Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated…
AI, Global Security News, malware
Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown
Apple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes into keeping the App Store clean. The numbers are significant: more than two million app…
Data Breaches, Global Security News
Defenders fall behind, as AI rewrites the rules of a data breach
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that’s no longer the case. Read more in my article on the Fortra blog.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
CISA chief frets about open-source vulnerabilities, delayed security improvements
Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think…
AI, Global Security News
California Governor Signs Order on AI Aimed at Helping Workers
Gavin Newsom’s move follows broadening signs of public discontent over AI’s impact on jobs.
Global Security News
Trump Postpones AI Executive Order Due to Concerns About Overregulation
The White House had been weighing more oversight over the fast-growing industry.
AI, china, Compliance, Europe, Funding, Global Security News, Government & Policy, Risk Management, Venture
EU moves forward on $5.8B scale-up fund to keep startups from leaving
The European Union has stepped up efforts to grow its homegrown tech sector and reduce dependence on US firms, advancing plans this week for a €5 billion ($5.8 billion) fund to help startups scale in Europe rather than seek capital or buyers abroad. Analysts welcomed the initiative, but said its success will depend on whether…
Global Security News
Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude
AI, APAC, Global Security News, privacy
Do Apple’s accessibility efforts point at its AI plans?
You can usually measure a society by the way it treats its most vulnerable populations, and technology often can help people live better, more autonomous lives. Apple firmly believes that, and this year’s raft of accessibility announcements introduced to mark Global Accessibility Awareness Day shine a light on that belief. The company has won a string of awards…
AI, Global Security News
Microsoft open-sources tools for designing and testing AI agents
Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that stress-tests its own AI systems, and both tools have been used internally before being open-sourced. RAMPART:…
AI, Europe, Global Security News, Network Security, Russia
European authorities take down prolific cybercrime VPN service
European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday. First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities.…
AI, Global Security News
Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds
Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers.
AI, Apps, Compliance, Global Security News
Automating identity lifecycle and security with AWS Directory Service APIs
Managing identities and access across complex environments has become more critical than ever. AWS Directory Service for Managed Microsoft Active Directory, also known as AWS Managed Microsoft AD, has added new capabilities to manage users and groups. Now, you can perform create, read, update, and delete (CRUD) operations on users and groups directly through AWS…
AI, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
7 Best Attack Surface Management Software in 2026
This guide is for IT leaders and security teams looking to improve visibility into organizational risks and reduce their attack surface in 2026. It covers the best attack surface management (ASM) software and the key features businesses should evaluate when selecting the right solution for proactive threat detection and risk mitigation. Key Points on Attack…
Global Security News
SpaceX Set to Launch Upgraded Starship on Pre-IPO Test Flight
The company estimates it has spent $15 billion developing its next-generation rocket.
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
6 Best Vulnerability Management Software & Systems for 2026
This guide is for IT leaders, security teams, and vulnerability management professionals looking to improve security visibility and remediation across their environments in 2026. It covers the best vulnerability management software and systems, along with the key features organizations should evaluate when selecting the right solution for their security operations. Key Takeaways about the Best…
AI, Global Security News
AI Agents Are Shifting Identity Security Budget Dynamics
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
2026 Verizon DBIR: The New Era of Cyber Threats
The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster, artificial intelligence is accelerating cybercrime, and organizations continue to struggle with foundational security practices. Key Takeaways from the 2026 Verizon DBIR Report Vulnerability exploitation (31%) overtook credential abuse (13%) as the top initial access vector…
Global Security News
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
AI, Global Security News
Even at $5 Trillion, Nvidia Is Underappreciated
Competition is growing, but the AI chip maker’s sluggish stock doesn’t give enough credit for its strong position.
Global Security News
Apple blocked over $11 billion in App Store fraud in 6 years
Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transactions in 2025 alone. […]
AI, Global Security News
GitHub Breach Traced to Malicious ‘Nx Console’ VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
AI, Global Security News
Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files
Cisco Secure Email Gateway enhancements: RBI neutralizes web-based threats via isolated browsing, CDR sanitizes malicious components from email attachments.
AI, Endpoint, Exploits, Global Security News, Network Security
Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work because nobody followed all the steps. That is…
AI, Cybersecurity, Exploits, Global Security News, malware
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a…
AI, Global Security News, Network Security
Authorities dismantle First VPN, used by ransomware actors
First VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. During the operation, French and Dutch authorities, with support from Europol and Eurojust, dismantled 33 servers linked to the service and interviewed the operator in Ukraine. The…
AI, Apps, china, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management, Venture
AI, Cybersecurity Education, and the Defense of America’s Digital Border
Artificial intelligence (AI) is reshaping cybersecurity at a pace that is forcing educators, businesses, and governments to rethink workforce development and national defense strategies. During a recent discussion with cybersecurity entrepreneur and ConnectSecure Chairman, Arnie Bellini, key themes emerged around the evolution of cyber threats, the importance of protecting America’s “digital border,” and the urgent…
AI, Global Security News
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
Modern crypto drainers don’t hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. […]
china, Global Security News
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
“Showboat” doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers.
AI, Global Security News, malware
Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. […]
AI, Global Security News
Max severity Cisco Secure Workload flaw gives Site Admin privileges
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. […]
AI, Data Breaches, Global Security News
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal secrets and developer credentials, which were then used to…
AI, Global Security News, Network Security
Selective HTTP Proxying in Linux, (Thu, May 21st)
Recently, Rob wrote about a tool, Proxifier, that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific software. For debugging, reverse engineering, and similar tasks, selecting a…
AI, Endpoint, Exploits, Global Security News, Risk Management
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could…
Global Security News, Network Security
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. […]
AI, Global Security News
Content Delivery Exploit Opens Websites to Brand Hijacking
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.
AI, Cybersecurity, Global Security News, malware, Risk Management
Your AI Agent Doesn’t Care About Your Controls
This is Part 1 of a 2-part series on AI agents and control assurance. Read Part 2: Controlling AI Agents: Why Detection Is Too Late The cybersecurity industry has spent years investing in visibility. Dashboards have improved, detection tooling has matured, and the volume of telemetry available to security teams has increased significantly. Most organisations…
AI, APAC, Apps, Global Security News
AI Demand Pushes Neoclouds into the Channel Conversation
Neocloud providers are gaining momentum as enterprises look for more GPU capacity to support AI training, fine-tuning, and inference. For MSPs, resellers, and system integrators, that shift could expand the cloud infrastructure conversation beyond hypescalers. As AI workloads push customers to compare every available option, partners have an opportunity to advise on cost, capacity, workload…
AI, Global Security News, Risk Management
Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
AI, Global Security News
Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.
AI, Global Security News
Workday’s Returning CEO Has a Plan to Survive the AI Era
The software company isn’t an AI native. But Aneel Bhusri has established an AI task force and is launching new agents for IT and corporate travel.
Global Security News
U.S. to Award Quantum-Computing Firms $2 Billion and Take Equity Stakes
The Trump administration hopes to spur “a new era of American innovation,” Commerce Secretary Howard Lutnick says.
AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Risk Management
SharePoint On-Prem End of Life: 2026 Migration Guide
With Microsoft ending support for SharePoint Server 2016 and 2019 on July 14, 2026, organizations still running on-premises SharePoint face a shrinking window to modernize aging collaboration environments before security updates, bug fixes, and vendor support disappear. SharePoint 2019 On-Prem lives on, but without Microsoft support For over a decade, local SharePoint deployments have served…
AI, Cybersecurity, Global Security News
AI-generated reporting: Lessons learned from Cisco Talos Incident Response
Talos IR shares prompt engineering lessons for consistent, accurate AI-generated cybersecurity reports with a realistic case study.
Global Security News
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
AI, Global Security News, privacy
Microsoft refreshes Surface line with biz-friendly features – and a high price tag
Microsoft this week refreshed its Surface for Business range of devices, adding features designed to appeal to enterprises. But high prices for the devices might be hard for IT buyers to swallow. Microsoft announced a new Surface Pro for Business on Tuesday, alongside two variants of its Surface Laptop for Business devices – a premium…
AI, Global Security News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying.…
AI, Cybersecurity, Global Security News, malware
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills.
Global Security News
Flipper One project needs community help to build open Linux platform
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. […]
AI, Exploits, Global Security News, malware
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware Protection Engine improperly resolving links before accessing files. “An attacker who successfully exploited this vulnerability…
AI, Exploits, Global Security News
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’)…
Global Security News
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have…
AI, Apps, Global Security News, Risk Management
Microsoft releases open-source tools to operationalize AI agent safety
Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. “We built these tools because we believe that AI safety has to become…
Global Security News
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Bitdefender researchers reveal how cyberattackers are abusing the built-in Windows MSHTA utility to silently deploy loaders and infostealers.
AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Risk Management
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well.…
Global Security News
U.S. to Award Quantum Computing Firms $2 Billion and Take Equity Stakes
The Trump administration hopes to spur ‘a new era of American innovation,’ Commerce Secretary Howard Lutnick says.
AI, Global Security News
Even at $5 Trillion, Nivida Is Underappreciated
Competition is growing, but the AI chip maker’s sluggish stock doesn’t give enough credit for its strong position.
Global Security News
SpaceX, Anthropic and OpenAI’s Sprint to Go Public Defines the AI Boom’s Big Day
Silicon Valley’s hottest startups are competing fiercely as big tech firms contend with fickle investors and hard choices.
AI, Cybersecurity, Global Security News, malware
Hackers Stealing Bank Accounts from iPhone and Android Users Using AI
As the AI universe expands, so have the cybercriminals that use AI for hacking. Recent reports are showing that bank attacks using AI has increased over 400%, with savvy criminals staying ahead of anti-fraud measures. Another report for 2025 has identified 1,243 financial brands as their main targets in 90 countries and 34 active malware…
Global Security News
Virtru centers file collaboration around data-level protection
Virtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work together across organizational boundaries. Virtru Collaborate is the first solution built on the new Virtru…
AI, Global Security News
ASAPP expands adversarial testing for enterprise AI systems
ASAPP has launches Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities in AI systems during development. Promptfoo continuously runs automated tests across ASAPP’s AI systems, screening for more…
AI, Cybersecurity, Global Security News, Risk Management
Tenable Hexa AI automates remediation across attack surfaces
Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (MCP) support, enabling custom agent building and workflows that accelerate risk reduction at machine…
AI, Data Breaches, Global Security News
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
AI, Global Security News
Shifting Budget Dynamics for Identity Security and AI Agents
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
Exploits, Global Security News
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. […]
Global Security News
Riverbed introduces new Aternity tools for autonomous IT operations
Riverbed has announced new capabilities for Aternity designed to support autonomous IT operations for digital experience management. The updates help digital workplace teams move toward prevention-focused operations through broader visibility, context-aware intelligence, and governance controls that support automated workflows. Organizations are measured by their ability to deliver frictionless digital experiences that keep employees productive and…
AI, Global Security News, Network Security
Forward launches Predict to test network changes before deployment
Forward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they reach live environments and supports safer network operations at scale. “When we founded Forward more…
AI, Cybersecurity, Global Security News
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several…
AI, Global Security News, Risk Management
CTERA brings AI insights and automation for unstructured data
CTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven insights and automation to data operations, expanding traditional data observability capabilities. CTERA InsightAI continuously analyzes enterprise…
AI, Apps, Exploits, Global Security News, Network Security
Terra adds continuous network exploitation validation to its platform
Terra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure and extends coverage across three areas: web applications, AI, and network environments. Terra said the update expands its continuous…
AI, Cybersecurity, Global Security News, Risk Management
The world of AI tokens — and why they matter
Google has only one way to measure the phenomenal AI growth it’s seen: in tokens. The company processes 3.2 quadrillion tokens per month, Google CEO Sundar Pichai said during this week’s I/O keynote, adding, “never imagined I’d say quadrillion…, but here we are.” Basically, tokens are a unit of measure used by large language models…
AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
AI becoming an SOC imperative for curtailing emerging cyber threats
The cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “Bot vs Bot: Surviving the Era of Autonomous Cyber Warfare,” highlighted how bringing AI…
AI, Data Breaches, Global Security News
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. […]
AI, Global Security News, privacy
Discord adds end-to-end encryption to voice and video calls by default
Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption is now the default for every voice and video call on the platform. If…
AI, Global Security News, Network Security, Risk Management
Why AI changed the threat model for travel technology
In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconnected ecosystem of identity, payments, loyalty programs, and third-party integrations creates compounding risk, and how…
Global Security News
Most dark web activity revolves around a handful of topics
Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an ecosystem where attention shifts quickly and new trends regularly replace old ones. A six-year dataset covering more than 25,000 dark web sites tracked what people discussed in underground forums…
AI, Global Security News
AI red teaming agents change how LLMs get tested
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks including Microsoft’s PyRIT, NVIDIA’s Garak, and Promptfoo. The catalog has grown faster than any…
AI, Apps, Global Security News, privacy
Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure. I have used Bitdefender Mobile Security for iOS for the last two years. It was easy to install, easy to use, and I have not noticed any…
Data Breaches, Global Security News
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its…
AI, Cybersecurity, Global Security News, Risk Management
Cyber threats push SMBs to spend more on security
Cybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor security. Top business priorities for the year (Source: IDC) 60% of SMBs expect…
AI, Exploits, Global Security News
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database…
Global Security News
ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…
AI, Global Security News
E-Hiking Is Here. You Can Tell by My 1,000-Watt Hips.
With Hypershell’s X Ultra S and similar personal exoskeletons, AI takes on the great outdoors.
AI, Global Security News, Russia
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences.
AI, Apps, Cybersecurity, Exploits, Global Security News
Drupal admins rushing to patch maximum severity SQL injection vulnerability
Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL database, there may be upstream issues with Symfony, a set of PHP packages and web…
Global Security News
The Secrets Revealed in SpaceX’s IPO Filing
Documents related to SpaceX’s initial public offering show the company is unprofitable and CEO Elon Musk controls 85% of the vote.
AI, Cybersecurity, Global Security News
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over…
AI, Global Security News
SpaceX Fires Starting Gun on Its Blockbuster IPO
The Elon Musk-led company filed an investor prospectus for a stock offering expected to raise potentially tens of billions of dollars as soon as mid-June.
AI, Global Security News, malware
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. […]
AI, Compliance, Global Security News, Network Security, Risk Management
Third-Party Risk Management Needs to Evolve
Traditional point-in-time vendor risk assessments are becoming increasingly difficult to maintain in environments where vendors, technologies, and regulatory requirements continuously evolve. During a recent discussion with eSecurity Planet, Auditive Founder and CEO Daniel Faddoul explained why many organizations are struggling to keep pace with modern third-party risk exposure and why continuous monitoring is becoming more…
Global Security News
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. […]
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can hallucinate harmful actions with complete confidence. It’s vulnerable to prompt injection…
AI, Apps, Cybersecurity, Global Security News, malware, Network Security, Risk Management
Browser Threats Are Expanding the SMB Attack Surface
Small and mid-sized businesses (SMBs) are facing a growing wave of cyberattacks, and according to Palo Alto Networks, many of those threats are now originating directly inside the browser. During a recent discussion with eSecurityPlanet, Shivam Srivastava, VP of Product Management for Prisma Browser for Business at Palo Alto Networks, discussed the growing cybersecurity challenges…
AI, Cybersecurity, Global Security News
Cyber Pros Can’t Decide If AI Is a Good or a Bad Thing
There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI.
AI, Global Security News
Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter
The startup expects a 130% revenue surge to $10.9 billion in the June quarter and its first operating profit, defying skeptics of the AI boom.
AI, Global Security News
Nvidia Beats Estimates With $81.6 Billion Sales in First Quarter
Astronomical rise in AI agents and demand for data-center computing lift chipmaker to another record quarter.
AI, Exploits, Global Security News, Risk Management
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…
AI, Data Breaches, Exploits, Global Security News, Risk Management
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems…