
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. […]

Apple, Samsung, and Google are all expected to introduce their takes on folding smartphones in the coming weeks. All three competitors work together on some things; Samsung allegedly makes displays for iPhone; Google makes an OS for Samsung; and Apple works with Google Gemini for AI. That proximity suggests that we might experience some synchronicity…
Gmail’s AI failed at a nuanced research task, but Claude Cowork found the right pitches, quotes, and permissions, proving connected AI assistants may finally help tackle some aspects of email overload.

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register…

For decades, cybersecurity has largely been defined by software exploitation. Attackers discovered vulnerabilities in operating systems, web browsers, network protocols, authentication mechanisms, or applications, then abused those weaknesses to gain unauthorized access. Whether exploiting a stack buffer overflow, a race condition, or a misconfigured identity provider, the attacker’s objective was always to violate a technical…

Over a dozen major economies have now published post-quantum cryptography (PQC) adoption guidance. As a CISO, you’re probably well into your migration plan and know the most difficult part has little to do with changing algorithms. The real leadership challenge is driving coordinated change across a large, complex organization where asymmetric cryptography is embedded in…

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows – CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that…
In this post, I will show you how to choose the right Unified Endpoint Management (UEM) software for an organization? For IT teams, juggling five different tools to manage laptops, smartphones, tablets, and IoT devices across varied regions can be quite exhausting. This fragmented approach is exactly why so many organizations are searching for ways…
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after the Sysdig Threat Research Team observed it being actively targeted. CVE-2026-55255 exploited Langflow is…
How’s this for a location?! I mean, last week was nice with Scott in Mallorca, but Marrakech is, well, wow 😮 Anyway, about those data breaches… This week I’m talking about the futility of attempting to remove piss from a pool, yet here we are, with various companies wanting to place that message alongside the…

Censys has announced the expansion of the Censys Internet Map to include real-time DNS visibility. Security teams can now seamlessly pivot between domains, names, and the Internet infrastructure behind them on the Censys Platform. With active DNS data now part of the Internet Map, security teams can replace workflows that relied on multiple datasets and…

Blackpoint Cyber has unveiled the generally available autonomous response capability, Blackpoint AI SOC Agent for identity threat detection and response (ITDR). Using an AI + human hybrid model, the AI SOC Agent acts on high-confidence threats targeting Microsoft 365 and Google Workspace accounts, enabling Blackpoint to contain credential-based attacks in less than two minutes on…

First Recon AI has announced the public launch and general availability of First Recon’s AI Security Runtime, a security platform that both governs and secures how enterprises use artificial intelligence across an organization. First Recon’s runtime inspects every AI interaction (human to model, agent to tool, and agent to agent), applies policy inline before data…

FalconStor has announced FalconStor Cloud Clean Room, an on-demand infrastructure platform designed to let organizations perform validated recovery testing in a persistent secure enclave. Each test starts from a known state, reducing the risk of carrying issues over from previous recovery exercises. Built on FalconStor’s patent-pending zero trust secure enclave (ZTSE) technology, the Cloud Clean…

What does it take to be a successful managed service provider in 2026? After hundreds of conversations with MSPs, vendors, enterprise IT leaders, and channel executives, one trend has become clear: customers aren’t looking for IT support alone. They’re looking for strategic business partners. In this video, Channel Insider Managing Editor Victoria Durgin breaks down…
Melbourne, Florida, United States, 8th July 2026, CyberNewswire

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft…

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

DNSFilter has launched an Original Equipment Manufacturing (OEM) program that lets external ISPs, cybersecurity firms, device makers, and other consumer app developers to embed their DNS threat protection, domain analysis, and privacy solutions into their own platforms and solutions. Partners can choose between two product paths: DNSFilter Protective DNS, for DNS-layer filtering and threat blocking,…

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account IRIS C2 (@C2IRIS) has gained more…

Attestiv announced the launch of DeepScan, a new platform built to help organizations automatically validate submitted files before they drive critical business decisions. DeepScan represents a major architectural shift for Attestiv and its customers: moving from detecting fake or manipulated media in isolation to validating whether submitted photos, documents, audio, and video can be inherently…

A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog…

To reduce traffic incidents, all new cars sold in the EU must now include driver-monitoring technology, including Driver Drowsiness and Attention Warning (DDAW) systems and, on newer vehicles, Advanced Driver Distraction Warning (ADDW) systems. Similar requirements are expected in the US, where the National Highway Traffic Safety Administration (NHTSA) has been directed to develop rules…

Cybercriminals are exploiting India’s tax filing season with a new malware campaign that refuses to put all its eggs in one basket. Researchers at Cyderes have uncovered a sophisticated phishing operation that poses as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain, giving attackers persistent access to…

New research shows that a signed Git commit’s hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps “Verified.” Everything a…

For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not because attackers gave up, but because the front door finally got harder to kick in.…

Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting company and stolen “just over 35gb of source codes” in July 2026. They claim to have exfiltrated…

An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested through Copilot,…
Cybersecurity programs often grow over time through new policies, controls, and technologies. The challenge for CISOs is making sure these pieces work together and support the risks that matter most to the business. NIST CSF 2.0 provides a practical structure for doing that. It helps organizations understand their current security posture, define clear priorities, and improve…

RedWing: The Android Banking Trojan You Can Rent on Telegram for Less Than a Coffee Subscription Zimperium’s zLabs team has uncovered RedWing, an Android spyware operation sold as a subscription service through Telegram, with links to Russian threat actors and apparent roots in the Oblivion malware family. It comes with documentation, tutorial videos, a referral…
Android automations are nothing new, but incorporating them into you car can change your drive.
Until recently, many tech professionals viewed themselves as a special and respected worker class: highly educated, hard-working, well paid, and in demand. “They considered themselves above unions,” says Zak Thompson, senior software engineer at Kickstarter and union steward at Kickstarter United. Big Tech issued aspirational mission statements that motivated workers, workplaces were seen as meritocracies,…

Crusoe has announced Serverless Fine-Tuning and Self-Serve Deployments in Crusoe Intelligence Foundry, the managed AI platform for Crusoe Cloud. These capabilities give data scientists and ML engineers a complete path from proprietary data to production-ready models, on purpose-built AI infrastructure, without the overhead of managing it. Fine-tuning is now a standard part of building with…

Automox has released Automox MCP Server 2.2, adding interactive review surfaces, first-class Patch by Severity policy creation, and live capability discovery to its governed agentic interface for endpoint operations. The release advances Automox MCP beyond natural-language access alone, giving IT teams new ways to review, approve, and act on endpoint operations in context. “AI agents…

A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that’s responsible for maintaining and proliferating LapDogs, an ORB network that first came to…
AI agents can browse the web, use external tools, execute commands, and perform tasks on behalf of users. Many rely on skills that define how they interact with services and data. Malicious skills can abuse those capabilities to steal data, execute malware, or manipulate an agent’s behavior, according to the H1 2026 ESET Threat Report.…
The AI-focused executive order President Donald Trump signed last month gave the Treasury Department, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) 30 days to establish a new “AI cybersecurity clearinghouse.” The deadline passed last week. The clearinghouse is meant to coordinate the scanning, discovery, and validation of software vulnerabilities in…
ScienceLogic has released the “Kyoto” update for Skylar One, the core observability offering in its AI Platform. The release adds geographic service visibility, simplified location and device management, enhanced relationship mapping, and platform updates aimed at improving observability across hybrid IT environments. The Kyoto update is designed for organizations managing hybrid infrastructure, cloud environments, and…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1, 2] Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities (KEV) catalog.…

Codenotary has announced AgentMon 3, the latest generation of its enterprise AI security platform, introducing adaptive runtime security policies. These continuously evolve as AI agents operate across an organization by learning from customer-specific workflows, observed behavioral patterns, and newly emerging threats. The company also announced that AgentMon is now available through AWS Marketplace, making enterprise…
The stack is a memory region where a program stores temporary data – like local variables and return addresses. Think of the stack as a pile of plates in your kitchen: you can only add a new plate to the top, and you can only take one away from the top too. Programs use this same…
The world’s digital testing ground plans to help people use AI agents for government purposes.

Moving an AI project from a cool proof-of-concept to actual, everyday business production is notoriously difficult, and it is about to get a lot easier for mid-sized companies. Accenture and Google Cloud have announced a new collaboration aimed at helping mid-market organizations deploy AI-powered agents faster through pre-built, industry-focused solutions. Accenture Edge: new mid-market business…

Recast, an organization that empowers IT teams to manage and secure modern enterprises, released a new survey on virtual desktop infrastructure (VDI) in partnership with Nerdio and VMblog. Report shows nearly half of IT teams are reconsidering their VDI environments The “2026 State of VDI Survey, VDI Isn’t Done, It’s Being Reworked,” is a new…

As organizations accelerate AI adoption, enterprise networks are emerging as a limiting factor. Cisco Systems’ latest report found that 75% of organizations are more confident in their AI strategy than in their network’s ability to support it, underscoring a growing gap between AI ambitions and network readiness. AI adoption is outpacing network readiness Titled “No…

As AI accelerates the pace and sophistication of cyberattacks, managed service providers are rethinking growth strategies that once prioritized customer acquisition above all else. In this Q&A, CyberSentriq CEO Myles Bray explains why more MSPs are tightening onboarding standards, focusing on higher-quality customer relationships, and viewing portfolio discipline as a competitive advantage rather than a…

CISA is using Anthropic’s Mythos AI to scan federal code for vulnerabilities, aiming to find flaws before hackers and foreign intelligence services. Three sources familiar with the matter told Reuters that CISA, the U.S. government’s civilian cyber defense agency, is running Anthropic’s Mythos AI model against federal code repositories to find vulnerabilities before foreign intelligence…

Anthropic started rolling out Claude Cowork, an AI agent that completes multi-step tasks, in beta for Max users on mobile and the web. They describe a goal, and Claude plans the work, uses the required tools, and produces outputs such as documents, spreadsheets, presentations, and reports. Remote Cowork session Tasks continue running in the background,…

With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners…

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network

In this interview with Help Net Security, industrial cybersecurity, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and the environment, and how spread-out sites and aging control hardware widen the risk. Ritchie describes tying…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of…

AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases for vulnerability research, application security testing, container security, endpoint protection, AI security, and penetration testing.…

Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, digs up a release year, then quietly files a reminder, the kind of dull three-app errand a human would grumble through in ninety seconds. The machine…

Anthropic has found a way to shed new light on how its models solve problems, thanks to its discovery of what it has dubbed the J-space. “We find that Claude has developed a small collection of internal neural patterns that, compared to all its other internal processing, play a special role. We call the collection…

The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the day it runs, then quietly expires. The environment shifts, a control drifts, a new technique…

Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can drift across weeks and months. That drift opens a security gap outside the reach of standard monitoring tools. A study of about 1,080 open job postings at OpenAI…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

In this post, I will discuss the modern digital security practices using Octo Browser. Online security is no longer just about strong passwords and antivirus software. Today, websites and apps “recognize” you using many subtle signals—device behavior, browser characteristics, network patterns, and even timing patterns. If you understand how these signals work, you can protect…
In this post, I will give you the Agentic SOC guide and show you how Agentic MXDR is reshaping enterprise cyber defense. Security teams are always pushed to be faster, go further and remain in control at all times. The pressure is driving the sector towards a new framework which is referred to as the…
– World-first near real-time cell coverage compensation on a live 4G and 5G network in a multi-vendor environment, setting a new industry benchmark for responsiveness in live…