Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Schrödinger’s cat and the enterprise security paradox

Most security leaders quietly live with a paradox they rarely name out loud. Until you truly look inside the box of your environment, your organization is both secure and compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you…

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Software developers: Prime cyber targets and a rising risk vector for CISOs

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. —…

Software developers: Prime cyber targets and a rising risk vector for CISOs

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. —…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

DKnife toolkit abuses routers to spy and deliver malware since 2019

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…

Italian university La Sapienza still offline to mitigate recent cyber attack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must…

TeamPCP and the Rise of Cloud-Native Cybercrime

Flare researchers have identified a threat actor known as TeamPCP behind a large-scale campaign targeting cloud-native infrastructure by abusing exposed orchestration and management interfaces.  First observed in late 2025, the activity reflects a broader shift away from endpoint-focused attacks toward systematic exploitation of cloud control planes. “The campaign reflects a dark mirror of legitimate markets.…

Six more vulnerabilities found in n8n automation platform

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all…

Flickr Notifies Users of Potential Third-Party Data Exposure

Flickr has begun notifying users about a potential data exposure tied to a vulnerability in a third-party email service provider.  The incident highlights the security considerations associated with third-party services, even when a platform’s core systems are not directly affected. “On February 5, 2026, we were alerted to a vulnerability in a system operated by…

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…

AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks

Major Threats & Vulnerabilities Critical Vulnerabilities in AI and Automation Platforms A severe flaw in the n8n automation platform allows authenticated users to execute arbitrary commands, potentially exposing cloud credentials and AI workflows. With a CVSS score of 10.0, this vulnerability has been patched and requires immediate update by users. OpenClaw AI agents continue to…

NWN’s Jim Sullivan on 2026 AI NaaS Opportunity for the Channel

NWN CEO Jim Sullivan says accelerating AI adoption and renewed infrastructure refresh cycles are creating a major opportunity for channel partners heading into 2026—particularly those positioned to deliver AI-enabled networking as a service. In an interview with Channel Insider, Sullivan outlined how legacy infrastructure, return-to-office mandates, and data-intensive AI workloads are pushing enterprises toward network…

January 2026 M&A Recap: Channel Orgs Set to Expand Capabilities

January is now in the book, and channel organizations have made a number of early-year acquisitions to boost their capabilities and to better serve customers. Channel Insider has rounded up key mergers and acquisitions that have highlighted the start of Q1 2026. Service provider consolidation continues across ServiceNow, VMware ecosystems and more CoreX expands ServiceNow…

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down…

CISA orders US federal agencies to replace unsupported edge devices

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors and aren’t receiving timely security updates. By “edge devices”, CISA means load balancers, firewalls, routers, switches, wireless access points, network security…

Ten career-ending mistakes CISOs make and how to avoid them

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite. According to a Hitch Partners study, the average CISO tenure is 39 months — a timeframe that reflects the intense pressure and high stakes of the position. With 77% of CISOs fearing dismissal after a major breach, the…

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with…

CISA gives federal agencies 18 months to purge unsupported edge devices

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit network infrastructure rather than endpoints. The binding operational directive, BOD 26-02, requires Federal Civilian Executive…

Zscaler extends zero-trust security to browsers with SquareX acquisition

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup. The deal will enable Zscaler to extend its Zero Trust Exchange capabilities directly into standard web browsers, across both managed and unmanaged devices. With Zscaler Private Access (ZPA), the company has been assisting enterprises adopt zero…

How Samsung Knox Helps Stop Your Network Security Breach

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-11953 React Native…

OpenClaw: The AI agent that’s got humans taking orders from bots

Well, that escalated quickly.  I’m talking, of course, about OpenClaw (a.k.a. Moltbot a.k.a. Clawdbot), which not only represents a headlong rush into unchecked agentic AI, but also an emerging ecosystem that reads like every dystopian cautionary cyberpunk novel ever written.  As my colleague and friend Steven Vaughan-Nichols detailed earlier this week, it’s a “security nightmare.” …

Four new vulnerabilities found in Ingress NGINX

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by upgrading to the latest version. Of the four holes, two are more serious, because they carry CVSS scores of 8.8: CVE-2026-1580 is an improper input validation…

New APT group breached gov and critical infrastructure orgs in 37 countries

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of other tunneling and proxy tools. Researchers believe the group is expanding its…

10,000+ Active Infections Traced to SystemBC Botnet

Security researchers at Silent Push identified more than 10,000 unique IPs infected with SystemBC, a proxy malware commonly used as an early foothold in ransomware attacks. Using a custom SystemBC tracking fingerprint, analysts mapped a globally distributed botnet that includes compromised systems supporting government infrastructure.  “SystemBC proxies traffic through compromised systems and acts as a…

CISA tells agencies to stop using unsupported edge devices

A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential…

OpenClaw and the Growing Security Risks of Agentic AI

OpenClaw, a fast-growing open-source AI agent, is drawing attention from security teams as its rapid adoption collides with emerging risks around autonomous AI behavior.  Designed to act as a personal assistant that can connect to large language models (LLMs), call external APIs, and execute tasks independently, OpenClaw represents a form of agentic AI designed to…

Lawmakers Call on Meta to Stop Running ICE Ad Featuring Neo-Nazi Anthem

Members of Congress are demanding answers from Meta after it ran advertisements by U.S. Immigration and Customs Enforcement that they say included imagery and music intended to appeal to white nationalists and neo-Nazis. In a letter sent to Meta CEO Mark Zuckerberg, Reps. Becca Balint, D-Vt., and Pramila Jayapal, D-Wash., questioned how the social media…

Alleged 764 member arrested, charged with CSAM possession in New York

A 23-year-old New York man allegedly affiliated with 764 was arrested and charged with receiving child sexual abuse material. Aaron Corey of Albany, N.Y., faces up to 20 years in prison for trafficking CSAM during a three-month period ending in December. Corey, also known as “Baggeth,” is accused of running multiple 764-related chats, seeking CSAM…

Banana Pro Crypto Trading Bot Expands to Ethereum, Bringing Fast ETH Execution to the Browser

In the latest development, I will show you why Ethereum trading is finally moving to the web – and what Banana Pro changes for ETH traders. Banana Gun has brought native Ethereum execution to Banana Pro, its web-based trading terminal, extending its execution-first infrastructure to the most liquidity-dense network in decentralized finance. For years, Ethereum…

n8n Flaw Puts Hundreds of Thousands of Enterprise AI Systems at Risk

A flaw in the n8n platform allowed any authenticated user to fully compromise the underlying server, exposing credentials, secrets, and AI-driven workflows across enterprise environments. The vulnerability carries a CVSS score of 10.0 and allows attackers to break out of n8n’s JavaScript sandbox to execute arbitrary commands, effectively transforming routine workflow logic into complete control…

Legacy Investing Taps Jackie Steinberg as First Channel Chief

Legacy Investing has named longtime channel executive Jackie Steinberg as its first Channel Chief, signaling a deeper push into a channel-first strategy to help data center users secure near-term, ready-for-service power capacity. The newly created role positions Steinberg to work alongside co-founder and managing partner Daniel English to build out a partner-led go-to-market approach focused…

DH2I’s Don Boxley on AI, Security, and 2026 Channel Bets

As artificial intelligence investments push enterprises to rethink their infrastructure stacks, channel partners are increasingly being pulled into complex refresh, migration, and security conversations.  To understand how those shifts are unfolding, Channel Insider spoke with Don Boxley, CEO and co-founder of DH2I, about the technology and market forces shaping channel opportunity in 2026. AI infrastructure…

Arctiq Adds Verinext in Services Platform Expansion

Arctiq has acquired Verinext, combining two established IT services providers to expand capabilities across managed services, security, infrastructure, and automation as customers look to consolidate technology partners. The deal, announced Tuesday, brings Verinext into Arctiq’s growing portfolio and is backed by private equity firm Gallant Capital Partners, the majority owner of Arctiq. Financial terms of…

Enterprise tech spending to cross $6 trillion in 2026, driven by AI infrastructure boom

Global IT spending will grow 10.8% to reach $6.15 trillion in 2026, Gartner said in its latest forecast, with AI infrastructure accounting for the lion’s share of that growth. The forecast shows a spending spree that shows no signs of slowing down, despite growing chatter about an AI bubble. Enterprises and cloud providers alike are…

The silent security gap in enterprise AI adoption

Most security leaders believe they know where their sensitive data lives and how it is protected. That confidence is increasingly misplaced. As enterprises deploy AI across customer support, software development, legal analysis and internal operations, a new data exposure surface has quietly emerged. It does not sit in databases, file systems or network links. It…

Building trust with the board through evidence-based proof

Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table. Boards ask about cybersecurity investments and cyber resilience; they need answers rooted in reality, not prognostication. When cybersecurity leaders respond with a list of technologies deployed and potential risks that require additional investment, board members may get frustrated by a lack…

The Epstein Files didn’t hide this hacker very well

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about – especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust – once cracked – can be almost impossible to fully…

OpenClaw or Open Door? Prompt Injection Creates AI Backdoors

OpenClaw has come under review after researchers at Zenity showed how it could be misused to establish persistent access.  Rather than exploiting a software vulnerability, the technique relies on indirect prompt injection to influence the agent’s behavior and maintain ongoing control with minimal user involvement. “This attack demonstrates how a persistent command and control channel…

Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes

A recently disclosed vulnerability in ingress-nginx may allow authenticated attackers to execute code and access Kubernetes Secrets in affected clusters.  The vulnerability could “… lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller,” said Kubernetes researchers. Inside the Ingress-Nginx Security Vulnerability Ingress controllers sit…

Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes

A recently disclosed vulnerability in ingress-nginx may allow authenticated attackers to execute code and access Kubernetes Secrets in affected clusters.  The vulnerability could “… lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller,” said Kubernetes researchers. Inside the Ingress-Nginx Security Vulnerability Ingress controllers sit…

Chrome Vulnerabilities Allow Code Execution and Browser Crashes 

Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes.  The issues affect core browser components and may be triggered when users visit specially crafted websites. One of the vulnerabilities, CVE-2026-1861, allows “… a remote attacker to potentially exploit heap corruption via…

Chrome Vulnerabilities Allow Code Execution and Browser Crashes 

Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes.  The issues affect core browser components and may be triggered when users visit specially crafted websites. One of the vulnerabilities, CVE-2026-1861, allows “… a remote attacker to potentially exploit heap corruption via…

Chrome Vulnerabilities Allow Code Execution and Browser Crashes 

Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes.  The issues affect core browser components and may be triggered when users visit specially crafted websites. One of the vulnerabilities, CVE-2026-1861, allows “… a remote attacker to potentially exploit heap corruption via…

AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes

Threat actors are using artificial intelligence (AI) to accelerate cloud intrusions.  In a recent incident observed by Sysdig researchers, attackers escalated from stolen credentials to full administrative access in an AWS environment in under 10 minutes, illustrating how AI can shorten cloud attack timelines. “The threat actor achieved administrative privileges in under 10 minutes, compromised…

AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes

Threat actors are using artificial intelligence (AI) to accelerate cloud intrusions.  In a recent incident observed by Sysdig researchers, attackers escalated from stolen credentials to full administrative access in an AWS environment in under 10 minutes, illustrating how AI can shorten cloud attack timelines. “The threat actor achieved administrative privileges in under 10 minutes, compromised…

AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes

Threat actors are using artificial intelligence (AI) to accelerate cloud intrusions.  In a recent incident observed by Sysdig researchers, attackers escalated from stolen credentials to full administrative access in an AWS environment in under 10 minutes, illustrating how AI can shorten cloud attack timelines. “The threat actor achieved administrative privileges in under 10 minutes, compromised…

SECNAP CloudJacket MXDR integrates SOC, SIEM, and NDR

SECNAP Network Security announced the launch of CloudJacket MXDR, a next-generation managed extended detection and response solution. Built on the company’s patented CloudJacket platform, CloudJacket MXDR enhances SECNAP’s security portfolio by extending its existing capabilities, including advanced network detection and response (NDR). CloudJacket MXDR is designed from the ground up to empower managed service providers…

Inside the Iron Mountain Breach: What the Extortion Gang Didn’t Want You to Know

Iron Mountain Incorporated is a global information management company with a long history in data storage, records management, backup and recovery, and secure shredding, serving a massive worldwide customer base. In early February 2026, a cybercrime group calling itself Everest claimed on its dark web leak site that it had stolen approximately 1.4 TB of…

Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises.  New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…

Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises.  New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

OpenClaw’s Rapid Rise Exposes Thousands of AI Agents to the Public Internet

In just days, a viral open-source AI assistant went from niche experiment to a widespread internet-facing risk.  OpenClaw, a self-hosted personal AI agent capable of executing actions on a user’s behalf, saw explosive adoption in late January 2026 — along with widespread public exposure that has raised concerns among security researchers. It “… has already…

OpenClaw’s Rapid Rise Exposes Thousands of AI Agents to the Public Internet

In just days, a viral open-source AI assistant went from niche experiment to a widespread internet-facing risk.  OpenClaw, a self-hosted personal AI agent capable of executing actions on a user’s behalf, saw explosive adoption in late January 2026 — along with widespread public exposure that has raised concerns among security researchers. It “… has already…

Fake Dating App Delivers Android Spyware in Targeted Campaign 

ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware.  The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…

Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT 

A malicious Visual Studio (VS) Code extension posing as an AI-powered assistant was quietly installing remote access malware on developers’ systems.  The fake extension, called ClawdBot Agent, appeared legitimate on the surface but executed malware automatically as soon as VS Code launched. “The layering here is impressive. You’ve got a fake AI assistant dropping legitimate…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Explore scaling options for AWS Directory Service for Microsoft Active Directory

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as…

Explore scaling options for AWS Directory Service for Microsoft Active Directory

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as…

Explore scaling options for AWS Directory Service for Microsoft Active Directory

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as…

Explore scaling options for AWS Directory Service for Microsoft Active Directory

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

How to get started with security response automation on AWS

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

File integrity monitoring with AWS Systems Manager and Amazon Security Lake 

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect…

IAM Identity Center now supports IPv6

Amazon Web Services (AWS) recommends using AWS IAM Identity Center to provide your workforce access to AWS managed applications—such as Amazon Q Developer—and AWS accounts. Today, we announced IAM Identity Center support for IPv6. To learn more about the advantages of IPv6, visit the IPv6 product page. When you enable IAM Identity center, it provides…