Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Europol Operation Targets Online Network Exploiting Minors

A yearlong international crackdown has led to 30 arrests tied to “The Com,” a decentralized cybercrime collective accused of targeting children and teenagers across digital platforms.  Coordinated by Europol and involving law enforcement agencies from 28 countries, the operation — codenamed Project Compass — resulted in the arrest of 30 suspects, linked 179 additional individuals…

South Korean Tax Agency Leak Leads to $4.8M Crypto Theft

A public press release intended to highlight a tax enforcement victory instead exposed millions in confiscated cryptocurrency.  South Korea’s National Tax Service (NTS) inadvertently revealed the mnemonic seed phrase of a seized Ledger hardware wallet, enabling an unknown actor to transfer approximately $4.8 million in digital assets.  “The thief first deposited a small amount of…

Chrome Extension Hijacked to Push ClickFix Malware

A once-trusted Chrome extension with thousands of users was quietly transformed into a malware delivery vehicle, exposing how quickly browser add-ons can become security liabilities.  QuickLens – Search Screen with Google Lens was removed from the Chrome Web Store after researchers discovered it had been updated to deploy ClickFix attacks and steal cryptocurrency wallet data. …

BYOVD Turns Trusted Drivers Against Windows Security

A growing number of great actor groups are quietly abusing legitimate Windows drivers to turn endpoint defenses against themselves.  Known as Bring Your Own Vulnerable Driver (BYOVD), the technique allows attackers to load a digitally signed but flawed driver and exploit it to gain full kernel-level access.  Attackers “… load a legitimate, digitally signed, but…

NetQuest launches NetworkLens for hyperscale AI threat detection

NetQuest has announced NetQuest NetworkLens, a new portfolio of hyperscale real-time network intelligence datasets engineered to power AI-driven cyber threat detection and advanced security analytics. As cyber defense increasingly relies on machine learning, behavioral detection, and data pipelines, the network metadata required to uncover advanced threats has evolved. NetworkLens captures precise contextual intelligence modern AI…

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…

pureLiFi unveils LiFi architecture to extend gigabit capacity indoors

pureLiFi is addressing a key fixed wireless access (FWA) challenge by delivering reliable indoor signal performance through LiFi, a wireless communication technology that transmits data through the light spectrum instead of traditional radio frequencies. The latest LiFi systems leverage technology trusted by international security agencies for classified networks, demonstrating that LiFi’s capacity and military-grade security…

Innovation without exposure: A CISO’s secure-by-design framework for business outcomes

The brief for security leaders has changed. It used to be enough to reduce risk and keep the lights on. Now you are expected to enable AI adoption, connect more “things” to the network, modernize cloud at pace and still demonstrably reduce exposure, often without the comfort of ever-expanding budgets. In that environment, innovation is…

Europol’s Project Compass nets 30 arrests in crackdown on “The Com”

Europol’s Project Compass led to 30 arrests targeting ‘The Com’ network, identifying 62 victims and protecting four children from harm. A yearlong operation, code-named Project Compass, led by Europol has dealt a major blow to The Com,’ a cybercrime network known for targeting children and teenagers. The joint effort, called Project Compass and coordinated by…

GUEST ESSAY: Real cyber risks arise when small flaws combine and alerts are viewed in isolation

Security teams are drowning in signals. Alerts fire. Logs accumulate. Dashboards light up. Yet breaches still unfold quietly, often through a series of low-level actions that never trigger a single catastrophic alarm. Related: How ‘observability’ drives security Attackers do not rely on one silver bullet. They move incrementally. They probe. They chain together small weaknesses…

A scorecard for cyber and risk culture

Have you once watched a leadership team clap for their “security culture month” like they’d landed a rover? Posters everywhere. Quizzes. A prize draw. Someone baked cupcakes with padlocks iced on top. Cute. Two weeks later, a product manager asked an engineer to “just share the admin credentials for an hour” because the vendor demo…

When cyber threats start thinking for themselves

In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security teams have traditionally measured risk through volume, speed, and sophistication. He outlines how AI-driven…

ShinyHunters leaked the full Odido dataset

Cybercrime group ShinyHunters leaked the full Odido dataset, the Netherlands is facing the biggest data leak in its history. Odido is a Dutch telecommunications company and one of the largest mobile network operators in the Netherlands. It was formed when T-Mobile Netherlands and Tele2 were rebranded as Odido in 2023 after private equity firms Apax Partners and Warburg Pincus…

Claude code abused to steal 150GB in cyberattack on Mexican agencies

Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems. Hackers abused Anthropic’s Claude Code AI assistant to develop exploits, create custom tools, and automatically exfiltrate more than 150GB of data in an attack on Mexican government systems, the Israeli cybersecurity firm Gambit Security reports. The…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 86

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Technical Deep Dive: The Monero Mining Campaign Operation Olalampo: Inside MuddyWater’s Latest Campaign   VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)   Operation MacroMaze: new APT28 campaign using basic tooling and legit…

Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Canadian Tire 2025 data breach impacts 38 million users Iran ’s Internet near-totally blacked out amid…

MY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours later

KINGSTON, Wash. — On Friday afternoon, President Trump ordered every federal agency to stop using Anthropic’s AI technology. Defense Secretary Pete Hegseth followed by designating the company a “supply-chain risk to national security,” a label the government typically reserves for companies like Huawei. Related: Claude’s memory vs. ChatGpt’s Anthropic’s offense: refusing to remove contract provisions…

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks…

Iran ’s Internet near-totally blacked out amid US, Israeli strikes

Iran experienced a near-total internet blackout as Israel and the U.S. launched strikes, according to NetBlocks. Internet access across Iran was drastically reduced on Saturday as Israel and the United States carried out strikes against the country, according to independent and non-partisan global internet monitor NetBlocks. یک شهروند روز شنبه با ارسال ویدیویی می‌گوید که…

Security hole could let hackers take over Juniper Networks PTX core routers

Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat actor running code with root privileges. The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush…

FreeBSD Jail Escape Flaw Breaks Filesystem Isolation

A critical vulnerability in FreeBSD allows attackers to escape jail environments and access the host filesystem.  The flaw weakens a core isolation mechanism and, under specific configurations, can lead to a complete breakdown of filesystem separation. This vulnerability “… enables full filesystem access for a jailed process, breaking the chroot,” said researchers in the advisory.…

Aeternum botnet hides commands in Polygon smart contracts

Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down,…

Juniper PTX Flaw Could Allow Full Router Takeover

Juniper Networks has disclosed a critical vulnerability in Junos OS Evolved that could allow an unauthenticated attacker to gain root-level control of affected PTX Series routers.  These routers are widely used in service provider, telecom, and cloud environments. The vulnerability “… allows an unauthenticated, network-based attacker to execute code as root,” said the company in…

Trend Micro Patches Critical Apex One RCE Flaws

Trend Micro has released patches for two high-severity vulnerabilities in its Apex One endpoint security platform. The flaws impact the Apex One management console and could allow remote code execution on unpatched systems. One of the vulnerabilities, CVE-2025-71210, “… could allow a remote attacker to upload malicious code and execute commands on affected installations,” said…

Cultivating a robust and efficient quantum-safe HTTPS

Posted by Chrome Secure Web and Networking Team Today we’re announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant…

Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape

Major Threats & Vulnerabilities Zero-Day Exploits and Critical CVEs Cisco SD-WAN Zero-Day Grants Root Access has been actively exploited since 2023, allowing attackers to bypass authentication and gain root privileges. Cisco urges administrators to patch immediately, secure management planes, and monitor for rogue peers. ServiceNow AI Platform Vulnerability could allow unauthenticated remote code execution through…

One of the ‘most influential cybersecurity’ roles will pay under $175,000

A recent job ad  is causing plenty of head-shaking, suggesting that some government high-ups  appear to be out of touch with the current state of the cybersecurity job market. There is plenty of evidence that the world needs cybersecurity talent. According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately…

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves…

Europol goes after The Com’s ransomware and extortion networks

Law enforcement agencies across 28 countries have spent the past year building cases against a loosely organized collective known as The Com, a decentralized network of mostly teenagers and young adults linked to high-profile ransomware attacks, financial extortion, and the coercion of vulnerable children. Europol announced the first operational results of Project Compass, reporting 30…

Android 17 second beta expands privacy controls for contacts, SMS and local networks

Google’s second beta of Android 17 continues updates to platform behavior and introduces new APIs focused on protecting sensitive data. Protecting contact and local network data A new system-level Contacts Picker gives apps temporary access only to the contact information a user selects. It limits contact data exposure and works across both personal and work…

Juniper issues emergency patch for critical PTX router RCE

Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers. The company urges customers to apply the…

Why application security must start at the load balancer

For a long time, I thought of the load balancer as a performance device. Its job was to distribute traffic, improve uptime, and make applications feel fast. Security was something that happened elsewhere, on firewalls, inside WAFs or deep in the application code. That perspective changed early in my consulting career. I worked with a…

Illumio Insights brings agentless visibility and breach containment to hybrid environments

Illumio unveiled its solution to deliver agentless visibility and breach containment across both data center and cloud environments. Illumio Insights ingests real-time telemetry and policy data from Check Point and Fortinet firewalls, converting existing firewall information into real-time traffic maps to provide agentless visibility across the hybrid environment. This extends Illumio Insights into data center…

AuthMind enhances identity observability to secure vaults, secrets, and NHIs

AuthMind has announced that its platform offers enhanced capabilities to address the fast-growing security concerns surrounding vaults, secrets managers, and AI-driven workloads. Since its founding, AuthMind has focused on securing identity access and execution paths across agentic AI, non-human identities (NHIs), and human users, enabling enterprises to observe what identities actually do across cloud, network…

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

AI accelerates incident response by correlating alerts and generating reports in minutes, helping teams scale beyond manual limits. Incident response has always been a race against the clock. It starts ticking the moment an alert is triggered, and each minute thereafter can lead to lost revenue, regulatory exposure, reputational damage, or customer churn. Traditionally, incident…

12 Million exposed .env files reveal widespread security failures

Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files…

Oculeus 2FN authenticates calls in real time to stop CLI spoofing

Oculeus has launched its new Two Factor Network (2FN) solution. The 2FN solution provides a framework for telcos to trace the origin of traffic, verify caller identity, determine the roaming status of inbound calls, and prevent Caller Line Identification (CLI) spoofing. The landscape of fraud has been changed by cybercrime-as-a-service with the evolution of specialized…

Ransomware groups switch to stealthy attacks and long-term access

Ransomware attackers are switching tactics in favor of more stealthy infiltration, as the threat of public exposure of sensitive corporate data is becoming the main mechanism of extortion. Picus Security’s annual red-teaming report shows attackers shifting away from loud disruption toward quiet, long-term access — or from “predatory” smash-and-grab tactics to “parasitic” silent residency. Four…

Industrial networks continue to leak onto the internet

Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report 2026. Top TTPs mapped from detected signatures within OT networks (Source: Palo Alto Networks)…

Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access

A zero-day vulnerability in Cisco Catalyst SD-WAN products has been actively exploited since at least 2023, allowing attackers to bypass authentication and ultimately gain root access in targeted environments.  This flaw affects core control-plane components and has been linked to a sophisticated threat actor cluster known as UAT-8616. “The Cisco Catalyst SD-WAN zero-day, which is…

Inside AWS Security Agent: A multi-agent architecture for automated penetration testing

AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS addresses these limitations with frontier agents—a new category of AI that performs complex reasoning, multi-step planning, and autonomous execution for hours or days. Multi-agent collaboration has emerged as a powerful…

ServiceNow AI Platform Vulnerability Enables Unauthenticated RCE

ServiceNow has addressed a critical vulnerability in its AI Platform that could have allowed unauthenticated remote code execution in enterprise environments.  The flaw has a CVSS score of 9.8, reflecting its high severity and potential impact on workflow automation and AI-driven operations. “This vulnerability could potentially enable an unauthenticated user, in certain circumstances, to remotely…

Project Compass is Europol’s new playbook for taking on The Com

A global law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion. Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted…

Tradewinds Networks Announces Infrastructure Platform

Tradewinds Network has announced the launch of its smart city-integrated infrastructure platform. The integrated Owner-hosted Community Network (OHCN) architecture with AI-driven cybersecurity aims to secure core-to-edge infrastructure for municipalities and enterprises. Platform supports digitalinfrastructure operations The platform now supports multi-tenant facilities, municipalities, aviation hubs, manufacturing environments, utilities, and defense-adjacent operations seeking resilient, community-aligned digital infrastructure.…

Concentric AI Inks ANZ Distribution Deal with Sektor

Concentric AI has signed a distribution agreement with cyber and information security distributor Sektor, marking its latest effort to expand into the Australia and New Zealand (ANZ) markets. Under the agreement, Sektor will serve as Concentric AI’s authorized distributor across the ANZ region, supporting regional channel partners, resellers, MSSPs, and system integrators with enablement, go-to-market…

Nearly 38 Million Impacted in ManoMano Third-Party Breach

European online DIY giant ManoMano is notifying roughly 38 million customers after threat actors compromised a third-party customer service provider, exposing personal data tied to user accounts and support interactions.  The incident, discovered in January 2026, underscores the persistent risk posed by supply chain and vendor-based breaches. “We can confirm that ManoMano has recently notified…

AWS Security Hub Extended brings enterprise security under one roof

AWS Security Hub Extended is a plan within Security Hub that simplifies how customers procure, deploy, and integrate a full-stack enterprise security solution across endpoint, identity, email, network, data, browser, cloud, AI, and security operations. The plan allows customers to expand their security coverage beyond AWS services and manage broader enterprise protection through a curated…

ServiceNow plans automation of L1 Service Desk roles, promises more AI ‘specialists’ to come

ServiceNow plans to unleash the first member of its Autonomous Workforce, the Level 1 Service Desk AI specialist, next quarter. The agent will autonomously diagnose and resolve common IT support requests such as password resets, provisioning of software access, and network troubleshooting. It will base its actions on information from enterprise knowledge bases, historical incident…

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication…

CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited Since 2023

New day, new vulnerability in the spotlight. We’re once again seeing how quickly weaponized flaws in widely deployed platforms turn into real operational risk. Coverage of maximum-severity Cisco bugs (CVE-2025-20393, CVE-2026-20045), as well as the Dell RecoverPoint zero-day CVE-2026-22769, shows that attackers are increasingly prioritizing edge-facing infrastructure that quietly controls traffic flows, identity paths, and…

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…

China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday. Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries,…

The farmers and the mercenaries: Rethinking the ‘human layer’ in security

There’s a phrase that’s become gospel in cybersecurity: “Employees are the last line of defense.” We’ve built an entire industry around it. Billions of dollars in security awareness programs, mandatory simulations and user-reporting workflows across endpoints, applications and collaboration tools. All predicated on a premise that sounds reasonable until you examine what we’re actually asking.…

ANY.RUN & Splunk Enterprise: Stronger Detection, Faster Response in Your SOC

Security teams don’t lack alerts, they lack fast, reliable context for decision-making. When threat analysis and intelligence are not an integrated part of the SOC workflow, investigations slow down, MTTR grows, and the risk of missed incidents increases. Adding behavioral analysis and live intelligence directly into SIEM closes this gap, turning monitoring, triage, and response…

Wireshark 4.6.4 resolves dissector flaws, plugin compatibility issue

Packet inspection remains a routine activity across enterprise networks, incident response workflows, and malware investigations. Continuous use places long-term stability and parsing accuracy at the center of daily operations. Wireshark version 4.6.4 addresses two vulnerabilities affecting protocol dissectors and resolves a plugin compatibility issue within the 4.6 release series. Dissector vulnerabilities resolved The update fixes…

5 trends that should top CISO’s RSA 2026 agendas

RSA 2026 is still weeks away and the hype machine is humming. This year’s theme, “The Power of Community,” is somewhat ironic as the overwhelming chatter at the Moscone Center in San Francisco from March 23 to March 26 will be about AI agents, not humans. Welcome to the cybersecurity community, agents, automatons, and robots!…

APCON IntellaStore IV analyzes network traffic characteristics for further processing

Deploying the IntellaStore IV Network Security Appliance from APCON means easy installation, dedicated network packet capture, and a seamless workflow from traffic of interest to security and compliance tools. The release of APCON’s IntellaStore IV empowers network security engineers, business owners, office managers, and others to conveniently address network visibility (filtering, port tagging, etc.) as…

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)

[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. This work highlighted how varying hardware, software, and network design—can significantly alter…

Video: Harbor IT on NENS Acquisition and Why the Generalist MSP Model Is Dying

In this episode of Channel Insider: Partner POV, host Katie Bavoso sits down with leaders from Harbor IT to discuss the company’s acquisition of New England Network Solutions, better known as NENS, and what it means for the future of managed services. CFO Hannah Paige and newly appointed CRO Michael Kourkoulakos, the former CEO of…

Governments issue warning over Cisco zero-day attacks dating back to 2023

Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday. The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five…

Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day

Cybersecurity agencies across the Five Eyes alliance have issued an emergency directive warning that a critical Cisco SD-WAN vulnerability is being actively exploited to gain unauthorized access to federal networks. Officials confirmed that threat actors are targeting core SD-WAN control systems —infrastructure that manages traffic across government and enterprise networks — and urged organizations to…

Zenarmor Debuts Global SASE Channel Partner Program

Zenarmor on Feb. 24 launched a global SASE Channel Partner Program aimed at MSPs, MSSPs, ISPs, and security-focused channel partners seeking to deliver distributed secure access services without relying on centralized cloud points of presence (PoPs). The Cupertino, Calif.-based vendor said its partner-first initiative formalizes a go-to-market strategy built around what it calls a single-app,…

Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and…

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary], (Wed, Feb 25th)

  [This is a guest diary contributed by Claire Perry (LinkedIn)] The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. For decades, the modeling of these systems remained siloed within specific domains: industrial processes were governed by the hierarchical constraints of the Purdue Model, while corporate…

Treasury Sanctions Russian Exploit Brokerage

The U.S. government has imposed sanctions on a foreign exploit brokerage accused of purchasing and reselling stolen government cyber tools under the Protecting American Intellectual Property Act (PAIPA).  This action targets Operation Zero, a Russia-linked exploit broker, and signals a tougher stance against markets that monetize zero-day vulnerabilities tied to national security systems.  “If you…

US DoD to Anthropic: compromise AI ethics or be banished from supply chain

A growing rift between the US Department of Defense (DoD) and Anthropic over how AI can be used by the military has led to Defense Secretary Pete Hegseth issuing a blunt ultimatum: work with us on our terms or risk being banned from Pentagon programs. According to news site Axios, Hegseth gave Anthropic until Friday,…

ShinyHunters Claims Wynn Resorts Data Theft

Wynn Resorts has confirmed that employee data was accessed by an unauthorized third party after the company appeared on the ShinyHunters extortion group’s leak site. The casino and hospitality giant said it activated its incident response plan immediately upon discovering the intrusion. “We have learned that an unauthorized third party acquired certain employee data,” Wynn…

Netskope NewEdge AI Fast Path reduces latency for enterprise AI workloads

Netskope has announced NewEdge AI Fast Path, a set of capabilities designed to optimize network paths to critical AI destinations, including applications hosted in public, private, or neo-cloud environments. The offering reduces latency and costs, improves performance and resilience, and delivers a secure experience for teams using AI applications or enterprises adopting agentic AI. Eliminating…

12.4 Million Accounts Exposed in CarGurus Leak

Millions of CarGurus users may have had their personal and financial data exposed after a notorious threat actor group published a massive dataset allegedly stolen from the automotive marketplace.  Attributed to the ShinyHunters extortion group, the leak includes 12.4 million records with about 70% of those being new data. “The ShinyHunters extortion group has published…

Myriad360 Adds Advizex as AI Work Gets Harder to Run

Myriad360 just announced the acquisition of Advizex Technologies, forming a larger combined company across enterprise infrastructure, AI platforms, and managed services. Together, the two companies represent more than $900 million in annual run-rate gross revenue. Companies share mutual focus on enterprise but with complementary technical expertise Both companies have been working on many of the…

Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks

Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild. As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are…

Structured Launching Partner Marketing Execution Platform

Structured is announcing the debut of its AI-native Partner Marketing Execution Platform (PMEP), built to help enterprises activate and scale partner ecosystems. Mult-agent PMEP promises to accelerate channel revenue With this platform, Structured aims to remove the friction that has slowed partner marketing, which traditionally has relied on partners logging into portals, searching content libraries,…

Australia’s WiseTech to cut 2,000 jobs as AI renders manual coding obsolete

Australian logistics software firm WiseTech Global plans to eliminate around 2,000 jobs as it embeds artificial intelligence across its engineering and customer service operations, the company said Wednesday. The cuts, which will begin in the second half of FY26 and extend into FY27, will “reduce teams – initially product & development and customer service across…

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and running builds, thereby allowing the malicious code to execute undetected. Telemetry collected during an incident…

Across party lines and industry, the verdict is the same: CISA is in trouble

“Decimated.”  “Amateur hour.” “Pretty much fallen apart.” “It’s really hard to find something positive to say right now.” It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It…

Turn Your SOC Into a Detection Engine: Rethinking Threat Monitoring

Threat monitoring is treated as one capability among many. Something that sits alongside incident response and threat hunting on an org chart. That framing undersells how central it actually is.  Monitoring is the connective tissue of the entire security operation. Every other SOC function depends on it working well.  For SOC and MSSP leaders, building effective threat monitoring is not about “more alerts.” It…

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Soliton Systems K.K. FileZen is a…

New Serv-U bugs extend SolarWinds’ run of high-severity disclosures

SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server. The software company has released four patches for critical Serv-U remote code execution (RCE) vulnerabilities that could allow attackers to gain root (administrator) access to unpatched servers. These four common vulnerabilities and exposures (CVEs) are rated “critical,” the…

Fake Zoom meeting silently installs surveillance software, says Malwarebytes

The latest fake Zoom meeting scam silently pushes surveillance software onto the Windows computers of unwitting employees. That’s according to researchers at Malwarebytes, who warn that staff falling for the scam land in a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer, without asking permission.…

VMware fixes command injection flaw in Aria Operations

VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most serious of these flaws allows unauthenticated attackers to execute arbitrary commands on the underlying OS, while another gives authenticated users the ability to elevate to administrator privileges. The…

What are the types of ransomware attacks?

Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets. The cybercriminals behind ransomware attacks run these operations like a business and are motivated to keep up profits at any cost.  Their tactics range from quickly locking down an entire network to slowly leaking sensitive…

Take control: Locking down common endpoint vulnerabilities

Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems. These devices—laptops, desktops, servers, IoT, and more—are like unlocked doors waiting for threat actors to stroll through. And here’s the kicker: many of these vulnerabilities are shockingly common and easily preventable. Let’s break down the weaknesses we most frequently track…

VMware Aria Vulnerabilities Expose RCE Risk

Broadcom has disclosed three vulnerabilities in VMware Aria Operations, including one that could allow unauthenticated remote code execution during product migrations.  One of the flaws, CVE-2026-22719, can allow an attacker “… to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,” said Broadcom…