Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…
AI, Apps, Compliance, Global Security News, Risk Management
HYCU Launches New Capability for Backup Data Use
HYCU, a SaaS data protection company, is launching aiR (AI Resilience), a new capability inside the HYCU R-Cloud platform. The new capability turns backup data into a live intelligence layer for security, compliance, and risk teams. AI Resilience solution leverages backup records to observe AI use It takes the backup records organizations have of who…
AI, Global Security News
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic symbols and printed circuit board footprints. Layout of a printed circuit board made using…
Global Security News
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. […]
AI, Global Security News
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score:…
AI, APAC, Apps, Endpoint, Global Security News
How Southwest Airlines is putting endpoint operations on autopilot
As digital tools become more central to its operations, Southwest Airlines is increasingly turning to AI and automation to prevent endpoint issues from affecting the sprawling airline. The new tools allow the company’s IT team to take a more strategic, rather than reactive, approach to operations, said Derek Whisenhunt, head of end user computing at…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
Nitrogen Ransomware claims massive data theft from Foxconn
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…
AI, Exploits, Global Security News
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the…
AI, Cybersecurity, Global Security News
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
AI, APAC, Global Security News, Network Security
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases over ordinary HTTPS connections. Data loss prevention products scan documents and network traffic, and…
AI, Global Security News
Closing the AI governance gap in your enterprise
In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI adoption is outpacing governance maturity by a wide margin, creating friction between security teams pushing…
Cybersecurity, Data Breaches, Global Security News
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach? Base: organization could not stop the security breach. n=510. (Source: Sophos) Identity attack trends…
Global Security News
ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Global Security News, Network Security
Machine identities outnumber humans 109 to 1
Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human identities by 56%, based on data from Palo Alto Networks’…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating and supporting cybersecurity-related matters across the country,…
Global Security News
Hedge Funds Are Making a Killing in the ‘Golden Age’ of AI Hardware
Shares of makers of chips and related equipment delivered stock-picking funds such as Steve Cohen’s Point72 their best month in decades.
AI, Global Security News
TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.
Global Security News
Why AMOS matters: The macOS malware stealing data at scale
Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Categories: Threat Research Tags: MacOS, AMOS, infostealer
AI, Global Security News, Network Security
Reinvent Debuts REVIVE Command Center for Partners
Reinvent Telecom, a technology ecosystem platform provider, has announced the launch of REVIVE, a unified command center for partners to manage their Reinvent-powered technology businesses. Platform centralizes customer accounts, services records, and more REVIVE provides partners with a centralized way to manage customer accounts, access solution information, monitor services, and support ongoing customer needs through…
AI, Apps, Global Security News, Government & Policy, Risk Management
Fired employee sought AI help to hide deletion of hosting firm’s customer data
The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new. But the conviction by a…
AI, Cybersecurity, Data Breaches, Global Security News
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Researchers say AI just broke every benchmark for autonomous cyber capability
Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment…
AI, Compliance, Global Security News, Network Security, privacy, Risk Management
Nearly every enterprise is investing in AI, but only 5% say their data is ready
Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data. According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives,…
Global Security News
West Pharmaceutical says hackers stole data, encrypted systems
West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. […]
AI, Cybersecurity, Global Security News, Government & Policy, Politics, Risk Management
Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks
The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities. Wednesday brought a closed-door briefing for the House Homeland Security Committee…
AI, Global Security News
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. […]
AI, Apps, Compliance, Global Security News, malware, Network Security
Detecting and preventing crypto mining in your AWS environment
This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense strategy that protects your infrastructure costs and security posture. Understanding the crypto mining challenge…
Compliance, Global Security News, Risk Management
Checkbox Assessments Aren’t Fit to Measure to Risk
Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.
Global Security News
May’s Patch Tuesday hauls out 132 CVEs
Global Security News
Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak
Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a public leak.
Global Security News, Government & Policy
Attackers Weaponize RubyGems for Data Dead Drops
Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to…
AI, Global Security News
Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak
An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.
AI, Exploits, Global Security News
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. […]
AI, Funding, Global Security News, Government & Policy
DOJ releases legal rationale for nationwide voter data collection
The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is…
AI, Global Security News
Jobs lost to AI could reappear elsewhere — and solidify AI-focused roles
There are conflicting signals about whether AI is creating or destroying jobs, though many companies have blamed the technology for recent cuts. Analysts and industry experts say the reality is more nuanced: jobs being lost now to AI will likely reappear elsewhere, especially for those with hands-on AI experience. In other words, while AI may…
AI, Exploits, Global Security News, Network Security
Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming
Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…
AI, APAC, Cloud Security, Compliance, Europe, Global Security News, Risk Management
Introducing the updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption
The financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers…
Cybersecurity, Global Security News
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
Informa TechTarget’s flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.
AI, Cybersecurity, Data Breaches, Global Security News
OpenLoop Health confirms January 2026 Data breach affecting 716,000
In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The breach was reported to authorities in March, but the full scope was only recently determined. Threat actors exfiltrated…
AI, Apps, Global Security News
CGS Immersive Debuts AI-Powered Cicero Interview Application
CGS Immersive has launched Cicero Interview, an AI-powered hiring application designed to help enterprises assess candidate readiness through scenario-based interviews, explainable scorecards, and anti-fraud controls. Measuring how candidates think and perform According to CGS Immersive, the application is designed to help enterprises quickly identify candidates who are “truly job ready,” while also providing the transparency,…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Weaponized AI: The new frontier of fraud and identity spoofing
Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of…
Cybersecurity, Exploits, Global Security News
Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. […]
AI, Apps, Compliance, Global Security News, privacy
PCI PIN and P2PE compliance packages for AWS Payment Cryptography are now available
Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment Cryptography compliance portfolio, with AWS now validated as a component provider for Key Management (KMCP) and…
AI, Global Security News
Webinar tomorrow: Why security alone won’t stop modern attacks
Tomorrow’s webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how organizations combine security, backups, and recovery planning to improve cyber resilience after attacks. […]
AI, Global Security News
The Tech Jobs That Are Safe From AI
Tech industry layoffs keep coming but there’s still a market for higher-grade talent to harness AI agents.
Global Security News
Microsoft fixes BitLocker recovery issue only for Windows 11 users
Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. […]
AI, APAC, Cybersecurity, Exploits, Global Security News, Network Security
Cyberattack: First they come for Foxconn, then they come for you
Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information. This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely…
Global Security News
State-sponsored actors, better known as the friends you don’t want
Incident Response teams must increasingly be prepared to respond to threats coming from nation-state attackers
AI, Global Security News
WhatsApp adds Incognito Chat for private Meta AI conversations
The company launched Incognito Chat with Meta AI, a feature that lets users hold AI conversations the platform itself cannot read. The rollout will reach WhatsApp and the standalone Meta AI app over the coming months. How Incognito Chat works Incognito Chat runs on top of Meta’s Private Processing technology, the same infrastructure the company…
AI, Global Security News
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks
Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments. The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…
Europe, Global Security News
Microsoft fixes Windows Autopatch bug installing restricted drivers
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. […]
AI, Cloud Security, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows,…
Data Breaches, Global Security News
Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
Global Security News
Chips Startup Fractile Raises $220 Million to Speed Up AI Queries
Factorial Funds, Accel and Peter Thiel’s Founders Fund invested in the company.
Global Security News
Anthropic Was Behind. Now It’s the AI Boom’s Front-Runner.
After years as an also-ran, the startup has pulled ahead in the artificial-intelligence race after focusing on enterprise users and coding.
Global Security News
Avada Builder Flaws Expose One Million WordPress Sites
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
AI, Global Security News
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different…
AI, Apps, china, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Politics, Risk Management, Venture
What happens when China’s AI catches up to Mythos?
The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations
CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…
AI, Global Security News, Russia
Signal responds to phishing attacks with new in-app security warnings
Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were among the first to identify phishing campaigns targeting Signal users. The scheme centered on…
AI, Data Breaches, Global Security News
Tuskira’s Kairo exposes hidden AI-driven breach paths
Tuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI models to laterally move across an environment, identifying deep hidden kill chains across…
AI, china, Global Security News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244),…
AI, china, Global Security News, Government & Policy
China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm
The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.
AI, Global Security News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
AI, Global Security News
OpenAI DeployCo Expands Enterprise AI Services Push
OpenAI is moving further into the part of AI adoption that tends to be slower, more complicated, and a lot less visible than model launches. The company has launched the OpenAI Deployment Company, or DeployCo, a new unit backed by more than $4 billion from a mix of private equity firms and consulting players, including…
Global Security News
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. […]
Global Security News, Government & Policy
Apricorn hardens ASK3 encrypted USB drive for extreme conditions
Apricorn has announced enhancements to its Aegis Secure Key 3.0 (ASK3), delivering faster performance and new environmental protection capabilities designed to secure the device and its data in the most demanding physical circumstances. The ASK3 was updated to meet and exceed the latest NIST Cryptographic Module Validation Program (CMVP) for FIPS 140-3 Level 3 validation,…
Global Security News
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. […]
Cybersecurity, Global Security News
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systems
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
Global Security News
Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US
A Slovakian administrator tied to the dark web Kingdom Market received a 16 year US prison sentence for drug trafficking and cybercrime activity.
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy
LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back
By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password problem Microsoft just deployed them again. This time in response to a Norwegian researcher…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
Palo Alto bets on identity security for autonomous AI with Idira launch
Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege…
AI, Global Security News
Acronis Launches Cyber Frame IaaS Platform for MSPs
The cyber protection company wants to give MSPs and cloud providers a way to run infrastructure on their own terms, without the vendor lock-in hangover. Acronis on Wednesday unveiled Cyber Frame, a new hyperconverged infrastructure (HCI) and infrastructure-as-a-service (IaaS) platform built specifically for service providers tired of being squeezed by legacy virtualization costs and hyperscaler…
AI, Apps, Global Security News
Pine Services Group Acquires Australian ERP Firm Stratus
Evergreen’s Pine Services Group has acquired Australian ERP consulting and implementation partner Stratus Consulting Group, expanding the company’s presence in the Asia-Pacific market as demand for cloud modernization and enterprise application services continues driving consolidation across the IT services sector. Acquisition expands Pine’s global services footprint With Stratus joining the portfolio, Pine now operates across…
Global Security News
Microsoft says some users can’t install Office on Windows 365 devices
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. […]
AI, Global Security News
[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware
ClickFix finds a backup plan in PySoxy proxy chains
ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.…
Exploits, Global Security News
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have…
Europe, Global Security News, Government & Policy
KDE gets over €1 million investment to strengthen security and core infrastructure
European governments and public institutions have been shifting away from proprietary software for years, and the financial infrastructure supporting open-source alternatives is growing to match. Germany’s Sovereign Tech Fund announced today that it is investing more than €1 million in KDE, the open-source project behind the Plasma desktop environment and a broad range of Linux…
AI, Cybersecurity, Global Security News
Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
AI, Global Security News, privacy, Risk Management
8 critical questions about the Googlebook, Android, and ChromeOS
Well, hell’s bells: It’s finally happening. After years of misguided rumors and off-base expectations — over a decade’s worth, even! — Google is actually now on the brink of combining Android and ChromeOS into a single superpowered platform for laptops and mobile devices alike. The company officially announced the advent of an entirely new type…
AI, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling…
AI, Exploits, Global Security News, Network Security
Microsoft’s agentic security system found four critical Windows RCE flaws
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…
Global Security News
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities…
AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy, Risk Management
Instructure settles with hackers following massive student data theft
Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and…
Data Breaches, Global Security News
Why Canadian Telecom Providers Are Prime Targets for Cyberattacks
Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure.
AI, Cybersecurity, Global Security News
UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms
UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry
AI, APAC, Cloud Security, Compliance, Cybersecurity, Endpoint, Global Security News, privacy, Risk Management
2026 CSO Award winners showcase business-enabling cyber innovation
The annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enterprises navigate risks in an increasingly challenging cyber environment. These projects showcase the variety of strategies…
Global Security News
Microsoft Fixes 17 Critical Flaws in May Patch Tuesday
Microsoft has patched 120 vulnerabilities in this month’s security update round
AI, Cybersecurity, Global Security News, malware
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity,…
AI, Exploits, Global Security News, malware
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker haben die Sicherheitsexperten nach eigenen Angaben…
AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management
New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN
Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays: During alert triage, analysts need a quick threat overview to decide on the next steps. Efficient incident response decisions demand clear, actionable context to rely on. Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data. Making ANY.RUN’s Interactive Sandbox a part of your…
AI, Cybersecurity, Global Security News, Risk Management
ESET: AI Adoption Puts MSPs in a Stronger Advisory Role
As AI adoption accelerates across the SMB market, MSPs are being pushed into a more strategic role: helping customers determine not only which AI tools to use but also how to use them safely. In a recent conversation with Channel Insider, ESET executives said AI demand has moved beyond experimentation and into daily business operations,…
AI, Cloud Security, Compliance, Global Security News, Risk Management
Versa CSPM brings continuous visibility to cloud risk and compliance exposure
Versa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud posture risk on a single platform, delivering the visibility security teams need to quantify and reduce enterprise cyber exposure.…
AI, Data Breaches, Global Security News
Who’s the winner in the new Microsoft-OpenAI deal?
It feels like the world’s longest and most public divorce: In late April, Microsoft and OpenAI once again renegotiated the slow-motion breakup that has been playing out between the two over the last several years. At first glance, it looks like a win-win. In the broadest terms, OpenAI gets more freedom to set its own course — it can sell its…
AI, Global Security News, privacy
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature,…