BYOD was a headache. AI agents are an existential crisis. Advanced AI models pose a massive security and governance challenge for the channel, forcing managed service providers (MSPs) and tech partners to rethink how they protect corporate data. Agentic AI adoption exposes governance gaps The shift from passive, generative AI chatbots to fully autonomous agents…
Category: AI
AI, Apps, Cybersecurity, Global Security News, Risk Management
Google talks ‘singularity’ while scaling up agentic AI for enterprises
Google is recasting its enterprise AI roadmap around autonomous systems and AGI, with DeepMind CEO Demis Hassabis telling I/O attendees the industry now sits at the “foothills of the singularity.” “When we look back at this time, I think we all realise that we were standing in the foothills of the singularity,” Hassabis said in his…
AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Risk Management
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage…
AI, Global Security News
Meta Begins Laying Off Thousands of Employees as It Transforms Around AI
The cuts of roughly 8,000 jobs, or 10% of staff, are meant to offset the cost of the company’s AI investments
AI, Exploits, Global Security News
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours.
AI, Global Security News, Risk Management
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but…
AI, Endpoint, Global Security News, privacy, Risk Management
Jamf Elevates Former CTO Beth Tschida to CEO Role
Jamf has appointed Beth Tschida as chief executive officer, naming its former chief technology officer to lead the Apple device management and security company as it begins its next chapter under private ownership. Tschida’s appointment is effective immediately. She had served as interim CEO since March 2026 and previously spent eight years as Jamf’s CTO,…
AI, Global Security News
Agent AI is Coming. Are You Ready?
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent…
AI, Apps, Exploits, Global Security News, malware, Network Security
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
A newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at different stages of a single attack chain targeting Mac users. The…
AI, Compliance, Global Security News, Risk Management
ArmorCode gives security teams AI workers for exposure and remediation
ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security teams move beyond generic AI assistants by turning unified security and business context into purpose-built AI…
AI, Global Security News, Risk Management
Novata uses AI to map risk across portfolios and supply chains
Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework for comparing risk across entities, normalizing diverse risk signals into a comparable view across portfolios…
AI, Global Security News, Network Security
Copilot Chat: Your hub for document creation and analysis
Many years ago, Microsoft created a handy hub for its Office suite: type office.com into your browser, and you’d see a web page where you could launch the various Office apps — Word, Excel, PowerPoint, and so on — or access recently used documents in those apps. This hub’s appearance changed a bit over time…
AI, Exploits, Global Security News
Exploit released for new PinTheft Arch Linux root escalation flaw
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. […]
AI, Global Security News
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
AI, Global Security News, Venture
10 Android Circle to Search superpowers you probably never noticed
With Google’s annual I/O gala in full force this week, Gemini and AI are taking center stage and being presented as the future of practically everything. Here in the land of Android, though, Gemini’s been quietly competing for attention with another relatively youthful on-demand assistant — and that’s a far less in-your-face feature called Circle…
AI, Data Breaches, Global Security News
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub stated. The source of the…
AI, Apps, Global Security News, Risk Management
Trust3 AI focuses on AI agent risks with MCP Security layer
Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governance teams with a unified trust layer to seamlessly and safely connect AI agents with vital business…
AI, Global Security News
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate…
AI, Global Security News
GUEST ESSAY: AI can speed up communication, but it can also weaken human connection
The first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have missed. That seemed harmless enough. Then the tool offered to help write the speech. I…
AI, Global Security News, Network Security
Darwinium updates mobile SDKs to detect remote access scam activity
Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks. “Most fraud platforms validate trust at a single moment, typically at login or payment,…
AI, APAC, Exploits, Global Security News, malware, Network Security, Risk Management
Why some security fixes never reach your vulnerability dashboard
On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install. The attackers reached Bitwarden’s npm publishing path through a compromised GitHub…
AI, Data Breaches, Endpoint, Global Security News, malware
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and…
AI, Global Security News, Network Security
Virtuozzo CEO: AI Infrastructure Is a Channel Opportunity
Virtuozzo is positioning its new AI infrastructure platform as more than a product launch: CEO Kurt Daniel sees it as a channel opportunity for service providers facing rising hardware costs, GPU demand, and pressure to modernize cloud offerings. The company recently introduced its Virtuozzo Infrastructure System, an integrated platform combining compute, storage, networking, orchestration, automation,…
AI, Exploits, Global Security News, Network Security
DirtyDecrypt: PoC Released for yet another Linux flaw
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and…
AI, Cybersecurity, Global Security News, Risk Management
Communicating cyber risk in dollars boards understand
In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics. He unpacks the gap between security teams and boards, pointing to…
AI, Global Security News
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized…
AI, Global Security News, Network Security
When your AI assistant has the keys to production
Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure. A recent survey on agentic AI in network and IT operations gives it a more…
AI, Exploits, Global Security News, Network Security
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted…
AI, Data Breaches, Global Security News
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. “After the initial assessment,…
AI, Data Breaches, Global Security News
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. […]
AI, Global Security News
7 hard truths security pros should know: 2026 DevOps Threats Report
In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your code (and business), you need security measures, good practices, and knowledge. Strengthen your organization’s security posture. Learn about…
AI, Global Security News
What happens when your identity provider becomes the kill chain
In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks down how passwords, session cookies, and OAuth grants all rely on shared secrets…
AI, Global Security News
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’…
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
EnterpriseClaw wants to bring governance to the OpenClaw era
Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly. Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since. Automation Anywhere Tuesday rolled…
AI, Apps, Europe, Global Security News, malware
Microsoft disrupts malware code-signing service used by ransomware gangs
Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates. Microsoft seized the group’s website, signspace[.]cloud, revoked the…
AI, Global Security News
GitHub internal repositories breached
A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum Categories: Threat Research Tags: GitHub, Supply chain
AI, Cybersecurity, Data Breaches, Funding, Global Security News, Government & Policy
CISA credential leak raises alarms, and Capitol Hill demands answers
Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential…
AI, Global Security News
What Will Make AI BOMs Real?
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs).
AI, Cloud Security, Compliance, Cybersecurity, Global Security News, Risk Management
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and designs. Understanding these tactics can help inform your architecture decisions, improve your…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Attackers couldn’t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday. The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects…
AI, Global Security News
AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks
AI agent security starts with a simple fact: the more authority an agent has, the tighter its access…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy
Contractor’s public GitHub account exposed GovCloud and CISA credentials
Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend, acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information…
AI, Apps, Compliance, Europe, Exploits, Global Security News, Risk Management
News alert: Orchid Security study finds invisible identities now outnumber managed accounts
NEW YORK, May 19, 2026, CyberNewswire—Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access management systems. The report found that invisible identity (“identity dark matter”) now outweighs visible identity across enterprise…
AI, Global Security News
CISA Exposes Secrets, Credentials in ‘Private’ Repo
The agency’s GitHub repository, publicly available since November 2025, was ironically named “Private-CISA.”
AI, Exploits, Global Security News, Government & Policy, Risk Management
Drupal is rolling out an emergency security update on May 20. You cannot miss it
Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention. The Drupal Security Team has confirmed it will release…
AI, Global Security News
The Big Four accounting firms are now hiring more AI specialists than accountants
The Big Four accounting and consulting firms — Deloitte, EY, KPMG, and PwC — advertised more AI-related job postings than traditional auditing positions in 2025, according to a new analysis by the Financial Times. Nearly 7% of the firms’ job postings required AI expertise, compared to less than 2% in 2022 when OpenAI’s ChatGPT was…
AI, Apps, Europe, Exploits, Global Security News, malware
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack, which exploited a complex GitHub Actions cache poisoning weakness, the latest incident early on May 19 took the more conventional…
AI, Global Security News
Arxiv: Researchers who submit AI-generated junk could get 1-year suspension
Arxiv, the open-access repository where researchers publish scientific articles before they have undergone formal peer review, is introducing stricter rules against AI-generated articles containing obvious errors and fabricated content. Researchers who submit texts with clear signs of so-called “AI slop” can now be banned from the platform for a year, according to 404 Media. Red…
AI, Cybersecurity, Global Security News
How Will The Right CRM System Improve Your Business Today?
How will the right CRM System improve your business today? Read this post to find out how. When you look around the roofing business and see which firms are genuinely nailing it in their regions, you’ll see a few things in common among the most successful contractors. Using a customer relationship management (CRM) system is…
AI, Global Security News
Yes, AI Can Make Mistakes. AI Can Find Them, Too.
Since chatbots hallucinate their own facts, it’s useful (and easy) to have a second, nitpicking AI that can audit the results for errors
AI, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
CISA GitHub Leak Exposes AWS GovCloud Secrets
A public GitHub repository tied to a CISA contractor reportedly exposed sensitive AWS GovCloud credentials, plaintext passwords, and internal deployment files. Researchers said the exposure may have provided privileged access to multiple internal systems and cloud environments before the repository was removed. “Passwords stored in plain text in a csv, backups in git, explicit commands…
AI, china, Global Security News, Government & Policy, malware, Network Security
Microsoft dismantled malware-signing network Fox Tempest
Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…
AI, Global Security News
There’s a New Way to Create Google Docs With Your Voice. Watch Me Try It.
An exclusive look at Docs Live, Google’s new speech-powered AI project manager and writing partner.
AI, china, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management, Venture
Cybersecurity is really boring
Several weeks ago, I got into a debate with a good friend of mine. He started by saying that security is a very exciting space with so many things changing every day. But the longer we talked, the more we started agreeing that when done well, cybersecurity is incredibly boring. In this piece, I am…
AI, APAC, Compliance, Cybersecurity, Europe, Global Security News, Network Security, Risk Management
Westcon-Comstor Launches White-Label OneSOC Service
Westcon-Comstor has launched OneSOC, a vendor-agnostic, white-label security operations service designed to help channel partners offer SOC capabilities under their own brand without upfront investment. The global technology distributor, which specializes in cybersecurity, networking, and hybrid cloud, announced the service on May 19. OneSOC targets partner barriers to SOC delivery OneSOC is available across Europe,…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
Splunk: Downtime Costs Hit $600B as Shadow AI Grows
The average cost of downtime has reached $600 billion across the Global 2000, a 50% increase in just two years, according to a newly published report from Splunk. Produced in partnership with Oxford Economics, Splunk’s “The Hidden Costs of Downtime” report highlights the rising financial impact of cyber incidents, outages, and breaches, including a growing…
AI, Cybersecurity, Global Security News
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. “Users
AI, Global Security News
How Parts Inventory Management Software Fixes Inventory Challenges
Why do maintenance teams struggle? Is it because they lack skills? Or do they need more advanced resources?…
AI, Global Security News
Microsoft plans to improve Windows 11 driver quality in 2026
Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers “sit at the heart of every Windows experience” and connect the OS to the “silicon, components, and peripherals.” […]
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Governing infrastructure as code using pattern-based policy as code
Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow broader access than intended. Required tags might be missing. Encryption might be assumed…
AI, Global Security News, Risk Management
Coming Bright Up: Apple’s AI moment looms
Apple has confirmed this year’s Worldwide Developers Conference (WWDC) will take place June 8-12. The show begins with a keynote speech likely to be Tim Cook’s final public appearance as Apple’s CEO. His successor, John Ternus, will also be in the spotlight, but perhaps not quite as much as Apple’s promised smart Siri successor. Getting AI right is incredibly…
AI, Global Security News
OpenAI’s Legal Victory Comes With A Cost
Plus, a Wall Street-backed cloud-computing effort and rising opposition to AI.
AI, Cybersecurity, Exploits, Global Security News
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.
AI, Cybersecurity, Exploits, Global Security News, Risk Management
GitHub scales back bug bounties, reminds users security is their responsibility too
Faced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The cloud-based code repository platform has seen a sharp increase…
AI, Apps, Global Security News, malware
Mini Shai-Hulud returns, compromising hundreds of npm packages
A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves. Researchers analyzing the payload found a worm that spreads…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware
Microsoft disrupts cybercrime service that abused software verification systems en masse
Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software appear trusted and legitimate for follow-on cyberattacks, including ransomware, the company said Tuesday. The financially-motivated threat group, which Microsoft tracks as Fox Tempest, provided the malware-signing-as-a-service to multiple ransomware groups,…
AI, Exploits, Global Security News
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that…
AI, Global Security News
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. […]
AI, Data Breaches, Global Security News
7-Eleven confirms data breach claimed by the ShinyHunters gang
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. […]
AI, Compliance, Endpoint, Global Security News
PDQ Targets MSP Workflows with Connect Platform Upgrade
Salt Lake City-based IT management firm PDQ announced today a massive upgrade to its PDQ Connect platform tailored specifically for managed service providers (MSPs). PDQ Connect adds multitenant management The update introduces a highly requested multitenant architecture and centralized user management system. Instead of constantly logging in and out of disconnected systems to check on…
AI, Data Breaches, Global Security News
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop sophisticated attacks in their tracks.
AI, Data Security, Endpoint, Global Security News, Network Security, Risk Management
Cato Networks Adds Cyera DSPM Integration to XOps
Cato Networks has integrated Cyera’s Data Security Posture Management capabilities into Cato XOps, giving enterprise security teams more context around sensitive data when detecting, investigating, and responding to threats. The integration, announced May 19, embeds Cyera’s data intelligence into Cato XOps, Cato’s combined XDR and AIOps solution. The companies said the goal is to help…
AI, Global Security News
PureLogs infostealer is stealing credentials worldwide
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure to pressure the victim into opening it quickly: The phishing email carrying…
AI, Global Security News, Network Security
Selector extends AI-driven observability into multi-cloud environments
Selector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By unifying rich telemetry data from cloud, network, and infrastructure into a shared intelligence layer, Selector gives teams a more complete, actionable…
AI, Apps, Global Security News, malware
Internet Explorer may be dead, but its ghost still runs malware
Microsoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Application Host (MSHTA), a built-in Windows utility capable of executing VBScript and JavaScript from local or remote…
AI, Apps, Compliance, Global Security News, privacy, Risk Management
TrustedTech: Executives Drive Shadow AI Risk in Enterprises
TrustedTech has released new research indicating that senior leaders are among the biggest sources of shadow AI risk within organizations, with executives using unapproved AI tools at significantly higher rates than lower-level employees. The Irvine, California-based Microsoft cloud solutions and IT modernization provider said its global and U.S. data points to a growing gap between…
AI, Global Security News, Network Security, Risk Management
GoTo Launches Connect CX Complete and LogMeIn AI Updates
Cloud communications and IT organization GoTo has announced two new products: the launch of a new AI-powered offering called GoTo Connect CX Complete and a series of new features for its LogMeIn Resolve and LogMeIn Rescue solutions. These announcements coincide with the company’s publication of its latest industry research on the IT workplace amid the…
AI, Apps, Global Security News
LaunchDarkly adds real-time controls for AI agents in production
LaunchDarkly has launched AgentControl, a new solution that gives software teams real-time control over AI agents in production. With AgentControl, teams can change how an agent behaves at runtime without redeploying the underlying application. As AI agents move into production, engineering teams need new ways to manage configuration, quality, and runtime behavior. Unlike traditional code,…
AI, Europe, Global Security News
Canonical ships Ubuntu Core 26 with 15 years of security maintenance
Operators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more than a decade. Canonical released Ubuntu Core 26, the latest long-term supported version of its minimal, immutable operating system, with security maintenance lasting up to 15 years. The release…
AI, Global Security News
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. ClickFix gives way to a new delivery method Consistent with earlier SHub versions, Reaper uses a multi-stage execution chain.…
AI, Global Security News
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software
AI, Global Security News, Network Security
Webinar: The hidden bottlenecks in network incident response
IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. […]
AI, Global Security News
Agentic AI Accelerates Software Builds and Mobile App Attacks
Digital.ai data reveals 87% of apps were attacked over the past year
AI, Global Security News, Network Security
Microsoft confirms patching issues in restricted Windows networks
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. […]
AI, Apps, Global Security News
How Apple turned circular manufacturing into a competitive edge
Apple is realizing real business benefits as it builds a circular manufacturing process across the company. Manufactured using recycled materials and renewable energy, the popular new MacBook Neo is a great illustration of this. Apple says the Neo is manufactured using 45% renewable electricity and holds 60% recycled materials by weight. That recycling includes 90% recycled aluminium and 100%…
AI, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026
Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm. For CISOs, that is the real social engineering problem in 2026: attacks are no longer…
AI, Exploits, Global Security News
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC. “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the…
AI, Global Security News
The Art of War, Elon Musk Edition: How to Lose a Lawsuit and Still Claim Victory
Sam Altman’s high-profile courtroom win comes at a cost for the OpenAI CEO.
AI, Exploits, Global Security News, Network Security
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. “These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Risk Management
7 tips for accelerating cyber incident recovery
Despite strong and redundant defenses, enterprises remain vulnerable to a wide range of cyberattacks. And because attacks — and cyber incidents — are inevitable, developing an incident response and recovery process that’s quick, comprehensive, and coordinated is essential. Expediting incident recovery time is critical because the longer an outage persists, the more costs, risk, and business…
AI, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia
Poland shifts away from Signal following cyberattacks on officials’ accounts
Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follows repeated cyberattacks targeting Signal accounts belonging to politicians, military personnel, and public servants. Officials believe the campaigns…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security
Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects
INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a…
AI, Cybersecurity, Global Security News
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2…
AI, Global Security News, Network Security
Babel Street targets AI-driven threats with new agentic investigation capabilities
Babel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the Babel Street Insights platform, Investigator represents a shift from search and AI-assisted queries to analyst-directed,…
AI, Exploits, Global Security News, Risk Management
iProov brings identity verification to video meetings to reduce fraud risks
iProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are increasingly exploiting them through AI-generated deepfake and injection attacks, creating new fraud risks. Verified Meetings…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…
AI, Global Security News
Egnyte unveils Email Capture and AI features to unify fragmented data
Egnyte has announced a new set of capabilities designed to consolidate fragmented knowledge. Email Capture centralizes critical communications and attachments from siloed inboxes into the Egnyte folder structure, assisting users to make more informed data-driven decisions based on their entire knowledge base. Egnyte is also launching a set of AI-driven integrations and capabilities specifically designed…
AI, Apps, Europe, Global Security News, Risk Management
Why ‘open AI’ models are gaining ground on LLMs
While proprietary AI models such as OpenAI’s ChatGPT and Google Gemini remain popular, the tide may be shifting to open models as IT leaders move to customize AI and control costs. Sometimes known as “open-weight models,” the alternatives to large language models (LLMs) can provide decision-makers with better visibility and control over internal AI use,…
AI, Global Security News
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned into phishing messages that appear personal and credible to human recipients. Attack pipeline overview (Source: Research…
AI, Global Security News
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal…