Here’s what to do in a world where credential theft has been automated and turned into a commodity.
Tag: automated
AI, Cloud Security, Cybersecurity, Exploits, Global Security News
Google AI Threat Defense targets attackers using AI to find flaws faster
Google Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who use AI to discover and exploit flaws in hours or days, compressing windows that once stretched into…
Global Security News, AI, malware
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-hour window on May 18. The attack was in the form of a malicious commit, “acac5a9,” targeting GitHub…
AI, Cybersecurity, Global Security News
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI
AI, Global Security News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
AI, Exploits, Global Security News
Google Says Hackers Used AI to Develop a Zero-Day Exploit
Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.
Global Security News
Roblox chat moderation gets bypassed by leet speak and code words
Roblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s most popular games shows that filter missing a wide range of harmful interactions, including grooming attempts, sexual content directed at minors, threats of violence, and references…
AI, Global Security News
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Bluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along…
AI, Global Security News
Automated LLM red teaming gets a learning layer
Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target model, an evaluator scores the results, and the cycle repeats. Two approaches dominate. One asks the attacker to invent strategies through trial and error, which tends to produce…
AI, Global Security News
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and when the victim calls back, hands them off to either a human scammer or an…
AI, Global Security News
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. […]
AI, Global Security News, Network Security
Copado Puts AI Agents Inside DevOps Workflows
Copado just rolled out Agentia, a shiny new AI tool that adds automated agents into the day-to-day work of building, testing, and releasing software in Salesforce. How agentic AI is developing code and other time-intensive workloads That means the agents aren’t just suggesting things or answering questions; they’re actually writing code, running tests, diagnosing failures,…
Global Security News
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation’s the bottleneck, which bounties don’t fund.
AI, Exploits, Global Security News
Anthropic’s new AI model finds and exploits zero-days across every major OS and browser
Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a new general-purpose language model being made available only to a limited group of critical industry partners and open source developers,…
AI, Global Security News
Why Your Automated Pentesting Tool Just Hit a Wall
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the “PoC cliff” leaves major attack surfaces untested and creates a dangerous validation gap. […]
Global Security News, Risk Management
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses in 2026.
AI, Exploits, Global Security News
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. […]
Global Security News
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.
AI, Global Security News, Risk Management
DoControl provides security coverage for Google Gemini Gems
DoControl announced new capabilities that provide visibility, monitoring, and automated control for Google Gemini Gems, a newly introduced feature within Google Gemini that enables teams to create customizable AI GPTs. With this launch, DoControl is the first platform to provide comprehensive security coverage for Google Gemini Gems, ensuring organizations can safely adopt this new technology…
AI, Global Security News, Risk Management
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control.
Global Security News, Network Security
WatchGuard Expands NDR Capabilities, Making Advanced Network Threat Detection Practical for MSPs and Midmarket Organisations
Embedded detection, managed services, and automated response simplify NDR adoption for SMEs and MSPs
AI, Apps, Cybersecurity, Exploits, Global Security News
ZeroThreat.ai Wins Cybersecurity Excellence Award for Best Web Application Security Platform
Chicago, IL – March, 2026 – ZeroThreat.ai, the AI-powered automated web and API pentesting platform that validates real exploit paths in minutes, today announced it has been named the Silver Award winner of the Cybersecurity Excellence Award for Best Web Application Security Platform. The award, recognized globally across the cybersecurity industry, honors organizations that demonstrate…
AI, Global Security News
Graylog advances explainable AI and automated workflows for faster threat detection
Graylog has revealed advances in explainable AI and automated investigation workflows that help small-to-mid-sized security teams detect threats faster, investigate with confidence, and cut the manual documentation work that consumes analyst time. “Lean security teams don’t have the luxury of analyst bench depth or months of automation tuning,” said Andy Grolnick, CEO of Graylog. “Every…
AI, Global Security News, Risk Management
Mimecast adds AI investigation and adaptive controls to manage human risk
Mimecast has announced major platform capabilities designed for a new enterprise reality as AI agents and automated workflows scale across the business and establish the human layer as the new security control plane. According to Mimecast’s The State of Human Risk 2026, 98% of organizations now use AI to defend against threats, yet 80% are…
Compliance, Global Security News, Risk Management
Forescout replaces manual audits with automated, always-on compliance validation
Forescout Technologies has announced Automated Security Controls Assessment, a new Forescout 4D Platform capability that continuously evaluates trust, control effectiveness and compliance posture across an organization’s attack surface. Replacing manual, static and error-prone spreadsheet-driven audits with real-time, automated evidence-based collection and reporting, the Automated Security Controls Assessment feature gives security and governance, risk, and compliance…
AI, Global Security News, Risk Management
Are We Ready for Auto Remediation With Agentic AI?
With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management.
AI, Exploits, Global Security News, Risk Management
Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk
Beazley Security has announced its Exposure Management product, which delivers continuous, automated discovery and intelligence-driven exposure notifications to help security teams accelerate risk mitigation in an era where AI-assisted attackers have compressed the time between vulnerability disclosure, weaponization, and exploitation. The product, validated with clients over the past eight months, is the first in an…
AI, Data Breaches, Global Security News, Network Security
Cloudflare tracked 230 billion daily threats and here is what it found
Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress. Cloudflare’s threat research unit, Cloudforce One, published its inaugural cyber threat report 2026, covering activity observed through 2025…
AI, Cybersecurity, Global Security News
Top 10 AI-Powered Automated Pentesting Tools
In this post, I will talk about the top 10 AI-Powered automated pentesting tools. Is your security strategy keeping pace with daily code updates? Most manual pentests take weeks, but software ships every hour. Today, 97% of CISOs are turning to a hybrid approach using AI-powered tools and having manual oversight to stay ahead. These…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Vulnerability monitoring service secures public-sector websites faster
An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight. The results come from the UK government’s newly launched vulnerability monitoring service…
AI, Europe, Global Security News
Consumers feel less judged by AI debt collectors
Debt collection agencies are starting to use automated voice systems and AI-driven messaging to handle consumer calls. These systems help scale outreach, reduce call center staffing demands, and offer 24/7 service. A new study covering 11 European countries found that this shift changes how consumers emotionally experience debt collection, especially around stigma and empathy. The…
AI, Exploits, Global Security News
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities
We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.
Global Security News
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.
Global Security News
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.
AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance
GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…