Security vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032, first appeared on the National Vulnerability Database (NVD) on March 30, the same day that threat intelligence companies…
Category: Apps
AI, Apps, Cybersecurity, Data Breaches, Data Security, Funding, Global Security News, Network Security, privacy, Risk Management, Venture
News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security
SUNNYVALE, Calif., Apr. 15, 2026 – NTT Research, Inc., a division of NTT (TYO:9432), today announced the launch of Scale Academy, a startup incubator responsible for bringing to market products and services based upon technologies studied within the labs of NTT Research and NTT R&D. NTT Research also revealed Scale Academy’s first product, SaltGrain, a zero-trust data security suite…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2009-0238 Microsoft Office Remote…
AI, Apps, Global Security News
Broadcom introduces zero-trust runtime for scalable AI agents
Broadcom has announced VMware Tanzu Platform agent foundations, introducing a secure-by-default agentic runtime designed to accelerate the delivery of autonomous AI applications. By extending the trusted code-to-production simplicity of Tanzu Platform to AI agents, Broadcom is enabling enterprise developers to move beyond siloed AI experiments and into scalable, governed production on VMware Cloud Foundation (VCF).…
AI, Apps, Exploits, Global Security News, malware, Risk Management
Mirax malware campaign hits 220K accounts, enables full remote control
Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices…
AI, APAC, Apps, Cybersecurity, Global Security News
Report: AI Shifts IT Roles as Demands and Complexity Rise
SolarWinds recently released its 2026 IT Trends Report: The Human Side of Autonomous IT, examining how AI is reshaping IT roles. Instead of simply managing systems, IT teams are now expected to interpret AI-driven insights, design automated workflows, and govern increasingly autonomous environments. The shift is creating a paradox: while AI reduces manual effort, it…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management
7 biggest healthcare security threats
Cyberattacks targeting the healthcare sector have surged since the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. Recent rising of ransomware attacks on healthcare, in…
AI, Apps, Global Security News, Risk Management
Curity looks to reinvent IAM with runtime authorization for AI agents
In 2026, enterprise developers are building and deploying the first generation of powerful, increasingly autonomous AI agents at incredible speed. Now comes the hard part: working out how to secure them. Vendors in the space are facing multiple challenges. To begin with, traditional identity and access management (IAM) tools were never designed to secure anything…
AI, Apps, Global Security News, Risk Management
Curity looks to reinvent IAM with runtime authorization for AI agents
In 2026, enterprise developers are building and deploying the first generation of powerful, increasingly autonomous AI agents at incredible speed. Now comes the hard part: working out how to secure them. Vendors in the space are facing multiple challenges. To begin with, traditional identity and access management (IAM) tools were never designed to secure anything…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather…
AI, Apps, Compliance, Endpoint, Global Security News, Network Security, Risk Management
Secure AI agent access patterns to AWS resources using Model Context Protocol
AI agents and coding assistants interact with AWS resources through the Model Context Protocol (MCP). Unlike traditional applications with deterministic code paths, agents reason dynamically, choosing different tools or accessing different data depending on context. You must assume an agent can do anything within its granted entitlements, whether OAuth scopes, API keys, or AWS Identity…
AI, Apps, Cybersecurity, Global Security News
How to Remove Wave Browser (User Complaints, Safety Check & Fix Guide)
Learn how to remove Wave Browser and address issues some users have reported in this guide. Some users have reported unexpected behavior after installing Wave Browser, such as changes to browser settings or increased ads. While Wave Browser is a legitimate application, it has been classified by some users and security tools as a potentially…
AI, Apps, Cybersecurity, Global Security News, Network Security, Venture
AI might be killing traditional SIEMs, but data advantage is as strong as ever
Over 3 years ago, I talked about the concept of data gravity – the idea that as more and more data gets centralized in a single place, it gives a huge advantage to companies that collect this data. That idea made a lot of sense back then, in January 2023, some 2 months after the…
AI, Apps, Global Security News
OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support
OpenSSL 4.0.0 removes several long-deprecated features, adds support for Encrypted Client Hello, and introduces API-level changes that will require code updates for applications built against older versions. SSLv3, SSLv2 client hello, and engines are gone SSLv3 support has been removed. The protocol was deprecated in 2015, and OpenSSL had it disabled by default since version…
AI, Apps, Global Security News
Facebook and Instagram Tighten Censorship Rules for Saying “Antifa”
Facebook and Instagram parent company Meta changed its speech rules to add new restrictions around posts including the word “antifa,” according to documents reviewed by The Intercept. This spring, Meta quietly revised its Community Standards policy, an internal company document dictating what its billions of global users can and cannot say online. The latest tweaks…
AI, Apps, Exploits, Global Security News
Oligo enables real-time exploit detection and blocking at application runtime
Oligo Security has unveiled Runtime Exploit Blocking, a new capability that stops exploit attempts at the application layer in real time. By providing visibility into how applications execute and behave, Oligo identifies and blocks malicious activity at the point of execution, without killing containers or processes, or impacting the application. Attackers rely on repeatable exploit…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it. This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The…
AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags
For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month brought the shift into focus. Google Quantum AI published research suggesting the computing resources needed to break…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-34621 Adobe Acrobat…
AI, APAC, Apps, Global Security News, Risk Management
Nvidia’s Stephen Jones on the toolkit powering GPUs: ‘A wild ride’
Nvidia CEO Jensen Huang often shares the story of hand-delivering an AI supercomputer to OpenAI in 2016, back before it was the hotshot company it’s become in recent years. A key ingredient in the box was Nvidia’s CUDA toolkit, which helped turn OpenAI’s experiments into a foundation for modern AI applications. Huang credits the software…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: April 14, 2026
Cyber Security Engineer/Application Security Specialist Tecnots | India | On-site – View job details As a Cyber Security Engineer/Application Security Specialist, you will integrate security into the SDLC, perform application security reviews, and support secure APIs, authentication, and data protection. You will embed security into CI/CD pipelines using SAST and DAST, enforce secure coding practices,…
AI, Apps, Cloud Security, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Anthropic’s Mythos signals a structural cybersecurity shift
Over the past week, reaction to Anthropic’s Glasswing disclosure has split along familiar lines. At one end: alarm over an AI system capable of autonomously identifying and exploiting vulnerabilities. At the other: dismissive hot takes, arguing there is nothing new here. A more grounded view comes from a new briefing by the Cloud Security Alliance…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos
A joint report from the Cloud Security Alliance (CSA), the SANS Institute and the Open Worldwide Application Security Project (OWASP) concludes that in the near term, organizations are “likely to be overwhelmed” by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them. While those organizations can use AI tools…
AI, Apps, Global Security News, malware
OpenAI’s Mac apps needs an update thanks to the Axios hack
OpenAI updated its security certificates and is requiring all macOS users to update to the latest versions after determining its products, along with many others, were impacted by a widespread supply-chain attack that briefly infected a popular open-source library in late March, the company said in a blog post Friday. The artificial intelligence vendor said…
AI, Apps, Global Security News, Network Security, Risk Management
Cisco Targets AI Trust with Galileo Deal
If the original Galileo spent his time figuring out how things move and fall, Cisco is now tackling a version of that problem in AI, trying to understand how these systems behave once set loose. The company announced plans to acquire Galileo Technologies, an AI observability startup focused on helping enterprises monitor and evaluate how…
AI, Apps, Global Security News, Risk Management
Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the “EncystPHP” web shell. Fortinet wrote about…
AI, Apps, Compliance, Global Security News, malware, Network Security, privacy, Risk Management
Aura Business Debuts BYOD Security Solution for MSPs
AI-powered online safety platform Aura has introduced a new business security solution to help shrink the unmanaged device gap that exists in today’s security stacks. The new identity-centric bring your own device solution built for MSPs Aura Business for MSPs is a new identity-centric BYOD security solution designed to protect businesses and employees. It allows…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours after its public disclosure, according to the Sysdig Threat Research Team. The vulnerability, tracked as CVE-2026-39987 with a severity score of 9.3 out of 10, affects…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security
Seven IBM WebSphere Liberty flaws can be chained into full takeover
Security researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by a newly discovered pre-authentication issue in the platform’s SAML…
AI, Apps, Global Security News
How to build your own AI agents with Google Workspace Studio
The great hope for AI agents is that they will automate many of the repetitive tasks office workers perform, such as writing and emailing weekly project updates. These tools combine rules-based automation with generative AI models to perform a series of tasks that make up a workflow. In this vein, Google late last year announced…
Apps, Exploits, Global Security News
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerability – a type of vulnerability that occurs in JavaScript and allows attackers to add or modify an application’s JavaScript objects and properties.…
AI, Apps, Exploits, Global Security News
Adobe Summit 2026: How Adobe hopes to redesign marketing and creativity with AI
Adobe Summit serves as a platform for Adobe to introduce new services, capabilities, and enhancements to its portfolio of creative and marketing software and services. The 2026 edition kicks off live in Las Vegas on April 20, with a virtual event running alongside it. The company has long been a name to watch as a…
AI, Apps, Global Security News
AI Memory Shortage Disrupts MSP Pricing and Channel Deals
The global memory shortage is no longer just about finding chips; it’s about finding partners you can trust. What began as a straightforward supply-and-demand crunch has morphed into something messier for managed service providers and IT resellers. Vendors are rewriting the rules of engagement mid-game, eliminating long-standing partner protections and reserving the right to change…
AI, Apps, Global Security News
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security
Marimo RCE Flaw Exploited Within Hours of Disclosure
A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks. Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems. “Within 9 hours and 41 minutes of the vulnerability advisory’s publication,…
AI, Apps, Exploits, Global Security News, Risk Management
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems,…
Apps, Global Security News
Check Point Software Technologies Expands Australian Presence with Western Australia Check Point Workspace Security SASE Data Residency Instance
COMPANY NEWS: New Point of Presence Enhances Web application and API protection with low latency and delivers Industry-Leading Threat Prevention and Cloud-Ready Security Architecture
AI, Apps, Global Security News
Hitachi Vantara Named a Leader in 2026 GigaOm Radar for Object Storage for Strength in Storage Optimisation and Enterprise Scalability
COMPANY NEWS: Recognition highlights Virtual Storage Platform One Object’s role in helping organisations manage, protect and activate unstructured data for AI, analytics and modern applications
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic’s Project Glasswing Signals Potential AI-Driven Shift in Cybersecurity
Anthropic’s Project Glasswing highlights how advanced AI models may rival top human experts in finding and exploiting software vulnerabilities. Early claims from the company suggest these models, like Claude Mythos Preview, can operate at large scale and find vulnerabilities faster. However, security leaders share mixed views on the claims. “Mythos appears to materially change the…
AI, Apps, china, Cybersecurity, Global Security News, Government & Policy, Network Security, Russia
Commerce setting up new AI export regime to push adoption of ‘American AI’ abroad
The Department of Commerce is putting together a catalog of AI tools that will be given special export status by the federal government to be sold abroad. The department issued a call for proposals to participating companies in the Federal Register, looking to create a “menu of priority AI export packages that the U.S. Government…
AI, Apps, Compliance, Europe, Global Security News
Survey: Governance Gaps Threaten MSP AI Revenue Opportunity
For managed service providers, AI represents a $276 billion opportunity. The problem? More than half of them can’t get their customers ready for it. That’s the headline finding from new research published this week by AvePoint and analyst firm Omdia, which surveyed 333 MSPs across North America, Europe, and Asia-Pacific on what’s actually blocking AI…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Bringing Rust to the Pixel Baseband
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is…
AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape in 2026
Major Threats & Vulnerabilities Zero-Day and Critical Exploits A new zero-day vulnerability in Adobe Acrobat Reader is being actively exploited through malicious PDFs. Attackers can steal data and compromise systems, with no patch currently available. Security teams are urged to block untrusted PDFs, disable JavaScript, and use sandboxing with outbound traffic monitoring. The Fortinet EMS…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Meta moves fast toward a world where AI builds the software
Meta Platforms is reportedly pulling top software engineers from across the company into a newly created AI unit on a mandatory basis, with the stated goal of eventually having autonomous agents perform the bulk of the work of building, testing, and shipping its products, and human engineers serving only to monitor them. The development was…
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
AI, Apps, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
CMMC compliance in the age of AI
Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) is handled, why specific safeguards were selected and whether those safeguards operate consistently under scrutiny from assessors,…
AI, Apps, Exploits, Global Security News, Risk Management
EngageLab SDK flaw opens door to private data on 50M Android devices
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…
AI, Apps, china, Europe, Global Security News
Google’s new AI app is a glimpse of the future
I don’t know about you, but I spend a lot of time offline. And not by choice. That’s why I love new tools that work offline like the great one Google just launched. I know, I’m an outlier. As a full-time digital nomad who travels constantly, I have unusual connectivity problems. Right now, I’m living…
AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy
Why is the timeline to quantum-proof everything constantly shrinking?
When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
$3.6 Million Crypto Heist Targets Bitcoin Depot
Attackers have stolen more than $3.6 million in Bitcoin from crypto ATM operator Bitcoin Depot after breaching its internal systems. The incident, disclosed in a recent regulatory filing, shows how quickly attackers can monetize access once inside corporate environments. The “unauthorized actor transferred approximately 50.903 Bitcoin from Company-controlled wallets, valued at approximately $3.665 million as…
AI, Apps, Endpoint, Global Security News, malware, privacy
Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Russia
Adobe Acrobat Reader Zero Day Exploited in Active PDF Attacks
Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader for months, using malicious PDF files to silently steal data and potentially take over victim systems. Active since at least Dec. 2025, the campaign highlights how a seemingly routine document can serve as an effective entry point for system compromise. This exploit “allows the…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
GrafanaGhost Flaw Allows Silent Data Exfiltration
A vulnerability called GrafanaGhost allows attackers to quietly extract sensitive data from Grafana environments without user interaction or traditional compromise techniques. Discovered by researchers at Noma Security, the flaw highlights how AI-driven features can introduce new, difficult-to-detect attack paths in widely used platforms. “Across ForcedLeak, GeminiJack, DockerDash, and now GrafanaGhost, we keep seeing the same…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Don’t just fight fraud, hunt it
Our nation has entered a new fraud arms race fueled by AI. With billions of dollars in fraud losses mounting in both the private and public sectors, it’s clear the old ways of deterring fraud aren’t working. That’s why we need a new playbook that starts with understanding how fraudsters operate, evolving our defenses, and…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Patch windows collapse as time-to-exploit accelerates
The gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report, confirmed exploitation of newly disclosed high- and critical-severity vulnerabilities (CVSS 7-10) increased 105% year to 146 in 2025, up from 71 in 2024. Moreover, the median time from vulnerability publication…
AI, Apps, Global Security News
The top priority for Adobe’s next CEO? Prepping for the ‘age of agents’
Adobe’s Shantanu Narayen announced plans to step down as CEO last month after 18 years leading software vendor through several periods of tech change from the arrival of the cloud, mobile computing, and the early days of artificial intelligence. For whomever is tapped next for the top job — the search is expected to…
AI, Apps, Cybersecurity, Global Security News, Risk Management
A framework for securely collecting forensic artifacts into S3 buckets
When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and validate remediation efforts. NIST 800-86, Guide to Integrating Forensic Techniques into Incident Response, defines digital forensics as a process comprised of four basic phases: collection, examination, analysis, and reporting. This blog post focuses…
AI, APAC, Apps, Cybersecurity, Europe, Global Security News, Government & Policy, Network Security, Risk Management
Arelion employs NETSCOUT Arbor DDoS protection products
Arelion operates the world’s best-connected IP fiber backbone, providing high-capacity transit services to a variety of the globe’s leading ISPs as well as many large enterprises. They provide an award-winning customer experience to clients in 129 countries worldwide, and their global Internet services connect more than 700 cloud, security, and content providers with low-latency transit.…
AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware
Hack-for-hire spyware campaign targets journalists in Middle East, North Africa
An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday. The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Iranian Threat Actors Target U.S. Critical Infrastructure
A new federal cybersecurity alert is raising alarms across critical infrastructure sectors, as Iranian-affiliated threat actors actively target programmable logic controllers (PLCs) in the United States. The campaign, confirmed by multiple federal agencies, has already caused operational disruptions and financial losses — marking a notable escalation in cyber activity against industrial environments. “The most notable…
AI, APAC, Apps, Global Security News
Nutanix Announces Partnerships With NetApp, MongoDB
Hybrid multicloud computing organization Nutanix has announced strategic collaborations with both NetApp, an intelligent infrastructure company, and MongoDB, a document database. Nutanix and MongoDB’s New Certified Integration The partnership between Nutanix and MongoDB will integrate the Nutanix Database Service (NDB) platform with MongoDB Ops Manager, combining infrastructure automation with database management to simplify MongoDB operations…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
API Security Risks Rise as AI Adoption Accelerates
As organizations deploy autonomous agents and generative AI tools at scale, APIs have become a backbone of modern operations — introducing a growing attack surface. Enterprises are rapidly embracing AI and API-driven architectures, but a new report from Salt Security reveals that security is struggling to keep up. “The future of AI will not be…
AI, Apps, Exploits, Global Security News, Network Security
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-in connector for an application’s AI agent to talk to…
Apps, Global Security News
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
AI, APAC, Apps, Global Security News, Network Security, Risk Management
LLM-generated passwords are indefensible. Your codebase may already prove it
Two independent research programs, one from AI security firm Irregular, one from Kaspersky, have now converged on the same conclusion: Every frontier LLM generates structurally predictable passwords that standard entropy meters catastrophically overrate. AI coding agents are autonomously embedding those credentials in production infrastructure, and conventional secret scanners have no mechanism to detect them. As…
AI, APAC, Apps, Global Security News, Network Security, Risk Management
LLM-generated passwords are indefensible. Your codebase may already prove it
Two independent research programs, one from AI security firm Irregular, one from Kaspersky, have now converged on the same conclusion: Every frontier LLM generates structurally predictable passwords that standard entropy meters catastrophically overrate. AI coding agents are autonomously embedding those credentials in production infrastructure, and conventional secret scanners have no mechanism to detect them. As…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The zero-day timeline just collapsed. Here’s what security leaders do next
A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The zero-day timeline just collapsed. Here’s what security leaders do next
A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…
AI, Apps, Compliance, Exploits, Global Security News, Risk Management
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
Microsoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security Project’s (OWASP) emerging focus on AI and LLM security risks, adds a runtime security…
AI, Apps, Compliance, Exploits, Global Security News, Risk Management
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
Microsoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security Project’s (OWASP) emerging focus on AI and LLM security risks, adds a runtime security…
Apps, Global Security News
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078. File system exposure Two additional fixes address file system exposure on the host. CVE-2026-34079 prevents…
AI, Apps, Compliance, Cybersecurity, Global Security News
Cybersecurity jobs available right now: April 8, 2026
Application Security Engineer Liebherr Group | Germany | On-site – View job details As an Application Security Engineer, you will implement security testing tools such as SAST, DAST, and IAST, perform vulnerability assessments and penetration testing, and collaborate with developers to remediate issues and enforce secure coding practices. You will automate security testing in CI/CD…
AI, Apps, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation…
AI, APAC, Apps, Data Security, Europe, Global Security News, Government & Policy, Network Security
Nutanix Expands Cloud Platform, Integration Partnerships
At the Nutanix .NEXT 2026 conference, the hybrid multicloud computing organization announced enhancements to its cloud platform, expanded its infrastructure ecosystem, and strengthened partner support. Nutanix cloud updates include agentic AI-focused infrastructure Nutanix has announced the expansion of customer choice and control for Enterprise AI, with new capabilities for Agentic AI infrastructure that will enable…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
5 practical steps to strengthen attack resilience with attack surface management
Every asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than most security teams can track manually. Attack surface management (ASM) helps answer a critical question for IT security teams: What can…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
5 steps to strengthen supply chain security and improve cyber resilience
Supply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door. For organizations managing distributed environments, and for MSPs supporting dozens or hundreds…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
5 ways to strengthen identity security and improve attack resilience
Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…
AI, Apps, Cybersecurity, Endpoint, Global Security News
Why 24/7 Threat Monitoring Has Become Essential for Modern Businesses
GUEST OPINION – Cybersecurity used to be treated like a perimeter problem. Put up a firewall, install antivirus, enforce a few password rules, and hope that was enough. That approach no longer works. Today’s attacks do not wait for business hours. They move quietly through cloud platforms, endpoints, email, collaboration tools, and third-party applications. In…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Building AI defenses at scale: Before the threats emerge
At AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. Every day, our security and threat intelligence teams are doing work with AI and automation that most people never see. Our AI-powered log analysis system has reduced the time SecOps engineers…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools
A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users. Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…
AI, Apps, Global Security News
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Security researchers at Noma Security have disclosed a new vulnerability they are calling GrafanaGhost, an exploit capable of silently stealing sensitive data from Grafana environments by chaining multiple security bypasses, including a method that circumvents the platform’s AI model guardrails without requiring any user interaction. Grafana is widely deployed across enterprise organizations as a central…
AI, APAC, Apps, Global Security News, Risk Management
Opkey Report: Cloud Complexity Strains Enterprise IT
Enterprises are struggling to keep up with the growing complexity of cloud environments, according to a new report from Opkey. The 2026 State of ERP Testing and Cloud Application Lifecycle Management report highlights a widening gap between the pace of innovation and the operational capacity needed to support it—forcing enterprise leaders to rethink how they…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems. Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Zero‑click Grafana AI attack can enable enterprise data exfiltration
Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from Grafana environments, including financial metrics, infrastructure health data, private customer data, and operational logs, among others. Noma Security disclosed…
AI, Apps, Global Security News, Government & Policy, Network Security, Risk Management
Nvidia’s SchedMD acquisition puts open-source AI scheduling under scrutiny
Nvidia’s recent acquisition of SchedMD, the company behind the Slurm workload manager, is raising concerns among AI industry executives and supercomputing specialists who fear the chip giant could use its new position to favour its own hardware over competing chips, whether through code prioritization or roadmap decisions. The concern, as industry sources frame it, is…
AI, Apps, Global Security News, Risk Management
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These “dark
AI, Apps, Funding, Global Security News, Risk Management
Azul Report: Cloud Costs Rise as AI Strains Budgets
The AI revolution has a massive, uninvited guest at the table: a skyrocketing cloud bill that 88% of CFOs say is only getting bigger. A new report released today by Azul reveals a growing “financial tension” inside the C-suite. Finance leaders are desperate to pour money into AI, but they are finding that the very…
AI, Apps, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense
As if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week — agentic AI dominated the agenda — but the stress was visible at the ground level if you…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild
For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server. The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild
For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server. The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Risk Management
Supply chain security is now a board-level issue: Here’s what CSOs need to know
For many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing regulatory landscape has been a key driver of the C-suite’s focus, as legislation such as…
AI, Apps, Global Security News
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through February 5, 2027. Applications close May 3, with successful applicants notified by July 25. The fellowship…
Apps, Cybersecurity, Global Security News
How To Choose The Right Low Code Platform For Your Business Needs
Learn how to choose the right low code platform for your business needs. In today’s fast-paced business world, agility is the key to success. Low code development platforms have emerged as a valuable tool for organizations to develop and deploy business applications with minimal coding quickly. With the right platform, businesses can improve their productivity,…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Funding, Global Security News, Government & Policy, Network Security, Risk Management
2027 POTUS Budget Proposal Targets CISA With Funding Cuts
A federal budget proposal is putting one of the nation’s top cybersecurity agencies on the chopping block, raising alarms about the U.S. government’s readiness to defend against escalating digital threats. The administration’s fiscal 2027 budget blueprint would reduce funding for the Cybersecurity and Infrastructure Security Agency (CISA), continuing a trend of cuts that could reshape…
AI, Apps, Global Security News
GigaOm Names Check Point Software a Leader and Fast Mover in Application and API Security
Check Point WAF recognised for industry‑leading detection and a unified platform that protects modern web and AI‑driven applications with simplicity and speed
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation
Fortinet disclosed a critical FortiClient EMS vulnerability that is already being exploited in the wild. The flaw could allow unauthenticated attackers to bypass API protections and execute unauthorized code or commands on exposed systems. “This is a zero-day. While there is no full patch, we have to give credit where credit is due: Fortinet has…
AI, Apps, Exploits, Global Security News, malware, Network Security
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
DPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut (.LNK) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fortinet findings, a series of attacks that began in 2024 were found using a multi-stage scripting process and…
AI, Apps, Global Security News, Network Security
8 ways to be more productive in Windows 11
You’ve probably spent a lot of time through the years gathering productivity tips for your favorite applications — after all, that’s where you get most of your work done. If you’re like most people, though, you’ve managed to find your way around Windows 11 but figured there’s not much you can do to improve your productivity in…