Every asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than most security teams can track manually. Attack surface management (ASM) helps answer a critical question for IT security teams: What can…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
5 steps to strengthen supply chain security and improve cyber resilience
Supply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door. For organizations managing distributed environments, and for MSPs supporting dozens or hundreds…
AI, Global Security News
Elon Musk Asks for OpenAI’s Nonprofit to Get Any Damages From His Lawsuit
Tesla billionaire also seeks Sam Altman‘s removal from OpenAI nonprofit’s board in amendment to suit over for-profit conversion.
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
5 ways to strengthen identity security and improve attack resilience
Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…
AI, Global Security News
Cybercrime losses break the $20 billion mark
Online crime continues to generate rising financial losses, with totals reaching $20.877 billion in 2025. The FBI’s Internet Crime Complaint Center (IC3) report shows a 26% increase in total reported losses from the previous year. (Source: FBI) More than one million complaints were submitted during the year, with fraud accounting for the majority of losses.…
AI, Apps, Cybersecurity, Endpoint, Global Security News
Why 24/7 Threat Monitoring Has Become Essential for Modern Businesses
GUEST OPINION – Cybersecurity used to be treated like a perimeter problem. Put up a firewall, install antivirus, enforce a few password rules, and hope that was enough. That approach no longer works. Today’s attacks do not wait for business hours. They move quietly through cloud platforms, endpoints, email, collaboration tools, and third-party applications. In…
AI, APAC, Global Security News, Network Security
Nutanix Bets on AI for Neoclouds, Service Provider Support
Hybrid multicloud computing company Nutanix has announced it will introduce new capabilities for its Nutanix Agentic AI solution. The new capabilities – available in the second half of 2026 – are designed to help neoclouds, a new generation of AI cloud providers, in delivering secure, scalable AI services to AI engineers and Agentic AI Developers.…
AI, Global Security News, Network Security
Nutanix Debuts NKP Metal for Bare-Metal Kubernetes Environments
Nutanix has recently announced the introduction of NKP Metal, extending the Nutanix operating model and Nutanix Kubernetes Platform (NKP) solution to support Kubernetes deployments directly on bare-metal infrastructure. Why organizations deploying Kubernetes workloads require unique performance capabilities According to Nutanix, running Kubernetes on bare metal delivers performance and flexibility that many modern workloads require, particularly…
AI, Global Security News, Network Security
A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many “arbitrary file write” and “remote code execution” vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to “fit in” with other files. Webshells themselves…
AI, Global Security News
ExtraHop® Delivers the Foundation for Secure AI Innovation Across the Agentic Enterprise
Comprehensive AI asset inventory and real-time observability deliver advanced threat detection, forensic evidence needed to enforce governance
Global Security News
iTWire TV: Zoho and ManageEngine plant their flag in Parramatta, betting big on Sydney’s second CBD
LAUNCH EVENT, GUEST INTERVIEWS: 22 years in Australia, and they’re only just getting started – see the full video of the Zoho and ManageEngine launch of the new Sydney office, hosted by ManageEngine’s marketing maven Jeremy Spence, plus exclusive video interviews with Vinayak Sreedhar, ANZ Country Manager of ManageEngine, and Rakesh Prabhkar, head of Zoho ANZ.
Global Security News, Network Security
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. […]
AI, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Building AI defenses at scale: Before the threats emerge
At AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. Every day, our security and threat intelligence teams are doing work with AI and automation that most people never see. Our AI-powered log analysis system has reduced the time SecOps engineers…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities
Major technology companies have joined forces in an effort to use advanced artificial intelligence to identify and address security flaws in the world’s most critical software systems, marking a significant shift in how the industry approaches cybersecurity threats. Anthropic announced Project Glasswing on Tuesday, bringing together Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft,…
Global Security News
Anthropic Set to Preview Powerful ‘Mythos’ Model to Ward Off AI Cyberthreats
Anthropic is taking steps to arm some of the world’s biggest technology companies with tools to find and patch bugs in their hardware and software.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…
Global Security News, malware
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit.
Global Security News
xAmplify joins a select group of Asia Pacific partners to achieve ServiceNow Validated Practice for CSM
Australian technology integrator xAmplify has been recognised as one of a select number of partners in Asia Pacific to achieve ServiceNow’s Validated Practice designation for Customer Service Management (CSM), a designation held by approximately 10 per cent of partners globally.
Global Security News
Zoho and ManageEngine plant their flag in Parramatta, betting big on Sydney’s second CBD
LAUNCH EVENT, GUEST INTERVIEWS: 22 years in Australia, and they’re only just getting started – see the full video of the Zoho and ManageEngine launch of the new Sydney office, hosted by ManageEngine’s marketing maven Jeremy Spence, plus exclusive video interviews with Vinayak Sreedhar, ANZ Country Manager of ManageEngine, and Rakesh Prabhkar, head of Zoho ANZ.
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools
A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users. Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft…
Exploits, Global Security News
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. […]
AI, Exploits, Global Security News, Russia
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware
Cybercrime losses jumped 26% to $20.9 billion in 2025
Cybercrime remains a booming business. Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday. The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction…
AI, Compliance, Global Security News, Network Security, Risk Management
Minimus Appoints Tech Dealmaker Yael Nardi as Chief Business Officer to Drive Hyper-Growth
NEW YORK, NY – April 7, 2026 – Minimus, a leading provider of hardened container images and secure container images designed to eliminate CVE risk, today announced the appointment of Yael Nardi as Chief Business Officer (CBO). In this newly created role, Nardi will architect the company’s next phase of scale, overseeing a high-velocity top-of-funnel…
AI, Exploits, Global Security News, Russia
Russian hackers hijack internet traffic using vulnerable routers
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control. “We assess that APT28 is almost certainly the Russian General…
Global Security News
The Spiraling Cost of Making AI
Plus, Anthropic seeks more business users while loading up on Broadcom chips
AI, Global Security News, Government & Policy
OpenAI calls for a four-day workweek — and a ‘robot tax’
OpenAI has released a new policy paper outlining several proposals to address the economic consequences of rapid AI development. The document comes amid growing concerns that AI could quickly take over job roles and fundamentally transform entire industries. Among the proposals is a public wealth fund, in which the government and AI companies would invest…
AI, Global Security News
GrafanaGhost Vulnerability Allows Data Theft via AI Injection
GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data.
AI, Global Security News
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. […]
AI, Global Security News
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
Global Security News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. “
Data Breaches, Global Security News
GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise
GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root
Cybersecurity, Global Security News
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
Dark Reading’s Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference.
Global Security News
Intel Partners With SpaceX, Tesla to Operate New Chip Plant
The Elon Musk-led companies plan to work with the semiconductor manufacturer at the Terafab project planned in Texas.
AI, Apps, Global Security News
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.
Cybersecurity, Global Security News
Lies, Damned Lies, and Cybersecurity Metrics
A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn’t improving results.
AI, Global Security News
Why Your Automated Pentesting Tool Just Hit a Wall
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the “PoC cliff” leaves major attack surfaces untested and creates a dangerous validation gap. […]
AI, Global Security News
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
AI, Global Security News, Government & Policy, Network Security, Russia
Major outage cripples Russian banking apps and metro payments nationwide
A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks,…
AI, Global Security News
Progress Software Delivers Sitefinity Generative CMS for AI-Driven Discovery and Conversational Experiences
Sitefinity Generative CMS enables organisations to securely deliver AI-powered search, personalisation and conversational experiences at scale—with built-in governance and control
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Security researchers at Noma Security have disclosed a new vulnerability they are calling GrafanaGhost, an exploit capable of silently stealing sensitive data from Grafana environments by chaining multiple security bypasses, including a method that circumvents the platform’s AI model guardrails without requiring any user interaction. Grafana is widely deployed across enterprise organizations as a central…
AI, Global Security News
Acronis MDR by TRU brings 24/7 managed detection and response to MSPs
Acronis has announced the launch of Acronis MDR by Acronis TRU, a globally available 24/7/365 managed detection and response (MDR) service. Built specifically for managed service providers (MSPs) of all sizes, the service provides threat detection, incident response, and cyber resilience powered by the Acronis Threat Research Unit (TRU). With this offering, MSPs can expand…
AI, Compliance, Global Security News
Strategic convergence in the Australian professional landscape
The modern Australian workplace is currently undergoing a period of profound transition where the initial rush toward total digitisation is being replaced by a more nuanced and sustainable hybrid operational model. Success in this environment is no longer defined by the abandonment of traditional systems but by the seamless integration of advanced digital tools with…
AI, china, Data Breaches, Exploits, Global Security News, Network Security
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…
Global Security News
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the quantum algorithm used to break elliptic curve cryptography. Google stopped short of publishing the algorithm, disclosing only a zero-knowledge…
AI, Global Security News, Risk Management
Channelscaler Launches AI Agent for Partner Growth: Exclusive
Channelscaler is expanding its artificial intelligence strategy with the introduction of Scailyn, an AI-powered channel operations agent designed to automate partner workflows and improve efficiency across partner relationship management (PRM) systems. The new capabilities aim to reposition PRM platforms from static systems of record into active growth engines for vendors and their channel partners, with…
AI, APAC, Apps, Global Security News, Risk Management
Opkey Report: Cloud Complexity Strains Enterprise IT
Enterprises are struggling to keep up with the growing complexity of cloud environments, according to a new report from Opkey. The 2026 State of ERP Testing and Cloud Application Lifecycle Management report highlights a widening gap between the pace of innovation and the operational capacity needed to support it—forcing enterprise leaders to rethink how they…
AI, Cybersecurity, Global Security News
Focusing on the People in Cybersecurity at RSAC 2026 Conference
AI dominated the RSAC 2026 Conference and showed it’s still humans in cybersecurity who matter most.
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems. Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Zero‑click Grafana AI attack can enable enterprise data exfiltration
Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from Grafana environments, including financial metrics, infrastructure health data, private customer data, and operational logs, among others. Noma Security disclosed…
AI, Exploits, Global Security News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. “A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already
AI, Apps, Global Security News, Government & Policy, Network Security, Risk Management
Nvidia’s SchedMD acquisition puts open-source AI scheduling under scrutiny
Nvidia’s recent acquisition of SchedMD, the company behind the Slurm workload manager, is raising concerns among AI industry executives and supercomputing specialists who fear the chip giant could use its new position to favour its own hardware over competing chips, whether through code prioritization or roadmap decisions. The concern, as industry sources frame it, is…
AI, Apps, Global Security News, Risk Management
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These “dark
AI, Exploits, Global Security News, Risk Management
Apple’s Mac grabs 11% of US enterprise market share
It’s not just your imagination; you are seeing more Macs being used in business environments these days — and that trend is expected to continue. The latest Omdia/Informa US PC market data found that Apple took an 11% share of the US enterprise market last year. “For full-year 2025…, the biggest story at the vendor level was…
Global Security News, Risk Management
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses in 2026.
AI, Compliance, Endpoint, Global Security News
Acronis Launches MDR Solution for MSP Security Services
Acronis is launching a new managed detection and response (MDR) service to provide 24/7 threat detection and response for MSPs. MSPs gain a new way to scale security offerings without an in-house SOC Acronis MDR by Acronis TRU is globally available and provides 24/7/365 threat detection, rapid incident response, and cyber resilience for MSPs of…
AI, Global Security News
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
AI, Exploits, Global Security News
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation. Attack overview Device Code Authentication is a legitimate…
AI, Cybersecurity, Global Security News, Network Security, privacy
What Is a Proxy Server and Why It Matters Today
In this post, I will talk about what is a proxy server and why it matters today. In 2026, proxy servers remain a crucial tool for managing online privacy, access, and network efficiency. Platforms like buy proxy offer reliable solutions that let individuals and organizations mask IP addresses, filter content, and optimize traffic flow. While…
Cybersecurity, Global Security News
Progressive Web Apps for E-Commerce: The Complete 2026 Guide
In this post, I will talk about progressive web apps for E-Commerce. Running an e-commerce platform is definitely going to get more complicated in 2026. This is because the expectations of today’s users are all about speed, ease, and a smooth digital experience. This is where Progressive Web Apps have revolutionized the whole concept of…
Data Breaches, Global Security News
The Hidden Cost of Recurring Credential Incidents
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential
AI, Data Breaches, Exploits, Global Security News
GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover
GPUBreach attack technique uses GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research shows that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond data corruption. Attackers can use this technique to escalate privileges and, in some cases, gain full control of the system.…
AI, Global Security News, Risk Management
AI Agent Traps: How Hackers Are Turning the Web into a Minefield for Assistants
AI agents can automate tasks, but they also introduce new security risks. Here’s how “AI Agent Traps” can turn the web into a dangerous environment for autonomous systems.
AI, Cybersecurity, Global Security News
How AI is Changing Software Development and Release Management
In this post, I will show you how AI is changing software development and release management. Software development is changing very fast today. Teams are expected to build better software in less time, while also making sure everything is secure, stable, and follows rules. This can be very difficult, especially when different tools and processes…
AI, Global Security News
Amperity Expands Australian Presence with AWS and Strategic Investment in Talent
COMPANY NEWS: Expansion builds on rapid customer growth and rising demand across retail, financial services, and travel in Australia.
AI, Apps, Funding, Global Security News, Risk Management
Azul Report: Cloud Costs Rise as AI Strains Budgets
The AI revolution has a massive, uninvited guest at the table: a skyrocketing cloud bill that 88% of CFOs say is only getting bigger. A new report released today by Azul reveals a growing “financial tension” inside the C-suite. Finance leaders are desperate to pour money into AI, but they are finding that the very…
AI, Apps, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense
As if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week — agentic AI dominated the agenda — but the stress was visible at the ground level if you…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild
For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server. The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management
ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild
For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server. The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
Microsoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours. The company said the group has heavily targeted organizations in healthcare, education, professional services, and finance across Australia, the UK,…
Global Security News
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
AI, Global Security News, privacy, Risk Management, Venture
8 advanced ways Vivaldi boosts your productivity
Switching browsers is almost akin to switching to a new operating system — or, for a more physical analogy, moving into a completely new office where everything’s unfamiliar. Most of us spend so much time in our browsers and handle so much work in that environment that in many ways, the browser essentially is the…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Risk Management
Supply chain security is now a board-level issue: Here’s what CSOs need to know
For many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing regulatory landscape has been a key driver of the C-suite’s focus, as legislation such as…
Global Security News
These Cities and States Are Taking Aim at Data Centers
The efforts reflect concerns over rising demand for electricity and environmental impact.
AI, Global Security News
GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already supports, but a model reviewing its own output is still constrained by the same training data and…
Global Security News
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The rise of proactive cyber: Why defense is no longer enough
For more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly automated. Two recent developments illustrate how quickly that model is breaking down. Earlier this month,…
AI, Global Security News
As breakout time accelerates, prevention-first cybersecurity takes center stage
Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.
AI, APAC, Compliance, Endpoint, Global Security News, Network Security, Risk Management
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
I recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts. Proactive threat hunting: Active searches for…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released out-of-band patches for a…
AI, Global Security News
Life imprisonment for Cambodian scam compound operators – but will it make a difference?
Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read more in my article on the Hot for Security blog.
AI, Compliance, Global Security News
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate parts of that process, and Comp AI is now doing it with an open-source codebase that organizations can inspect, modify, and self-host.…
AI, Apps, Global Security News
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through February 5, 2027. Applications close May 3, with successful applicants notified by July 25. The fellowship…
AI, Data Breaches, Exploits, Global Security News
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes a step further than GPUHammer, demonstrating for the first time that
Apps, Cybersecurity, Global Security News
How To Choose The Right Low Code Platform For Your Business Needs
Learn how to choose the right low code platform for your business needs. In today’s fast-paced business world, agility is the key to success. Low code development platforms have emerged as a valuable tool for organizations to develop and deploy business applications with minimal coding quickly. With the right platform, businesses can improve their productivity,…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security…
AI, Global Security News
Naitiv Launches AI-Focused ServiceNow Consultancy
A group of former Thirdera executives has launched Naitiv, a new ServiceNow-focused consultancy designed to help enterprises operationalize AI, starting with the insurance sector. We spoke with Naitiv CEO Jon Reynolds and Managing Partner Bill Devine about the launch and why the consultancy is committed to the ServiceNow platform as it scales support. Naitiv launches…
china, Global Security News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems. “The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent
AI, Exploits, Global Security News
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. “The CustomMCP node allows users to input configuration settings for connecting
AI, Global Security News
The case for fixing CWE weakness patterns instead of patching one bug at a time
In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings from CNAs, which tends to produce more precise root-cause data. Automation tools help analysts map weaknesses faster, but can reinforce bad…
AI, Global Security News, Risk Management
How Mimecast brings enterprise-grade email protection to API deployment
In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Microsoft 365 and Google Workspace environments. The video covers a core problem: AI-generated phishing and business email compromise are slipping past native Microsoft 365 controls. According to Mimecast’s State of Human Risk report,…
AI, Global Security News
Google study finds LLMs are embedded at every stage of abuse detection
Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for bias. Researchers at Google mapped how this is happening across what the authors call the Abuse Detection Lifecycle, a four-stage framework covering labeling, detection, review and appeals, and auditing. Earlier moderation…
Global Security News
ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Global Security News
Weekly Update 498
This week, more time than I’d have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for now, will remain unnamed), who had invoices stacking back more than 6 months overdue and despite payment terms of 30 days, paid on an avergae of…
Global Security News, Risk Management
Cashflow-Driven Scores vs. Traditional Credit Scores
Credit scoring is going through an important shift. For decades, lenders leaned on the same basic logic. Look at a person’s borrowing history, measure past repayment behavior, and turn that record into a three-digit summary of risk. That system brought speed and consistency to lending, but it also left obvious gaps. A borrower can pay…
Global Security News
Anthropic in Talks to Invest $200 Million in New Private-Equity Venture
General Atlantic, Blackstone, and Hellman & Friedman are among the private-equity firms in discussions to back the project.
AI, Global Security News, Risk Management
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.
Global Security News, Russia
German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. […]
Global Security News, Russia
German authorities identify REvil and GangCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. […]