On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. […]
Tag: started
AI, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
AWS Security Hub Extended: Why enterprise security products should sell themselves
Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No six-month evaluation. No multi-year commitment up front. Our field teams played a…
AI, china, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management, Venture
Cybersecurity is really boring
Several weeks ago, I got into a debate with a good friend of mine. He started by saying that security is a very exciting space with so many things changing every day. But the longer we talked, the more we started agreeing that when done well, cybersecurity is incredibly boring. In this piece, I am…
AI, Global Security News
Your New AI Professor Is the Rapper From the Black Eyed Peas
What started as a visit to MIT’s Media Lab became a long-term tech love affair for will.i.am, and now he’s passing on that love.
AI, Global Security News
Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
Yup, that is for real. For me, this started with a post in X at hxxps://x.com/intcyberdigest/status/2051406295828250963?s=61 , which highlighted research by @L1v1ng0ffTh3L4N that found exactly this issue. Edge stores all of your browser passwords in clear text, even if you haven’t used them in this session, y’know, just in case. I figured, it couldn’t be that easy, right? …
AI, Exploits, Global Security News
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. […]
AI, Cloud Security, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management, Venture
Infra + security: why more & more CISOs are starting to own infrastructure
Over the past year, I have started to see a growing trend that in more and more organizations, CISOs are taking ownership of infrastructure teams. Where CISOs aren’t directly taking over infrastructure teams, they are exerting more direct control over how infrastructure is designed and operated. Like many structural shifts in cybersecurity, this is developing…
AI, Data Breaches, Global Security News
Scanning for AI Models, (Tue, Apr 14th)
Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, the DShield database shows reporting of these probes started that day and has been active ever since. Based on what we currently have reported,…
AI, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hosted threat briefing held alongside the RSA Conference 2026 in San Francisco on Tuesday. “We…
AI, APAC, Cybersecurity, Global Security News, Network Security, Risk Management, Venture
“It is not the customer’s job to know what they want” rings true in cyber
Ever since I embarked on the founder journey and started working on my own startup, I’ve developed different perspectives and some strong opinions about founder life. In today’s issue, I am going to share one of them – about the fact that there has never been a billion-dollar security company built based on Gartner’s* insight…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revealed. The vulnerability in question is CVE-2026-20131, a remotely exploitable deserialization flaw in Cisco Secure Firewall Management Center (FMC) Software which was given a maximum…
AI, Global Security News
Certificate lifespans are shrinking and most organizations aren’t ready
The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates, which reignited the debate and ultimately forced the CA/Browser Forum to set a formal schedule.…
AI, Global Security News
Study Finds ROME AI Agent Attempted Cryptomining Without Instructions
A recent research paper describing the training of an experimental AI agent has started a discussion after the…
AI, Cybersecurity, Global Security News
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity
Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize his calendar around the cognitive load of processing sound. It was manageable. Then, in July 2025, it…
Global Security News
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, privacy, Risk Management
PayPal launches latest struggle to get rid of SMS for MFA
When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk. The financial services giant signaled that it was turning the page on the much-maligned authentication method while simultaneously offering no timeline and assuring customers SMS wouldn’t entirely go…
AI, Exploits, Global Security News
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…
AI, authentication bypass, Blog, CVE, CVE-2026-24858, CVEs, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild
The year 2026 has started with an avalanche of zero-day vulnerabilities, causing a menace for cyber defenders. Right after Microsoft Office zero-day (CVE-2026-21509) and a critical flaw in Cisco products (CVE-2026-20045) that were repeatedly exploited for in-the-wild attacks, Fortinet has disclosed another serious issue, immediately drawing the attention of threat actors. Identified as CVE‑2026‑24858, the…