Geek-Guy.com

Category: Endpoint

Auto Added by WPeMatico

Marimo RCE Flaw Exploited Within Hours of Disclosure

A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks.  Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems. “Within 9 hours and 41 minutes of the vulnerability advisory’s publication,…

Old Docker authorization bypass pops up despite previous patch

Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated…

Why most zero-trust architectures fail at the traffic layer

Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…

$3.6 Million Crypto Heist Targets Bitcoin Depot

Attackers have stolen more than $3.6 million in Bitcoin from crypto ATM operator Bitcoin Depot after breaching its internal systems. The incident, disclosed in a recent regulatory filing, shows how quickly attackers can monetize access once inside corporate environments. The “unauthorized actor transferred approximately 50.903 Bitcoin from Company-controlled wallets, valued at approximately $3.665 million as…

Protecting Cookies with Device Bound Session Credentials

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in…

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop. Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 — also known as Forest Blizzard or…

Adobe Acrobat Reader Zero Day Exploited in Active PDF Attacks

Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader for months, using malicious PDF files to silently steal data and potentially take over victim systems. Active since at least Dec. 2025, the campaign highlights how a seemingly routine document can serve as an effective entry point for system compromise. This exploit “allows the…

Datto RMM Exploited in Phishing Attack, Researchers Warn

Security researchers have uncovered an active phishing campaign that abuses Datto’s remote monitoring and management platform, CentraStage, as a command-and-control channel, giving attackers full interactive control over compromised systems while flying under the radar of traditional security defenses. Phishing campaign delivers remote access trojan via fake files The campaign, tracked by the Fortra Intelligence and…

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connected networks. I learned early that tightly coupled systems produce tightly coupled failures. When a single software fault could halt a distribution…

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connected networks. I learned early that tightly coupled systems produce tightly coupled failures. When a single software fault could halt a distribution…

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile…

NWN Launches AI Cyber Suite, Expands Security Partnerships

AI-powered technology solutions provider NWN has announced the launch of NWN Cybersecurity, an AI-enabled managed security operations suite. NWN Experience Management Platform gains advanced integrations with Palo Alto, Cisco, and Arctic Wolf The new suite introduces new managed services, delivers new platform integrations through NWN’s patented Experience Management Platform (EMP), and expands strategic partnerships with…

API Security Risks Rise as AI Adoption Accelerates

As organizations deploy autonomous agents and generative AI tools at scale, APIs have become a backbone of modern operations — introducing a growing attack surface. Enterprises are rapidly embracing AI and API-driven architectures, but a new report from Salt Security reveals that security is struggling to keep up. “The future of AI will not be…

10 ChatGPT Prompts L1 SOC Analysts Can Use in Their Daily Work

Security operations center (SOC) analysts are expected to process a constant stream of alerts — often under tight response timelines.  At the same time, they are expected to investigate accurately, document clearly, and communicate findings to both technical and non-technical stakeholders. This is where generative artificial intelligence (GenAI) tools such as ChatGPT can be helpful.…

The zero-day timeline just collapsed. Here’s what security leaders do next

A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…

The zero-day timeline just collapsed. Here’s what security leaders do next

A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…

Cybercriminals move deeper into networks, hiding in edge infrastructure

Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, and GenAI speeds up how attackers assemble and rebuild their tooling. Lumen’s 2026 Threatscape Report describes this pattern in criminal and nation-state activity. “Threat intelligence is needed to find the adversary…

Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw

Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to…

5 practical steps to strengthen attack resilience with attack surface management

Every asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than most security teams can track manually. Attack surface management (ASM) helps answer a critical question for IT security teams: What can…

5 steps to strengthen supply chain security and improve cyber resilience

Supply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door. For organizations managing distributed environments, and for MSPs supporting dozens or hundreds…

5 ways to strengthen identity security and improve attack resilience

Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…

Why 24/7 Threat Monitoring Has Become Essential for Modern Businesses

GUEST OPINION – Cybersecurity used to be treated like a perimeter problem. Put up a firewall, install antivirus, enforce a few password rules, and hope that was enough. That approach no longer works. Today’s attacks do not wait for business hours. They move quietly through cloud platforms, endpoints, email, collaboration tools, and third-party applications. In…

‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace

Security researchers at Noma Security have disclosed a new vulnerability they are calling GrafanaGhost, an exploit capable of silently stealing sensitive data from Grafana environments by chaining multiple security bypasses, including a method that circumvents the platform’s AI model guardrails without requiring any user interaction. Grafana is widely deployed across enterprise organizations as a central…

ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…

ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…

Supply chain security is now a board-level issue: Here’s what CSOs need to know

For many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing regulatory landscape has been a key driver of the C-suite’s focus, as legislation such as…

The noisy tenants: Engineering fairness in multi-tenant SIEM solutions

I recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts. Proactive threat hunting: Active searches for…

Fortinet customers confront actively exploited zero-day, with a full patch still pending

Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices. The zero-day vulnerability — CVE-2026-35616 — has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerability catalog Monday.  Fortinet said in…

CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation

Fortinet disclosed a critical FortiClient EMS vulnerability that is already being exploited in the wild.  The flaw could allow unauthenticated attackers to bypass API protections and execute unauthorized code or commands on exposed systems.  “This is a zero-day. While there is no full patch, we have to give credit where credit is due: Fortinet has…

How often are redirects used in phishing in 2026?, (Mon, Apr 6th)

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused… Although open redirect is not generally considered a high-impact vulnerability on its own, it can have multiple negative implications. Johannes already covered one in…

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient…

Security lapse lets researchers view React2Shell hackers’ dashboard

An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an…

Cisco 2026 State of Wireless Report: AI Wireless Threats Grow as Security Gaps Widen

Wireless networks are becoming a prime target for attackers — and many organizations aren’t prepared to keep up.  Cisco’s 2026 State of Wireless report warns that as enterprises scale AI, IoT, and high-bandwidth applications, wireless environments are expanding faster than security defenses can adapt. “AI-generated attacks are the leading driver of increased wireless security risk,”…

High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week

Major Threats & Vulnerabilities High-Severity Flaws A newly disclosed Cisco IMC vulnerability (CVSS 9.8) allows unauthenticated attackers to gain full administrative access to UCS servers. Cisco has issued patches, and while no active exploitation has been observed, immediate updates are strongly advised. In another critical discovery, a GIGABYTE Control Center flaw enables remote code execution…

Microsoft 365 explained: Office 365, rebranded and expanded

Microsoft 365 arrived to much fanfare at its launch in July 2017, with Microsoft CEO Satya Nadella promising a “fundamental departure” in how the company thinks about product creation. Nearly nine years later, Microsoft 365 has become Microsoft’s core brand for workplace productivity software, having largely replaced the Office 365 branding long associated with the…

Crowdstrike 2026 Global Threat Report: Adversaries Use AI to Bypass Defenses

Attackers are moving faster, blending in better, and increasingly using AI to stay ahead of defenders. The Crowdstrike 2026 Global Threat Report highlights a shift toward stealthy, identity-driven attacks that are harder to detect and quicker to execute. “This is an AI arms race. Breakout time is the clearest signal of how intrusion has changed.…

GenAI Alone Isn’t Enough: Rethinking AI in Cybersecurity

As organizations accelerate their AI adoption, many are turning to generative AI (GenAI) as a cornerstone of their security strategy.  But according to Melissa Ruzzi, Director of AI at AppOmni, relying on GenAI alone may create more gaps than it solves. “GenAI is non-deterministic and language-focused, so it’s not the most appropriate tool in certain…

Claude Code Leak Exposes AI Supply Chain Threats

A leak involving Anthropic’s Claude Code has drawn attention from the cybersecurity and developer communities, exposing internal components of the AI coding agent and introducing potential risks for organizations. “The significance of this leak is in what the code reveals about AI agent architecture. The leak exposed approximately 512,000 lines of TypeScript across roughly 1,900…

Jamf warns of massive app insecurities

“Be wary then; best safety lies in fear,” said Laertes to sister Ophelia in William Shakespeare’s Hamlet. That’s a quote that should be on the desk of every business professional, as the digital environment is full of danger.  Jamf provides us with a good look at what’s becoming a dangerous environment for Mac and iOS…

Alleged Starbucks Incident Exposes Code and Firmware

A threat group is claiming to have breached Starbucks and stolen 10GB of sensitive data, including proprietary source code and firmware tied to its in-store machines and global operations.  The group, ShadowByt3s, alleges it accessed a misconfigured Amazon S3 bucket and is now threatening to leak the data unless a ransom is paid. “The leak…

This man hid $400 million in a fishing rod. Then it vanished

A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or has it? Because this week, one of his frozen wallets suddenly…

Chrome Vulnerability CVE-2026-5281 Exploited in the Wild

Google has released a Chrome update for multiple high-severity flaws and confirmed that one of the vulnerabilities is being actively exploited in the wild.  We are “… aware that an exploit for CVE-2026-5281 exists in the wild,” said Google in its advisory. Inside CVE-2026-5281 The vulnerability, tracked as CVE-2026-5281, is a use-after-free flaw affecting Chrome’s…

Bitdefender Launches Internal Attack Surface Assessment

Bitdefender recently announced the launch of Bitdefender Attack Surface Assessment to help enterprises discover hidden cybersecurity risks. Complimentary evaluation shines spotlight on hidden risk The assessment is a complimentary evaluation that helps organizations identify and reduce hidden internal cyber risk from unnecessary user access to applications, tools, and operating system utilities commonly exploited in modern…

HYCU Expands R-Shield With Halcyon Ransomware Defense

HYCU has expanded its R-Shield cyber resilience platform through a new integration with Halcyon, adding advanced ransomware prevention and data exfiltration protection.  The update aims to address persistent gaps in enterprise security strategies, particularly the fragmentation of tools that limits organizations’ ability to detect, stop, and recover from modern ransomware attacks across hybrid and multi-cloud…

Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More 

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and…

Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More 

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and…

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The…

Free VPNs leak your data while claiming privacy

Most free Android VPNs track users, request dangerous permissions, and connect to risky servers, privacy comes at a hidden cost. Free VPN apps are some of the most popular downloads on Android, promising privacy at no cost. But the reality is far from what they advertise. Most users tap “install” without a second thought, unaware…

Malware detectors trained on one dataset often stumble on another

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto…

The Invisible Breach: How AI Agents Became the Most Dangerous Attack Surface of 2025–2026

The Attack That Requires No Click In June 2025, Microsoft patched a critical vulnerability in Microsoft 365 Copilot — one that its discoverers at Aim Security described as something that had never been seen before. A threat actor needed only to send a carefully crafted email to any employee within a target organization. No link.…

CrowdStrike and HCLTech Expand Strategic Partnership with AI-Powered Continuous Threat Exposure Management Services

CrowdStrike and HCLTech today announced an expansion of their strategic partnership with the launch of Continuous Threat Exposure Management (CTEM) services. This joint offering enables continuous, intelligence-led identification, prioritization, and remediation of exposure across endpoints, cloud, identity, applications, and data, helping enterprises maintain an always-on view of exposure and address risk in a more structured and timely manner.

AWS Security Agent on-demand penetration testing now generally available

AWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This milestone transforms penetration testing from a periodic bottleneck into an on-demand capability that scales with your development velocity across AWS, Azure, GCP, other cloud-providers, and on-premises. With…

CareCloud Incident Exposes Patient Data, Disrupts EHR Systems

An attack on healthcare IT provider CareCloud has exposed sensitive patient data and temporarily disrupted access to critical systems, highlighting ongoing risks facing digital healthcare infrastructure. We are “… continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the Company continues to assess whether, and the extent…

Rspamd 4.0.0 ships memory savings, a new scan protocol, and a required migration step

The open-source spam filtering platform Rspamd released version 4.0.0, delivering infrastructure changes across its scan protocol, memory model, hash storage, and configuration system. Several of the changes are breaking, and at least one requires a migration step before upgrade. A new scan protocol The release introduces a /checkv3 endpoint that replaces HTTP headers with structured…

8 ways to bolster your security posture on the cheap

As every CISO knows, maintaining a strong cybersecurity posture is costly. What’s not so well known is that there are many ways cybersecurity can be enhanced with the help of relatively trivial investments. Simply by thinking creatively, a security leader can substantially boost enterprise protection at a minimal cost. Could your organization benefit from some…

Fortinet hit by another exploited cybersecurity flaw

Yet another critical flaw in a Fortinet product has come to light as attackers continue to target the company, this time by actively exploiting a critical SQL injection vulnerability in the cybersecurity company’s management server. The vulnerability, (CVE-2026-21643), allows unauthenticated threat actors to execute arbitrary code on unpatched systems via specifically-crafted HTTP requests. These low-complexity…

Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters

Phone-based fraud never went away. It evolved. Vishing, or voice phishing, is a social engineering technique that uses phone calls to extract money or sensitive information from victims. A few years ago, these attacks typically arrived as unsolicited calls from criminals impersonating the IRS, the FBI, or Microsoft support. The approach was simple and high…

TeamViewer unveils AI-driven Tia Reporting at Gartner Digital Workplace Summit

TeamViewer recently introduced Tia Reporting at Gartner Digital Workplace Summit. The new conversational AI capability within TeamViewer DEX accelerates IT decision-making by generating real‑time dashboards from simple natural‑language prompts. TeamViewer marked the launch with the first activation of the new global brand campaign, Fix it before they feel it, which highlights its leading value proposition in Autonomous Endpoint Management (AEM)…

HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API

For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, “escalated”. Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches. We’re processing billions of compromised records each year…

China-Linked groups target Southeast Asian government with advanced malware in 2025

China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)

A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and uses them as well to capture real attack attempts and exploits and provide early warning…

APIs are the new perimeter: Here’s how CISOs are securing them

Recent breaches suggest attackers are shifting beyond traditional endpoints to target application programming interfaces (APIs). But typical perimeter protections can completely miss this vector. “We used to talk about defense-in-depth and endpoint protection,” says Sean Murphy, CISO at BECU, a nationwide credit union. “That morphed into identity, and now the API is the new perimeter.”…

Why Kubernetes controllers are the perfect backdoor

In my years securing cloud-native environments, I’ve noticed a recurring blind spot. We obsess over the “front doors” such as exposed dashboards, misconfigured RBAC, or unpatched container vulnerabilities. We harden the perimeter, but we often ignore the machinery humming inside.  Sophisticated adversaries have moved beyond simple smash-and-grab tactics. They don’t just want to run a…

Hackers Didn’t Hack the FBI Network — They Did Something Smarter

A threat operation attributed to actors aligned with Iran’s Ministry of Intelligence and Security (MOIS) has compromised the personal email account of FBI Director Kash Patel, exposing historical communications and personal data in a campaign that blends espionage, disruption, and information operations. The activity is being conducted under the “Handala Hack Team” persona, which serves…

TeamPCP Supply Chain Campaign: Update 003 – Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)

This is the third update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. This update covers developments from March 27-28, 2026. HIGH: First 48-Hour Window Without a New Supply…

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft is finally blocking a long-since retired program that it said led to “abuse and credential theft,” yet remained widely trusted for years. Beginning in April, Redmond will remove trust for kernel drivers that haven’t been vetted through its Windows Hardware Compatibility Program (WHCP). The company is specifically targeting kernel drivers signed by the now…

Security leaders say the next two years are going to be ‘insane’

SAN FRANCISCO — Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about…

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation. The flaw, which allows running arbitrary code on vulnerable Langflow instances without >credentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it. According to a Sysdig report,…

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows.  CVE-2026-33017 is a…

Hexnode CEO: MacBook Neo forces IT to rethink its budget laptop strategy

Apple’s MacBook Neo (reviewed here) challenges what we expect from budget laptops. Accompanied by shrewd enterprise-focused moves, the new model gives Apple a chance to convert hitherto resistant IT purchasers to adopt its platforms. I spoke with Hexnode CEO Apu Pavithran to get some sense of this potential. Apple’s decision to introduce a $599 laptop is hugely significant, said Pavithran.…

Active Directory Risks Reshaping M365 Migrations for MSPs

As Microsoft 365 migrations accelerate, many IT teams and MSPs are discovering that identity, not productivity workloads, is the biggest source of risk.  While email and collaboration tools are often straightforward to move, Active Directory environments introduce hidden complexity that can disrupt users, security, and access if handled incorrectly. In this Q&A, BitTitan’s Aaron Wadsworth…

New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert

A new critical vulnerability that is similar to the widely-exploited CitrixBleed and CitrixBleed2 holes should be patched in NetScaler devices immediately, say experts. The hole, CVE-2026-3055, is an out-of-bounds read vulnerability in customer-managed NetScaler ADC and NetScaler Gateway devices configured as SAML IDP for approving identity and authentication. It’s rated at 9.3 in severity on…

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500,…

Dell Addresses Emerging Quantum Risks, AI Era Resilience

Dell Technologies is taking a step in expanding cybersecurity and resilience for the AI era and emerging quantum threats by introducing new security capabilities to help organizations secure, detect, and recover from next-gen threats. Quantum computing and AI continue to introduce new security threats These latest enhancements address risks from quantum computing and AI by…

Telemetry Pipeline: How It Works and Why It Matters in 2026

A telemetry pipeline has become a core layer in modern security operations because teams no longer send data from applications, infrastructure, and cloud services straight into a single backend and hope for the best. In 2026, most environments are distributed across cloud, hybrid, and on-prem systems, which means more services, more data sources, more formats,…

Your security stack looks fine from the dashboard and that’s the problem

One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has barely moved in a year, even as organizations continue to add security tools and increase…

HP launches TPM Guard to help defeat physical TPM attacks

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores sensitive information such as encryption keys in a separate, secure chip, passing it to the CPU as required. However, there’s a problem. If an attacker can get physical access to…

HP launches TPM Guard to help defeat physical TPM attacks

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores sensitive information such as encryption keys in a separate, secure chip, passing it to the CPU as required. However, there’s a problem. If an attacker can get physical access to…

Lumu enhances Defender to detect compromise across network, cloud, endpoint, and identity

Lumu has upgraded its Lumu Defender NDR solution, extending Continuous Compromise Assessment beyond the network to include endpoints, cloud environments, and user behavior for unified visibility. The past year marks a strategic shift in attack methods, with threat actors pivoting from high-profile malware to increasingly sophisticated, stealth-based tactics. The increase of AI-driven security attacks, attackers…

Tuskira replaces centralized detection model with real-time, distributed approach

Tuskira has released its Federated Detection Engine, a new capability within its Agentic SecOps platform that enables real-time threat detection across cloud, identity, endpoint, network, SaaS, infrastructure, and legacy SIEM environments, without relying on centralized logging. Detection engineering still depends on centralized log architectures and manual rule authoring. That model is expensive to scale, slow…

Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN 

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16…

Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN 

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16…

Product showcase: Cross-platform and third-party endpoint patching with Action1

Keeping endpoints patched is one of the more annoying chores in IT operations. Action1 is a cloud-based autonomous endpoint management platform that addresses this challenge head-on, covering third-party apps and OS updates (Windows, macOS, and now Linux) from a single, centralized console. Built as a SaaS solution, it requires no on-premises infrastructure, no VPN tunnels,…

Palo Alto updates security platform to discover AI agents

As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and connections across the entire IT environment, to scan agents for vulnerabilities, and to allow admins to simulate red team tests for agents.…

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has addressed multiple vulnerabilities, including four SD-WAN router issues (CVE-2025-62843 to CVE-2025-62846) demonstrated at the Pwn2Own Ireland 2025 by Team DDOS. The team chained multiple bugs in QNAP devices to gain root access and…

Broadcom Launches CBX Platform as CISPE Files Complaint

Broadcom has launched a new cloud-based security platform while facing a fresh antitrust complaint in Europe tied to its VMware partner strategy. The company introduced Symantec CBX, an XDR platform combining Symantec and Carbon Black technologies, as the Cloud Infrastructure Services Providers in Europe (CISPE) filed a competition complaint over Broadcom’s planned changes to its…

BeyondTrust Delivers Industry’s First Unified Privileged Identity Solution for AI Agent Coworkers and Workloads, From the Desktop to the Cloud

COMPANY NEWS:  New capabilities in the BeyondTrust Pathfinder Platform secure AI agent coworkers on endpoints and AI agent workloads across cloud infrastructure and SaaS platforms Security teams gain visibility into AI agent identities, privileges, and secrets across platforms including OpenAI, AWS Bedrock, Salesforce Agentforce, ServiceNow, and Google Vertex AI

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this…