Two decades ago Dark Reading posted its first blockbuster — a story from a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making column with its author Steve Stasiukonis, Dark Reading senior editor Becky Bracken, and Dark…
AI, Exploits, Global Security News
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated…
AI, Apps, Global Security News, Network Security
VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
VIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the validation of multi-terabit security and AI data center infrastructures at scale. Developed for network equipment vendors, hyperscale data center operators and service providers, the CyberFlood CF1000 enables OSI Layer 4-7 validation of…
AI, Exploits, Global Security News
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs reportedly tracing their roots back more than 20 years. At Wiz’s zeroday.cloud hacking event, researchers…
AI, Global Security News
Oracle rolls out monthly security patch updates
Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],” Oracle says. Quarterly Critical Patch Updates (CPUs) remain in place and will continue to…
AI, Global Security News
SSL.com rotates their root certificate today, (Tue, May 5th)
I just got an email from SSL.com last night, they are rotating out their root certificate today (May 5,2026). This is normal, business as usual stuff for a CA, but certificates get used for all kinds of things, and sometimes they aren’t used like they should be, so sometimes hiccups happen. If you are using…
AI, Exploits, Global Security News
Google now offers up to $1.5 million for some Android exploits
Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. […]
AI, Global Security News
AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…
AI, Compliance, Global Security News
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 countries, but concentrated primarily on targets in the United States. Microsoft didn’t say…
Global Security News, Network Security
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…
AI, Global Security News, Risk Management
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster.…
AI, Global Security News
Anomali ThreatStream Next-Gen speeds threat response across workflows
Anomali has announced ThreatStream Next-Gen. Available standalone or within the Anomali Unified Security Data Lake, it turns threat intelligence into an active decisioning layer across security workflows, validated to drive investigations 300× faster than traditional methods across 50 enterprise deployments. Most security platforms focus on detection. Anomali focuses on decision-making. It integrates intelligence across data,…
Global Security News, Russia
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. […]
AI, Compliance, Global Security News, Risk Management
JumpCloud Report Finds AI Agent Security Gaps Widening
JumpCloud, the IT management platform company, released its Agentic IAM Pulse Report on Tuesday, drawing on responses from 261 IT, security, and identity decision-makers at organizations with 200-2,500 employees across the United States and the United Kingdom. The findings reveal a widening gap between how aggressively companies are deploying AI agents and how little governance…
Global Security News
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. […]
Apps, Cybersecurity, Data Breaches, Global Security News
Beyond the Checkbox: A Strategic Guide to Software Penetration Testing in 2026
Here is a guide to software penetration testing. Your software has vulnerabilities. The only real question is whether you find them first — or an attacker does. That’s not alarmism. That’s the current state of application security. According to the IBM Cost of a Data Breach Report 2023, the average cost of a data breach in…
Global Security News
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK’s National Cyber Security Centre is urging organizations to prepare for glut of new software updates
AI, Apps, Cybersecurity, Global Security News, privacy, Risk Management
Microsoft, Google push AI agent governance into enterprise IT mainstream
Microsoft and Google are adding new controls for AI agents, as enterprise IT teams try to keep up with tools that can access corporate data and act across business applications. Microsoft’s Agent 365, made generally available for commercial customers on May 1, is designed to help organizations discover, govern, and secure AI agents, including those…
AI, Global Security News
Are Those Brake Lights or a House on Fire? Your Security Camera Can’t Tell.
AI is allowing home-security cameras to offer detailed descriptions of what they see. The notifications are often spot on. They can also be wildly wrong.
Global Security News
Meta’s Cheap Stock Is an Investor Trap
The company’s advertising business is booming, but deep problems loom pretty much everywhere else.
AI, Compliance, Global Security News, Network Security, Risk Management
Microsoft warns of global campaign stealing auth tokens from 35K users
Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus…
AI, china, Global Security News
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to…
AI, Global Security News
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […]
AI, Apps, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
CISOs step up to the security workforce challenge
A robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap at their organization, with almost 60% citing critical or significant…
AI, china, Global Security News
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many refugees and defectors. ESET researchers tied the operation to ScarCruft,…
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
AI, Apps, Endpoint, Global Security News
Maker of AI Targeting System for Drones Faces Protests for Shipments to Israeli Military
A company in Portland, Oregon, that specializes in AI targeting for drones has made significant shipments of materials to military contractors in Israel, according to cargo data reviewed by The Intercept. The shipments raise the possibility thaat a boutique Pacific Northwest tech firm has helped the Israeli military attack people in places like Gaza, Lebanon,…
Global Security News
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
Data Breaches, Global Security News
Trellix Reveals Unauthorized Access to Source Code
Security vendor Trellix has suffered a breach involving unauthorized access
Cybersecurity, Global Security News, Network Security
Cyber Security Management vs Traditional IT Security Approaches
We will compare cyber security management vs traditional IT security approaches in this post. The digital world has changed so much in the last decade that the methods used to protect it have required a total structural overhaul. In the early days of office networks, security was a set of digital locks managed by the…
AI, Global Security News
Meta adds proof-based security to encrypted backups
Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on the company’s HSM-based Backup Key Vault, which provides end-to-end encrypted backups for WhatsApp and Messenger. The system protects…
AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy
Educational tech firm Instructure data breach may have impacted 9,000 schools
Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS). The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external…
Exploits, Global Security News
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/
AI, Global Security News
OpenAI and Yubico Partner to Bring Custom Phishing-Resistant YubiKeys to OpenAI Users
OpenAI and Yubico Partner to Bring Custom Phishing-Resistant YubiKeys to OpenAI Users. Security coverage from iTWire.
AI, Global Security News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26…
GeekGuyBlog
RMM Tools Fuel Stealthy Phishing Campaign
Discover how cybercriminals are leveraging remote monitoring tools to execute a stealthy phishing campaign impacting organizations globally.
Global Security News
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years to identify the authors of anonymous code samples, sometimes with surprising accuracy. A team at the…
AI, Global Security News, Risk Management
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code…
AI, Global Security News
IBM CEO Says AI Triggers Need for New Operating Models
Arvind Krishna says the key to unlocking returns on AI is less about technology alone than a wholesale shift in the way companies approach their workflows.
Cybersecurity, Global Security News
Cybersecurity Tips From Squid Game TV Series [MUST READ]
This post will show you essential Squid Game cybersecurity tips to learn. Netflix’s Squid Game took the world by storm, captivating audiences with its brutal depiction of 456 debt-ridden individuals competing in deadly children’s games for a massive cash prize. Beyond its gripping storyline, the series offers profound cybersecurity lessons that mirror today’s digital threats.…
AI, Cybersecurity, Global Security News
Cybersecurity jobs available right now: May 5, 2026
Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies and detections, and integrate Armis with other tools to improve monitoring and reduce false…
AI, Europe, Global Security News, Risk Management
SAS’ John Carey on Partnerships and Human-Centric AI
As data and AI company SAS hits its 50th anniversary, the organization is meeting the moment by continuing to strengthen partnerships while positioning itself around human-centric, responsible AI. During SAS Innovate 2026, Channel Insider sat down with John Carey, VP, Global Channels, SAS, to discuss partnerships, lessons learned, and the future of AI adoption. How…
AI, Global Security News, Risk Management
DXC Launches OASIS for AI-Driven Managed Services
DXC Technology is tackling a problem that most IT teams already face. Their environments are often a mix of different systems, tools, and data that don’t fully connect. DXC just introduced OASIS, a platform designed to sit across all of it and coordinate how everything runs in real time. The goal here is to connect…
Global Security News
ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Global Security News
Ahead of Race to IPO, OpenAI Discussed Spinning Out Robotics, Hardware Divisions
The company is considering an Alphabet-like structure for its portfolio of products, though no discussions are currently active.
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
The Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times, the Wall Street Journal, and Axios. The conversations center on systems capable of facilitating cyberattacks, particularly models that could help users identify and exploit software vulnerabilities. Officials are considering…
AI, Global Security News, malware
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads.
AI, Global Security News
Introducing the Sophos Security Services Retainer
Prevent more. Respond faster. Spend smarter. Categories: Products & Services Tags: incident response, Security Services Retainer
Exploits, Global Security News
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. […]
AI, Cybersecurity, Exploits, Global Security News
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
Attackers are actively exploiting a Linux vulnerability in the wild, and researchers warn that the fallout could be broad — anyone with authenticated local access can leverage it to gain total control of a system. But the story behind CVE-2026-31431 is almost as interesting as the bug itself. Theori, the company that discovered the bug,…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
MOVEit automation flaws could enable full system compromise
Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…
AI, Global Security News
White House Officials Discuss Assessing AI Models That Pose Security Risks
The aim is to protect consumers and businesses from potential cyberattacks by AI models prematurely released.
AI, Global Security News
Anthropic and FIS Are Building an AI Agent to Help Banks Police Financial Crimes
The AI giant struck a partnership with financial software provider FIS to develop new tools for banks.
AI, Global Security News
RMM Tools Fuel Stealthy Phishing Campaign
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.
AI, Global Security News
SEC Settles Lawsuit Against Elon Musk Over Twitter Share Purchases
The case had alleged that Musk failed to timely disclose his buildup of ownership in the social media platform he renamed X.
AI, Global Security News
Palantir Beats Forecasts With $1.63 Billion Sales Quarter
U.S. military used company’s software in Iran war and Venezuela raid, and private-sector business has grown quickly.
AI, Global Security News
Amazon SES increasingly abused in phishing to evade detection
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. […]
AI, Apps, Compliance, Global Security News, Risk Management
Agentic AI and the Evolution of Code Security in Modern Development
The rise of agentic artificial intelligence (AI) is fundamentally reshaping how software is developed, tested, and secured. In a recent discussion with Jeremy Katz, VP of Code Security at Sonar, key insights emerged about how AI-driven workflows are accelerating development while introducing new security challenges that organizations must address. Agentic Workflows in Modern Development Agentic…
AI, Exploits, Global Security News
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there’s been zero-day activity for at least a month.
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South…
AI, APAC, Apps, Endpoint, Global Security News, Network Security, Risk Management
Securing open proxies in your AWS environment
This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs. An open proxy is a server that forwards traffic on behalf of internet users without requiring authentication. While proxies can support legitimate use cases such as load balancing or…
AI, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft Defender Flags DigiCert Certificates as Malware
A recent Microsoft Defender update incorrectly flagged legitimate DigiCert root certificates as malware, triggering widespread alerts. In some cases, it also removed trusted certificates from Windows systems, causing disruption. “Earlier today we determined false positive alerts were mistakenly triggered and updated the alert logic,” Microsoft said, as reported by BleepingComputer. Inside the DigiCert False Positive…
AI, Global Security News
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares…
AI, Global Security News
Microsoft now has more than 20M paying Copilot users
Microsoft CEO Satya Nadella last week announced that the company now has more than 20 million enterprise users paying for Microsoft Copilot, according to TechCrunch. That’s up 33% from the 15 million paying customers Microsoft claimed in January. The AI assistant is now directly integrated in programs such as Word, Excel, and Outlook and Microsoft…
AI, Global Security News
AI is more accurate than doctors in emergency diagnoses — study
A new study from Harvard Medical School indicates that AI can outperform doctors in initial assessments in emergency care, according to The Guardian. The study, published in the journal Science, compared AI tools with doctors in triage situations — the process in which patients are sorted and prioritized, and where quick decisions must be made…
Global Security News
Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. […]
AI, Apps, Global Security News, Risk Management
Start small, but start now: How to bring AI into your small business
Small and medium-sized businesses recognize the transformative nature of AI, with two-thirds of respondents in a recent ASUS survey agreeing AI is creating a significant evolution in business practices, and some even calling it “generational.” The question, then, is how best to realize AI’s potential. For SMBs, following a simple, three-pronged strategy is a good…
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
Summary The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems. OX Security tracked roughly 1,800 GitHub repositories created…
Global Security News
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The
AI, Cybersecurity, Data Breaches, Global Security News
Trellix discloses data breach after source code repository hack
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. […]
AI, Global Security News, privacy, Risk Management
A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory
A 19-year-old woman is suing the makers of a dating app, alleging they took a video she posted online, repurposed it without her consent into an advertisement for the app, then used geofencing to target that ad to people in her area. According to the lawsuit filed Apr. 28 in Tennessee and an interview with…
Global Security News
The Roomba Guy’s Second Act: A Robot You’ll Want to Snuggle
The inventor behind the world-famous robot vacuum is now designing robots that form an emotional bond with their owners.
Global Security News
SpaceX Wants to Blast Data Centers Into Orbit. Here’s What It May Take.
We asked an engineer to break down the biggest technical hurdles and costly barriers to putting data centers in space.
AI, Europe, Global Security News, Risk Management
Apple is preparing to spend, but not necessarily on AI
Apple last week nixed its long-held “net cash neutral” target, a move analysts see as giving the company more flexibility to make massive infrastructure investments or acquisitions. Naturally, as AI is the only thing that seems to matter in tech these days, commentators rushed to speculate on potential acquisition targets in the AI space. The thing…
Global Security News
Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities
Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security.
AI, Exploits, Global Security News
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an…
AI, Global Security News
DShield Honeypot Update, (Mon, May 4th)
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major changes: Compatibility with Ubuntu 26.04 / new versions of Raspberry Pi OS Ubuntu released version 26.04 LTS about a week ago. It will pretty…
Data Breaches, Global Security News
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted…
AI, Apps, Global Security News
Penske Logistics launches platform for real-time supply chain visibility
Penske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pressure to drive greater operational efficiency in the face of rising fuel costs, evolving regulations and…
AI, Data Breaches, Global Security News, malware
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…
Exploits, Global Security News
They don’t hack, they borrow: How fraudsters target credit unions
Fraudsters aren’t hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. […]
AI, Endpoint, Global Security News
Operant AI Endpoint Protector secures AI agents and MCP tools
Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend against threats across every AI tool, coding agent, and Model Context Protocol (MCP)-connected workflow used by employees, directly at the endpoint where most consequential AI activity takes place.…
AI, Global Security News, Network Security, Risk Management
April AI News Showed Enterprise Pressure Moving to Partners
The AI conversation shifted noticeably in April. Less hype, more pressure. Companies are now dealing with what it actually takes to deploy AI at scale (costs, security risks, talent gaps), and the industry is responding with bigger investments and more structured approaches. Here’s a clear look at the biggest AI stories that shaped April. Managed…
AI, Endpoint, Global Security News, Risk Management
Owl IRD enables one-way forensic data transfer for incident response teams
Owl Cyber Defense has announced the launch of its Incident Response Diode (IRD), a pocket-sized protocol filtering diode (PFD) designed for incident response and forensics teams. The Owl IRD was developed to help users securely move evidence from compromised endpoints into trusted analysis environments without adding risk. The Owl IRD will be made available to…
Data Breaches, Exploits, Global Security News, malware
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks. “Sorry” ransomware Attackers have taken advantage of CVE-2026-41940 to mass-exploit vulnerable internet-facing cPanel instances to breach servers, deface websites and…
AI, Global Security News
Blend Autopilot MCP brings AI agent orchestration to lending platforms
Blend Labs has announced the launch of Autopilot MCP, a server built on the Model Context Protocol, an emerging open standard for AI agent connectivity, that gives authorized agents secure, programmatic access to the Blend platform. For lenders and partners, Autopilot MCP introduces a new category of capability: the ability to build and deploy AI…
Apps, Global Security News
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. […]
Data Breaches, Global Security News
Webinar: Why MSPs must rethink security and backup strategies
Security breaches don’t just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. […]
AI, Global Security News
10 quick productivity tips for Microsoft 365 mobile apps
Most of us work with Word, Excel, PowerPoint, and other Microsoft 365 apps primarily on a computer, via the desktop or web apps. While you’re on the go, the mobile versions of these apps are handy for reviewing documents, spreadsheets, presentations, or other Office files, and you can use them to do minor editing. But…
Global Security News
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
Team Cymru’s Stephen Campbell warned that small US defense contractors are not well prepared to face cyber intrusions through edge devices
Cybersecurity, Global Security News
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to drive U.S. innovation and global competitiveness, and the small business community is central to…
AI, Global Security News
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to…
AI, china, Global Security News, malware, Russia
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.…
AI, Cybersecurity, Global Security News, Government & Policy, Risk Management
Security agencies draw red lines around agentic AI deployments
With prompt injection and other attack pathways consistently surfacing across agentic AI deployments, security watchdogs have stepped in, collectively, to draw some hard boundaries. A joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) and international partners has called for tighter control over permissions, stronger monitoring, and a more deliberate rollout strategy, urging…
Global Security News
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read more in my article on the Hot for Security blog.
china, Global Security News, malware
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware.
AI, Exploits, Global Security News
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. […]
Global Security News
How Dark Reading Lifted Off the Launchpad in 2006
Twenty years ago, this media brand didn’t have a print edition to attract eyeballs and sponsors. Top-notch content and editorial talent did the heavy lifting.