Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.
Tag: Once
AI, Apps, Endpoint, Global Security News, malware, Risk Management
GlassWorm falls, but the repo problem is far from solved
Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new challenge: distinguishing real threats from automated noise. “I think coordinated actions, like GlassWorm, can sever control,…
AI, Cybersecurity, Exploits, Global Security News, Network Security
Cisco zero-day under ongoing attack by persistent threat group
Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls…
Global Security News
Your coworker might be selling company logins, and thinks it’s fine
Employee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, including leadership. Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working at companies with more than 1,000 staff, shows that employee-driven fraud, such as selling login credentials or…
AI, Global Security News
You Have No Idea How Much You Still Use BlackBerry
Once left for dead, the company is making money again with hidden software in 275 million cars. You use it every day without knowing it.
Global Security News
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The…
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures
A consequential shift is underway in how enterprise breaches begin. The leaked credential — once treated as a hygiene problem — has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern in miniature. Stolen OAuth tokens from one chatbot vendor pulled Salesforce data from 760 enterprise…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management
6 ways attackers abuse AI services to hack your business
Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things…
Global Security News
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware
ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact
We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year. It also points to a broader shift in the market.…
AI, Global Security News, Network Security, Risk Management
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
I used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call process. After a few real outages, I changed my mind. Hybrid response fails at the seams between ownership models: on-prem teams, cloud teams, security, vendors. Each group can be correct inside its…
AI, Data Breaches, Global Security News
ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites
Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign tool On Saturday, Saleforce confirmed that its security team has identified an attack campaign by unnamed malicious actors looking to access customers’ data. The attackers are not leveraging a vulnerability…
AI, Apps, Compliance, Endpoint, Europe, Global Security News, Government & Policy, malware, Risk Management
Google Workspace vs. Microsoft 365: What’s the best office suite for business?
Once upon a time, Microsoft Office ruled the business world. By the late ’90s and early 2000s, Microsoft’s office suite had brushed aside rivals such as WordPerfect Office and Lotus SmartSuite, and there was no competition on the horizon. Then in 2006 Google came along with Google Docs & Spreadsheets, a collaborative online word processing and…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
A scorecard for cyber and risk culture
Have you once watched a leadership team clap for their “security culture month” like they’d landed a rover? Posters everywhere. Quizzes. A prize draw. Someone baked cupcakes with padlocks iced on top. Cute. Two weeks later, a product manager asked an engineer to “just share the admin credentials for an hour” because the vendor demo…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited Since 2023
New day, new vulnerability in the spotlight. We’re once again seeing how quickly weaponized flaws in widely deployed platforms turn into real operational risk. Coverage of maximum-severity Cisco bugs (CVE-2025-20393, CVE-2026-20045), as well as the Dell RecoverPoint zero-day CVE-2026-22769, shows that attackers are increasingly prioritizing edge-facing infrastructure that quietly controls traffic flows, identity paths, and…
AI, APAC, Apps, Compliance, Global Security News, Risk Management
Task management software gets an agentic boost
The digital workplace has outgrown the simple project checklists you may have once associated with task management apps. The software has moved from passive repositories for to-do lists to active participants in workflows. In 2026, the biggest shift in task management applications is the rise of agentic AI. The category has moved from simple automation…
AI, Global Security News
The Week Anthropic Tanked the Market and Pulled Ahead of Its Rivals
Once a distant second or third in the AI race, the company is pushing to the front with a focus on caution, coding and business clients.
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends
Flare Report: Infostealers Are Fueling Enterprise Identity Attacks
Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises. New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…