Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Trump’s cyber strategy emphasizes offensive operations, deregulation, AI

The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center of US policy. Developed by the Office of the National Cyber Director (ONCD), the strategy emphasizes disrupting adversaries, deregulating industry, and accelerating the adoption of artificial intelligence while…

The long-awaited Trump cyber strategy has arrived

President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five…

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

WordPress Plugin Flaw Lets Attackers Create Admin Accounts

A vulnerability in a popular WordPress membership plugin could allow attackers to create administrator accounts and completely take over affected websites.  The flaw affects the User Registration & Membership plugin and enables unauthenticated attackers to bypass security controls during the account registration process.  This vulnerability allows “… unauthenticated attackers to create administrator accounts by supplying…

Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater  (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…

FBI Arrests Suspect in $46M U.S. Marshals Crypto Theft

A suspect accused of stealing more than $46 million in cryptocurrency linked to assets managed by the U.S. Marshals Service (USMS) has been arrested in an international law enforcement operation. The suspect, identified as John Daghita, was apprehended Wednesday on the Caribbean island of Saint Martin.  “Last night, John Daghita – a U.S. government contractor…

Gov’t IT spending seen as key to building Europe’s tech ecosystem

As more European organizations reconsider their reliance on US technology suppliers amid rising geopolitical and trade tensions, public sector organizations are leading the way in a potential shift to local tech providers.  The German state of Schleswig-Holstein is moving tens of thousands of employees from Microsoft apps Office, Windows and Exchange to open-source alternatives, for…

How AI-Driven Governance Is Changing Enterprise Cybersecurity

In this post, I will talk about how AI-Driven governance is changing enterprise cybersecurity. Cybersecurity has traditionally focused on protecting networks from unauthorized access. Organizations deployed firewalls, monitoring tools, and endpoint protection systems to detect threats once attackers attempted to breach infrastructure. However, modern cyber threats have become far more sophisticated. Attackers now rely on…

AWS-LC Flaws Could Bypass Certificate Verification

Amazon AWS has disclosed several vulnerabilities in AWS-LC, its open-source cryptographic library.  The issues include flaws that could allow certificate verification to be bypassed and weaknesses that may expose encryption timing information.  One of the vulnerabilities, CVE-2026-3338, “allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes,” said AWS in…

FBI Investigates Suspicious Activity in Surveillance Platform

The Federal Bureau of Investigation (FBI) is investigating suspicious cyber activity involving systems used to process surveillance and wiretap warrants, raising concerns about the security of highly sensitive law enforcement infrastructure.  Although officials say the issue has been contained, the incident highlights the growing cyber risks facing government networks that store and manage critical investigative…

FBI wiretap system tapped by hackers

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…

FBI wiretap system tapped by hackers

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…

CyberProof 2026 Report Warns of Rising Identity and AI Cyberattacks

The global cyber threat landscape shifted in 2025, as attackers increasingly abandoned complex malware in favor of faster, more scalable tactics centered on identity compromise, AI-driven automation, and SaaS ecosystem abuse.  According to the CyberProof 2026 Global Threat Intelligence Report, attackers are no longer focused on breaking through network perimeters.  Instead, they are logging in…

China announces new plans to take US industry head on

China has unveiled ambitious plans to compete with the US on emerging technologies by increasing funding for start-ups. The Chinese government said it wanted the digital economy to account for 12.5% of gross domestic product by 2030, a significant increase on the 10.5% share reported last year. Chinese Premier Li Qiang told the National People’s…

Channel M&A Roundup: February 2026 Consolidation Trends

During the month of February, the channel witnessed several key acquisitions and a couple of mergers aimed at increasing revenue and supporting partners. Among the moves are acquisitions by 11:11 Systems, Scale Computing, and Proofpoint, which continue to pursue strategic acquisitions to grow their businesses and expand their services. Proofpoint acquires Acuvity Cybersecurity and compliance…

Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.…

LevelBlue Launches Exposure Management for MSSPs with Tenable

LevelBlue is expanding its managed security portfolio for the channel with a new exposure management offering designed to help MSSPs and MSPs deliver deeper visibility into cyber risk across modern IT environments. The Dallas-based managed security provider announced Exposure Management for Partners, a new capability built in partnership with cybersecurity vendor Tenable.  The offering expands…

Iran-linked APT targets US critical sectors with new backdoors

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by Seedworm Symantec and Carbon Black researchers have attributed the activity to Seedworm (aka MuddyWater), an…

Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer

Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows…

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies’ networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It’s affiliated with…

Iran-nexus APT Dust Specter targets Iraq officials with new malware

A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…

Teenage hacker myth primed for a middle-age criminal makeover

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange Cyberdefence. The Orange Group’s cybersecurity unit analysed 418…

U.S. CISA adds Apple, Rockwell, and Hikvision  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 (CVSS score of 8.8) Apple Multiple products Use-After-Free Vulnerability CVE-2017-7921 (CVSS…

Challenges and projects for the CISO in 2026

Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when —…

Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow

Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 observed in 2023, the number increased from 78 in 2024, with…

Zero-day exploits hit enterprises faster and harder

Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies such as security appliances, VPNs, networking devices, and enterprise software platforms. “Increased exploitation of security and networking…

Western governments lay the groundwork for secure 6G networks

Governments are preparing for 6G, the next generation of mobile networks, placing security and resilience among their top priorities. In response, seven countries participating in the Global Coalition on Telecoms (GCOT) have introduced a set of 6G Security and Resilience Principles, developed with support from industry partners. The coalition brings together the governments of the…

FBI targeted with ‘suspicious’ activity on its networks

The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to…

AI Won’t Fix Cybersecurity Burnout

Artificial intelligence was supposed to relieve security teams drowning in alerts, threats, and operational complexity.  New research from Seemplicity suggests the opposite may be happening.  The study found that cybersecurity leaders remain committed to the field but are increasingly working longer hours, managing new governance responsibilities, and developing non-technical skills to operate in AI-driven environments.…

Cisco SD-WAN Manager Vulnerabilities Actively Exploited

Cisco is warning customers that attackers are actively exploiting multiple vulnerabilities affecting its Catalyst SD-WAN Manager platform. The software serves as a centralized management console used to monitor and control large distributed SD-WAN deployments.  These vulnerabilities “… could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information,…

Phobos ransomware leader pleads guilty, faces up to 20 years in prison

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He…

Cisco Firewall Management Flaw Enables Remote Code Execution

Cisco has reported a vulnerability in its Secure Firewall Management Center (FMC) software that could allow attackers to remotely execute code and take full control of affected systems.  The flaw does not require user interaction or authentication. “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface…

Cisco reveals 2 max-severity defects in firewall management software

Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices. The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC)…

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a suspected Russian espionage group and then by Chinese cybercriminals, highlighting what researchers describe as an active secondary market for high-end zero-day exploits. “How this proliferation occurred is unclear,…

Coruna iOS Exploit Kit Compromises Thousands of iPhones

An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance operations to espionage and financial crime.  Google’s Threat Intelligence Group (GTIG) identified Coruna, a powerful exploit kit containing 23 vulnerabilities across five exploit chains that were used to compromise thousands of iPhones throughout 2025. “The core technical value of…

Lack of regulatory action on hyperscaler dominance prompts inquiry chair to quit

Delays in regulatory action to deal with imbalances in the market for cloud services has prompted the resignation of the chair of an inquiry into the market. Companies deploying cloud services are being hampered by the dominance of Microsoft Azure and Amazon Web Services, a situation exacerbated by the glacial pace in which the UK’s…

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta,…

Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules  

February brought another round of major detection improvements across ANY.RUN’s threat intelligence and sandbox coverage. Alongside new Threat Intelligence reports, our analysts expanded behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.  Let’s take a closer look at the updates delivered this month.  Threat Intelligence Reports …

SIEM vs Log Management: Observability, Telemetry, and Detection

Security teams are no longer short on data. They are drowning in it. Cloud control plane logs, endpoint telemetry, identity events, SaaS audit trails, application logs, and network signals keep expanding, while the SOC is still expected to deliver faster detection and cleaner investigations. That is why SIEM vs log management is not just a…

Why Digital Identity Is Becoming the Backbone of Cybersecurity

In this post, I will show you why digital identity is becoming the backbone of cybersecurity. Cybersecurity used to focus primarily on protecting networks, devices, and software from unauthorized access. Firewalls, antivirus programs, and intrusion detection systems formed the first line of defense for businesses and organizations. While these tools remain essential, the nature of…

State-affiliated hackers set up for critical OT attacks that operators may not detect

Several state-linked threat groups known for breaking into operational technology (OT) networks have shifted their focus over the past year from gaining and maintaining access to actively mapping out ways to disrupt physical industrial processes. The shift poses a significant threat because fewer than one in 10 OT networks have monitoring in place to detect…

14 old software bugs that took way too long to squash

In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old — and there was no patch available, and no expectation that one would be forthcoming. Fortunately, that’s because the…

Microsoft leads takedown of Tycoon2FA phishing service infrastructure

The infrastructure hosting the Tycoon2FA service, which Europol said was among the largest phishing operations worldwide, has been taken down by a coalition of IT companies and law enforcement agencies. At least temporarily, this removes access to one more tool for evading multifactor authentication defenses from threat actors. Europol, which coordinated the operation, said Wednesday…

Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)

[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program] The internet is under constant, automated siege.  Every publicly reachable IP address is probed continuously by bots and scanners hunting for anything that can be exploited or retrieved. It’s not because there is a specific target, but…

How a cybersecurity boss framed his own employee

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling…

Cisco fixes maximum-severity Secure FMC bugs threatening firewall security

Cisco patched two critical Secure FMC vulnerabilities that could let attackers gain root access to managed firewalls. Cisco addressed two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) that could allow attackers to gain root access. Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls. It lets administrators configure,…

Perplexity Comet Browser Bug Leaks Local Files via AI Prompt Injection

A newly disclosed attack against Perplexity’s AI-powered Comet browser shows how agentic browsers can be manipulated into leaking sensitive data directly from a user’s machine.  Zenity Labs researchers demonstrated a zero-click attack that tricks the browser’s AI agent into reading local files and sending their contents to an attacker-controlled server. The attack “… results in…

Automate or orchestrate? Implementing a streamlined remediation program to shorten MTTR

Security teams want lower MTTR, but flaws persist. How to use automation vs. orchestration to reduce risk effectively? Almost all security teams want to reduce their Mean Time to Remediate (MTTR). And for good reason: research from 2024 found that it takes an average of 4.5 months to remediate critical vulnerabilities. The problem is that…

February 2026 Recap: Channel Sees New Hires in a Variety of Roles

January saw a flurry of organizations hiring for the new year, including many CEOs. So many, in fact, that it required a Part 1 and Part 2. February’s leadership changes include several impactful hires from organizations such as QuSecure, Syncro, ConnectWise, and KnowBe4. Channel Insider takes a look around the channel each month to round…

The 10-hour problem: How visibility gaps are burning out the SOC

Security teams aren’t drowning because the threats improved. They’re drowning because the visibility got worse. The October 2025 commissioned Forrester Consulting study conducted on behalf of NETSCOUT surfaces a problem that every analyst already knows: 61% of survey respondents say their analysts spend more than ten hours a week in the “analyze” phase alone. This isn’t…

MS-Agent Flaw Enables Remote Code Execution via AI Agents 

A vulnerability in an AI automation framework could allow attackers to take complete control of systems running the software.  Security researchers have identified a command injection flaw in the ModelScope MS-Agent framework that could enable remote code execution through crafted prompt input, exposing organizations that deploy AI agents with operating system access. “The real issue…

Attackers are using your network against you, according to Cloudflare

Cloudflare’s inaugural threat intelligence report identifies a series of weaknesses in technology that attackers have abused and industrialized into professional “attack factories,” leaving most organizations unprepared to respond.  Attackers are turning the very services victims deploy and pay for into tools for launching large-scale attacks. Researchers say the barrier to entry has vanished, as identities…

Tufin’s AI-powered tools simplify network security operations

Tufin announced its latest AI-powered innovations, enabling customers to utilize its Unified Control Plane to accelerate issue resolution, reduce operational friction, and limit risk – even as network complexity continues to grow. Security teams face pressure to move faster while maintaining a secure network environment. The complexity of the network makes it harder and harder…

Iranian cyberattacks fail to materialize but threat remains acute

Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…

Iranian cyberattacks fail to materialize but threat remains acute

Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…

MSPs Turn to AI Ops to Scale Securely in 2026

AI has shifted from experimental add-on to operational backbone for managed service providers.  As service complexity rises, ransomware targets identity and backup layers, and margins tighten, MSPs are embedding AI directly into security, service desk, and backup platforms to automate detection, accelerate response times, and preserve profitability. James Griffin, CEO of CyberSentriq, shares his thoughts…

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…

Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution

February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques.  From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat…

Anthropic AI ultimatums and IP theft: The unspoken risk

Two recent high-profile events concerning Anthropic’s Claude AI underscore a little-discussed risk at the heart of the enterprise’s rush to capitalize on leading AI capabilities. The first incident involved a China-based extraction campaign against Anthropic’s intellectual property. The second was the Trump administration’s banning of Claude for federal use after the company resisted US demands…

U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-22719 (CVSS…

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity

Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…

Ariomex, Iran-based crypto exchange, suffers data leak

Resecurity says Iran’s Ariomex crypto exchange suffered a data leak exposing user and transaction data from 2022 to 2025. Resecurity (USA) reports that Ariomex’s database, one of Iran’s cryptocurrency exchange platforms, suffered a data leak. The report published by the cybersecurity company presents the findings of a structured analysis of the leaked database, which contains…

Alabama Sextortion Case Involved Hundreds of Victims

A 22-year-old Alabama man has pleaded guilty to federal charges after hijacking the social media accounts of hundreds of young women and extorting them with stolen intimate images.  Between 2022 and 2025, Jamarcus Mosley used impersonation tactics to seize control of victims’ Snapchat and Instagram accounts, then threatened to publish private photos unless they complied…

UK Warns of Heightened Iranian Cyber Risk as Middle East Conflict Intensifies

The United Kingdom’s National Cyber Security Centre (NCSC) is urging British organizations to brace for potential Iranian-linked cyber activity as tensions escalate in the Middle East.  While officials say there is no confirmed spike in direct attacks against the UK, they caution that the situation could shift rapidly.  “There is almost certainly a heightened risk…

$5M Microsoft Activation Key Fraud Ends in Prison Term

A Florida woman has been sentenced to 22 months in federal prison for running a years-long scheme that trafficked thousands of illicit Microsoft software activation keys.  Heidi Richards, who operated Trinity Software Distribution, was also ordered to pay a $50,000 fine after pleading guilty to charges tied to the resale of Microsoft Certificate of Authenticity…

Identity Security Blind Spots Fuel Modern Attacks

Many organizations believe they have identity security under control.  New data from Permiso’s State of Identity Security Report suggests that confidence is increasingly misplaced — right as identity becomes the dominant attack vector in cloud environments. “92% percent of organizations have AI agents in production accessing sensitive data, and those agents are creating identities without…

Cloudflare tracked 230 billion daily threats and here is what it found

Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress. Cloudflare’s threat research unit, Cloudforce One, published its inaugural cyber threat report 2026, covering activity observed through 2025…

Anthropic won’t kill cyber, but it will kill some companies

Over the past several weeks, social media has been exploding with predictions that “cyber is dead”. It doesn’t take much insight to jump on that bandwagon, as Anthropic’s announcement of Claude Code Security indeed sent the cybersecurity public market into turmoil, with some companies losing as much as 20% of their market cap. Contrary to…

$100 radio equipment can track cars through their tire sensors

When people consider what might track their movements, they think of smartphone apps, GPS services, or roadside cameras. The tires of a new car rarely enter that equation. Researchers at IMDEA Networks Institute, together with European partners, found that Tire Pressure Monitoring System (TPMS) sensors inside each wheel broadcast unencrypted wireless signals containing persistent identifiers.…

Enigma AI enables internal trust governance to asset-to-asset communications

Enigma Networks has announced the general availability of its Internal Trust Governance platform, Enigma AI, which continuously determines and validates which communications are necessary and safe across enterprise networks. Just as identity and access management (IAM) governs trust for users, Enigma AI governs trust between internal systems and assets, introducing a new control plane for…

Cato integrates native, behavior-based auto-adaptive threat prevention into its SASE platform

Cato Networks has announced an auto-adaptive threat prevention engine within its SASE platform, enabling enterprises to proactively block advanced threats that use legitimate tools and targets. Cato Dynamic Prevention continuously evaluates activity in full context, correlating signals from across Cato’s sensors over months of activity. Once malicious behavior is identified, Cato automatically adapts and enforces…

DataDome Adjusts Partner Program to Build Ecosystem

DataDome has launched an enhanced Partner Program to more tightly integrate resellers with its technology and cloud alliances, as AI agents introduce new security complexities for enterprise customers. Announced on Tuesday, the updated program is designed to move beyond traditional channel structures where resellers, technology alliances, and cloud alliances operate independently.  New structure connects resellers…

Cato Networks Launches Auto-Adaptive Threat Prevention Engine

Cato Networks, a provider of SASE solutions, has announced the debut of Cato Dynamics Prevention, an auto-adaptive threat-prevention engine on its SASE platform. Proactive defense against compromise The new solution was designed to proactively stop stealthy, multi-stage attacks – continuously evaluating activity in full context – and correlate signals from across Cato’s sensors over months…

What is digital employee experience — and why is it more important than ever?

On any given day, an organization’s employees might be using smartphones, laptops, desktop computers, tablets, a variety of cloud and networking services, a host of enterprise applications and mobile apps, and other digital tools. Many of them might be working remotely, and nearly all of them will be operating with tight security and data privacy…

Expanding Phishing Detection at Scale with Automatic SSL Decryption

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits.  As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology.  By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team…

Epic Fury introduces new layer of enterprise risk

Operation Epic Fury — the US administration’s sustained kinetic pressure on core Iranian regime assets — introduces a new layer of operational risk for every multinational with people, assets, or dependencies in the Middle East region and beyond. The immediate briefings from Washington — early damage assessments, stated intent, geopolitical framing, and situational updates and…

Chrome security flaw enabled spying via Gemini Live assistant

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…

News alert: DDoS attacks surge 75% in 2025; Link11 says attacks now sustained, not sporadic

FRANKFURT, Mar. 2, 2026, CyberNewswire — Link11 has published its European Cyber Report 2026, revealing that DDoS attacks reached a new level in 2025 and have become a permanent stress factor for digital infrastructures. The report shows that the number of documented attacks in the Link11 network rose by 75% in 2025, following explosive growth in…

The Dark Side of Luxury Brands: Fraud and Laundering

Haute couture may be showcased under chandeliers and velvet ropes, but its underground counterpart operates in Telegram channels, crypto wallets, and dark web storefronts.  What looks like a niche problem of fake handbags is, in reality, a sprawling shadow economy where luxury goods function as financial instruments, laundering vehicles, and scam bait. “Unlike the glamorous…

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure…

IPFire ships its 200th core update with a new domain blocklist and kernel upgrade

Network firewall distribution IPFire released Core Update 200, marking the 200th incremental update to the 2.29 branch. The release bundles a kernel upgrade, a beta domain blocklist service, security patches for OpenSSL and glibc, and a range of component updates. The kernel has been rebased on Linux 6.18.7 LTS, bringing updated hardware security mitigations alongside…

Operator of AI Fake ID Platform Pleads Guilty

An artificial intelligence-powered website that churned out thousands of fake passports and driver’s licenses has landed its alleged operator in federal court.  Yurii Nazarenko, a 27-year-old Ukrainian national, pleaded guilty to running OnlyFake, a subscription-based platform that generated more than 10,000 counterfeit identification documents for customers worldwide. “OnlyFake’s manufacture of fraudulent IDs and other documents…