Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Polish cybercrime Police arrest man linked to Phobos ransomware operation

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central…

RSA mafia continues to shape the industry 44 years later

Although, as a startup founder now, I don’t get much (any?) time to look at parts of the industry unrelated to what I am building, I would still consider myself to be pretty plugged into the cybersecurity ecosystem. I have a good idea what is being discussed, what people pay attention to, and what questions…

Palo Alto Networks intends to acquire Koi, advancing agentic endpoint security

Palo Alto Networks has entered into a definitive agreement to acquire Koi, giving enterprises the power to finally see and protect the AI-native ecosystem that defines modern work. The new imperative: Agentic endpoint security Traditional security was built to stop malicious files, but AI agents and tools can actively read, write, and move data. Attackers…

ManageEngine adds causal and autonomous AI to Site24x7 to cut MTTR

ManageEngine has added new causal intelligence and autonomous AI capabilities in Site24x7, its full-stack observability platform. These enhancements transform how enterprises handle outages, shifting from firefighting to autonomous resilience. By reducing mean time to recovery (MTTR) and ensuring service-level agreement (SLA) compliance, Site24x7 helps IT teams safeguard the customer experience and retain trust. IT environments…

Quest Software Debuts Platform to Deliver Trustworthy AI Data

Data management and cybersecurity company Quest Software has launched the Quest Trusted Data Management Platform, featuring Automated Data Product Factory — a unified SaaS-native solution built to deliver trusted, AI-ready data at speed and scale. Using AI to automate data product creation According to the company, the platform unifies five core capabilities:  data modeling  data…

OT teams are losing the time advantage against industrial threat actors

In many industrial environments, internet-facing gateways, remote access appliances, and boundary systems sit close enough to production networks that attackers can move from IT intrusion to operational disruption with limited resistance. Dragos’ 2026 OT/ICS Year in Review describes a threat landscape where adversaries are spending more time learning how physical processes work and less time…

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis 

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage…

Why ‘secure-by-design’ systems are non-negotiable in the AI era

Moody’s recently reported that global investment in data centers will surpass $3 trillion over the next five years, driven by AI capacity growth and hyperscaler demand. As big tech companies, banks, and institutional investors pour capital into these projects, data center developers and their financial sponsors must prioritze cybersecurity. Moody’s said that data center investments…

Unit 42: Nearly two-thirds of breaches now start with identity abuse

Identity is still the primary entry point for cyberattacks, according to Palo Alto Networks’ threat intelligence firm Unit 42. In its annual incident response report released Tuesday, Unit 42 found that identity-based techniques accounted for nearly two-thirds of all initial network intrusions last year.  Social engineering was the leading attack method, accounting for one-third of…

Proofpoint Launches Revamped Global Partner Network

Proofpoint, Inc., a cybersecurity and compliance provider, has unveiled the Proofpoint Partner Network, an enhanced global partner program designed to help partners grow faster, strengthen margins, and deliver greater value to customers as cyber threats increasingly target people, data, and AI-driven workflows. Proofpoint aligns new partner network with channel growth According to Proofpoint, the new…

With CISOs stretched thin, re-envisioning enterprise risk may be the only fix

A majority of enterprise security leaders view their roles as “no longer fully manageable,” according to a recent report, and security consultants concede that the increasingly over-scoped nature of cyber execs’ roles is a problem not easily fixed. At issue is the fact that companies have consistently broadened the CISO’s jurisdiction and responsibilities without providing…

Why 2025’s agentic AI boom is a CISO’s worst nightmare

By late 2025, the enterprise AI landscape had shifted. Standard RAG systems are failing at a rate of 80%, forcing a pivot to autonomous agents. But while “agentic RAG” solves the reliability problem, it introduces a terrifying new one: the autonomous execution of malicious instructions. If 2023 was the year of the chatbot and 2024…

Building an AI-powered defense-in-depth security architecture for serverless microservices

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures…

Fake Winter Olympics 2026 Stores Target Fans With Data-Theft Scams

As excitement builds at the Milano Cortina 2026 Winter Olympics, cybercriminals have launched convincing fake merchandise stores to steal payment details and personal data from eager fans.  The campaign focuses heavily on high-demand mascot items that are sold out on the official site. In the “… past week alone, we’ve identified nearly 20 lookalike domains…

A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more

A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs…

BeyondTrust RCE Exploited for Domain Control

Attackers are actively exploiting a vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) to remotely run commands and escalate to full domain control in some environments.  The flaw affects self-hosted deployments and can be triggered without authentication. We “… observed attempts to deploy the SimpleHelp RMM tool for persistence, along with discovery…

Phishing Evolves Into Multi-Platform Fraud Systems

Phishing no longer announces itself with obvious red flags or clumsy impersonations.  New research from Bolster AI shows today’s most effective scams are engineered to blend into routine digital interactions, hiding in search results, paid ads, document workflows, and online marketplaces rather than obvious spoofed emails.  “Attackers are designing scams that look and feel real…

Vectra AI Report Warns AI Gains Aren’t Boosting Resilience

Cybersecurity provider Vectra AI has published its 2026 State of Threat Detection and Response Report, revealing a persistent gap between security investment and real-world cyber resilience. Lagging confidence amid rising AI adoption Based on a survey of 1,450 security practitioners and leaders worldwide, the report found that while many security teams feel better staffed and…

ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware.  The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification.  “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…

Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension

A malicious Google Chrome extension masquerading as a productivity tool for Meta Business users has been found stealing two-factor authentication secrets and sensitive business data, enabling silent takeover of Facebook and Instagram assets.  The extension, CL Suite by @CLMasters, advertises itself as a way to streamline Meta Business workflows, but Socket researchers say it quietly…

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…

Leaky Chrome extensions with 37M installs caught divulging your browsing history

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers. According to findings by an independent security researcher using the pseudonym “Q Continuum,” a total of 287 extensions sent data that closely matched the URLs visited during simulated browsing sessions. “The actors behind the…

Leaky Chrome extensions with 37M installs caught shipping your browsing history

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers. According to findings by an independent security researcher using the pseudonym “Q Continuum,” a total of 287 extensions sent data that closely matched the URLs visited during simulated browsing sessions. “The actors behind the…

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community. Cyberspies hacked into Bangladesh Bank internal network and SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging environment before sending 35 fraudulent SWIFT payment instructions that attempted…

Palantir Gets Millions of Dollars From New York City’s Public Hospitals

New York City’s public hospital system is paying millions to Palantir, the controversial ICE and military contractor, according to documents obtained by The Intercept. Since 2023, the New York City Health and Hospitals Corporation has paid Palantir nearly $4 million to improve its ability to track down payment for the services provided at its hospitals…

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…

AI will likely shut down critical infrastructure on its own, no attackers required

With a new Gartner report suggesting that AI problems will “shut down national critical infrastructure” in a major country by 2028, CIOs need to rethink industrial controls that are very quickly being turned over to autonomous agents. Gartner embraces the term Cyber Physical Systems (CPS) for these technologies, which it defines as “engineered systems that…

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Critical BeyondTrust RS vulnerability exploited in active attacks

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included affected versions of the impacted software. Bomgar, a provider of privileged identity and access management products, acquired BeyondTrust in 2018, adopting the latter’s brand name.…

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organizations in the technology and financial services sectors. The flexible design of VoidLink suggests…

260K Users Exposed in AI Extension Scam

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools — only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access.  “We found…

Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign

More than 500,000 VKontakte users had their accounts silently manipulated by Chrome extensions that appeared to offer simple interface customization.  Koi researchers found the extensions delivered multi-stage malware that forced group subscriptions, reset account settings, and interfered with VK’s security protections.  Because “… the extensions update automatically, the attacker can push new malicious code to…

1,800+ Windows Servers Hit by BADIIS SEO Malware

More than 1,800 Windows servers have been quietly compromised in a sprawling malware campaign that turns legitimate websites into tools for search engine manipulation.  The operation leverages a sophisticated strain known as BADIIS to infect Microsoft Internet Information Services (IIS) environments, allowing threat actors to monetize trusted infrastructure without disrupting normal operations. We found “……

Researchers unearth 30-year-old vulnerability in libpng library

Developers have resolved a legacy flaw in the widely used libpng open-source library that existed since the software was released nearly 30 years ago. The heap buffer overflow in libpng would cause applications on unpatched systems to crash when presented with maliciously crafted PNG graphic images. In worse case scenarios, the CVE-2026-25646 vulnerability could be…

Odido CRM Data Breach Exposes 6.2M Customer Records

A major Dutch telecom provider is warning customers after a cyberattack exposed personal data tied to millions of accounts.  Odido Telecom confirmed that attackers gained unauthorized access to its customer database, impacting roughly 6.2 million customers.  “This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information…

The foundation problem: How a lack of accountability is destroying cybersecurity

A tale of two industries The United States Navy takes 18-year-olds fresh out of high school and trains them to operate nuclear reactors in 18 months. These aren’t college graduates. They’re not experienced professionals. They’re young people with the right potential who go through the most rigorous, structured program in the military that transforms them into…

The democratization of AI data poisoning and how to protect your organization

Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks. The assumption has been that poisoning the foundational model, the real brains behind AI systems, requires technical expertise, privileged access, or a coordinated threat group. That assumption no longer holds, and it marks a significant shift in how…

Why key management becomes the weakest link in a post-quantum and AI-driven security world

When people talk about cryptography, they usually talk about algorithms. RSA versus ECC. Classical versus post quantum. Encryption strength measured in bits and curves. In practice, none of that matters unless keys are created, stored, rotated and retired correctly. Key management is the discipline that governs the entire lifecycle of cryptographic keys, from generation to…

Why secure OT protocols still struggle to catch on

Industrial control system networks continue to run on legacy communication protocols that were built for reliability and uptime, not authentication or data integrity. In many environments, malicious actors with access to the OT network can impersonate devices, issue unauthenticated commands, or modify messages in transit without detection. A new guidance document from the Cybersecurity and…

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…

5 key trends reshaping the SIEM market

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots. With cyber threats moving too fast for manual intervention, leading vendors have been integrating artificial intelligence and machine learning technologies into their SIEM platforms. In addition, modern SIEM platforms now incorporate extended detection and response (XDR) and…

AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction Courtesy of TLDR InfoSec Launches & Tools again, another fine discovery in Robert McDermott’s AI Powered Knowledge Graph Generator. Robert’s system takes unstructured text, uses your preferred LLM and extracts knowledge in the form of Subject-Predicate-Object (SPO) triplets, then visualizes the relationships as an interactive knowledge graph.[1]…

Hackers turn bossware against the bosses

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress, the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Professional – which, despite its name, includes remote access tools – and SimpleHelp, a…

Hackers turn bossware against the bosses

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress, the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Professional – which, despite its name, includes remote access tools – and SimpleHelp, a…

Odido confirms massive breach; 6.2 Million customers impacted

Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of…

macOS Infostealers Fuel Growing Cybercrime Market

For years, some Mac users believed their devices were largely insulated from the malware plaguing Windows environments. That perception is rapidly eroding.  Flare researchers found a growing underground economy is now centered on macOS Infostealers — malware designed to extract browser credentials, Apple Keychain data, and cryptocurrency wallet seed phrases at scale. “I remember that…

Apple Patches Actively Exploited Zero-Day Flaw

Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals.  The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…

How Emerging Threats Are Forcing a Reboot of Defence Industrial Base Security Policy

Cyber threats to the defence industrial base are no longer theoretical or confined to classified systems; they are an operational reality affecting personnel, contractors and supply networks worldwide. A newly published Google Threat Intelligence Group report positions the DIB as a contested environment where state-sponsored operations and criminal actors alike apply relentless pressure on digital infrastructure…

ExtraHop Expands Agentic SOCs With Deeper Visibility

ExtraHop, a modern network detection and response (NDR) provider, has launched new visibility and forensic capabilities that deliver the contextual insights required to power agentic SOCs and enable more autonomous defense against sophisticated threat actors. Setting AI agents up for success Citing the growth of AI-assisted attacks, ExtraHop says these new capabilities aim to equip…

Viral AI Caricatures Highlight Shadow AI Dangers

A viral Instagram and LinkedIn trend is turning harmless fun into a potential security headache.  Millions of users are prompting ChatGPT to “create a caricature of me and my job based on everything you know about me,” then posting the results publicly — inadvertently signaling how they use AI at work and what access they…

Palo Alto closes privileged access gap with $25B CyberArk acquisition

Cybersecurity company Palo Alto Networks has completed its $25 billion acquisition of Israel-based identity security firm CyberArk, bringing privileged access and identity security into the core of its platform strategy. With this acquisition, Palo Alto aims to extend privileged access controls across human, machine, and AI identities, reduce standing privileges, limit lateral movement, and stop…

Germany greenlights the EU AI Act, triggering countdown for enterprise compliance

The German Federal Cabinet has approved a draft legislation to implement the EU’s AI Act, designating the Federal Network Agency (Bundesnetzagentur) as the country’s central AI supervisory authority. Under the draft AI Market Surveillance and Innovation Promotion Act (KI-MIG), Germany will establish its national framework for regulating AI system development and deployment. The draft law…

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

In my experience leading engineering projects, I have encountered the same pattern repeatedly. We obsess over deployment speed. We measure success in commit velocity and uptime. But we rarely pause to ask the most uncomfortable question in the room: Who actually owns the identities we just spun up? This silence isn’t malicious; it’s structural. We…

BlueCat Horizon unifies DNS, DHCP, IPAM, and security into a cloud-first intelligent NetOps platform

BlueCat Networks has unveiled BlueCat Horizon, a SaaS-based platform designed to modernize how enterprises and mid-market organizations operate, secure, and evolve their networks through AI-assisted insights and coordinated action across the network. BlueCat Horizon introduces a common set of platform and infrastructure services that support multiple network applications and enable cross-domain use cases that were…

What CISOs need to know about the OpenClaw security nightmare

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision. It can operate across devices, interact with online services, trigger workflows — no wonder the Github repo has seen millions of visits and over 160,000…

Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program] Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even today, botnet operators continue to deploy credential stuffing malware that is capable of performing a full compromise of Linux systems in…

AI was not plotting humanity’s demise. Humans were

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as…

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication. Researchers at Canada-based Flare Systems, who discovered the botnet, got into its staging server and believe at least 7,000 servers had been compromised by the end of January, half of them in the US. The botnet’s weapons include exploits…

Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as…

Acting CISA chief says DHS funding lapse would limit, halt some agency work

Acting Director Madhu Gottumukkala said it could affect everything from responding to threats to finalizing CIRCIA regulations.

The post Acting CISA chief says DHS funding lapse would limit, halt some agency work appeared first on CyberScoop.

Volvo Group hit in massive Conduent data breach

A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly […]

News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap

NEW YORK, Feb. 11, 2026, CyberNewswire — GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplace, today announced a $50 million Series C funding round led by global software investor Insight Partners(more…)

The post News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap first appeared on The Last Watchdog.

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade…

Windows Notepad RCE Flaw Exploits Markdown Files

Microsoft has patched a vulnerability in the modern Windows Notepad app that could allow remote code execution if a user opens a specially crafted Markdown file.  The issue carries a CVSS score of 8.8 and requires user interaction to exploit. The vulnerability “… allows an unauthorized attacker to execute code over a network,” said Microsoft…

Westcon-Comstor Brings Meter NaaS to EMEA Channel

Westcon-Comstor has signed a new distribution agreement with Networking-as-a-Service (NaaS) specialist Meter, becoming the vendor’s first distributor in Europe, the Middle East, and Africa (EMEA). The move brings Meter’s full-stack, subscription-based networking platform to Westcon’s regional channel ecosystem, positioning partners to tap into growing demand for consumption-based networking without the need for additional upfront investment.…

Windows Patch Fixes Exploited RasMan DoS Flaw 

Microsoft has patched a vulnerability in the Windows Remote Access Connection Manager (RasMan) service that was being exploited to trigger denial-of-service (DoS) conditions on unpatched systems. If exploited, the flaw can cause the remote access service to crash, potentially interrupting VPN connectivity and affecting remote access for users and administrators. The vulnerability “… allows an…

SmartBear Expands Carahsoft Partnership for Public Sector

SmartBear has expanded its partnership with Carahsoft Technology Corp. to strengthen its public sector go-to-market strategy and deepen engagement with the government-focused channel ecosystem, the companies announced Tuesday. The expanded agreement positions Carahsoft as SmartBear’s Master Government Aggregator, giving federal, state, and local agencies simplified access to SmartBear’s software quality and application visibility portfolio through…

Dell Makes Annual Updates to Partner Program

Global technology leader Dell Technologies has taken steps to simplify, standardize, and automate how it does business with channel partners in its ecosystem. Dell Technologies focuses on growing its core business and new markets with partners The company states that in 2026, its long-term objectives with partners will focus on growing the core business, expanding…

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations. According to new research from Google Cloud’s Mandiant, the activity recently targeted an employee at a company operating in the cryptocurrency and decentralized finance (DeFi) sector. The researchers said that the…

Model Context Protocol: Security Risks & Mitigations

AI adoption is moving fast, shifting from pilot projects to the infrastructure-level, day-to-day practice. The budget curve reflects that shift. Gartner expects worldwide AI spending to reach $2.52T in 2026, a 44% year-over-year increase. At the same time, AI cybersecurity spending is expected to grow by more than 90% in 2026, a clear signal that…

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle and paving the way for one of the largest cybersecurity acquisitions to date.   The decision removes a key uncertainty for enterprise customers and positions Google Cloud to aggressively expand its security portfolio…

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers uncovered a previously undocumented Linux botnet dubbed SSHStalker, observed via SSH honeypots over two months. Researchers ran an SSH honeypot with weak credentials starting in early 2026 and spotted a set of intrusions unlike…

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure…

Groupe Rocher CISO on strengthening a modern retail cybersecurity strategy

Global retail and beauty brands manage a unique cybersecurity balancing act. They depend on consumer trust, massive volumes of personal data, and a sprawling network of vendors, while also managing thousands of physical locations and dynamic digital growth. In this Help Net Security interview, Jérôme Etienne, Group CISO, Groupe Rocher shares practical insights on closing…