A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware.
Tag: System
Exploits, Global Security News
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any…
Global Security News
KDE Linux security audit cuts kernel modules and unused packages
KDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with the system. The work followed the discovery of multiple security issues in the upstream Linux kernel during the prior month. Kernel and module changes Three contributors examined insecure and…
AI, Cloud Security, Compliance, Cybersecurity, Global Security News, privacy, Risk Management
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope
Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering…
Global Security News
New FROST attack exploits browser features for website and app tracking
The FROST attack leverages the Origin Private File System (OPFS), a browser feature, to measure Solid-State Drive (SSD) access speeds.
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
6 Best IT Asset Management (ITAM) Software in 2026
This guide is for IT leaders, system administrators, and security teams looking to improve asset visibility, lifecycle management, and endpoint security across their organizations in 2026. It covers the best IT asset management (ITAM) software solutions, key features to evaluate, and how to choose the right platform for your business needs. Key Takeaways on IT…
AI, Apps, Global Security News
Checksum introduces Continuous Quality Agent for automated test generation and healing
Checksum has launched its Continuous Quality Agent, an autonomous system that runs nightly against deployed applications and automatically heals broken tests without waiting for an engineer to open a dashboard or write a prompt. AI coding has changed the constraint in software development. Teams can now ship far more code than before, but every PR…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
10 of the Best Patch Management Service Providers in 2026
This guide is for IT leaders, security teams, and system administrators looking to streamline vulnerability remediation and automate software updates in 2026. It covers the best patch management service providers and the key features organizations should evaluate to improve endpoint security, reduce operational overhead, and strengthen overall IT resilience. Key Points on Patch Management Solutions…
Global Security News, privacy
Franklin Access adds three-layer security system to Wi-Fi routers
Franklin Access has launched a three-layer security system integrated into its Wi-Fi routers, delivering enterprise-grade protection for consumers and small businesses. The system runs automatically in the background, blocking millions of malicious websites in real time to protect families, children, seniors, and businesses from online threats. Franklin’s Wi-Fi routers include advanced security protocols and privacy…
AI, Global Security News
FAQ: What you need to know about expiring Windows Secure Boot certificates
Microsoft is preparing to make a significant change to the Secure Boot system in Windows that will impact operations for both clients and servers. In a nutshell: The Secure Boot certificates that Microsoft issued 15 years ago are being replaced by newer ones, with the older certificates set to expire beginning in June. To continue…
Global Security News
Ubiquiti patches three critical vulnerabilities in UniFi OS
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing underlying system files, and command injection attacks, respectively.
AI, Cybersecurity, Global Security News
How Will The Right CRM System Improve Your Business Today?
How will the right CRM System improve your business today? Read this post to find out how. When you look around the roofing business and see which firms are genuinely nailing it in their regions, you’ll see a few things in common among the most successful contractors. Using a customer relationship management (CRM) system is…
Apps, Global Security News
Earbud sensors can authenticate users by their heartbeat, study finds
Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so no extra hardware is needed. The point is to keep verifying that the person wearing the…
AI, Cybersecurity, Global Security News
Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq
A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos online. The issue came from a misconfigured Amazon cloud storage bucket that was left…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management
The Massive Canvas Cyberattack That Allegedly Ended in a Secret Deal With Hackers
The cyberattacks targeting Instructure’s Canvas learning management system unfolded as at least two distinct but likely connected operational phases that exposed the fragility of browser-based SaaS trust models inside modern educational infrastructure. What began in late April as a suspected cloud-platform compromise involving large-scale data exfiltration evolved by early May into a far more aggressive…
AI, Exploits, Global Security News
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. […]
AI, Global Security News
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different…
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Exploits, Global Security News, Network Security
Microsoft’s agentic security system found four critical Windows RCE flaws
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…
Data Breaches, Global Security News
Instructure reaches ‘agreement’ with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]
AI, Compliance, Global Security News
Alation AI Governance creates a system of record for AI oversight
Alation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools faster than they can govern them. As a result, when a board or regulator asks about compliance, most Chief Data Officers (CDOs) and their teams…
AI, Cloud Security, Global Security News
Transilience AI unveils Security Operating System for cloud remediation
Transilience AI has announced the general availability of its Full Stack Security Operating System for the cloud, platform designed to solve one of enterprise security’s most persistent challenges: bridging the gap between detection and remediation. New platform replaces fragmented tool sprawl with an agent-powered, human-guided second brain, moving security posture from Detected to Eliminated. Cloud…
AI, Global Security News, Network Security
Student hacked Taiwan high-speed rail to trigger emergency brakes
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country’s high-speed railway network (THSR). […]
AI, Endpoint, Global Security News
Tanium Atlas aims to accelerate threat response in the AI era
Tanium announced Tanium Atlas, an autonomous operating system (OS) that gives a single IT or security operator the data, guidance and reach to accomplish what once required an entire team – moving from intent to outcome in a single, governed experience. Tanium Atlas is built on an endpoint data foundation that is complete, high-fidelity, real-time…
AI, APAC, Global Security News, Risk Management
Dematic brings Multishuttle FD to Australia, Unlocking Scalable, High-Density Storage without over Investment
Dematic, a global leader in supply chain automation, is set to exhibit the Dematic Multishuttle® FD System in Australia. The Multishuttle FD System is a high-density shuttle-based storage system designed to help businesses double storage capacity while reducing the risk of over-investing in warehouse automation.
AI, Apps, Global Security News
Virtue AI PolicyGuard turns AI policies into enforceable runtime guardrails
Virtue AI has announced PolicyGuard, a system that enables enterprises to define, edit, and enforce custom AI runtime protection guardrails across models, agents, and applications. Most organizations have “AI acceptable use policies.” When they need to enforce those policies, however, the tooling is static, fragmented, and generic: built for no industry in particular and no…
Global Security News
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
Security researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At risk are devices running Cisco ASA or Firepower software, including certain Firepower and Secure Firewall devices. So far, however,…
AI, Compliance, Cybersecurity, Global Security News
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond to incidents throughout the development and operational lifecycle. Allama: Open-source AI security automation Allama is an…
AI, Global Security News
How’s that? AI umpiring in grassroots cricket isn’t just about fairness — it’s a glimpse of sport’s digital future
Go Darwin. The quiet rollout of an AI-powered cricket decision review system in Darwin’s women’s division one cricket competition may look like a niche experiment. It isn’t. It’s a signal, one that speaks to how artificial intelligence is steadily reshaping not just elite sport, but its grassroots foundations.
AI, Cloud Security, Compliance, Cybersecurity, Global Security News, privacy, Risk Management
Winter 2025 SOC 1 report is now available with 184 services in scope
Amazon Web Services (AWS) is pleased to announce that the Winter 2025 System and Organization Controls (SOC) 1 report is now available. The report covers 184 services over the 12-month period from January 1, 2025 – December 31, 2025, giving customers a full year of assurance. This report demonstrates our continuous commitment to adhering to…
Global Security News
Seeing Machines Releases Part 2 of Technical Paper Series on Intoxication
Driver Monitoring System technology enables real-time assessment of a driver’s functional state relative to the driving environment
AI, Cybersecurity, Global Security News
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake. Oh, and by the way,…
Endpoint, Global Security News, Government & Policy
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. […]
Global Security News
New Adobe Premiere Color Grading Mode Accelerated on NVIDIA GPUs
New NVIDIA RTX-accelerated features streamline creative workflows in Adobe Premiere and system optimization with NVIDIA Project G-Assist.
AI, Global Security News, Risk Management
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. “The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of…
AI, Global Security News
The fully free Linux OS Trisquel gets a major update with version 12.0 Ecne
Trisquel GNU/Linux, a free operating system aimed at home users, small enterprises, and educational centers, released version 12.0. The release, codenamed Ecne, is declared production-ready and builds on the previous version, Aramo, with changes to packaging, the kernel, security, and available software. APT 3.0 and repository format changes Ecne ships with APT 3.0, which brings…
AI, Compliance, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Hackers claim control over Venice San Marco anti-flood pumps
Hackers breached Venice ’s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factories to flood defenses, operational technology (OT) has long had one essential…
AI, Global Security News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across…
Global Security News
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. […]
Global Security News, malware, Network Security, Risk Management
Advenica’s File Scanner Kiosk scans USB media for malware
Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on external media for file transfers, organisations face increased vulnerability to malware. The File Scanner Kiosk addresses this challenge by providing an automated, reliable, and efficient way to scan USB media for…
AI, Cybersecurity, Global Security News, Network Security
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
NETSCOUT’s Arbor Threat Mitigation System (TMS) was honored with five badges, while Arbor Sightline earned one badge on G2 for the winter 2026 quarter. These badges span multiple categories. Arbor TMS was awarded badges in the following categories for winter 2026: Leader – Enterprise DDoS Protection Momentum Leader – DDoS Protection Regional Leader (Asia) – DDoS Protection Leader –…
AI, Global Security News, privacy, Risk Management, Venture
8 advanced ways Vivaldi boosts your productivity
Switching browsers is almost akin to switching to a new operating system — or, for a more physical analogy, moving into a completely new office where everything’s unfamiliar. Most of us spend so much time in our browsers and handle so much work in that environment that in many ways, the browser essentially is the…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security…
AI, Endpoint, Global Security News
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform. For security leaders, this creates a
Global Security News
Anker SOLIX X1 Solution Gets Its Biggest Upgrade Yet – Whole-Home Backup, No Compromises
With the addition of Power Dock Pro, the Anker SOLIX X1 system now keeps every light on, every appliance running, and every Australian household living fully powered — no matter what the grid does.
AI, Exploits, Global Security News, Network Security
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS “generations” are covered, as are the last two versions of iOS/iPadOS. For tvOS, watchOS, and visionOS, only the current version received patches. This update also includes the…
AI, Global Security News
Anthropic cuts action approval loop, lets Claude Code make the call
Auto mode is a new permissions feature in the Claude Code system that allows the AI to make approval decisions on a user’s behalf while safeguards review actions before execution. The feature is available on Team plans and requires administrator approval before use, with support for Enterprise and API users expected soon. It runs on…
AI, Global Security News, Government & Policy, Network Security
Palantir Will No Longer Profit Off of New Yorkers’ Health Data
A controversial multimillion-dollar deal between New York City’s public hospital system and military contractor Palantir, first reported by The Intercept, is coming to an end, according to recent testimony before the city council. Related Palantir Gets Millions of Dollars From New York City’s Public Hospitals The Intercept reported in February that the New York City…
Data Breaches, Global Security News
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. […]
AI, Apps, Exploits, Global Security News, Risk Management
Microsoft details AI prompt abuse techniques targeting AI assistants
Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025 OWASP guidance for LLM applications. “Detecting abuse is challenging because it exploits natural language, such…
AI, Cybersecurity, Data Breaches, Funding, Global Security News, Network Security
WorldLeaks ransomware group breached the City of Los Angels
WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. This week, local media reported that an unauthorized activity hit Metro’s internal…
AI, Global Security News
Semgrep Multimodal brings AI reasoning and rule-based analysis to code security
Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cutting noise by 50% compared to foundation models alone, and has already discovered dozens of zero-days at customers. Multimodal is built on Semgrep Workflows, a framework for…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…
AI, Global Security News
KEEQuant advances chip-scale QKD for telecom, data centers, and critical infrastructure
KEEQuant has announced its commercial chip-scale QKD technology, marking an advance in quantum-secure communications. The system replaces bulky optical assemblies with photonic integration, lowering the cost and complexity of quantum key distribution and making quantum-safe key exchange a practical upgrade for telecom operators, data center providers, and critical infrastructure organizations. The result is smaller, more…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
AI Facial Recognition Error Jails Tennessee Grandmother for Months
A Tennessee grandmother spent nearly six months in jail after a facial recognition system incorrectly identified her as a suspect in a bank fraud investigation in North Dakota, more than 1,200 miles from her home. The case is drawing renewed scrutiny around the risks of relying heavily on artificial intelligence in criminal investigations. “I’ve never…
Global Security News, malware
New PixRevolution Malware Steals Brazil’s PIX Transfers in Real Time
Researchers have discovered PixRevolution, a new Android banking trojan targeting Brazil’s PIX system. Unlike automated scams, this malware uses live operators to watch your screen and divert funds instantly.
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft SQL Server Vulnerability Enables Privilege Escalation
A vulnerability in SQL Server could allow attackers to escalate their privileges to system administrator level within affected database environments. “Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network,” said Microsoft in their security advisory. Understanding CVE-2026-21262 The vulnerability, tracked as CVE-2026-21262, carries a CVSS score of 8.8…
Global Security News, malware
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data
AI, Apps, Global Security News, Risk Management
Mend.io eliminates AI prompt weaknesses before production
Mend.io has launched System Prompt Hardening within Mend AI to detect, score, and automatically remediate weaknesses in AI system prompts. Hidden instructions in system prompts have emerged as a growing security concern that traditional AppSec tools do not fully address. System Prompt Hardening provides instant visibility into these behind-the-scenes instructions, identifies weaknesses, and automatically strengthens…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing…
AI, Data Breaches, Exploits, Global Security News, Network Security
FBI probing intrusion into a system managing sensitive surveillance information
The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United…
AI, Endpoint, Global Security News, Network Security
2026 Browser Data Reveals Major Enterprise Security Blind Spots
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware’s 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. […]
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
14 old software bugs that took way too long to squash
In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old — and there was no patch available, and no expectation that one would be forthcoming. Fortunately, that’s because the…
Data Breaches, Europe, Global Security News, Risk Management
Njordium Vendor Management System eliminates duplicate third-party assessments
Njordium Cyber Group has launched its Vendor Management System (VMS), a platform that eliminates the costly duplication of third-party assessments under Europe’s overlapping regulations. 70% of European organisations suffered a data breach in the past three years, and 77% of those breaches originated with a vendor or third party (Whistic, Third-Party Risk Management 2025 Impact…
Exploits, Global Security News
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve RCE), CVE-2025-31161 (the auth-bypass that handed over the…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Vulnerability monitoring service secures public-sector websites faster
An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight. The results come from the UK government’s newly launched vulnerability monitoring service…
AI, Global Security News
VAST Data and TwelveLabs partner to ‘expand video intelligence for the World’s largest and most secure video archives’
At VAST Forward 2026, VAST Data, the AI Operating System company, and TwelveLabs, which develops video foundation models that enable advanced video intelligence, have announced a partnership “to help organisations see, hear and reason across massive video content archives and sensitive data environments beyond public cloud deployments”.
AI, Global Security News, Risk Management
6 Ways Agentic AI Changes How Systems Act and Adapt
Learn how agentic AI changes system behavior in production environments through supervised fine-tuning, structured oversight, and lifecycle governance to improve reliability, manage risk, and support accountable deployment.
Global Security News
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
HBO’s “The Pitt” is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.
Global Security News, Network Security
Critical Juniper Networks PTX flaw allows full router takeover
A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. […]
Cybersecurity, Global Security News
‘Richter Scale’ Model Measures Magnitude of OT Cyber Incidents
ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.
Global Security News
PayPal Confirms Six-Month Data Exposure Linked to Loan System Error
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months.
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Don’t trust TrustConnect: This fake remote support tool only helps hackers
After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out. Now they have a new option: a fake remote monitoring and management (RMM) tool, complete with serious-looking online storefront, built just for…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
AI, Global Security News, Risk Management
Qodo unveils AI-driven governance system for code quality control
Qodo has unveiled an intelligent Rules System for AI governance that replaces static, manually maintained rule files with a governance layer that automatically generates rules from real code patterns and past review decisions, continuously maintains rule health, enforces them in every code review, and measures their real-world impact. As AI accelerates software development, governance has…
AI, Global Security News, Government & Policy, Network Security, Politics, Risk Management
Palantir Gets Millions of Dollars From New York City’s Public Hospitals
New York City’s public hospital system is paying millions to Palantir, the controversial ICE and military contractor, according to documents obtained by The Intercept. Since 2023, the New York City Health and Hospitals Corporation has paid Palantir nearly $4 million to improve its ability to track down payment for the services provided at its hospitals…
AI, china, Funding, Global Security News
Waymo Begins Deploying Next-Gen Ojai Robotaxis in the US
Waymo is putting its most advanced self-driving system yet on the road. The Alphabet-owned company announced on Feb. 12 that it has begun fully autonomous operations with its sixth-generation Waymo Driver system. The new fleet, built on base vehicles from Chinese automaker Geely, represents the company’s most aggressive push yet to scale its technology while…
AI, Cybersecurity, Global Security News, Network Security
Why secure OT protocols still struggle to catch on
Industrial control system networks continue to run on legacy communication protocols that were built for reliability and uptime, not authentication or data integrity. In many environments, malicious actors with access to the OT network can impersonate devices, issue unauthenticated commands, or modify messages in transit without detection. A new guidance document from the Cybersecurity and…
AI, Global Security News, Security, Software
Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. […]
AI, Cyberattacks, Cybercrime, Security, Endpoint, Exploits, Global Security News
Cyberangriff auf EU-Kommission
Cyberkriminellen ist es gelungen, in ein System der EU-Kommission einzudringen. Elza Low – shutterstockcom Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management – MDM) . Demnach sind die Täter möglicherweise an…
Bitcoin, blockchain, Crypto, CryptoCurrency, Global Security News
Bithumb Mistakenly Sends 620,000 Bitcoin ($40B) to Customer Accounts
A system error at Bithumb sent 620,000 Bitcoin worth about $40B to hundreds of users during a promotion, briefly disrupting prices and drawing scrutiny.
Global Security News
Engineering Trust at Scale: The 2026 IT Agenda for Australian Digital Health
GUEST OPINION: Australia’s health system has made significant strides toward connected care. In 2025, this momentum continued with another year of accelerated transformation across Australian healthcare.
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…