The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
Category: AI
AI, Data Security, Europe, Global Security News, Network Security
Microsoft Multiparty Private Offerings Available in 30 European Countries
Microsoft has continued to make investments in Microsoft Marketplace. And starting May 27, 2026, multiparty offers in Marketplace will be available across 30 European countries. Through this expansion, partners will be able to collaborate more easily on deals, simplify transactions, and scale across borders. Starting July 15, Microsoft will expand its offerings to Australia, Japan,…
AI, Cybersecurity, Exploits, Global Security News
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how
AI, Europe, Global Security News, Government & Policy, Network Security, Russia
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch financial crime investigators arrested two men and seized 800 servers connected to Stark Industries, a hosting provider accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities said the suspects supported Russian and…
AI, Global Security News, Government & Policy, Risk Management
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” said Christy Wyatt, CEO of security…
AI, Global Security News, malware
FBI director Kash Patel’s brand website taken offline after malware reports
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was…
AI, Global Security News, malware
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves…
AI, Apps, Global Security News
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of those harnesses can run. OpenHack is a set of agents and…
AI, Global Security News, Risk Management
Boards want cyber risk in dollars, not CVE counts
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks through a three-step financial translation framework. First, identify business exposure…
AI, Global Security News, privacy, Risk Management
Turns out the C-suite loves shadow AI
Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level.…
AI, Global Security News
Meet Mark Zuckerberg’s Right-Hand Man Who’s Unleashing AI at Meta
Andrew Bosworth, Meta’s outspoken chief technology officer, has a new mission: transforming the company’s workforce using AI.
AI, Exploits, Global Security News
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. […]
AI, Global Security News
How AI Talks People Out of Conspiracy Theories—and What We Can Learn From That
Research shows that the key is to clearly explain relevant facts. That isn’t always easy to do.
AI, Global Security News
Musk Dreams of Interplanetary Profit
Plus, voice-powered writing in Google Docs, the coming “vibe slop” crisis, the rising AI backlash and Apple’s success with imperfect chips.
AI, Global Security News, malware, Network Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Funding, Global Security News, Network Security
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap. Anthropic announced on Friday that Project Glasswing, its defensive cybersecurity initiative built around Claude Mythos Preview, has uncovered more than 10,000 high- or critical-severity vulnerabilities in the month since the program went live. The number is…
AI, Data Breaches, Exploits, Global Security News
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. Earbud sensors can authenticate users by their heartbeat, study…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
AI, Global Security News
Weekly Update 505
Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made, and I posited that groups like this often go…
AI, Global Security News, malware
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. […]
AI, Global Security News
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor…
AI, Exploits, Global Security News, Government & Policy, Risk Management
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…
AI, Global Security News
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that…
AI, Global Security News, Venture
Venture Capitalist John Doerr Says AI Is the Biggest Tech ‘Tsunami’ Ever
The well-known venture capitalist who bet on Google says that the AI revolution is, if anything, underhyped.
AI, Data Breaches, Endpoint, Global Security News, Risk Management
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…
AI, Global Security News
His Chatbot Nearly Ruined Him. To Recover, He Had to Destroy It.
Unrequited love drove a 57-year-old man to an AI. Delusions of grandeur followed.
AI, Cybersecurity, Global Security News
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set…
AI, Cybersecurity, Global Security News
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags
AI, Exploits, Global Security News, Government & Policy, malware, Russia
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
AI, Global Security News, malware
An Example of Stack String in High Level Language, (Sat, May 23rd)
This week, I’m attending the SEC670[1] training (“Red Teaming Tools – Developing Windows Implants, Shellcode, Command and Control”). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it addresses malware from the opposite: Instead of performing reverse engineering, you write malicious code! Always interesting to have another point…
AI, china, Global Security News
David Sacks’s 11th-Hour Plea Led to Trump’s Backtrack on AI Executive Order
President Trump postponed signing an order on the dangers posed by artificial intelligence after an adviser warned that industry guardrails could slow down U.S. models in the race against tools from China.
AI, Exploits, Global Security News, privacy
Google leaks details for Chromium bug that can turn browsers into bots
Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more. The vulnerability…
AI, Global Security News
SpaceX Launches 400-Foot Rocket That Will Help Define Its Future
The company blasted off a new version of Starship, the vehicle Elon Musk is counting on for Starlink, AI satellites and more.
AI, Compliance, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
Data Sanitization Challenges Are Increasing in the AI Era
Data sanitization has long played an important role in protecting sensitive information, but growing data volumes and stricter compliance requirements are making secure end-of-life data management more critical than ever. The 2026 State of Data Sanitization Report by Blancco highlights growing concerns among organizations regarding data privacy, regulatory pressure, and end-of-life device management. The report…
AI, Global Security News
Cisco warns of AI inaccuracies in security incident reports
Cisco’s research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different data for each query and producing slightly different outcomes even with the same data.
AI, Apps, Global Security News, malware
FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday. The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims…
AI, Cybersecurity, Global Security News
The Patching Race Was Already Lost. AI Just Made It Obvious.
AI just rewrote the offensive economics of finding and weaponizing vulnerabilities. Most peers I’m talking to, and most vendor write-ups I’m reading, already get that patching alone isn’t enough. Yet patching still tends to land near the top of most response lists, and from what I’ve seen in the past 30 years, it’s the part…
AI, Cybersecurity, Global Security News
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account. The scam works…
AI, Cybersecurity, Global Security News
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account. The scam works…
AI, Global Security News
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. […]
AI, Global Security News, Risk Management
Meta says goodbye to those who won’t use AI
Meta is the latest company to trim its workforce as a result of the growing use of AI within the industry. The company laid off 8,000 employees earlier this week, while also moving 7,000 more to AI-focused roles. “AI is the most consequential technology of our lifetimes,” Zuckerberg said in a memo that he sent…
AI, Europe, Global Security News, Government & Policy, privacy, Russia
Police take down VPN service (this time with a good reason)
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it…
AI, Europe, Global Security News, Government & Policy, privacy, Russia
Police take down VPN service (this time with a good reason)
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it…
AI, china, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management, Russia
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain…
AI, APAC, Apps, Exploits, Global Security News, Network Security, Risk Management
The AI that cracked Apple Silicon is only the beginning
A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI…
AI, Global Security News, Government & Policy
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government
AI, Global Security News, Risk Management
Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
Discover how Cisco is evolving its vulnerability disclosure practices. We are leveraging AI to prioritize high-risk security issues, helping customers focus on critical patching and remediation efforts.
AI, APAC, Apps, Global Security News, Risk Management
LG Launches PRO Services to Simplify DVLED Rollouts for Partners
LG Electronics USA’s commercial display division has launched LG PRO Services, a new “manufacturer-backed” installation service for its Direct View LED (DVLED) portfolio. The service covers fixed-price All-in-One DVLED models as well as cabinet-based indoor DVLED solutions, expanding LG’s role beyond hardware to help partners plan, deploy, and scale display projects with greater confidence. Addressing…
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
AI, Global Security News
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.
AI, Cybersecurity, Global Security News, Government & Policy
State officials urge Congress to reauthorize cybersecurity grant program
State officials emphasized that the State and Local Cybersecurity Grant Program (SLCGP) provided essential aid to local governments, many of which lack dedicated cybersecurity staff and resources.
AI, Global Security News, Government & Policy, Risk Management
Microsoft, EY to spend $1 billion on helping customers buy agentic AI
Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years. The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said. “We’re…
AI, Global Security News
7 identity security best practice for the Agentic AI era
Here’s how to harden the teams identity security to defend against the rising tide of AI agents.
AI, Global Security News, Risk Management
Workday extends Sana AI to ITSM after HR, finance
Workday conversational AI platform Sana for Workday is now ready to talk about IT Service Management (ITSM) automation as part of the company’s broader effort to help enterprises streamline workflows, especially across HR and finance, with autonomous AI agents. The new Sana for ITSM capabilities are intended to automate workflows for employee on- and offboarding,…
AI, Global Security News
Trapdoor ad fraud campaign used hundreds of Android apps
The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store.
AI, APAC, china, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, privacy, Risk Management, Russia
AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026
Major Threats & Vulnerabilities AI-Powered Cyberattacks and Exploits The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats. Microsoft Defender vulnerabilities are…
AI, Global Security News
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the security industry will have to reckon with. The…
AI, Apps, Global Security News, malware, Network Security
Authorities arrest 23-year-old accused of running the Kimwolf botnet
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botnet. Authorities arrested the suspect in Canada, he could face up to 10 years in prison…
AI, Endpoint, Exploits, Global Security News, Risk Management
CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw…
AI, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices
BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-45585 vulnerability, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
Cork CEO Dan Candee on Evolution of Security Services & AI
Cork is pushing MSPs to rethink cybersecurity delivery as AI accelerates both business technology adoption and the sophistication of attackers. In an interview with Channel Insider, CEO Dan Candee said the company has moved beyond compliance reporting and intelligence into active security remediation tooling. As AI and other forces seem to push tighter deadlines for…
AI, Apps, Global Security News, Risk Management
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is simple: delete the key. But Aikido…
AI, Global Security News, Network Security
‘Underminr’ exploitation poses similar risks to domain fronting, researchers say
ADAMnetworks estimates about 42% of domains could be abused using the technique.
AI, Cybersecurity, Global Security News
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI
AI, Global Security News
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
AI, Global Security News
Kore.ai unveils AI-native platform for enterprise multiagent systems
Kore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with broader cloud availability to follow. The new-generation Kore.ai Agent Platform enables enterprises to deploy production-ready multiagent AI systems in…
AI, Global Security News, Network Security
Versa extends zero trust principles to AI agents and MCP workflows
Versa has introduced a patent-pending zero trust architecture for the Model Context Protocol (MCP), applying zero trust principles to AI execution. The company said every AI-generated action is validated against user identity, role-based access controls, and system policies before execution, with human approval required when defined by administrators. The launch addresses a growing challenge as…
AI, Global Security News
GitLab 19.0 adds AI workflows, secrets management, and self-hosted model support
GitLab released GitLab 19.0 with expanded secrets management, agentic merge request workflows, improved CI pipeline visibility, support for self-hosted open-source models, and supply chain visibility enhancements. Engineering organizations shipping more code than ever are confronting the AI Paradox firsthand, as the surrounding workflows for securing credentials, reviewing and merging changes, enforcing pipeline standards, and running…
AI, Global Security News
Proton Pass adds monitored credential sharing for AI agents
Proton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and monitor activity. To gain access, an agent must provide a reason for the request so users can see what actions are being performed. Access tokens are available with Pass…
AI, Data Breaches, Global Security News, Risk Management
Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at this scale. The DBIR records this as “an increase of 40% in…
AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management
Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines
I spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to the inside of a cabinet because the Velcro had…
AI, Cybersecurity, Exploits, Global Security News
CISA’s new KEV nomination form opens reporting to vendors and researchers
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at vulnerability@cisa.dhs.gov for organizations and individuals who prefer that…
AI, Global Security News
The AI Superstars Who Say a ‘Vibe Slop’ Crisis Is Coming
A pair who helped launch the agentic-AI craze worry that their creations are pumping out bad—even dangerous—code.
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 Langflow Origin Validation Error Vulnerability…
AI, Global Security News
Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access…
AI, Global Security News
Meet Fractal, an OS made for microarchitecture reverse engineering
Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they were trying to hold still. Fractal, a new operating system from MIT CSAIL, was built to take that mess out of the loop, and…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Identity as the primary attack surface: What modern breaches are really exploiting
The “retro” way “The thing about the old days is… they are the old days” – Slim Charles, The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion detection systems, endpoint security and segmentation controls, all of which were built…
AI, Global Security News
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to…
AI, Global Security News
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
Google is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec. Months after introducing CodeMender, an AI-powered agent designed to autonomously identify and patch software vulnerabilities, Google is now integrating the technology into its expanding Agent Platform strategy unveiled…
AI, Endpoint, Exploits, Global Security News, malware, Network Security, Russia
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io shows why defenders may need to pay closer attention to something more boring, hosting…
AI, Apps, Global Security News
With AI, typing’s out, talking’s in
Eight months ago, LinkedIn co-founder and former CEO Reid Hoffman confessed: “I am voicepilled.” He argued that talking instead of typing was the next great leap in computing. Being “voicepilled,” he said, was the epiphany that you can be vastly more productive and creative when not bogged down by the Victorian-era contraption known as the…
AI, Global Security News, malware
Cross-Platform NPM Stealer, (Fri, May 22nd)
I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9[1]. It did not run properly in a sandbox so only a static analysis was performed. The key point is that it is a cross-platform stealer…
AI, Global Security News, Risk Management
Controlling AI Agents: Why Detection Is Too Late
This is Part 2 of a 2-part series. Read Part 1: Your AI Agent Doesn’t Care About Your Controls If AI agents change how execution happens, they also expose a fundamental limitation in how most security controls operate. Many control models assume there is sufficient time to detect, assess, and respond to events before they result in…
AI, Global Security News, Risk Management
The new economics of fraud: Cheaper, faster, more convincing
Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented ecosystems, and faster attack cycles that use AI to pressure people into authorizing payments themselves.…
AI, Global Security News
New infosec products of the week: May 22, 2026
Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI. Babel Street targets AI-driven threats with new agentic investigation capabilities Babel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative…
AI, Global Security News, Government & Policy, Network Security
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada
Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday. Jacob Butler was arrested Wednesday in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted,…
AI, china, Endpoint, Exploits, Global Security News, Network Security
Critical vulnerability in Cisco Secure Workload rated at maximum severity
A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are doing and patch this immediately,” warned consultant Robert Enderle, who…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware
Microsoft patches two zero-day flaws in Defender
Microsoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuable in a malware attack, first to prevent detection if the system relies only on Microsoft endpoint protection…
AI, Apps, Europe, Global Security News, Government & Policy, Network Security
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in ChromaDB’s API server and was published by researchers at HiddenLayer after reportedly failing to get in contact…
AI, Global Security News
How CISOs Should Prep for Agentic-Ready AI BOMs
Finding ways to document both component and execution attributes for AI bill of materials (AI BOM).
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…
AI, Global Security News
Google API Keys Remain Active After Deletion
A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate.
AI, APAC, china, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Russia
Lawmakers from both parties say CISA cuts have gone too far
Two cybersecurity-focused members of Congress agreed Thursday that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential to defending civilian networks against foreign adversaries. Rep. Don Bacon, R-Neb., and Rep. James Walkinshaw, D-Va., spoke during a discussion at the National Cyber Innovation Forum. Despite representing different parties,…
AI, Compliance, Global Security News, Network Security, privacy, Risk Management
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers can now use the AWS KY3P assessment to reduce their supplier due diligence burden. KY3P,…
AI, china, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Russia
Trump postpones executive order focused on AI security
President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order…
AI, Funding, Global Security News
What an OpenAI IPO Might Mean for the Channel
OpenAI is reportedly preparing for an initial public offering (IPO), a move that could significantly impact both the consumer AI market and the channel ecosystem as we know it. As the company behind arguably the world’s most recognizable AI platform, OpenAI’s transition into a publicly traded company could unlock new opportunities, partnerships, and revenue streams…
AI, Global Security News
Too Much Work to Do? Have Your Digital Twin Handle It
In a glimpse into the future, a small number of executives have created AI replicas to take over some of their responsibilities.