Geek-Guy.com

Category: Endpoint

Auto Added by WPeMatico

ESET introduces Cloud Workload Protection, bringing XDR visibility to cloud environments

ESET has launched ESET Cloud Workload Protection as part of a comprehensive update for its ESET PROTECT Platform. The new module extends security beyond endpoints and servers to cover cloud workloads, enriching telemetry for detection and response while unifying security management across endpoint and cloud environments. “Many businesses, especially those in the midmarket, as well…

6 Best Unified Threat Management (UTM) Devices & Software

Unified threat management devices provide a quick path to comprehensive security for SMEs, offering an all-in-one approach to network protection without the need to manage multiple tools. Many products that were once labeled UTM are now marketed as firewalls, but they still serve a similar purpose. Not all solutions deliver the same level of protection,…

Why US companies must be ready for quantum by 2030: A practical roadmap

Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the usual suspects: TLS on the edge, our VPN and the certificates on laptops. Then we pulled up a dependency map and the…

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web…

MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running

SAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure. Related: RSAC 2026’s full agenda The dominant undercurrent is already unmistakable: AI hasn’t just arrived in cybersecurity. It has split…

Ubiquiti defect poses account takeover risk for UniFi Networking Application users

Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files. The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released…

Justice Department disrupts botnet networks that hijacked 3 million devices

Authorities seized infrastructure powering four botnets that hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively, the Justice Department said Thursday. The botnets — Aisuru, Kimwolf, JackSkid and Mossad — enabled operators to sell access to the infected devices for various cybercrimes. The aftermath spanned thousands of attacks, including some…

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…

That cheap KVM device could expose your network to remote compromise

Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The flaws are particularly concerning given the growing presence of such devices in business environments, whether deployed intentionally by IT administrators and managed service providers or introduced as shadow IT. KVM-over-IP…

8 Best Encryption Software & Tools in 2026

This guide is for businesses and IT decision-makers evaluating encryption software in 2026, covering how these tools work and how to choose the right solution for your needs.  Encryption software obfuscates data to render it unreadable without a decryption key, protecting it against unauthorized access or theft. However, the best tool depends heavily on the…

Huntress Set to Expand Global Partner Program

Cybersecurity organization Huntress is expanding the Huntress Partner Program to resellers to reach and protect more organizations globally. Huntress continues to bring enterprise security to smaller businesses through channel partners The expansion of the program will help Huntress protect the 99 percent of companies that fall below the Fortune 1000, their target customer.  Its expanded…

Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach

Federal cyber officials aren’t seeing a significant change in attacks tied to Iran since the conflict there began, at least not yet, but they are on the lookout for any uptick and are focusing on the Stryker attack in particular. Terry Kalka — director of the Defense Industrial Base Collaborative Information Sharing Environment at The…

News alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacks

AUSTIN, Texas, Mar. 19, 2026, CyberNewswire—SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase…

Top 25 Cybersecurity Companies in 2026

This guide is for IT leaders, security professionals, and decision-makers looking to explore leading cybersecurity companies in 2026 and evaluate vendors across key areas of modern security. Cybersecurity has become one of the most critical priorities for organizations operating in today’s world.  As businesses adopt cloud computing, remote work, artificial intelligence (AI), and increasingly complex…

Top 6 XDR Solutions & Vendors in 2026

This guide is for security leaders, IT administrators, and growing businesses evaluating extended detection and response (XDR) platforms, and it covers the top solutions available today along with key features and buying considerations.  XDR tools provide centralized visibility and threat detection across endpoints, networks, cloud workloads, and email systems, helping organizations respond to increasingly complex…

5 Best Rootkit Scanners and Removers: Anti-Rootkit Tools in 2026

This guide is for IT professionals, security teams, and everyday users who want to detect and remove stealthy rootkit malware, and it covers the best rootkit scanners and removal tools available today.  Rootkits are particularly dangerous because they embed deep within an operating system, allowing attackers to hide malicious activity and maintain persistent access without…

ManageEngine Endpoint Central Advances Towards Autonomous Endpoint Security with EDR and Secure Private Access

Company Unveils the First Natively Built Platform Combining UEM, Endpoint Security (EPP with EDR), Digital Employee Experience (DEX), and Secure Private Access Introduces AI-powered endpoint threat detection and automated remediation Enforces Zero Trust access to intranet applications through device trust verification Free trial available at https://mnge.it/EDR

Secure endpoint management systems immediately, CISA urges

The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber activity tied to Middle East conflicts may be spilling into their operations. Attackers breached Stryker’s internal Microsoft environment and reportedly wiped 200,000 systems, servers, and mobile devices, while extracting 50…

EDR killers are now standard equipment in ransomware attacks

Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have become a standard component of ransomware intrusions. ESET Research tracked nearly 90 EDR killers actively used in the wild. The workflow is consistent across groups: an attacker gains high privileges, deploys an…

Top 8 Endpoint Detection & Response (EDR) Solutions in 2026

This guide is for IT and security teams evaluating the best endpoint detection and response (EDR) solutions in 2026, covering top platforms and the features that matter most for threat detection and response.  EDR tools play a critical role in identifying and stopping threats at the device level by continuously monitoring endpoint activity and enabling…

6 Best Digital Forensics Tools Used in 2026

This guide is for security professionals, IT teams, and investigators evaluating the best digital forensics tools in 2026, covering top platforms and how they support modern investigations.  As cyber incidents, insider threats, and legal disputes become more complex, organizations need reliable tools to collect, analyze, and preserve digital evidence across endpoints, networks, and cloud environments.…

Meet the 2026 Cybersecurity Startups Beating Hackers at Their Own Game

Cyber threats are advancing fast in 2026… and startups are leading the charge to stop them. Startups are racing to counter new threats like AI-powered phishing, deepfake fraud, ransomware-as-a-service, and supply-chain attacks. At the same time, venture capital is returning to cybersecurity, AI is reshaping both offense and defense, and regulators are raising the bar…

Top 7 Full Disk Encryption Software Solutions in 2026

This guide is for IT teams, security leaders, and businesses evaluating the best full disk encryption solutions in 2026, covering how they work and why they matter for protecting sensitive data.  Full disk encryption serves as a critical first line of defense by securing hard drives, external storage, and endpoints against unauthorized access. As cyber…

Top 6 Network Access Control (NAC) Solutions in 2026

This guide is for IT leaders and security teams evaluating the best network access control (NAC) solutions in 2026, highlighting top platforms and what they do best. Choosing the right NAC tool is critical for securing modern networks, managing device access, and maintaining compliance across increasingly complex environments. Below, we break down six leading solutions—each…

How to Reduce MTTR in Your SOC with Better Threat Intelligence

MTTR is where strategy meets reality. In security operations, it is the margin between a contained incident and a catastrophic breach.  You can have perfect detection coverage, cutting-edge telemetry, and a wall of dashboards glowing like a spaceship cockpit. But if your team takes too long to respond, the attacker still wins the clock. Reducing Mean Time to Respond is not about shaving seconds for vanity metrics. It is about compressing the window in which damage happens. And the fastest way to do that is not more alerts, but better intelligence.  Key Takeaways  MTTR is…

Blumira enhances EDR and ITDR to speed up threat detection and containment

Blumira has announced the release of expanded endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities in its platform. Security teams on Blumira Respond and Automate editions can now contain active threats by isolating compromised endpoints, stopping malicious processes, and locking out attackers across Microsoft 365 and Active Directory, without ever…

ManageEngine expands Endpoint Central with EDR and secure access

ManageEngine has announced the expansion of its unified endpoint management and security (UEMS) platform, Endpoint Central, to include endpoint detection and response (EDR) and secure private access capabilities. The additions bolster Endpoint Central’s endpoint security capabilities by enabling AI-powered threat detection, automated remediation, and zero trust access to internal applications through device trust verification. As…

Ransomware’s Opening Play: Target Identity First

For years, ransomware attacks followed a familiar script.  Threat actors gained entry through a vulnerable server, a phishing email, or malicious software on an endpoint. Once inside, they moved laterally through the network, then encrypted systems and demanded payment. That playbook has changed. Today’s ransomware operators increasingly target identity infrastructure as their first objective.  Active…

6 Open-Source Vulnerability Scanners That Actually Work in 2026

This guide is designed for security professionals and IT teams looking to identify and remediate risks, covering the top open-source vulnerability scanners available today and how to use them effectively. Open-source vulnerability scanners offer a cost-effective way to identify security weaknesses before attackers can exploit them. Backed by transparent codebases and active security communities, these…

Blumira Intros EDR and ITDR Solutions, Joins Pax8 Marketplace

Blumira, a security operations platform, is releasing enhanced endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities. The company also recently joined the Pax8 Marketplace to deliver enterprise security operations to MSPs. Stopping threats at speed These newly expanded capabilities will enable security teams on Blumira Respond and Automate editions to…

GoTo Launches New LogMeIn Partner Network

Cloud communications and IT organization, GoTo, is launching its new LogMeIn Partner Network, a program that supports IT partners and MSPs with solutions, resources, and enablement opportunities for business growth. GSI and MSP support for a competitive landscape The new partner network is designed to maximize partner success and support technology partners, resellers, Global System…

Huntress adds tools to its Agentic Security Platform to detect, fix, and prevent endpoint and identity risks

Huntress has announced Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM), expanding its Agentic Security Platform to deliver end-to-end protection across endpoints, identities, and human risk. Huntress built Managed ESPM from the ground up and developed Managed ISPM in less than four months by leveraging expertise and capabilities from its…

CL-STA-1087 targets military capabilities since 2020

China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk…

It’s time to get serious about post-quantum security. Here’s where to start.

After decades of development, quantum computing is now becoming increasingly available for advanced scientific and commercial use. The potential marvels range from accelerating drug discovery and materials science, to optimizing complex logistics and financial modeling. But there’s a paradox to this trend: Quantum computing also poses a growing threat to data security. The risk is…

Runtime: The new frontier of AI agent security

AI agents are already operating inside enterprise networks, quietly doing some of the work employees once handled themselves — writing code, drafting emails, retrieving files, and connecting to internal systems. Sometimes they also make costly mistakes. At Meta, an employee asked an AI assistant to help manage her inbox. It deleted it instead. At Amazon,…

NinjaOne Intros AI-Driven Vulnerability Management Solution

Unified IT management software provider NinjaOne has unveiled NinjaOne Vulnerability Management, a new solution designed to help IT teams identify, prioritize, and remediate vulnerabilities faster, without relying on periodic scans from security teams that often lack context and connection to remediation workflows.  Moving away from traditional vulnerability management Built natively into the platform, NinjaOne says…

JSOC IT’s AUTOPSY platform puts security stacks under live API verification

JSOC IT has announced the launch of AUTOPSY, a security verification platform that investigates an organization’s security stack through live API integrations before a breach occurs, rather than after one forces the conversation. The platform’s flagship product, READY, is a security assessment that replaces self-reported questionnaires with API-verified telemetry across an organization’s security stack, including…

Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center

If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions with multi-Region replication. Previously, AWS access portal was only available in one Region, when you add an additional Region, users get an active access portal endpoint there. If the primary Region experiences a…

SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)

Introduction This diary describes a Remcos RAT infection that I generated in my lab on Thursday, 2026-03-11. This infection was from the SmartApeSG campaign that used a ClickFix-style fake CAPTCHA page. My previous in-depth diary about a SmartApeSG (ZPHP, HANEYMANEY) was in November 2025, when I saw NetSupport Manager RAT. Since then, I’ve fairly consistently seen…

AiLock Ransomware Claims England Hockey Data Breach

England Hockey is investigating a potential cyberattack after a ransomware group claimed to have stolen sensitive data from its systems and threatened to publish it online.  The AiLock ransomware gang recently listed the organization on its public data leak site, claiming to have exfiltrated large volumes of internal data as part of the attack. “We…

Starbucks HR Portal Breach Exposes Employee Information

Starbucks has disclosed a data breach affecting hundreds of employees after attackers accessed internal HR accounts through phishing websites impersonating the company’s employee portal.  This incident exposed sensitive personal and financial information, raising concerns about potential identity theft and fraud. “The investigation has determined that an unauthorized third party accessed certain Starbucks Partner Central accounts…

Google warns of two actively exploited Chrome zero days

Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…

Google warns of two actively exploited Chrome zero days

Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…

Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild

Google has released updates to patch two high-severity zero-day vulnerabilities in the Chrome browser that are already being exploited in the wild..  The flaws affect critical components responsible for rendering web content and executing JavaScript, potentially allowing attackers to crash the browser or execute malicious code on vulnerable systems. One of the vulnerabilities, CVE-2026-3909, allows…

OT Security: The New Attack Surface of AI-Powered Robots

Humanoid robots are arriving with enterprise-friendly components — Wi-Fi, cameras, onboard compute, and over-the-air software updates — but they behave less like traditional IT devices and more like operational technology (OT) systems. They interact with the physical world, operate under strict latency constraints, and can cause real harm if something goes wrong. That convergence is…

Hack the AI Brain: LangSmith Vulnerability Could Expose Sensitive AI Data

A vulnerability in LangSmith, a widely used AI observability platform, could have allowed attackers to hijack user accounts and access sensitive enterprise data flowing through large language model (LLM) systems. Researchers at Miggo Security discovered the flaw, which could allow token theft and account takeover if a logged-in user visited a malicious webpage.  The vulnerability…

AI Risks, Critical Vulnerabilities, and Data Breaches Define This Week in Cybersecurity

Major Threats & Vulnerabilities Critical Software and Platform Flaws A SQL injection flaw in Elementor’s Ally accessibility plugin exposed over 400,000 WordPress sites to potential data theft. The vulnerability stemmed from improper input sanitization, allowing attackers to extract sensitive database information. Administrators should update immediately to the patched version. Microsoft’s March Patch Tuesday addressed a…

CVE-2026-3910: Chrome V8 Zero-Day Used for In-the-Wild Attacks

Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been released, fixing two more flaws already exploited in the wild, CVE-2026-3910 in Chrome’s V8 JavaScript and WebAssembly engine and CVE-2026-3909, an out-of-bounds write bug…

Beyond File Servers: Securing Unstructured Data in the Era of AI

File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer central to operations. They still appear important on paper: legacy project shares with strict permissions, legal drives with structured folders, and network areas…

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks before victims suspect anything is wrong. The group pushes spoofed websites to the top of results for queries such as “Pulse VPN download” or “Pulse Secure client,” redirecting users…

Building Trust in AI SOC Analyst Solutions: A UK and EU CISO Perspective

By Brett Candon, VP International at Dropzone AI Trust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data‑protection frameworks shape far more than legal risk, they directly influence architectural decisions, supplier selection, and how security data can be accessed, processed…

How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS

As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their…

Report: AI Accelerates Attacks on Trusted Identities

A recent report from ConnectWise found that attackers are increasingly exploiting trusted identities, along with remote access infrastructure and software supply chains, while AI continues to accelerate in speed and scale. 2026 MSP Threat Report shows trusted identities and legitimate tools are top targets The research, ConnectWise’s 2026 MSP Threat Report, provides global threat intelligence…

SurePath AI Announces New MCP Policy Controls

Security and governance platform SurePath AI recently announced MCP Policy Controls to provide real-time controls over which MCP servers and tools are allowed to be used. MCP presents a new attack surface and security challenges These new controls are designed to assist organizations in adopting MCP, ensuring safety, visibility, and safeguards from day one. MCP…

Iran-Linked Hacktivists Claim Wiper Attack on Stryker Systems

A cyberattack has disrupted global operations at medical technology manufacturer Stryker, forcing employees in multiple countries offline and cutting access to core corporate systems.  The incident, which began March 11, triggered widespread outages across the company’s Microsoft environment and left staff temporarily unable to access internal applications and devices.  “When a company the size of…

MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection 

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts,…

AI use is changing how much companies pay for cyber insurance

In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The system, developed by Paradox.ai, featured a rookie-level security flaw: the backend for restaurant operators accepted “123456” as both username and password, and lacked multi-factor authentication. As a result, the personal…

“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner

Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen. Pressmaster | shutterstock.com Eine neue Technik mit dem Namen „Zombie ZIP“ ist in der Lage, Payloads in komprimierten Dateien zu verbergen. Sicherheitslösungen wie Antiviren- und EDR-Produkte (Endpoint Detection and Response) können sie nicht entdecken, denn die digitalen Untoten wurden speziell geschaffen, um die Security zu umgehen.…

Resumés with malicious ISO attachments are circulating, says Aryaka

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails. The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It’s delivered through recruitment channels, and hosted on…

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day…

AWS expands Security Hub for multicloud security operations

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments. With the updated Security Hub, the company said it will introduce a unified operations layer that provides security teams with near real-time risk analytics, automated analysis, and prioritized insights. As enterprise…

Overly permissive ‘guest’ settings put Salesforce customers at risk

Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Salesforce environments. The group recently posted screenshots on its leak site claiming breaches of “several hundreds” of organizations, including around 400 websites and roughly 100 “high profile…

Did cybersecurity recently have its Gatling gun moment?

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of kinetic battles. The later named “Siege of Petersburg,” was the first recorded instance of the Gatling gun being used in battle.…

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on…

OPSWAT delivers AI-powered perimeter defense with unified zero-day verdicts

OPSWAT has introduced MetaDefender Aether, an AI-powered decision engine for fast zero-day detection, purpose-built for the perimeter. Unlike sandbox or antivirus solutions designed for endpoint protection, MetaDefender Aether intercepts files at every entry point, e.g. file transfers, removable media, email attachments, cloud storage, and web traffic, to detect unknown threats before they reach users, devices,…

12 ways attackers abuse cloud services to hack your enterprise

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic. Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists. The shift from “living off the land” to “living off the…

March Patch Tuesday: Three high severity holes in Microsoft Office

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…

Fake OpenClaw npm Package Installs GhostClaw Malware

A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT).  The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation.  Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…

Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

Microsoft addressed 83 vulnerabilities that cut across its broad portfolio of enterprise software and underlying services in its latest security update. The company’s Patch Tuesday release contained no actively exploited zero-day vulnerabilities and six defects it described as more likely to be exploited.  The vendor’s batch of patches marks the first monthly update without an…

Attackers exploit FortiGate devices to access sensitive network information

Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…

Teams Social Engineering Campaign Drops A0Backdoor Malware

Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor.  Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…

Fortinet enhances SecOps with cloud SOC, AI automation, and managed services

Fortinet has announced major innovations across the Fortinet Security Operations (SecOps) Platform. The updates feature next-generation SecOps advancements, including expanded agentic AI capabilities, a preview of FortiSOC, managed services, and endpoint security enhancements delivered through FortiEndpoint. “As attackers weaponize AI to accelerate reconnaissance, exploit development, and social engineering, security operations must function with the same…

AWS Security Hub is expanding to unify security operations across multicloud environments

After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex mix of environments, including on-premises infrastructure, private data centers, and multiple clouds, often with tools that were never designed to work together. The result is enterprise security teams spend more time managing tools…

There’s only one kind of tool security teams should be building with AI

I am not sure what I’ve been doing on social media over the past year (particularly on LinkedIn), but these days my feed is filled with posts of security people who build some very cool tools. There’s so much excitement that with LLMs, anyone can now be a product developer, which means that security teams…

Fake Claude Code Install Pages Spread Infostealer Malware

Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages.  Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant.  The attackers are using cloned websites and malicious search advertisements…

HR, recruiters targeted in year-long malware campaign

An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have managed to keep their activity largely under the radar. “We currently lack telemetry…

Threat actors use custom AuraInspector to harvest data from Salesforce systems

Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool to exploit misconfigurations and access sensitive data. Salesforce CSOC warns that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool. AuraInspector is an open‑source command‑line tool released by Google/Mandiant to audit Salesforce Aura and Experience…

OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…

No, it’s not ‘unnecessarily burdensome’ to control your own data

According to a recent report, the State Department sent a cable urging U.S. diplomats to oppose international data sovereignty regulations like GDPR, characterizing these guardrails as “unnecessarily burdensome.”  In the cable, the State Department claims that data sovereignty regulations “disrupt global data flows, increase costs and cybersecurity risks, limit Artificial Intelligence (AI) and cloud services, and…

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22054 (CVSS score of 7.5) Omnissa Workspace ONE…

Malicious Chrome Extension Targets imToken Wallet Users

A malicious Chrome extension disguised as a harmless color visualization tool is quietly redirecting users to phishing pages designed to steal cryptocurrency wallet credentials.  Socket researchers warn that the extension impersonates the popular imToken wallet brand and tricks victims into entering their seed phrases or private keys. The “… extension automatically opens a threat actor-controlled…

AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams

A flaw in the open-source AVideo platform requires no authentication and allows attackers to remotely execute commands and take over affected servers. Exploitation of the vulnerability “… can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption,” said researchers. Inside the AVideo Server Takeover Risk AVideo is an…

CleanMyMac Imposter Site Installs SHub Stealer on Macs

A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer.  This malware steals “… sensitive data including saved passwords, browser…

Why MSPs Should Focus on Managed Patch Management in 2026

In 2026, patch management is more critical than ever as organizations face a rapidly evolving threat environment. AI-driven attacks have increased both the volume and sophistication of exploits, making vulnerabilities easier and faster for threat actors to weaponize.  As a result, MSPs and internal IT teams alike must implement effective patch management strategies to keep…

We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.

Flights canceled. Emergency rooms shut down. Centuries-old companies shuttered. Ransomware and other similar cyberattacks have become so routine that even those serious human and economic consequences are often overlooked or easily forgotten. This lack of focus is dangerous. As former leaders of FBI and CISA cyber units, we’ve seen cybercrime ripple through communities – disrupting…

PQC roadmap remains hazy as vendors race for early advantage

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent. That posture is beginning to shift. Earlier this year, Palo Alto Networks published a blog announcing a new “quantum-safe security” initiative, framing it as a way for enterprises to assess where quantum-vulnerable cryptography exists across…

Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen. mycteria – shutterstock.com Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist. Der jährliche Red-Teaming-Bericht von Picus…

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management…

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

WordPress Plugin Flaw Lets Attackers Create Admin Accounts

A vulnerability in a popular WordPress membership plugin could allow attackers to create administrator accounts and completely take over affected websites.  The flaw affects the User Registration & Membership plugin and enables unauthenticated attackers to bypass security controls during the account registration process.  This vulnerability allows “… unauthenticated attackers to create administrator accounts by supplying…