Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the…
Category: Global Security News
AI, Global Security News, Russia
Authorities seize 800 servers used for cyberattacks and disinformation
Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seized by Dutch authorities (Source: FIOD) The Dutch Fiscal Information and Investigation Service (FIOD) arrested a 57-year-old man…
Global Security News
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). […]
AI, Apps, Endpoint, Global Security News, Risk Management
AI security needs a shift from models to systems, researchers argue
Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly misaligned with how autonomous agents actually operate inside enterprise environments. The paper argues that enterprises should…
AI, china, Compliance, Europe, Global Security News, Network Security, Risk Management
DeepSeek’s steep V4-Pro price cut escalates AI pricing war
Chinese AI startup DeepSeek has announced a steep price cut for its recently launched flagship AI model, V4-Pro. The company has reduced pricing for the model by 75%, just a month after unveiling the V4 generation, which includes V4 Pro and V4 Flash. Earlier, usage costs ranged from $0.0145 for one million tokens (cache hit)…
AI, Exploits, Global Security News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read…
AI, Apps, Global Security News, Risk Management
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI, a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfile analysis, is positioning itself around a simple idea. Developers should see dependency risks while they are…
Cybersecurity, Global Security News, Government & Policy, Risk Management
US states step up cyber defenses to protect local communities
U.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber corps programs to reduce costs, strengthen the local workforce, and improve cyber resilience. Cyber defense programs in…
AI, Global Security News
Q&A: How video helps build robot brains for physical AI
Robots could well be the next trillion-dollar tech opportunity, in no small part thanks to AI. Not surprisingly, that’s led to race by a variety of robotics companies to build industrial and humanoid robots to help (or replace) humans. And to help orient those devices visually in the real world, robot brains are being fed Youtube…
AI, Cybersecurity, Global Security News, Network Security
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because…
Global Security News, Network Security, Russia
Netherlands Busts Bulletproof Hosting Network Linked to Disinformation and Cybercrime
Dutch authorities arrested two suspects after dismantling a bulletproof hosting network linked to cybercrime, disinfo, and Russian sanctions evasion.
AI, Apps, Endpoint, Exploits, Global Security News
Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning
A zero-click attack targeting iPhones on iOS 16 hijacked WhatsApp accounts without linked devices, warnings, or user interaction. There is a particular kind of security incident that is harder to explain than most: your WhatsApp account is sending messages you did not write, asking your contacts for money transfers, and when you check the “Linked…
AI, Global Security News
Pope Leo Compares AI Threat to Biblical ‘Tower of Babel’
The head of the Catholic church is adding his moral suasion to a growing backlash against the impact of artificial intelligence.
AI, Cybersecurity, Global Security News, malware
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. “DPAPILoader decrypts and
AI, Global Security News
FBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth Tokens
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
AI, Data Security, Europe, Global Security News, Network Security
Microsoft Multiparty Private Offerings Available in 30 European Countries
Microsoft has continued to make investments in Microsoft Marketplace. And starting May 27, 2026, multiparty offers in Marketplace will be available across 30 European countries. Through this expansion, partners will be able to collaborate more easily on deals, simplify transactions, and scale across borders. Starting July 15, Microsoft will expand its offerings to Australia, Japan,…
AI, Cybersecurity, Exploits, Global Security News
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how
Global Security News
Visibility with EDR/MDR is still important, ‘the basics’ are impossible, and the news – Rob Allen – ESW #460
AI, Europe, Global Security News, Government & Policy, Network Security, Russia
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch financial crime investigators arrested two men and seized 800 servers connected to Stark Industries, a hosting provider accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities said the suspects supported Russian and…
AI, Global Security News, Government & Policy, Risk Management
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” said Christy Wyatt, CEO of security…
AI, Global Security News, malware
FBI director Kash Patel’s brand website taken offline after malware reports
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was…
AI, Global Security News, malware
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves…
Global Security News
Huawei Says It Has Workaround to Match Leading Chips
The Chinese tech juggernaut says it can match cutting-edge Intel semiconductors by 2031.
Data Breaches, Global Security News
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are a few must read reports that I have on my reading list for each year and the Verizon…
AI, Apps, Global Security News
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of those harnesses can run. OpenHack is a set of agents and…
AI, Global Security News, Risk Management
Boards want cyber risk in dollars, not CVE counts
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks through a three-step financial translation framework. First, identify business exposure…
AI, Global Security News, privacy, Risk Management
Turns out the C-suite loves shadow AI
Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level.…
Data Breaches, Global Security News
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
A hacker is selling a 340M OnlyFans user database allegedly built by matching old breach data and public profiles to real OnlyFans accounts.
AI, Global Security News
Meet Mark Zuckerberg’s Right-Hand Man Who’s Unleashing AI at Meta
Andrew Bosworth, Meta’s outspoken chief technology officer, has a new mission: transforming the company’s workforce using AI.
Global Security News
Wireshark 4.6.6 Released, (Sun, May 24th)
Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs. For WIndows, Npcap is updated to version 1.88. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Exploits, Global Security News
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. […]
AI, Global Security News
How AI Talks People Out of Conspiracy Theories—and What We Can Learn From That
Research shows that the key is to clearly explain relevant facts. That isn’t always easy to do.
AI, Global Security News
Musk Dreams of Interplanetary Profit
Plus, voice-powered writing in Google Docs, the coming “vibe slop” crisis, the rising AI backlash and Apple’s success with imperfect chips.
AI, Global Security News, malware, Network Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is…
Global Security News
SpaceX’s IPO Is a Bet Gravity Doesn’t Apply to Elon Musk
To launch the biggest offering ever, the space baron is drawing on his real power: everyday investors.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Funding, Global Security News, Network Security
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap. Anthropic announced on Friday that Project Glasswing, its defensive cybersecurity initiative built around Claude Mythos Preview, has uncovered more than 10,000 high- or critical-severity vulnerabilities in the month since the program went live. The number is…
AI, Data Breaches, Exploits, Global Security News
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. Earbud sensors can authenticate users by their heartbeat, study…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
AI, Global Security News
Weekly Update 505
Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made, and I posited that groups like this often go…
AI, Global Security News, malware
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. […]
AI, Global Security News
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor…
AI, Exploits, Global Security News, Government & Policy, Risk Management
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…
AI, Global Security News
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that…
AI, Global Security News, Venture
Venture Capitalist John Doerr Says AI Is the Biggest Tech ‘Tsunami’ Ever
The well-known venture capitalist who bet on Google says that the AI revolution is, if anything, underhyped.
Global Security News
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. […]
AI, Data Breaches, Endpoint, Global Security News, Risk Management
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…
AI, Global Security News
His Chatbot Nearly Ruined Him. To Recover, He Had to Destroy It.
Unrequited love drove a 57-year-old man to an AI. Delusions of grandeur followed.
AI, Cybersecurity, Global Security News
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set…
Cybersecurity, Global Security News
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.
AI, Cybersecurity, Global Security News
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags
AI, Exploits, Global Security News, Government & Policy, malware, Russia
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
Exploits, Global Security News
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. “Any cPanel user (including an attacker or a compromised account)…
Cybersecurity, Exploits, Global Security News
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. “Drupal Core
AI, Global Security News, malware
An Example of Stack String in High Level Language, (Sat, May 23rd)
This week, I’m attending the SEC670[1] training (“Red Teaming Tools – Developing Windows Implants, Shellcode, Command and Control”). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it addresses malware from the opposite: Instead of performing reverse engineering, you write malicious code! Always interesting to have another point…
Global Security News
In India, You Can Get Milk Delivered Faster Than It Takes to Make Coffee
Amazon is racing Indian startups to deliver groceries to customers in minutes. The secret sauce is micro-warehouses.
AI, china, Global Security News
David Sacks’s 11th-Hour Plea Led to Trump’s Backtrack on AI Executive Order
President Trump postponed signing an order on the dangers posed by artificial intelligence after an adviser warned that industry guardrails could slow down U.S. models in the race against tools from China.
AI, Exploits, Global Security News, privacy
Google leaks details for Chromium bug that can turn browsers into bots
Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more. The vulnerability…
AI, Global Security News
SpaceX Launches 400-Foot Rocket That Will Help Define Its Future
The company blasted off a new version of Starship, the vehicle Elon Musk is counting on for Starlink, AI satellites and more.
AI, Compliance, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
Data Sanitization Challenges Are Increasing in the AI Era
Data sanitization has long played an important role in protecting sensitive information, but growing data volumes and stricter compliance requirements are making secure end-of-life data management more critical than ever. The 2026 State of Data Sanitization Report by Blancco highlights growing concerns among organizations regarding data privacy, regulatory pressure, and end-of-life device management. The report…
Global Security News
Ubiquiti patches three critical vulnerabilities in UniFi OS
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing underlying system files, and command injection attacks, respectively.
AI, Global Security News
Cisco warns of AI inaccuracies in security incident reports
Cisco’s research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different data for each query and producing slightly different outcomes even with the same data.
Global Security News
Organizations knowingly ship vulnerable code amid shrinking exploit windows
New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable.
Global Security News, malware
Kash Patel’s merchandise site hacked to distribute malware
The attack on Based Apparel, reportedly an attempt to distribute infostealer malware designed to steal user credentials, was first brought to light by a user on X.
Global Security News
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet… – SWN #583
Apps, Cybersecurity, Global Security News
Zscaler acquires Symmetry Systems to enhance AI security
The acquisition of Symmetry Systems is expected to bolster Zscaler’s cybersecurity offerings, particularly in protecting artificial intelligence applications.
Global Security News
Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures
Ghostwriter, also known as UAC-0057 and UNC1151, employs a multi-stage attack.
Global Security News
Middle East malicious infrastructure report highlights concentration of C2 servers
The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems.
Global Security News
Former executives plead guilty in global tech support fraud scheme
Former CEO Adam Young and former CSO Harrison Gevirtz admitted to a misprision of a felony charge. They operated C.A. Cloud Attribution, Ltd. between early 2017 and April 2022, providing services to customers known to be engaged in telemarketing and tech support fraud scams.
Global Security News
Dutch authorities arrest two in connection with sanctioned web hosting company
The Dutch financial crime investigators (FIOD) arrested a 57-year-old company director and a 39-year-old who headed a separate firm providing internet connectivity.
AI, Apps, Global Security News, malware
FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday. The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims…
Exploits, Global Security News
You can now nominate vulnerabilities for CISA’s KEV with this form
CISA seeks to engage the wider community to more quickly identify active exploitation.
Global Security News
Trump Mobile confirms exposure of customer data
Chris Walker, a spokesperson for Trump Mobile, stated that the company is investigating the exposure and has not found evidence of financial information being compromised.
Global Security News
CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog
The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw in Trend Micro Apex One (on-premise) with a CVSS score of 6.7.
Global Security News
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords.
AI, Cybersecurity, Global Security News
The Patching Race Was Already Lost. AI Just Made It Obvious.
AI just rewrote the offensive economics of finding and weaponizing vulnerabilities. Most peers I’m talking to, and most vendor write-ups I’m reading, already get that patching alone isn’t enough. Yet patching still tends to land near the top of most response lists, and from what I’ve seen in the past 30 years, it’s the part…
Global Security News
Cisco patches critical 10.0 flaw in Secure Workload APIs
Cisco patches critical 10.0 API flaw in Secure Workload platform.
AI, Cybersecurity, Global Security News
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account. The scam works…
AI, Cybersecurity, Global Security News
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account. The scam works…
Europe, Global Security News, Network Security
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation…
AI, Global Security News
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. […]
AI, Global Security News, Risk Management
Meta says goodbye to those who won’t use AI
Meta is the latest company to trim its workforce as a result of the growing use of AI within the industry. The company laid off 8,000 employees earlier this week, while also moving 7,000 more to AI-focused roles. “AI is the most consequential technology of our lifetimes,” Zuckerberg said in a memo that he sent…
AI, Europe, Global Security News, Government & Policy, privacy, Russia
Police take down VPN service (this time with a good reason)
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it…
AI, Europe, Global Security News, Government & Policy, privacy, Russia
Police take down VPN service (this time with a good reason)
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it…
AI, china, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management, Russia
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain…
AI, APAC, Apps, Exploits, Global Security News, Network Security, Risk Management
The AI that cracked Apple Silicon is only the beginning
A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI…
AI, Global Security News, Government & Policy
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government
AI, Global Security News, Risk Management
Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
Discover how Cisco is evolving its vulnerability disclosure practices. We are leveraging AI to prioritize high-risk security issues, helping customers focus on critical patching and remediation efforts.
AI, APAC, Apps, Global Security News, Risk Management
LG Launches PRO Services to Simplify DVLED Rollouts for Partners
LG Electronics USA’s commercial display division has launched LG PRO Services, a new “manufacturer-backed” installation service for its Direct View LED (DVLED) portfolio. The service covers fixed-price All-in-One DVLED models as well as cabinet-based indoor DVLED solutions, expanding LG’s role beyond hardware to help partners plan, deploy, and scale display projects with greater confidence. Addressing…
Global Security News
Execs Are Deploying Digital Twins to Do Their Work
Plus, what it’s like to use an e-hiking exoskeleton and how ground drones are revolutionizing warfare.
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
AI, Global Security News
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.
Global Security News
Former US execs plead guilty to aiding tech support scammers
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. […]
Global Security News, malware
Facebook scam targets users over 40 with fake Aldi meat box offers
Malwarebytes has identified a phishing scheme circulating on Facebook that preys on individuals aged 40 and above.
AI, Cybersecurity, Global Security News, Government & Policy
State officials urge Congress to reauthorize cybersecurity grant program
State officials emphasized that the State and Local Cybersecurity Grant Program (SLCGP) provided essential aid to local governments, many of which lack dedicated cybersecurity staff and resources.
AI, Global Security News, Government & Policy, Risk Management
Microsoft, EY to spend $1 billion on helping customers buy agentic AI
Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years. The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said. “We’re…
AI, Global Security News
7 identity security best practice for the Agentic AI era
Here’s how to harden the teams identity security to defend against the rising tide of AI agents.
AI, Global Security News, Risk Management
Workday extends Sana AI to ITSM after HR, finance
Workday conversational AI platform Sana for Workday is now ready to talk about IT Service Management (ITSM) automation as part of the company’s broader effort to help enterprises streamline workflows, especially across HR and finance, with autonomous AI agents. The new Sana for ITSM capabilities are intended to automate workflows for employee on- and offboarding,…
AI, Global Security News
Trapdoor ad fraud campaign used hundreds of Android apps
The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store.