Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Open-source privacy proxy masks PII before prompts reach external AI services

Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network. The tool…

AI traffic is getting bigger, louder, and less predictable

AI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift from diffuse internet-style traffic to large, high-bandwidth flows between fewer endpoints. Monthly view of all…

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

Two former cybersecurity professionals who moonlighted as cybercriminals, committing a series of ransomware attacks in 2023, were each sentenced to four years in prison, the Justice Department said Thursday. Ryan Clifford Goldberg and Kevin Tyler Martin previously pleaded guilty to one of three charges brought against them in December and faced up to 20 years…

FCC tightens KYC rules for telecoms, closes loophole for banned foreign services

The Federal Communications Commission approved new regulations Wednesday designed to crack down on robocalling, protect telecommunications networks from cyberattacks and further vet equipment-testing labs based overseas. Commissioners unanimously passed a measure to strengthen telecom companies’ “Know Your Customer” requirements for verifying callers’ identities. Among the potential solutions being considered are requiring telecoms to verify a…

cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as…

SAP npm Supply Chain Attack Targets Developer Credentials 

A supply chain attack targeting SAP npm packages is putting enterprise development environments at risk.  Aikido researchers discovered malicious code designed to steal credentials and secrets from developer systems and CI/CD pipelines.  The attack “… harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes,”…

How Criminals Created SMS Blasters to Fake Cellphone Towers and Hack Thousands of Phones in Canada

Canadian authorities have dismantled what appears to be one of the most technically sophisticated financially motivated telecom attacks publicly documented in North America after arresting three suspects accused of operating vehicle-mounted “SMS blaster” systems that impersonated legitimate cellular towers, induced nearby mobile devices into attaching to rogue infrastructure, delivered phishing messages to those devices—likely through…

AI Adoption Fuels Rise in Identity Attack Path Risk 

Identity security is one of the most urgent priorities for enterprises as AI adoption expands the attack surface and introduces new complexity.  The SpecterOps Trends in Identity Attack Path Management 2026 report highlights how organizations are increasing investment in identity security while struggling to turn visibility into consistent risk reduction. “As identity becomes the control…

Two new extortion crews are speedrunning the Scattered Spider playbook

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity…

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work…

Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security

Organizations are rapidly adopting AI models, but many still lack visibility into where those models come from or how they’ve been modified along the way.  Cisco is aiming to close that gap with the release of its open-source Model Provenance Kit, a tool designed to verify the origins of AI models and improve trust across…

Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, transportation, building automation, and weapons-support infrastructure. OT owners should design controls on the assumption…

Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More

April brought several updates across ANY.RUN’s Threat Intelligence and detection coverage.  The biggest change is expanded access to Threat Intelligence: Free plan users now get 20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and validate malware or phishing activity using real attack…

Researchers develop tool to expose GPS signal spoofing in transit networks

The Oak Ridge National Laboratory (ORNL) has developed a portable detector that identifies GPS spoofing in real time, including during motion, to help protect transportation systems. Spoofing involves transmitting counterfeit signals that imitate authentic GPS transmissions and produce false information about location, time, or both. GPS jamming, another form of interference, overwhelms receivers with noise…

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Designed to cripple Iran’s nuclear enrichment program, the 2010 Stuxnet worm set a cybersecurity precedent as the first time a nation escalated its activities from strategic espionage to sabotage in cyberspace. Now, a new discovery suggests such operations were in full swing years before Stuxnet came to light. Researchers from SentinelOne have tracked down samples…

cPanel Vulnerability Exposes Servers to Takeover 

An authentication vulnerability in cPanel and Web Host Manager (WHM) is putting web hosting environments at risk, prompting the company to release an emergency patch and warn administrators to act quickly.  The flaw affects multiple authentication paths and could allow attackers to gain unauthorized access to servers if left unpatched. “Let’s call this what it…

Tines Targets Partner-Led Growth in North America

Tines is expanding its channel and technology partner ecosystem as enterprise demand grows for intelligent workflows that connect automation, AI, and human decision-making across security and IT operations. The intelligent workflow platform announced 75 new technology partners for fiscal year 2026, along with 25% growth in its channel partner network.  The company said collaborations with…

GitHub Flaw Enables Remote Code Execution With a Single Git Push

A vulnerability in GitHub’s infrastructure could have allowed attackers to execute code on backend systems using nothing more than a standard git push command.  The flaw affected both GitHub.com and GitHub Enterprise Server (GHES), exposing millions of repositories to potential compromise before it was patched. “By exploiting an injection flaw in GitHub’s internal protocol, any…

Netskope, Rubrik, Commvault Expand Google Cloud Security

At this year’s Google Cloud Next 2026 conference in Las Vegas, tech and cybersecurity companies across the channel unveiled their latest announcements spanning AI, security, infrastructure, and more. While artificial intelligence was firmly front and center, themes around enhanced cybersecurity, particularly AI guardrails and cyber resilience, emerged as equally important priorities. In this recap, we…

Top Benefits of Cybersecurity Services for Strengthening Business Network Security

In this post, I will talk about the top benefits of cybersecurity services for strengthening business network security. Modern businesses depend on connected systems, cloud tools, mobile devices, and shared data to operate efficiently each day. As networks grow more complex, security risks also increase, making it essential for companies to protect digital assets, communication…

AWS leans on prior ingenuity to face future AI and quantum threats

As Amazon celebrates the 20th anniversary of its AWS cloud this year, the world’s biggest cloud computing provider now faces two giant cybersecurity threats — AI and quantum. How the company will navigate these emerging issues to ensure the security and resilience of systems used by its millions of corporate customers remains an evolving question.…

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-1708 (CVSS score of 8.4) ConnectWise ScreenConnect Path Traversal…

Margin vs. Madness: Fixing MSSP Top 5 Operational Nightmares

Leading a managed security services provider has never been a comfortable job. And it isn’t now, though the demand for MSSPs has never been higher. The global threat landscape is expanding faster than most enterprise security teams can keep pace with, and organizations across every sector are turning to managed providers to fill the gap.   For MSSP leaders, this…

Eino’s agentic network observability platform enables real-time, AI-driven network insights

Eino has introduced a new class of solution for enterprises known as agentic network observability. Designed for enterprises with multiple network technologies and mission-critical use cases, Eino’s agentic solution uses a 3D digital twin approach of the physical environment to deliver real-time insights for almost any wireless networking technology, deployed together or separately. This enables…

SAS makes AI governance the centerpiece of its agent strategy

Enterprises are quickly moving from AI experimentation to deployment, however, when agentic AI begins making more decisions, invoking more tools, and operating across fragmented data environments, there can be an erosion of visibility, governance, and trust. SAS laid out its answer to that problem at its annual conference, SAS Innovate, introducing a new family of…

7 Best Network Security Tools to Use in 2026

This guide is for IT professionals, security teams, and business leaders looking to strengthen network defenses in 2026. It covers the best network security tools to protect data and help reduce overall organizational risk. Network security tools incorporate hardware and software technologies, methods, and policies to preserve network integrity and prevent potential breaches. These tools…

Best AI Deepfake and Scam Detection Tools for Security in 2026

This guide is for security professionals, IT teams, and anyone concerned about AI-driven fraud who wants to detect deepfakes and scams in 2026. It covers some of the best tools available to identify fake videos, audio, and synthetic content. You can fake a video. You can clone a voice. You can even generate a “live”…

6 Best Intrusion Detection & Prevention Systems in 2026

This guide is for IT leaders, security teams, and network administrators looking to strengthen threat detection and response in 2026. It covers the top intrusion detection and prevention systems (IDPS) and key features to consider when choosing the right solution. Network security is not just about keeping the bad guys out. It’s about having a…

Federal CIO cautious on Anthropic’s Mythos despite planned rollout

Federal Chief Information Officer Greg Barbaccia said Tuesday the government is approaching Anthropic’s Mythos model with measured expectations, acknowledging both its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions. Barbaccia said his direct exposure to Mythos has been limited to evaluations and benchmarking…

ClickUp Data Leak Exposes Enterprise Emails for Over a Year 

A hardcoded API key embedded in ClickUp’s public website has quietly exposed hundreds of corporate and government email addresses for more than a year. The flaw, first reported in early 2025, remained active as of April 2026 — allowing anyone to access sensitive data with a simple request and no authentication. “I went to http://clickup[.]com,…

Infra + security: why more & more CISOs are starting to own infrastructure

Over the past year, I have started to see a growing trend that in more and more organizations, CISOs are taking ownership of infrastructure teams. Where CISOs aren’t directly taking over infrastructure teams, they are exerting more direct control over how infrastructure is designed and operated. Like many structural shifts in cybersecurity, this is developing…

Fleet hopes to be the MDM provider for the AI Era

Fleet, the independent, open-source, multi-platform MDM service, recently announced its new partner program for VARs and MSPs serving enterprise customers and recruited MobileIron co-founder Suresh Batchu to serve on the company’s board. With those moves in mind, I caught up with company CEO Mike McNeil to find out more about the Fleet’s plans. Given the company’s…

Police arrest 10 suspected members of Black Axe cybercrime gang

A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europe. Most of those arrested are reported to be of Nigerian origin. The suspects…

Access control with IAM Identity Center session tags

As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS accounts. It simplifies authentication, enhances security, and provides a seamless user sign-in experience to AWS services across diverse environments.…

Rep. Delia Ramirez takes over as top House cybersecurity Dem

Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation. Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference. Ramirez first…

Guardz Warns MSPs of Cloud Ransomware and BEC Risks

Today, cybersecurity firm Guardz released its 2026 State of MSP Threat Report, a deep dive into how Artificial Intelligence and identity-first attacks have completely flipped the script for MSPs and the small businesses they protect.  The report reveals that AI has officially killed the obvious phishing email. Gone are the days of spotting a scam…

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research

Chinese national Xu Zewei was extradited from Italy to the United States to face charges tied to an alleged cyber espionage campaign that breached thousands of computers worldwide. Xu is charged alongside Zhang Yu, who remains at large. According to court documents, officers of China’s Ministry of State Security (MSS), including its Shanghai State Security…

Manhattan Associates and Genuine Parts Company Go Live with Next-Generation Warehouse Management System in Brisbane

Manhattan Associates Inc. (NASDAQ: MANH) and Genuine Parts Company (GPC) have announced the successful go-live of Manhattan Active® Warehouse Management at GPC’s Brisbane distribution centre. The go-live represents the culmination of a large-scale program to modernise GPC’s DC operations, replacing different legacy systems and manual processes with a unified, cloud-native platform designed to improve visibility,…

Securing RAG pipelines in enterprise SaaS

In the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack since they are not trained on customer proprietary data. Retrieval-Augmented Generation (RAG) is the bridge…

New Android spyware Morpheus linked to Italian surveillance firm

Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand…

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

The security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (AiTM) phishing does not steal credentials and replay them. It sits between the user and the legitimate service, watches a real authentication succeed in real time, and walks away with the…

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…

Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor

Security researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At risk are devices running Cisco ASA or Firepower software, including certain Firepower and Secure Firewall devices. So far, however,…

Chinese national extradited to US for pandemic-era Silk Typhoon attacks

A Chinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday. Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to…

Best Zero Trust Security Solutions in 2026

This guide is targeted toward IT and security teams looking to get more granular access control and reduce implicit trust across applications and systems in 2026. It introduces zero trust and top zero trust solutions. A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology…

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach. Medtronic is an international medical…

Optimize security operations through an AWS Security Hub POC

April 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for planning your POC. AWS Security Hub prioritizes your critical security issues…

CrowdStrike Builds Project QuiltWorks for AI-era Bugs

CrowdStrike has launched Project QuiltWorks, a partner-led coalition aimed at helping enterprises respond faster to vulnerabilities uncovered by frontier AI models. The initiative brings together Accenture, EY, IBM Cybersecurity Services, Kroll, and OpenAI with CrowdStrike’s Falcon platform and partner network. The company said the goal is to help organizations identify, prioritize, and remediate AI-discovered vulnerabilities…

Can I do that with policy? Understanding the AWS Service Authorization Reference

Understanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approaches that won’t work. You’ve likely encountered questions like: Can I use AWS Organizations service control policies (SCPs) to prevent the creation of security groups that allow traffic from 0.0.0.0/0? Can I block…

FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures

A consequential shift is underway in how enterprise breaches begin. The leaked credential — once treated as a hygiene problem — has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern in miniature. Stolen OAuth tokens from one chatbot vendor pulled Salesforce data from 760 enterprise…

BlackFile actively extorting data-theft victims in retail and hospitality sector

Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit…

The Best VPNs for Small Businesses on a Budget in 2026

One wrong click. One rogue Wi-Fi connection. One stolen credential. That’s all it takes for a cybercriminal to breach your small business. And while you may not have an enterprise-sized budget, you still have plenty to lose: sensitive data, client trust, even your reputation. That’s where a virtual private network (VPN) comes in. A VPN…

Enterprise VPN Solutions Every Business Should Know in 2026

This guide is for IT leaders, security teams, and growing businesses that need secure remote access to corporate systems. It highlights the top enterprise VPN solutions in 2026 that protect data, control access, and support reliable connectivity. Think of your enterprise network as a busy airport. Every employee, device, and data packet is trying to…

LINKEDIN BROWSERGATE

BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…

Top 6 Remote Desktop Software Solutions Compared

Remote desktop software enables businesses and IT professionals to access and manage computers and devices from remote locations, ensuring seamless operations from anywhere. The most effective solutions offer features like unattended access, secure file transfer, multi-monitor support, cross-platform compatibility, and real-time collaboration. To help you find the best fit, we’ve compared the leading options on…

Fast16: Pre-Stuxnet malware that targeted precision engineering software

Fast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware…

Italy moves to extradite Chinese national to the U.S. over hacking charges

Italy plans to extradite Xu Zewei to the U.S. over alleged hacks on COVID-19 research tied to state-backed operations. Italy is moving to extradite Xu Zewei, the Chinese national arrested in 2025 at the request of U.S. authorities on cyber-espionage charges, Bloomberg reported. The case stands out because it ties a single suspect, Xu, to…

Product showcase: LuLu reveals unauthorized outbound connections from Mac apps

LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and setting Up LuLu After downloading and installing the app, I allowed the LuLu Network Extension…

Critical bug in CrowdStrike LogScale let attackers access files

CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates…

Trigona ransomware adopts custom tool to steal data and evade detection

Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and…

Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog Over 400,000…

U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability…

CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…

Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores

Meta is continuing its compute grab as the agentic AI race accelerates to a sprint. Today, the company announced a partnership with Amazon Web Services (AWS) that will bring “tens of millions” of AWS Graviton5 cores (one chip contains 192 cores) into its compute portfolio, with the option to expand as its AI capabilities grow.…

Protecting your secrets from tomorrow’s quantum risks

As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an important aspect of your side of the PQC shared responsibility model. Timelines to plan and…

Google Cloud Makes Key Agentic AI Announcements at Next ‘26

To coincide with the Google Cloud Next ‘26 conference – Google Cloud’s largest event – the cloud giant is making a number of announcements, including the new Gemini Enterprise Agent Platform, advancements to its AI Hypercomputer architecture, and introducing the Agentic Data Cloud. A single platform for agent development, orchestration, and governance Google Cloud is…

ShinyHunters Claims Udemy Data Breach of 1.4M Users 

A notorious threat actor group has targeted Udemy, one of the world’s largest online learning platforms.  ShinyHunters claims it has stolen more than 1.4 million user records and is threatening to leak the data within days.  “Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” the threat actors…

Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining

military contractor Palantir is helping the IRS analyze dozens of different data sets on Americans to investigate a broad range of financial crimes, according to records shared with The Intercept. Since 2018, the Internal Revenue Service’s Criminal Investigation division has used Palantir’s Lead and Case Analytics platform to aggregate and analyze a sprawling list of…

Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time 

A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time remote access capabilities to compromise victims and actively assist attackers in financial theft.   For organizations, the implications extend beyond individual users. Employees accessing corporate…

Compromised everyday devices power Chinese cyber espionage operations

China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the Cyber League and partner agencies, has issued an advisory. The advisory includes guidance for organizations…

China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks built of hacked consumer devices. Groups control routers, cameras, video recorders, and NAS systems…

Bitwarden CLI password manager trojanized in supply chain attack

Researchers warn of a new software supply chain attack that resulted in a malicious version of Bitwarden CLI, the terminal version of the extremely popular open-source password manager. The attack is believed to be related to the string of recent supply chain compromises attributed to a group called TeamPCP. “The attack appears to have leveraged…

Vercel attack fallout expands to more customers and third-party systems

Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise.  The company, which makes tools and hosts cloud infrastructure for developers, maintains a “small number” of accounts were impacted, but it has yet to share a number or range of…

3 practical ways AI threat detection improves enterprise cyber resilience

Why “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools generate thousands of alerts, most of them low value. Analysts spend hours chasing noise while attackers quietly move laterally using valid credentials and trusted tools. AI‑driven threat detection promises to…

US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices that can survive firmware updates and standard reboots, U.S. and British cybersecurity authorities disclosed Thursday, marking a significant escalation in a campaign that has targeted government and critical infrastructure networks since at least late 2025. The Cybersecurity and Infrastructure Security Agency…

The curious case of Sean Plankey’s derailed CISA nomination

Donald Trump’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, informed Homeland Security Secretary Markwayne Mullin and the White House that he is withdrawing his nomination after a 13-month stall, during which the well-regarded cybersecurity veteran faced mounting resistance. “After thirteen months since my initial nomination, it has become clear the…

Dragos: Despite AI use, new malware targeting water plants is ‘hype’

One day AI may be capable of creating malware that threatens critical infrastructure. But that day was not earlier this month, when reports surfaced of a new piece of malware seemingly configured to search for and sabotage Israeli water infrastructure, according to industrial cybersecurity firm Dragos.  The malware, called ZionSiphon, was first identified by AI…

Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities

Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack traffic to mobile operator signalling infrastructure.” The two unknown parties behind the campaigns mimicked the identities of mobile phone operators with customized surveillance tools, and manipulated signaling protocols and steered…

Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines 

A supply chain attack targeting Checkmarx tooling has exposed developer environments.  Attackers pushed malicious Docker images and tampered extensions capable of stealing credentials and other sensitive data.  This “… continues a dangerous trend that’s accelerated over the past month: CI/CD pipelines have become the new perimeter,” said Eli Woodward, Cyber Threat Intelligence Advisor at Team…

A dozen allied agencies say China is building covert hacker networks out of everyday routers

U.S. and international government agencies warned Thursday about a “widespread shift” in Chinese hacker methods toward the use of large-scale covert networks that compromise common devices to carry out a variety of attacks. The advisory details how those networks work, and defensive steps organizations should take. “Over the past few years there has been a…

CVE-2026-28950: Apple Fixes iOS Flaw That Retained Deleted Notification Data

Apple has released security updates to address a Notification Services issue in iOS and iPadOS that could cause alerts marked for deletion to remain stored on a device. The fix was delivered in iOS 26.4.2 / iPadOS 26.4.2 and iOS 18.7.8 / iPadOS 18.7.8, where Apple says the problem was resolved through improved data redaction.…