. It reported that the attackers made 81 million attempts to log into its customers’ accounts between June 12 and 26 — and succeeded in at least 78 cases. And that’s just the attacks on Microsoft account holders who also happen to be Huntress customers: The number of compromised accounts could be much higher, as it’s in the nature of a p
- 0 comments
- 16 views
-
Adobe will now issue security patches for its products twice as often to deal with the increasing pace of software vulnerability discovery and exploitation. This follows Oracle’s decision to increase its quarterly patch program to a monthly one. Adobe issues patches on the second Tuesday of each month, as do Microsoft and SAP. Starting in July, it will also issue them on the fourth Tuesday of each month, it said in a blog post. As an early indicator of the need for the faster rhythm,
- 0 comments
- 19 views
-
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "View the full article
- 0 comments
- 16 views
-
Citrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another CitrixBleed-like vulnerability and there are signs of in-the-wild exploitation already. The new memory overread vulnerability, tracked as CVE-2026-8451, was found by researchers from security firm watchTowr who published
- 0 comments
- 22 views
-
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software wi
- 0 comments
- 38 views
-
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across homeView the full article
- 0 comments
- 30 views
-
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateralView the full article
- 0 comments
- 29 views
-
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runsView the full article
- 0 comments
- 28 views
-
A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a report that the flaw affects Argo CD’s repo-server component, which fetches content from Git repositories and generates Kubernetes manifests used to deploy resources in a cluster. Argo CD is
- 0 comments
- 18 views
-
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database. Ransomware has alwaysView the full article
- 0 comments
- 23 views
-
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deploymentView the full article
- 0 comments
- 26 views
-
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack andView the full article
- 0 comments
- 18 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issueView the full article
- 0 comments
- 28 views
-
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal AI agent from performing rogue actions on the underlying operating system. “The exploit r
- 0 comments
- 29 views
-
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers inView the full article
- 0 comments
- 23 views
-
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish policeView the full article
- 0 comments
- 24 views
-
Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology environment without drowning in false alarms. It’s about writing smart rules that can tell when
- 0 comments
- 43 views
-
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who canView the full article
- 0 comments
- 29 views
-
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). "Between June 12 and June 26, the threatView the full article
- 0 comments
- 32 views
-
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.View the full article
- 0 comments
- 25 views
-
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validationView the full article
- 0 comments
- 29 views
-
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)View the full article
- 0 comments
- 62 views
-
Trust is one of the biggest barriers to adoption in autonomous security operations, and it is rarely solved by messaging alone. It is earned when the workflow proves it can operate with speed, visibility, and accountability at the same time. In this blog, we look at what actually builds trust in autonomous security operations, why human validation still matters, and what IT leaders should expect before giving AI-driven workflows more responsibility. View the full article
- 0 comments
- 20 views
-
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its analysis, the company said the extension’s primary objective was to intercept search traffi
- 0 comments
- 19 views
-
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. AnView the full article
- 0 comments
- 19 views
-
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on JuneView the full article
- 0 comments
- 21 views
-
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in anView the full article
- 0 comments
- 25 views
-
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allowsView the full article
- 0 comments
- 19 views
-
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonationView the full article
- 0 comments
- 20 views
-
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured byView the full article
- 0 comments
- 19 views
-
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of theseView the full article
- 0 comments
- 22 views
-
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.View the full article
- 0 comments
- 21 views
-
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.View the full article
- 0 comments
- 20 views
-
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in aView the full article
- 0 comments
- 41 views
-
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our mostView the full article
- 0 comments
- 36 views
-
Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods. The vulnerability, tracked as CVE-2026-12569, is an unsafe deserialization flaw that enables remote code execution. It’s located in the web-based Windchill PDMLink product data management component an
- 0 comments
- 29 views
-
Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs. SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs ass
- 0 comments
- 23 views
-
Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. Other countries face similar cyber-threats to critical infrastructure. It’s impossible to exaggerate the danger that the country is facing from cyberattacks on its infrastructure, he said, presenting ASIO’s annual threat assessme
- 0 comments
- 21 views
-
I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ransomware incident in 2021, it has become apparent that our industry has started posing different tones of “Are we zero trust yet?” I frequently witness its intense significance through auditing requests, TSA security
- 0 comments
- 21 views
-
US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The proposed AI Incident Reporting Act would mandate that developers of designated “covered models” disclose incidents within seven days of knowing, or reasonably believing, that one has occurred. For incidents posing an imminent or ongoing risk of serious h
- 0 comments
- 23 views
-
When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are asked some version of the same question: Are we suddenly exposed in ways we were not exposed before? My answer is usually no. In most organizations, the bigger issue is not that a frontier model such as Mythos wil
- 0 comments
- 15 views
-
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official RussianView the full article
- 0 comments
- 19 views
-
Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulation due to increasing bureaucracy, legal uncertainty, and competitive disadvantages. From a data protection perspective, this is a success story. According to a 2018 Bitkom study, shortly before GDPR came into effect
- 0 comments
- 24 views
-
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (View the full article
- 0 comments
- 24 views
-
AI SOC triage agents are getting a lot of attention, but the market is still ahead of the standard many buyers are using to evaluate them. In this blog, we look at what a triage agent should actually do inside real security operations, where it should create measurable value, and where it should stop short of replacing analyst judgment. The goal is not a faster interface. It is better triage, better case quality, and less wasted analyst effort. View the full article
- 0 comments
- 22 views
-
The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching to evaluating AI products, CIOs are now the central figures in their organizations’ AI strategies. And company leaders are looking for real outcomes. Almost two-thirds of senior leaders report there is more pressure to prove ROI on their AI investments than a year ago, accor
- 0 comments
- 20 views
-
We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exactly what I mean. If you understand how audits work, know how controls are interpreted and can manage scope and narrative well enough, you can often steer things where you need them to go. That’s uncomfortable to a
- 0 comments
- 23 views
-
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privilegesView the full article
- 0 comments
- 25 views
-
Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written
- 0 comments
- 32 views
-
Two members of the Scattered Spider cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for computer hacking offences at Woolwich Crown Court on Monday but changed their pleas to guilty on the first day of what was scheduled to be a six-week trial. Sentencing for the pair is due to take place in the sam
- 0 comments
- 22 views
-
A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend. “This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys,” Defused said on X. The flaw is t
- 0 comments
- 19 views
-
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said. The company said a similar attack could have exposed private conversations and internal systems. AIR said no agents were harmed in the research and that the test payload collected only users’ email addresses so they could be notified. The experiment centered on a
- 0 comments
- 22 views
-
Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on ho
- 0 comments
- 30 views
-
Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on ho
- 0 comments
- 19 views
-
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds ofView the full article
- 0 comments
- 25 views
-
Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI
- 0 comments
- 26 views
-
Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI
- 0 comments
- 19 views
-
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remoteView the full article
- 0 comments
- 22 views
-
US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing. The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in th
- 0 comments
- 28 views
-
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespokeView the full article
- 0 comments
- 23 views
-
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial. Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA). Tha
- 0 comments
- 27 views
-
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into theView the full article
- 0 comments
- 24 views
-
What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they were tracking a single intrusion before identifying a separate attack chain involving
- 0 comments
- 22 views
-
OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains. The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security findings into tested fixes that can be disclosed through existing project channels. Initial participants include Python, Go, cURL
- 0 comments
- 22 views
-
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user namedView the full article
- 0 comments
- 18 views