Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026

Major Threats & Vulnerabilities AI-Powered Cyberattacks and Exploits The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats. Microsoft Defender vulnerabilities are…

Authorities arrest 23-year-old accused of running the Kimwolf botnet

Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botnet. Authorities arrested the suspect in Canada, he could face up to 10 years in prison…

CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices

BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-45585 vulnerability, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access…

Versa extends zero trust principles to AI agents and MCP workflows

Versa has introduced a patent-pending zero trust architecture for the Model Context Protocol (MCP), applying zero trust principles to AI execution. The company said every AI-generated action is validated against user identity, role-based access controls, and system policies before execution, with human approval required when defined by administrators. The launch addresses a growing challenge as…

Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines

I spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to the inside of a cabinet because the Velcro had…

U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 Langflow Origin Validation Error Vulnerability…

Identity as the primary attack surface: What modern breaches are really exploiting

The “retro” way “The thing about the old days is… they are the old days” – Slim Charles, The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion detection systems, endpoint security and segmentation controls, all of which were built…

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io shows why defenders may need to pay closer attention to something more boring, hosting…

Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada

Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday. Jacob Butler was arrested Wednesday in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted,…

Critical vulnerability in Cisco Secure Workload rated at maximum severity

A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are doing and patch this immediately,” warned consultant Robert Enderle, who…

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a…

Unpatched ChromaDB flaw leaves servers open to remote code execution

Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in ChromaDB’s API server and was published by researchers at HiddenLayer after reportedly failing to get in contact…

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…

Lawmakers from both parties say CISA cuts have gone too far

Two cybersecurity-focused members of Congress agreed Thursday that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential to defending civilian networks against foreign adversaries. Rep. Don Bacon, R-Neb., and Rep. James Walkinshaw, D-Va., spoke during a discussion at the National Cyber Innovation Forum. Despite representing different parties,…

AWS KY3P report now available for third-party supplier due diligence

We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers can now use the AWS KY3P assessment to reduce their supplier due diligence burden. KY3P,…

Global law enforcement operation takes First VPN offline

Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated…

CISA chief frets about open-source vulnerabilities, delayed security improvements

Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think…

European authorities take down prolific cybercrime VPN service

European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday.  First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities.…

7 Best Attack Surface Management Software in 2026

This guide is for IT leaders and security teams looking to improve visibility into organizational risks and reduce their attack surface in 2026. It covers the best attack surface management (ASM) software and the key features businesses should evaluate when selecting the right solution for proactive threat detection and risk mitigation. Key Points on Attack…

6 Best Vulnerability Management Software & Systems for 2026

This guide is for IT leaders, security teams, and vulnerability management professionals looking to improve security visibility and remediation across their environments in 2026. It covers the best vulnerability management software and systems, along with the key features organizations should evaluate when selecting the right solution for their security operations. Key Takeaways about the Best…

2026 Verizon DBIR: The New Era of Cyber Threats 

The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster, artificial intelligence is accelerating cybercrime, and organizations continue to struggle with foundational security practices.  Key Takeaways from the 2026 Verizon DBIR Report Vulnerability exploitation (31%) overtook credential abuse (13%) as the top initial access vector…

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work because nobody followed all the steps. That is…

AI, Cybersecurity Education, and the Defense of America’s Digital Border

Artificial intelligence (AI) is reshaping cybersecurity at a pace that is forcing educators, businesses, and governments to rethink workforce development and national defense strategies.  During a recent discussion with cybersecurity entrepreneur and ConnectSecure Chairman, Arnie Bellini, key themes emerged around the evolution of cyber threats, the importance of protecting America’s “digital border,” and the urgent…

Forward launches Predict to test network changes before deployment

Forward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they reach live environments and supports safer network operations at scale. “When we founded Forward more…

Terra adds continuous network exploitation validation to its platform

Terra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure and extends coverage across three areas: web applications, AI, and network environments. Terra said the update expands its continuous…

AI becoming an SOC imperative for curtailing emerging cyber threats

The cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “Bot vs Bot: Surviving the Era of Autonomous Cyber Warfare,” highlighted how bringing AI…

Why AI changed the threat model for travel technology

In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconnected ecosystem of identity, payments, loyalty programs, and third-party integrations creates compounding risk, and how…

Third-Party Risk Management Needs to Evolve 

Traditional point-in-time vendor risk assessments are becoming increasingly difficult to maintain in environments where vendors, technologies, and regulatory requirements continuously evolve.  During a recent discussion with eSecurity Planet, Auditive Founder and CEO Daniel Faddoul explained why many organizations are struggling to keep pace with modern third-party risk exposure and why continuous monitoring is becoming more…

Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows

Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can hallucinate harmful actions with complete confidence. It’s vulnerable to prompt injection…

Browser Threats Are Expanding the SMB Attack Surface 

Small and mid-sized businesses (SMBs) are facing a growing wave of cyberattacks, and according to Palo Alto Networks, many of those threats are now originating directly inside the browser.  During a recent discussion with eSecurityPlanet, Shivam Srivastava, VP of Product Management for Prisma Browser for Business at Palo Alto Networks, discussed the growing cybersecurity challenges…

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and malware attacks.  The Fox Tempest operation allegedly helped cybercriminals distribute malware disguised as trusted software to evade Windows defenses and fool users.   “Fox Tempest doesn’t directly target victims but instead provides supporting services that enable…

AWS Security Hub Extended: Why enterprise security products should sell themselves

Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No six-month evaluation. No multi-year commitment up front. Our field teams played a…

ISC2 Report: AI Is ‘Double-Edged’ Sword of Cybersecurity

A new study from ISC2 has found that cybersecurity professionals now see AI as both their biggest opportunity and biggest threat.  The findings point to a field at an inflection point, with teams moving to adopt AI for defense while preparing for more scalable, convincing AI-enabled attacks. AI ranks as top security opportunity and threat…

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the…

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the report’s 19-year history, the company noted. Known initial access vectors over time…

Agentic AI Security Risks Increase Governance Demands for MSPs

BYOD was a headache. AI agents are an existential crisis. Advanced AI models pose a massive security and governance challenge for the channel, forcing managed service providers (MSPs) and tech partners to rethink how they protect corporate data. Agentic AI adoption exposes governance gaps The shift from passive, generative AI chatbots to fully autonomous agents…

How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?

Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage…

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

A newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses.  Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at different stages of a single attack chain targeting Mac users. The…

Darwinium updates mobile SDKs to detect remote access scam activity

Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks. “Most fraud platforms validate trust at a single moment, typically at login or payment,…

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install. The attackers reached Bitwarden’s npm publishing path through a compromised GitHub…

Virtuozzo CEO: AI Infrastructure Is a Channel Opportunity

Virtuozzo is positioning its new AI infrastructure platform as more than a product launch: CEO Kurt Daniel sees it as a channel opportunity for service providers facing rising hardware costs, GPU demand, and pressure to modernize cloud offerings. The company recently introduced its Virtuozzo Infrastructure System, an integrated platform combining compute, storage, networking, orchestration, automation,…

DirtyDecrypt: PoC Released for yet another Linux flaw

DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and…

When your AI assistant has the keys to production

Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure. A recent survey on agentic AI in network and IT operations gives it a more…

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted…

EnterpriseClaw wants to bring governance to the OpenClaw era

Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly. Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since. Automation Anywhere Tuesday rolled…

CISA GitHub Leak Exposes AWS GovCloud Secrets 

A public GitHub repository tied to a CISA contractor reportedly exposed sensitive AWS GovCloud credentials, plaintext passwords, and internal deployment files.  Researchers said the exposure may have provided privileged access to multiple internal systems and cloud environments before the repository was removed.  “Passwords stored in plain text in a csv, backups in git, explicit commands…

Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…

Westcon-Comstor Launches White-Label OneSOC Service

Westcon-Comstor has launched OneSOC, a vendor-agnostic, white-label security operations service designed to help channel partners offer SOC capabilities under their own brand without upfront investment. The global technology distributor, which specializes in cybersecurity, networking, and hybrid cloud, announced the service on May 19.  OneSOC targets partner barriers to SOC delivery OneSOC is available across Europe,…

Governing infrastructure as code using pattern-based policy as code

Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow broader access than intended. Required tags might be missing. Encryption might be assumed…

Cato Networks Adds Cyera DSPM Integration to XOps

Cato Networks has integrated Cyera’s Data Security Posture Management capabilities into Cato XOps, giving enterprise security teams more context around sensitive data when detecting, investigating, and responding to threats. The integration, announced May 19, embeds Cyera’s data intelligence into Cato XOps, Cato’s combined XDR and AIOps solution. The companies said the goal is to help…

Selector extends AI-driven observability into multi-cloud environments

Selector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By unifying rich telemetry data from cloud, network, and infrastructure into a shared intelligence layer, Selector gives teams a more complete, actionable…

Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer…

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. “These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the…

Poland shifts away from Signal following cyberattacks on officials’ accounts

Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follows repeated cyberattacks targeting Signal accounts belonging to politicians, military personnel, and public servants. Officials believe the campaigns…

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a…

Babel Street targets AI-driven threats with new agentic investigation capabilities

Babel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the Babel Street Insights platform, Investigator represents a shift from search and AI-assisted queries to analyst-directed,…

Are Attackers Hiding Inside Your Network Traffic?

I believe one of the important shifts in cybersecurity over the past several years is how attackers are hiding in plain sight.  According to the 2026 IP Intelligence Study released by Spur Intelligence, anonymizing infrastructure, such as virtual private networks (VPNs) and residential proxies, are now involved in nearly every modern cyberattack.  These tools allow…

Dell Set to Make Partner Program Enhancements

Dell Technologies is introducing new enhancements to Dell’s partner program, including rebates and incentives aligned to strategic solutions and customer outcomes. Dell aligns partner incentives to customer outcomes across the portfolio These enhancements are launching in August 2026 and are built around rewarding the outcomes customers expect. “We’re announcing pretty significant enhancements to our program,”…

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and…

OpenClaw Vulnerabilities Could Enable Full AI Agent Takeover

Researchers at Cyera disclosed four chainable vulnerabilities in OpenClaw, collectively named Claw Chain, that could allow attackers to escape AI agent sandboxes, steal credentials, escalate privileges, and establish persistent access across enterprise environments.  The findings raise broader concerns about the security risks surrounding autonomous AI agent platforms.  “Each step looks like normal agent behavior to…

Device Code Phishing Targets Microsoft 365 Users  

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts.  According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages.   “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

Dell Unveils Portfolio Advancements to Simplify AI Adoption

During Dell Technologies World 2026, Dell unveiled more than 60 portfolio advancements to simplify AI adoption and modernize the data center. Dell AI innovations to scale new capabilities in data and agent adoption To help address the gap between AI ambition and AI outcomes, Dell has introduced new agentic AI capabilities, AI-ready data, next-generation infrastructure,…

Secure, Fast, Reliable: The Best Cloud Storage Providers for Businesses in 2026

This guide is for IT leaders, business owners, and operations teams looking to improve data security, collaboration, and file management in 2026. It covers the best cloud storage providers for businesses and the key features to consider when selecting a secure, scalable, and reliable storage solution. Key Points of Our 2026 Cloud Storage Provider Evaluation…

The 6 Best Enterprise Password Managers You’ll Actually Trust in 2026

This guide is for IT leaders, security teams, and business decision-makers looking to improve credential security and reduce password-related risks in 2026. It covers the best enterprise password managers, their standout features, and the key factors to evaluate when choosing the right solution for your organization. Key Points About Enterprise Password Managers in 2026 Enterprise…

Top 21 MSSP Software to Best Serve Security Clients in 2026

MSSP software is a tool or platform that enables managed security service providers (MSSPs) to deliver outsourced cybersecurity services to organizations. Unlike traditional MSP software, MSSP tools focus specifically on security functions such as threat detection, access control, vulnerability management, and infrastructure protection. MSSPs support organizations ranging from small businesses to enterprises and play a…

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. ​Experts at cloud security company Wiz and,…

Why the best security investment a board can make in 2026 isn’t another tool

There is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to close the latest gap. The budget gets approved. The tool gets deployed. And…

201 arrested in INTERPOL disruption of phishing and fraud networks

Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals and the identification of an additional 382 suspects. Moroccan authorities seized computers, smartphones and external hard…

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores Pwn2Own Berlin 2026, Day Three: DEVCORE…

Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet…

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…

Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…

Expired domain leads to supply chain attack on node-ipc npm package

A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account. The node-ipc package has had malware added to its code in the past.…

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.  The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for…

The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases

TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement to baseline your posture and build a prioritized roadmap. Phase 1 – Foundational (zero to…

Cisco zero-day under ongoing attack by persistent threat group

Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls…

CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access

A vulnerability affecting Cisco Catalyst SD-WAN Controller has drawn urgent attention after Cisco, Rapid7, and CISA confirmed active exploitation. CVE-2026-20182 is a critical authentication bypass flaw in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that carries a CVSS 10.0 score and can let an unauthenticated remote attacker gain administrative privileges on an affected…

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…

7AI Uncovers Browser Extension Campaign Evading EDR Defenses

A browser-extension campaign is bypassing traditional EDR defenses by injecting remote JavaScript payloads directly into authenticated browser sessions.   Researchers at 7AI uncovered the operation, dubbed CRXfiltrate, after observing suspicious outbound traffic originating from a seemingly harmless Chrome color-picker extension.  According to the researchers, the campaign remained active across enterprise environments and delivered operator-controlled payloads without…

Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace

Just as cyber threats have grown more complex and foreboding, the underground phishing marketplace which makes such attacks possible has profoundly evolved.  No longer a Craigslist-styled hodgepodge of products and services, marketplace forums have emerged as complete criminal ecosystems that function as not only distribution points for resources, but as labor exchanges to recruit and…

Cisco warns of an actively exploited SD-WAN flaw with max severity

Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability that Cisco patched in February. In the latest advisory, the company said the new flaw…

Ghostwriter group resumes attacks on Ukrainian Government targets

ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange Server: Subscription Edition RTM, 2019, and 2016. Exchange Online is not…

EU’s Cyber Resiliency Act will put IT leaders to the test

Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger…