This guide is designed for security professionals and IT teams looking to identify and remediate risks, covering the top open-source vulnerability scanners available today and how to use them effectively. Open-source vulnerability scanners offer a cost-effective way to identify security weaknesses before attackers can exploit them. Backed by transparent codebases and active security communities, these…
Category: Apps
AI, Apps, Global Security News
Microsoft’s Copilot is Becoming an AI Coworker
Microsoft is pushing its workplace AI strategy further into execution mode, unveiling a new capability called Copilot Cowork alongside broader updates to its enterprise AI stack, signaling the company’s next phase in the race to turn AI assistants into active digital workers. The announcements are part of Wave 3 of Microsoft 365 Copilot, a major…
AI, Apps, Data Security, Global Security News, Risk Management
Druva Adds Identity Resilience for Okta, AD, and Entra ID
Druva, a data security company, has announced that Druva Identity Resilience now supports Okta and Microsoft Active Directory, in addition to Microsoft Entra ID. Druva Identity Resilience delivers unified protection, cyber recovery, and threat detection and response within a SaaS platform, bringing disparate identity providers together so security and IT teams can restore trusted access…
AI, Apps, Global Security News
Commvault Launches Commvault Cloud in New Zealand to Advance Data Sovereignty and Cyber Resilience
Expanded availability of Commvault Cloud in New Zealand also helps customers in-region meet high availability and latency sensitive application requirements
AI, Apps, Global Security News, Network Security
IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
Yesterday, in my diary about the scans for “/proxy/” URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC 4038. These addresses are one of the many transition mechanisms used to retain some backward compatibility as IPv6 is deployed. Many modern applications use IPv6-only networking…
AI, Apps, Global Security News
Veritone secures AI data with automated PII removal
Veritone deploys Veritone Redact with Veritone Data Refinery (VDR) to remove personally identifiable information (PII) and sensitive data before processing, enabling AI-ready data while protecting intellectual property (IP) and data owner rights. As the scale and stakes for AI deployments and applications put pressure on enterprises and hyperscalers alike to ensure AI training data is…
AI, Apps, Cybersecurity, Data Breaches, Data Security, Endpoint, Global Security News, Government & Policy, Risk Management
It’s time to get serious about post-quantum security. Here’s where to start.
After decades of development, quantum computing is now becoming increasingly available for advanced scientific and commercial use. The potential marvels range from accelerating drug discovery and materials science, to optimizing complex logistics and financial modeling. But there’s a paradox to this trend: Quantum computing also poses a growing threat to data security. The risk is…
AI, Apps, Global Security News
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. “Initial access was achieved through a spear-phishing…
AI, Apps, Exploits, Global Security News, malware
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
AI, Apps, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
Runtime: The new frontier of AI agent security
AI agents are already operating inside enterprise networks, quietly doing some of the work employees once handled themselves — writing code, drafting emails, retrieving files, and connecting to internal systems. Sometimes they also make costly mistakes. At Meta, an employee asked an AI assistant to help manage her inbox. It deleted it instead. At Amazon,…
AI, Apps, Cybersecurity, Exploits, Global Security News
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: March 17, 2026
Application Security DevSecOps Specialist NTT DATA | Italy | On-site – View job details As an Application Security DevSecOps Specialist, you will integrate security into CI/CD pipelines using tools such as SAST, DAST, SCA, secret scanning, and container scanning to ensure secure software delivery. You will conduct code security reviews, triage findings, and collaborate with…
AI, Apps, Data Security, Global Security News
Dell: Cut AI cloud costs with data-center class desktops
Why rely on a data center when you can run full-fledged AI models — typically found in the cloud — on your desktop? That’s the argument Dell is making with its new PCs, one of which has a data-center class GPU and can run AI models with a trillion parameters. Dell’s Pro Max GB300 desktop…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
AI Email Summaries Create a New Phishing Attack Surface
Artificial intelligence (AI) assistants are rapidly becoming a core part of workplace productivity, but new research suggests they may also introduce a previously overlooked phishing vector. Permiso researchers found that attacker-controlled text embedded in emails can manipulate Microsoft Copilot summaries through cross prompt injection attacks (XPIA), potentially inserting deceptive security alerts or malicious prompts into…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP…
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Risk Management
ArmorPoint and Dynascale Partner on Cloud Infrastructure
ArmorPoint, a provider of managed cybersecurity solutions, has announced a partnership with Dynascale Technologies, a provider of private and hybrid cloud and AI-ready infrastructure. Dynascale embeds ArmorPoint SOC and SIEM into managed infrastructure offering The partnership will enable Dynascale to embed ArmorPoint’s 24/7 managed SOC and SIEM capabilities directly into its fully managed cloud infrastructure. …
AI, APAC, Apps, Global Security News
Vultr Adopts NVIDIA Rubin Platform Along with Dynamo & Nemotron
Cloud infrastructure company Vultr is delivering an optimized inference stack on the NVIDIA Rubin platform and adopting NVIDIA Dynamo and NVIDIA Nemotron. NVIDIA and Vultr continue a long-standing partnership These moves represent a milestone in NVIDIA and Vultr’s long-standing collaboration, providing tokenomics to support enterprises with ready-to-deploy composable cloud infrastructure that leverages NVIDIA-optimized open-source model…
AI, Apps, Global Security News
F5 strengthens its Application Delivery and Security Platform to simplify operations and accelerate secure AI adoption
New platform enhancements—including F5 Insight for ADSP—offer unified observability and proactive intelligence for modern IT environments
AI, Apps, Exploits, Global Security News
/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like “/proxy/” are used. This weekend, I noticed a slightly…
AI, Apps, Compliance, Global Security News
Nutanix Unveils Nutanix Agentic AI, Full Stack Software Solution to Unlock the Potential of Enterprise AI Factories
COMPANY NEWS: Designed to deliver performance, compliance, and security for Agentic AI applications and help minimise aggregate token costs Empowers enterprise infrastructure and platform teams to simply build, scale, and operate AI factories Enables developer teams with a rich set of AI PaaS services integrated with NVIDIA AI Enterprise to accelerate deployment of Agentic AI…
AI, Apps, Exploits, Global Security News, Risk Management
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
Security researchers at Qualys have disclosed nine vulnerabilities in AppArmor, the Linux Security Module that ships enabled by default across Ubuntu, Debian, and SUSE distributions. An unprivileged local attacker can exploit the flaws to gain full root access, break out of container isolation, and crash systems, all without requiring administrative credentials, the researchers said in…
AI, Apps, Global Security News, malware, privacy, Risk Management
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks apps without accessibility functions from accessing the Accessibility API. The change, first reported by Android Authority and included in Android 17 Beta…
AI, Apps, Exploits, Global Security News, Risk Management
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…
AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Risk Management
When insider risk is a wellbeing issue, not just a disciplinary one
Written by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
AI, Apps, Global Security News
Maxon and Tencent Cloud Partner to push 3D boundaries with Artist First Generative AI
At Mobile World Congress (MWC) 2026, Tencent Cloud, the cloud business of global technology company Tencent, announced its partnership with Maxon, a leading provider of professional software solutions for 3D design, motion graphics, and visual effects, among other creative applications. This partnership introduces powerful generative AI capabilities designed to augment the creative process, putting the artist…
AI, Apps, Global Security News
F5 advances enterprise application security for the AI and post-quantum era
New security innovations in the F5 Application Delivery and Security Platform unify AI-driven protection, zero trust access, and post-quantum readiness across hybrid multicloud environments
AI, Apps, Compliance, Global Security News, Government & Policy, Network Security, Risk Management
MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves
I ran an experiment this week that I did not expect to be instructive, and it was. Related: How ChatGPT is becoming Microsoft Office The setup was simple. I had been working through a spontaneous personal essay — about cognitive overload, AI, and the specific anxiety of not knowing whether a memory lapse is a…
AI, Apps, Compliance, Endpoint, Global Security News, Network Security
Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center
If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions with multi-Region replication. Previously, AWS access portal was only available in one Region, when you add an additional Region, users get an active access portal endpoint there. If the primary Region experiences a…
Apps, Global Security News
Microsoft: Windows 11 users can’t access C: drive on some Samsung PCs
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C: drive and are unable to launch applications. […]
AI, APAC, Apps, Exploits, Global Security News, Network Security, Risk Management
For March, Patch Tuesday delivers fixes for 83 vulnerabilities
The team at Readiness each month analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The March release addresses 83 vulnerabilities across Windows, Office, SQL Server, Azure, and .NET — a moderate volume with two publicly disclosed zero-days affecting SQL Server and .NET (though neither is being actively exploited in…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
AiLock Ransomware Claims England Hockey Data Breach
England Hockey is investigating a potential cyberattack after a ransomware group claimed to have stolen sensitive data from its systems and threatened to publish it online. The AiLock ransomware gang recently listed the organization on its public data leak site, claiming to have exfiltrated large volumes of internal data as part of the attack. “We…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Starbucks HR Portal Breach Exposes Employee Information
Starbucks has disclosed a data breach affecting hundreds of employees after attackers accessed internal HR accounts through phishing websites impersonating the company’s employee portal. This incident exposed sensitive personal and financial information, raising concerns about potential identity theft and fraud. “The investigation has determined that an unauthorized third party accessed certain Starbucks Partner Central accounts…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google has released updates to patch two high-severity zero-day vulnerabilities in the Chrome browser that are already being exploited in the wild.. The flaws affect critical components responsible for rendering web content and executing JavaScript, potentially allowing attackers to crash the browser or execute malicious code on vulnerable systems. One of the vulnerabilities, CVE-2026-3909, allows…
AI, Apps, Global Security News
Yes, you can run Windows on a MacBook Neo
Remember the good old days of 2020 when Apple’s then-new M1 Macs were setting fresh records for Mac performance? You might also recall when those same Macs were described as being the fastest PCs to run Windows when using the Parallels virtualization software. If you recall that, and if light use of legacy Windows utilities or tools is…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
OT Security: The New Attack Surface of AI-Powered Robots
Humanoid robots are arriving with enterprise-friendly components — Wi-Fi, cameras, onboard compute, and over-the-air software updates — but they behave less like traditional IT devices and more like operational technology (OT) systems. They interact with the physical world, operate under strict latency constraints, and can cause real harm if something goes wrong. That convergence is…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Hack the AI Brain: LangSmith Vulnerability Could Expose Sensitive AI Data
A vulnerability in LangSmith, a widely used AI observability platform, could have allowed attackers to hijack user accounts and access sensitive enterprise data flowing through large language model (LLM) systems. Researchers at Miggo Security discovered the flaw, which could allow token theft and account takeover if a logged-in user visited a malicious webpage. The vulnerability…
AI, Apps, Europe, Exploits, Global Security News, malware, Network Security, Risk Management
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by the AVrecon botnet. Active since 2020, the service hijacked roughly 360,000 devices and allowed cybercriminals…
AI, Apps, Cybersecurity, Global Security News, Network Security
AWS Leader on Cloud Lessons and AI’s Next Wave
Twenty years after Amazon Web Services began reshaping enterprise infrastructure, the company’s partner ecosystem is entering another major transition—this time driven by artificial intelligence. In an interview with Channel Insider, Brian Bohan, director and global lead of the AWS Consulting Center of Excellence, discussed how lessons from the early cloud era are shaping AWS’s approach…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
AI Risks, Critical Vulnerabilities, and Data Breaches Define This Week in Cybersecurity
Major Threats & Vulnerabilities Critical Software and Platform Flaws A SQL injection flaw in Elementor’s Ally accessibility plugin exposed over 400,000 WordPress sites to potential data theft. The vulnerability stemmed from improper input sanitization, allowing attackers to extract sensitive database information. Administrators should update immediately to the patched version. Microsoft’s March Patch Tuesday addressed a…
AI, Apps, Cybersecurity, Global Security News
The Future of Custom Software Development in a Security-First World
In this post, I will talk about the future of custom software development in a security-first world. Digital transformation has accelerated at an unprecedented pace over the past decade. Organizations across industries now rely on software platforms to manage operations, deliver customer experiences, and power business innovation. From cloud-native applications and AI-driven systems to connected…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks before victims suspect anything is wrong. The group pushes spoofed websites to the top of results for queries such as “Pulse VPN download” or “Pulse Secure client,” redirecting users…
AI, Apps, Global Security News, Russia
A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using React and used a legitimate e-mail service for credential collection. But before…
AI, Apps, Global Security News, Government & Policy, Risk Management, Russia
How AI is changing your mind
Humanity is diving headlong into a global experiment. More than 1 billion people have a new and unprecedented source of information and cognitive guidance: artificial intelligence (AI) trained on trillions of words. So, how exactly are AI chatbots affecting our minds, thoughts, beliefs and opinions? Scientists are scrambling to find out — and reports that…
AI, Apps, Global Security News
AI coding agents keep repeating decade-old security mistakes
Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities at a high rate across nearly every type of application they build. “AI coding agents can produce working software at incredible speed, but security isn’t part of their default thinking,”…
AI, Apps, Global Security News
China’s ByteDance Gets Access to Top Nvidia AI Chips
TikTok’s parent company has global ambitions to compete with companies such as Google and OpenAI by offering a range of AI applications for everyday users.
AI, Apps, Cybersecurity, Global Security News, malware
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a pro-Iranian hacking group may have compromised the company’s Microsoft Intune management system. Details remain sketchy, but what appears to have happened on Wednesday at one of the world’s largest medical supplies companies could, if confirmed,…
AI, Apps, Compliance, Data Breaches, Data Security, Global Security News, Network Security, privacy, Risk Management
AI Agent Safety Checklist
As organizations rapidly adopt AI agents to automate workflows, summarize data, and assist decision-making, security and governance teams face a new challenge: how to deploy AI safely without introducing unmanaged risk. Unlike traditional SaaS tools, AI agents can interpret, generate, and act on data dynamically — often across multiple systems. That makes oversight, scope control,…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS
As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Active Directory Flaw Enables SYSTEM Privilege Escalation
A vulnerability in Microsoft’s Active Directory Domain Services could allow attackers to escalate privileges and potentially take full control of affected systems. “Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the Active Directory…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw
A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from vulnerable websites without logging in. The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide This vulnerability “… can be leveraged to extract sensitive data from the database, such…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
CVE-2026-21262: SQL Server Zero-Day Fixed in Microsoft’s March Patch Tuesday Release
The beginning of 2026 has brought a wave of zero-day vulnerabilities affecting Microsoft products, including the actively exploited Windows Desktop Window Manager flaw (CVE-2026-20805), the Microsoft Office zero-day (CVE-2026-21509) that prompted an out-of-band fix, and the Windows Notepad RCE bug (CVE-2026-20841). Microsoft’s March Patch Tuesday release keeps defenders busy again, this time shifting attention to…
AI, Apps, Global Security News, Risk Management
ENISA advisory examines package manager security risks
Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package managers extends software supply chains across large collections of external components. ENISA’s Technical Advisory for Secure Use of Package Managers, released in March 2026, examines how this development practice expands…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Network Security
Iran-Linked Hacktivists Claim Wiper Attack on Stryker Systems
A cyberattack has disrupted global operations at medical technology manufacturer Stryker, forcing employees in multiple countries offline and cutting access to core corporate systems. The incident, which began March 11, triggered widespread outages across the company’s Microsoft environment and left staff temporarily unable to access internal applications and devices. “When a company the size of…
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
The CISO’s Dilemma: How To Scale AI Securely
Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you’re the one who has to answer when the inevitable question comes up: “How do we know this is secure?” If you’re like most security leaders, you’re caught between two impossible positions. Say…
AI, Apps, Global Security News
Blue Yonder expands agentic AI and mobile experiences for industry-specific supply chain execution
Blue Yonder today announced an expanded set of AI agents and role-specific mobile applications for its end-to-end planning and execution solutions. These updates to its Cognitive Solutions are built around real customer use cases and feedback to help businesses make smarter, faster, more accurate decisions and boost supply chain resilience.
AI, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection
Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited? In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts,…
AI, Apps, Exploits, Global Security News, Risk Management
ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance
ENISA’s first Technical Advisory on Secure Package Managers helps developers safely use third-party packages. ENISA has released its first Technical Advisory on Package Managers, focusing on how developers can safely consume third-party packages. The document (March 2026, v1.1) follows public feedback incorporating 15 contributions from stakeholders, experts, and the open-source community. “This document focuses on…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
AI use is changing how much companies pay for cyber insurance
In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The system, developed by Paradox.ai, featured a rookie-level security flaw: the backend for restaurant operators accepted “123456” as both username and password, and lacked multi-factor authentication. As a result, the personal…
AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management
Resumés with malicious ISO attachments are circulating, says Aryaka
Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails. The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It’s delivered through recruitment channels, and hosted on…
AI, Apps, Global Security News, Government & Policy, malware
BeatBanker malware targets Android users with banking Trojan and crypto miner
BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft SQL Server Vulnerability Enables Privilege Escalation
A vulnerability in SQL Server could allow attackers to escalate their privileges to system administrator level within affected database environments. “Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network,” said Microsoft in their security advisory. Understanding CVE-2026-21262 The vulnerability, tracked as CVE-2026-21262, carries a CVSS score of 8.8…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft .NET Vulnerability Enables Remote DoS Attacks
Microsoft has released a security update to address a vulnerability in the .NET platform that could allow attackers to remotely crash affected applications. The flaw enables unauthenticated attackers to trigger a Denial-of-Service (DoS) condition, potentially causing applications or services running on vulnerable .NET environments to become unavailable. Exploitation of the vulnerability “… allows an unauthorized…
AI, Apps, Global Security News
Google embeds Gemini AI deeper into Workspace apps
Google on Wednesday introduced several new ways for Gemini AI assistant to create and edit content in Workspace apps such as Docs, Slides and Sheets. The changes, said Julie Geller, principal research director at Info-Tech Research Group, represent “incremental improvements more than revolutionary features, but they address real workflow gaps. The actual value is that…
AI, Apps, Data Breaches, Global Security News, Risk Management
Salesforce issues new security alert tied to third customer attack spree in six months
Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday. “Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,” the company said in the alert.…
AI, Apps, Global Security News, Network Security, Risk Management
Netskope Launches Security Suite Addressing AI Ecosystem
Netskope, a security and networking provider, has announced Netskope One AI Security, a suite of new AI security tools designed to protect and accelerate the AI ecosystem. Addressing AI-driven security risks Unified within the Netskope One platform, the suite introduces four new products: Netskope One Agentic Broker, Netskope One AI Gateway, Netskope One AI Read…
AI, APAC, Apps, Global Security News, Network Security, Risk Management
SolarWinds: 77% of IT Teams Lack Visibility Across Environments
Seventy-seven percent of IT teams lack full visibility across on-prem and cloud environments, according to SolarWinds’ 2026 State of Monitoring & Observability Report. The study examines how IT teams are navigating increasingly fragmented hybrid environments and how AI is reshaping modern observability. Balancing legacy and cloud IT environments SolarWinds, in partnership with UserEvidence, surveyed more…
Apps, Exploits, Global Security News
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below – CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization
Apps, Global Security News, malware, Russia
BlackSanta Malware Targets HR Staff with Fake CV Downloads
Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows.
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
Overly permissive ‘guest’ settings put Salesforce customers at risk
Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Salesforce environments. The group recently posted screenshots on its leak site claiming breaches of “several hundreds” of organizations, including around 400 websites and roughly 100 “high profile…
AI, Apps, Compliance, Global Security News
Microsoft Introduces AI-Focused Microsoft 365 E7
Microsoft is taking another swing at what AI inside workplace software should actually look like. This time, the company is packaging it into a new enterprise tier for Microsoft 365, along with a feature that turns Copilot from a helpful assistant into more of a digital coworker. M365 E7 tier bundles Copilot, Entra identity, and…
AI, APAC, Apps, Compliance, Global Security News, Government & Policy, privacy, Risk Management
Microsoft seeks a stay on DoD’s effective ban on Anthropic offerings
Microsoft is urging a federal court in California to temporarily pause the US Department of Defense’s (DoD) effective ban on Anthropic’s AI offerings, arguing that the government’s “supply chain risk” label could have significant knock-on effects for its own defense technology business. In a filing backing Anthropic’s request for emergency relief, the company said the…
AI, Apps, Global Security News, Network Security
Virtana enables full-stack root cause analysis beyond legacy APM
Virtana has launched an Application Observability offering that traces performance issues from application code through infrastructure, networks, storage, and AI workloads to deliver evidence-based root cause analysis without manual correlation. Built for autonomous operations at scale, the solution redefines the application as a system rather than software, automatically correlating performance issues across the full enterprise…
AI, Apps, Global Security News, Risk Management, Venture
It’s an AI boom, not a bubble…, but is that true at Microsoft?
It’s become conventional wisdom that we’re in the midst of an AI bubble. As evidence, AI naysayers point to a McKinsey report that found “nearly eight in 10 companies report using gen AI — yet just as many report no significant bottom-line impact.” They also cite an MIT report, The GenAI Divide: State of AI in…
Apps, Exploits, Global Security News
Software vulnerabilities push credential abuse aside in cloud intrusions
Cloud intrusions are unfolding on shorter timelines, with attackers leaning more on unpatched software and compromised identities. H2 2025 distribution of initial access vectors exploited in Google Cloud (Source: Google) Google Cloud’s Cloud Threat Horizons Report H1 2026 reflects incident response and intelligence findings from the second half of 2025 and shows how access methods…
AI, Apps, Exploits, Global Security News, Network Security
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this…
AI, APAC, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
March Patch Tuesday: Three high severity holes in Microsoft Office
Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…
AI, Apps, Cloud Security, Compliance, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management
AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications
In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only fully featured, independently operated sovereign cloud…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Fake OpenClaw npm Package Installs GhostClaw Malware
A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT). The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation. Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days
Microsoft addressed 83 vulnerabilities that cut across its broad portfolio of enterprise software and underlying services in its latest security update. The company’s Patch Tuesday release contained no actively exploited zero-day vulnerabilities and six defects it described as more likely to be exploited. The vendor’s batch of patches marks the first monthly update without an…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Teams Social Engineering Campaign Drops A0Backdoor Malware
Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor. Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, privacy
Security is a team sport: AWS at RSAC 2026 Conference
The RSAC 2026 Conference brings together thousands of professionals, practitioners, vendors, and associations to discuss issues covering the entire spectrum of cybersecurity—a place where innovation meets collaboration and the industry’s brightest minds converge to shape its future. This March, Amazon Web Services (AWS) returns to the annual RSAC Conference in San Francisco to share how…
AI, Apps, Exploits, Global Security News, Risk Management
Critical defect in Java security engine poses serious downstream security risks
A maximum-severity vulnerability in pac4j, an open-source library integrated into hundreds of software packages and repositories, poses a significant security threat, but has thus far received scant attention. The defect in the Java security engine, which handles authentication across multiple frameworks, has not been exploited in the wild since code review firm CodeAnt AI published…
AI, Apps, Global Security News
CustomerXR Brings VR Apps to the Channel
CustomerXR, an innovative Extended Reality (XR) company, is introducing its virtual reality for business applications to the indirect channel for the first time. This showcase of virtual and augmented reality applications is available in the Meta Quest Store and is developed for Bath Fitter, Kitchen Saver, Egress Pros, Meineke, and others. Job training for new…
AI, Apps, Global Security News
Komodor Launches Partner Program for AI-Driven SRE Services
Komodor, an autonomous AI site reliability engineering (SRE) platform provider for cloud-native infrastructure, has launched a new global partner program aimed at systems integrators, trusted advisors, and value-added resellers supporting enterprise Kubernetes environments. Announced on March 10, the Komodor Partner Program is designed to help partners deliver AI-driven cloud-native infrastructure reliability, incident management, and cost…
AI, Apps, Global Security News, Risk Management
Mend.io eliminates AI prompt weaknesses before production
Mend.io has launched System Prompt Hardening within Mend AI to detect, score, and automatically remediate weaknesses in AI system prompts. Hidden instructions in system prompts have emerged as a growing security concern that traditional AppSec tools do not fully address. System Prompt Hardening provides instant visibility into these behind-the-scenes instructions, identifies weaknesses, and automatically strengthens…
AI, Apps, Global Security News
Radware Introduces Alteon Protect to Deliver Scalable Application Security Without Compromise
Combines real-time cloud protection infrastructure with on-device enforcement to deliver continuous application security beyond appliance constraints
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
Threat actors use custom AuraInspector to harvest data from Salesforce systems
Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool to exploit misconfigurations and access sensitive data. Salesforce CSOC warns that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool. AuraInspector is an open‑source command‑line tool released by Google/Mandiant to audit Salesforce Aura and Experience…
AI, Apps, Global Security News, malware
Devs looking for OpenClaw get served a GhostClaw RAT
A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22054 (CVSS score of 7.5) Omnissa Workspace ONE…
AI, Apps, Cybersecurity, Global Security News, malware, Risk Management
OpenAI to acquire Promptfoo to strengthen AI agent security testing
OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows. Promptfoo’s tools allow developers to test LLM applications against adversarial prompts, including prompt injection and jailbreak attempts, and to evaluate whether models follow safety and…
AI, Apps, Global Security News
Phishing campaign spoofs local officials to steal permit fees
The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits. Criminals mine publicly available permit data to find likely targets and make their outreach appear legitimate. Investigators say victims receive unsolicited emails that cite legitimate permit details, including zoning application…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Why access decisions are becoming the weakest link in identity security
In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in. We often obsess over the perimeter and the sophistication of technical exploits, but many of the most damaging security failures I’ve witnessed didn’t involve a zero-day or…
AI, Apps, Global Security News
Intel Debuts Core Series 2 Chips, Healthcare Edge AI Suite
Intel unveiled a new generation of edge computing processors and a healthcare-focused AI development suite at Embedded World 2026, expanding its portfolio for real-time industrial systems and AI-powered patient monitoring. The company introduced its Intel Core Series 2 processors with P-cores, an industrial-ready platform designed for mission-critical edge workloads. Alongside the processor launch, Intel also…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
I replaced manual pen tests with automation. Here’s what I learned.
More accreditation and compliance requirements have been added in response to cyber incidents. While these frameworks play an important role in establishing security baselines, true security is more than just achieving a perfect compliance score. As I often say, “policies and procedures won’t stop an attacker, they’ll just have more documents to exfiltrate when they…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: March 10, 2026
Associate Director Application Security BioNTech | Germany | On-site – View job details As an Associate Director Application Security, you will lead application security strategy, standardize security processes, and drive vulnerability management across development environments. You will enable secure-by-design practices through technical solutions and advisory support, oversee secure onboarding of open-source software, and define KPIs…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management
Malicious Chrome Extension Targets imToken Wallet Users
A malicious Chrome extension disguised as a harmless color visualization tool is quietly redirecting users to phishing pages designed to steal cryptocurrency wallet credentials. Socket researchers warn that the extension impersonates the popular imToken wallet brand and tricks victims into entering their seed phrases or private keys. The “… extension automatically opens a threat actor-controlled…
AI, Apps, Global Security News, Government & Policy
FBI alert: scammers target zoning permit applicants
The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams
A flaw in the open-source AVideo platform requires no authentication and allows attackers to remotely execute commands and take over affected servers. Exploitation of the vulnerability “… can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption,” said researchers. Inside the AVideo Server Takeover Risk AVideo is an…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer. This malware steals “… sensitive data including saved passwords, browser…
AI, Apps, Global Security News, Risk Management
M365 Copilot gets its own version of Claude Cowork
Microsoft has added agentic AI capabilities to Microsoft 365 Copilot to improve its usefulness for office workers — including its own version of Anthropic’s Claude Cowork. Microsoft’s AI assistant has, so far, failed to attract significant business demand since launching more than two years ago, at least compared to its other products. Only 3% of…