Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity,…
Tag: calling
Global Security News
US govt seeks Instructure testimony on massive Canvas cyberattack
The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. […]
Global Security News
Sam Altman’s Business Dealings Under GOP Scrutiny Ahead of OpenAI’s IPO
The Republican-led House Oversight Committee says it is investigating, and six GOP state attorneys general are calling for SEC review after a WSJ article.
Global Security News
Teams calls are about to get a lot harder to fake
Microsoft Teams Calling is getting a new feature that will warn users about suspicious inbound VoIP calls from first-time external callers who might be impersonating trusted brands. The post Teams calls are about to get a lot harder to fake appeared first on Help Net Security.
AI, Global Security News, Risk Management
Responsible ESG AI enablement could become Australia’s next great export if we start now
GUEST OPINION: Logicalis Australia is calling for a shift in how Australia approaches artificial intelligence (AI), warning that the country risks missing a major global opportunity if it continues to focus primarily on policy and access to compute rather than infrastructure.
Global Security News
Where Does Our Free Time Go in Retirement? Too Often, It’s Social Media
We’re trying to fight our smartphone addiction. But with so much time on our hands, and no job calling us, it isn’t easy.
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Security researchers at Noma Security have disclosed a new vulnerability they are calling GrafanaGhost, an exploit capable of silently stealing sensitive data from Grafana environments by chaining multiple security bypasses, including a method that circumvents the platform’s AI model guardrails without requiring any user interaction. Grafana is widely deployed across enterprise organizations as a central…
AI, Global Security News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to…
AI, Cybersecurity, Global Security News, malware
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
A new malware-based credential-stealing campaign, which researchers are calling “DeepLoad,” has been infecting enterprise business IT environments over the past In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering “to defeat the controls…
AI, Cybersecurity, Global Security News
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that’s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign…
Cybersecurity, Global Security News
RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology
AI, Apps, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management
PQC roadmap remains hazy as vendors race for early advantage
Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent. That posture is beginning to shift. Earlier this year, Palo Alto Networks published a blog announcing a new “quantum-safe security” initiative, framing it as a way for enterprises to assess where quantum-vulnerable cryptography exists across…
AI, Cybersecurity, Endpoint, Global Security News, privacy
How to mine millions without paying the bill
In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins. And…