Author: admin
AI, Global Security News
PureLogs Variant Steals Data via Purchase Order Lures
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
AI, Global Security News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft
Global Security News, privacy
Franklin Access adds three-layer security system to Wi-Fi routers
Franklin Access has launched a three-layer security system integrated into its Wi-Fi routers, delivering enterprise-grade protection for consumers and small businesses. The system runs automatically in the background, blocking millions of malicious websites in real time to protect families, children, seniors, and businesses from online threats. Franklin’s Wi-Fi routers include advanced security protocols and privacy…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoint vulnerability, tracked as CVE-2026-45659 (CVSS score of 8.8), that could allow remote code execution. The flaw does not require complex conditions for exploitation, making it a…
AI, Apps, Global Security News
Jetico expands BestCrypt Data Shelter with zero-trust file access controls
Jetico has announced the extension of BestCrypt Data Shelter to include centrally managed enterprise data access control for sensitive files. The solution allows security teams to define and enforce policies governing which applications, processes and users can access protected files. This default-deny model aligns with zero-trust security principles. “Organizations have made significant progress in encrypting…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Network Security, privacy, Risk Management
DSPM buyer’s guide: Top 10 data security posture management tools
Data security posture management (DSPM) explained Data security posture management (DSPM) tools help security teams examine their entire data environment to find shadow data, reducing the risk of data loss. Tracking down sensitive data across both cloud and on-premises systems can be vexing. Each environment presents its own challenges. Given the dynamic and ephemeral nature…
AI, Global Security News
The AI tech job slaughter gets real
Tech companies seem to be falling over each other these days in firing people to either replace them with AI or to pay to build AI infrastructure. Wouldn’t it be nice if they at least waited until AI actually worked for business? On the one hand, top tech businesses such as Amazon, Block, Cisco, Cloudflare,…
AI, Funding, Global Security News
The big winner in Elon Musk’s suit against OpenAI and Microsoft — hypocrisy
If ever there were a lawsuit in which a jury and judge should have ruled against both the accuser and the defendants, Elon Musk’s suit against OpenAI and Microsoft was it. The high-profile legal battle pitted the world’s richest man against a company worth more than $3 trillion, another that might soon launch a $1…
AI, Apps, Global Security News
AppOmni’s Marlin AI automates SaaS threat analysis, triage, and remediation at scale
AppOmni has launched Marlin AI to transform how enterprise organizations defend complex SaaS applications. Marlin AI delivers autonomous AI-powered SaaS security that leverages AppOmni’s deep SaaS application observability. It actively correlates SaaS security indicators, performs deep investigations, and guides security teams to immediate solutions. By reducing the massive hours wasted on investigating threats, alerts and…
AI, Exploits, Global Security News
Novee’s Agentic Fix turns validated exploits into fixes through AI coding agents
Novee has announced Agentic Fix, an enhancement to its AI penetration testing platform that helps teams move from validating security findings to deploying fixes in a single step. Agentic Fix extends Novee’s platform by generating remediation guidance from the same exploit context used to uncover an issue, then routing that guidance to the AI coding…
AI, Global Security News
Coinflow CISO on crypto payments security under AI pressure
Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the United States and operates across multiple jurisdictions. Portelli sat down for this interview…
AI, Endpoint, Global Security News
Vigolium: Open-source vulnerability scanner
Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes two scanning paths. vigolium scan runs a multi-phase deterministic pipeline…
AI, Global Security News
The alert economy is driving security analyst burnout
In this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing repetitive tickets while the institutional knowledge of senior staff walks out the door when they…
AI, Europe, Global Security News, Risk Management
European AI adoption hits 99% with regulated data driving most policy violations
Generative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial information, and proprietary code, and that volume of activity has produced a measurable pattern in where data exposure occurs.…
Global Security News
GitHub internal repositories breached
Global Security News
ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft previews automatic device isolation in Defender for Endpoint
Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will…
AI, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft previews automatic device isolation in Defender for Endpoint
Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will…
AI, APAC, Apps, Compliance, Global Security News, Network Security, privacy, Risk Management
Top 6 UCaaS Providers for Businesses in 2026
Unified Communications as a Service (UCaaS) is essential for modern businesses looking to stay connected in today’s fast-moving work environment. By combining video conferencing, VoIP, messaging, and collaboration tools into a single cloud-based platform, UCaaS helps teams communicate and collaborate in real time from anywhere. As remote and hybrid work continue to evolve in 2026,…
AI, Endpoint, Global Security News
Sophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection for the 17th consecutive report
Strong endpoint protection remains critical. But in today’s AI-driven threat environment, it’s most powerful when it’s part of a broader, coordinated defense. Categories: Products & Services Tags: Gartner, Gartner Magic Quadrant, Endpoint, Sophos Endpoint
AI, Global Security News
Novee launches Agentic Fix to automate vulnerability remediation
Agentic Fix addresses a critical bottleneck in the software development lifecycle where vulnerability discovery has been significantly accelerated, but the subsequent steps of triage, assignment, patching, and retesting remain largely manual.
Global Security News
Formula 1 fans targeted by evolving scams, Bitdefender warns
Bitdefender’s Fan Threat Index highlights four major threats targeting Formula 1 enthusiasts: counterfeit merchandise, fraudulent ticket sales, malicious streaming services, and sophisticated social engineering attacks.
AI, Apps, Global Security News
AppOmni launches Marlin AI for autonomous SaaS security alert investigation
Marlin AI operates within the AppOmni platform, continuously analyzing security indicators across business-critical applications.
AI, Global Security News
7AI Inc. launches PLAID ELITE, an AI-native security operations service
PLAID ELITE handles the entire security operations workflow, including alert ingestion, enrichment, triage, investigation, and response, autonomously.
AI, Global Security News
Fake AI tool websites used to steal developer data
The attack campaign employs SEO poisoning to elevate fake installation pages in search engine results, leading developers searching for AI tools like Google Gemini CLI or Anthropic’s Claude Code to typosquatted domains.
AI, Apps, Global Security News
Varonis integrates Claude AI compliance API into Atlas platform
This integration aims to provide organizations with enhanced visibility and oversight for their use of Claude, a tool relied upon for knowledge work, analysis, and application development.
AI, Global Security News
ShinyHunters extorts Charter Communications after data breach
The incident came to light after Charter was listed on ShinyHunters’ data leak site, where the group claimed to have stolen 40 million records.
AI, Data Breaches, Global Security News
Iranian-backed hackers linked to Los Angeles transit system breach
The hacktivist group Ababil of Minab initially claimed responsibility for the breach, stating they had stolen and subsequently deleted data from the Los Angeles County Metropolitan Transportation Authority (LACMTA) systems.
AI, Endpoint, Global Security News, Network Security, Risk Management
Microsoft Defender for Endpoint to automatically isolate compromised devices
The new feature automatically disconnects compromised endpoints from the network, limiting the risk of further impact while maintaining connectivity to the Defender for Endpoint service for continued monitoring.
AI, Global Security News
Cybercriminals increasingly use AI for deepfake-based KYC bypass, report finds
New research from Flashpoint highlights a significant trend where threat actors are not focused on developing novel AI tools but rather on refining existing ones.
Global Security News
Dutch government blocks US IT giant’s acquisition of cloud provider
The Dutch minister for the digital economy announced a complete prohibition on the acquisition, which would have allowed Kyndryl to purchase Solvinity for an undisclosed sum.
Global Security News
Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland – SWN #584
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
TeamPCP Compromised LiteLLM in AI Supply Chain Attack
A supply chain attack targeting the open-source AI ecosystem shows how threat actors are increasingly abusing developer tools and AI infrastructure to steal credentials and compromise cloud environments. Researchers found that TeamPCP compromised LiteLLM, a widely used open-source Python library that connects applications to more than 100 LLM providers through OpenAI-compatible APIs. The attack reportedly…
AI, Apps, Compliance, Exploits, Global Security News, Network Security, Risk Management
Why Annual Penetration Tests Are No Longer Enough
Traditional annual penetration tests are becoming less effective as organizations rapidly expand cloud, hybrid, and AI-driven environments that change far faster than yearly assessment cycles can keep up with. According to Lydia Zhang, President and Co-Founder of Ridge Security, modern infrastructure, applications, APIs, and dependency chains evolve continuously, creating constantly shifting attack surfaces that static…
Exploits, Global Security News
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. […]
AI, Compliance, Data Breaches, Data Security, Global Security News, Network Security, Risk Management
GUEST ESSAY: AI pipelines are shattering network security — most companies haven’t even noticed yet
For the past two decades, enterprise security teams have gotten good at one thing: keeping sensitive data where it belongs. Related: Leaked secrets no. 1 exposure Production data stays in production. Test environments get masked or synthetic data. Access is controlled. Ownership is defined. The system, while imperfect, largely works. Then AI arrived — and…
AI, Global Security News
Feeding Frenzy: ‘Megalodon’ Malware Infects Thousands of GitHub Repos
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
AI, Data Breaches, Global Security News
Charter confirms data breach after ShinyHunters extortion threat
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. […]
AI, Global Security News, Network Security
Apple open-sources quantum-resistant encryption code
Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review and broader use across the industry. The release includes implementations of two quantum-secure algorithms, ML-KEM and ML-DSA, along with the formal verification libraries and tools Apple created to validate their…
AI, APAC, Apps, Global Security News, Network Security, Risk Management
How Lineage Reveals Your Data’s Secrets
Imagine this scenario: on an otherwise fine and ordinary Monday morning, your security operations center (SOC) flags a suspicious alert. Files from a confidential vault are transferring to someone’s personal cloud storage account. Halt! An analyst stops the flow, but some files are leaked to who-knows-where. In fact, other than knowing the leak happened, you…
AI, Global Security News
The Hackers Behind Shai-Hulud: Lucky or Skilled?
TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it’s not necessarily due to skill alone.
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
White House charts new course for federal agencies and cybersecurity logging
The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved. The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe…
AI, Apps, Cloud Security, Compliance, Global Security News, Network Security
Welcoming the AWS Customer Incident Response Team
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources such as the Threat Technique Catalog for AWS (TTC), additional open-source tools, and the distinction between AWS CIRT support and the AWS Security Incident Response managed service. Welcome back, or welcome…
Global Security News
Drupal bug added to CISA list of known exploited vulnerabilities
Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.
AI, Cybersecurity, Europe, Exploits, Global Security News, Risk Management
ECB warns banks of new AI risks
The European Central Bank (ECB) has summoned major banks to an emergency meeting to warn of new cybersecurity risks linked to advanced AI models, according to the Financial Times. Frank Elderson, vice chair of the ECB’s Supervisory Board, said banks must become significantly faster at installing security updates. According to the ECB, new AI tools…
Global Security News, malware
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data.
Global Security News
When ransomware shutters the ER, cyber resilience can help teams mitigate the damage
Here’s five ways to implement a cyber resilience plan well before a medical facility experiences a crisis.
AI, Compliance, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
CrowdStrike Disrupts Glassworm Supply Chain Botnet
CrowdStrike announced the coordinated takedown of the Glassworm botnet, a large-scale operation that targeted software developers through compromised open-source packages, malicious VSCode extensions, and poisoned GitHub repositories. The operation, conducted alongside Google and the Shadowserver Foundation, disrupted the botnet’s infrastructure and severed communication between the operators and infected systems. “In collaboration with Google and the…
AI, china, Compliance, Global Security News, privacy, Risk Management, Russia
The Hidden Ransomware Economy Running on Exposed Databases
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a…
AI, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security
Services Revenue Becomes the Channel’s Growth Engine
Halfway into 2026, managed services continue to emerge as one of the industry’s strongest growth engines. Gone are the days when infrastructure deals and one-time product sales dominated partner revenue. Increasingly, the real opportunity lies in the services surrounding technology, from AI advisory and deployment to cybersecurity management and implementation. In this article, we examine…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
ConnectWise Automate Vulnerability Could Allow Security Check Bypass and RCE
ConnectWise has disclosed a vulnerability in its Automate remote monitoring and management (RMM) platform that could allow attackers to bypass integrity verification mechanisms and execute malicious code in affected environments. The flaw impacts on-premises versions of ConnectWise Automate prior to version 2026.5 and carries a CVSS score of 8.8. “Under certain conditions, components obtained during…
AI, APAC, Global Security News
Dell CEO Says Agentic AI is Straining Supply Chains
The AI boom was already straining the supply chain, and agentic AI is apparently pushing it to a new level of dysfunction. Speaking at Dell Technologies World 2026 in Las Vegas, Dell Technologies CEO Michael Dell said the rise of autonomous AI systems is making it harder for supply and demand to settle into any…
AI, Apps, Cloud Security, Compliance, Exploits, Global Security News, malware, Risk Management
Well-architected best practices for software supply chain security
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks to community efforts involving the Amazon Inspector team, the Open Source Security Foundation, and others, the affected packages were quickly flagged, which reduced the impact of these incidents. Supply chain attacks…
AI, Global Security News
Detectify launches MCP server to integrate security testing into AI coding workflows
The Detectify MCP Server utilizes the Model Context Protocol (MCP), an open standard adopted across the AI industry for agent-tool communication.
AI, Global Security News
CypherLoc scareware tricks millions into identity theft traps
The CypherLoc attack begins with a phishing email containing a malicious link or attachment.
AI, Global Security News
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required
So, you’ve enabled multi-factor authentication. You’ve taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? Well, think again. Read more in my article on the Hot for Security blog.
Global Security News
Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution
The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1.
Global Security News
Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
Global Security News
The Oncology Institute reports patient data potentially exposed in third-party vendor breach
The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that may have affected patient data.
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-48095: 7-Zip Heap Buffer Overflow Can Lead to Code Execution
CVE-2026-48095 in 7-Zip has raised fresh concerns around malicious archive handling and user-driven exploitation. According to GitHub Security Lab, the flaw is a heap buffer write overflow in 7-Zip’s NTFS archive handler that affects version 26.00 and can potentially lead to arbitrary code execution or application crashes. The issue was fixed in 7-Zip 26.01, released…
AI, Exploits, Global Security News
Zero-click attack hijacks WhatsApp accounts on iOS 16
The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized access to WhatsApp sessions.
AI, Global Security News
North Korea’s Lazarus Group uses new RemotePE malware against financial targets
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
Global Security News
Mainframe Security Gaps: Why Your IAM Strategy is Failing (And How to Fix It) – WC #1
AI, Global Security News
SpaceX’s AI Pursuits Have Yet to Take Off
Plus, California studies AI job losses, Anthropic’s revenue soars and Nvidia plays the role of $5 trillion underdog.
AI, APAC, Apps, Compliance, Global Security News
High-Quality Customer Outcomes Require Courageous Leadership
This article is written by Brett Diamond, CEO, 11:11 Systems, and provided to Channel Insider by 11:11 Systems. Every company claims to be customer-first. Many invest in support, success teams, and service management frameworks. But the uncomfortable truth is this: ensuring quality at every customer touch point often requires focused decision-making. And the decisions that…
AI, Global Security News
Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month
Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code.
Global Security News
OnlyFans user data advertised on cybercrime forum, seller claims no direct breach
A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000.
Global Security News
Ghost CMS vulnerability exploited in large-scale campaign
The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin API keys.
AI, Global Security News
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and…
AI, Compliance, Exploits, Global Security News, Network Security
Apple opens its post-Quantum encryption vault
The tech world is rapidly waking up to the security threat posed by future quantum computers, which will be able to break the encryption we now use to protect our internet existences with ease. Against that backdrop, Apple’s decision to share iPhone and Mac post-quantum cryptography code on GitHub speaks volumes. Lost in the fog of reporting over the Memorial…
AI, APAC, Cybersecurity, Exploits, Global Security News, Government & Policy
Anthropic: Mythos finds more than 10,000 software flaws in first month
Anthropic said its month-old Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity software vulnerabilities across systemically important code, a finding the company says has shifted the central problem in cybersecurity from discovering flaws to verifying and patching them. The findings, drawn from partner reports and independent evaluations, mark one of the first…
Exploits, Global Security News, Network Security
RondoDox botnet exploits old ASUS router vulnerability
The RondoDox botnet has been exploiting this vulnerability since May 17, as discovered by VulnCheck’s Canary Network.
Global Security News
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
Exploits, Global Security News
Anthropic: Claude Mythos identified 10,000+ software flaws
Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities In April 2026, Anthropic introduced Claude Mythos Preview, a new large language model that can autonomously find zero-day vulnerabilities and…
china, Global Security News, Russia
Chinese phishing gangs grow into a force to be reckoned with
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several likely linked to broader criminal activity in the region. Nearly all legitimate organizations mimicked by these phishing…
Global Security News, AI, malware
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-hour window on May 18. The attack was in the form of a malicious commit, “acac5a9,” targeting GitHub…
AI, Compliance, Global Security News, Risk Management
How Varonis Atlas integrates Claude Compliance API for AI governance
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. […]
Global Security News
BTMOB Android RAT Spreads Through No-Code Builder Tooling
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
AI, Exploits, Global Security News
Detectify brings AppSec automation to AI agents with MCP Server and continuous testing
Detectify has unveiled the Detectify MCP (Model Context Protocol) Server, a new integration layer that brings Detectify’s security testing engines directly into AI-driven development workflows, helping coding agents find and validate exploitable vulnerabilities and interpret attack surface data with greater precision. As organizations increasingly rely on AI agents to write, refactor, and modernize code, software…
AI, Cybersecurity, Exploits, Global Security News
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro noted, and credited the incident response team of its TrendAI enterprise cybersecurity business for reporting it. About…
AI, Cybersecurity, Global Security News
Conifers rolls out AI-powered SOC for unified security operations and automated response
Conifers has announced the launch of its agentic SOC, a unified AI platform designed to help security operations centers defend against cyber adversaries operating at machine speed. Built on the company’s CognitiveSOC platform, the new system connects threat intelligence, threat hunting, detection engineering, investigation, and remediation into a single operating framework grounded in each customer’s…
Endpoint, Global Security News, Network Security
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers’ attempts to move laterally across the network. […]
AI, Global Security News, Network Security
Webinar: Too many tools are slowing network incident response
IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident response times. […]
Global Security News
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading
The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson’s instrumental role in building and elevating the media site.
AI, Global Security News
Why Network Segmentation Projects Fail: Four Patterns
Cisco’s 2026 Segmentation Report analyzes 400 failed segmentation projects and identifies four distinct patterns of failure — and what teams can do about them
AI, Global Security News
New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar
Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop. According to recent updates from The Hacker News, bad…
AI, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management
Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More
May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP interception, and remote access abuse targeting organizations across industries. From fake invitations and banking portals to compromised B2B websites and Word Online lures, the month’s attacks had one thing in common: they were built…
Exploits, Global Security News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. “Deserialization of untrusted data in Microsoft…
AI, Data Breaches, Global Security News
Personal information of 185,000 people exposed after cyberattack on 7-Eleven
Data belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, dates of birth, and phone numbers, while a small number of records also contained additional…
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security
TrapDoor malware campaign puts developer workstations in CISO spotlight
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at Socket said the campaign, which they are tracking as TrapDoor, “spans more than 34 malicious packages and 384+ related versions and artifacts” across the three…
AI, Global Security News, Risk Management
Tamnoon introduces skill-based AI orchestration for autonomous cloud defense
Tamnoon has expanded its AI engine, Tami, into a skill-based orchestrator that generates customer-specific remediation skills tailored to each enterprise environment. Trained on more than 6 million real cloud fixes across 800+ accounts, Tami coordinates specialized AI skills to safely and autonomously address every class of cloud risk. Two new skills are available, Remediation Confidence…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages and injected malware by rewriting more than 700 Git tags tied to historical versions. Laravel-Lang is a community-driven project that provides translation and localization files for Laravel applications. The…
china, Global Security News
What Readers Found When They Asked Their Chatbots About China
Plus, a Hollywood screenwriter says historical disputes sank a U.S.—China film project.
Exploits, Global Security News
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute…
Global Security News
MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the second factor. While that logic was sound, attackers have now figured out that they don’t need to steal the second factor: they just need the…
AI, Exploits, Global Security News
India’s CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
AI, Global Security News
FAQ: What you need to know about expiring Windows Secure Boot certificates
Microsoft is preparing to make a significant change to the Secure Boot system in Windows that will impact operations for both clients and servers. In a nutshell: The Secure Boot certificates that Microsoft issued 15 years ago are being replaced by newer ones, with the older certificates set to expire beginning in June. To continue…
AI, Global Security News
What happens when security teams inherit identity
At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle with identity, why identity platforms can become difficult to manage, how phishing-resistant authentication is…
AI, Global Security News
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability