Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
Tag: what
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
Global Security News
Why supply chain attacks work and what detection can actually do about it
Here’s what to do in a world where credential theft has been automated and turned into a commodity.
AI, Compliance, Global Security News, Risk Management
Sectigo Launches MCP Server for CLM
Sectigo has announced the general availability of what it says is the first globally available, production-ready Model Context Protocol server for certificate lifecycle management, expanding how enterprises can use AI agents to manage digital certificates. The MCP Server for Sectigo Certificate Manager allows administrators to perform certificate operations using natural language through MCP-compatible AI agents,…
Global Security News
Infosecurity Europe: Business Leaders Lack Understanding of Threat Intelligence, Study Warns
A new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence
Global Security News
Why Encrypted File Sharing Is Essential for Modern Businesses
Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…
AI, Global Security News
A Famous Math Problem Stumped Humans for 80 Years. AI Just Cracked It.
The math world is losing its mind over the new solution to an Erdős problem. This is what AI found, how we missed it—and why it matters.
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Russia
DIL Observatory: when the World Escalates, the Underground Responds
Digital Intelligence Lab (DIL) launches an observatory for reading cyber events as what they actually are: signals of a broader social and geopolitical reality. The timing rarely lies, and the connection between real-world events and cyber activity is no longer a theoretical framework. It is a documented pattern, traceable across months and geographies. This new…
AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management
Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin
What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard solution, adopted by 74 Fortune 100 companies. Celebrating a decade of ANY.RUN, CEO Aleksey Lapshin shared his perspective on the evolution of the company,…
Global Security News
Execs Are Deploying Digital Twins to Do Their Work
Plus, what it’s like to use an e-hiking exoskeleton and how ground drones are revolutionizing warfare.
AI, Data Breaches, Endpoint, Exploits, Global Security News, malware
GitHub admits major source code leak after 3,800 internal repositories breached
Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we…
AI, Global Security News, Risk Management
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection…
AI, Global Security News
Your New AI Professor Is the Rapper From the Black Eyed Peas
What started as a visit to MIT’s Media Lab became a long-term tech love affair for will.i.am, and now he’s passing on that love.
AI, Global Security News
Agentic Governance: Why It Matters Now
AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed.
AI, Global Security News
Who Owns the Future of AI?
Plus, what to look for in a used EV, Anthropic’s AI lead, the Cerebras IPO, the OpenAI lottery tickets and the most AI-proof jobs in tech.
Global Security News, malware, Risk Management
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred…
Cybersecurity, Global Security News
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious – node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 “Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1
AI, Global Security News
Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak
An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.
AI, Global Security News
Embattled Commissioner Makary to Leave FDA
Plus, Sam Altman testifies in Elon Musk’s OpenAI trial, and “Subway Takes” has what it takes.
AI, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
Major world economies spell out key elements of AI ‘ingredients list’
A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any…
AI, Global Security News, Risk Management
Download: The IT and security field guide to AI adoption
Security and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of reducing workload, AI can introduce new risks and oversight burdens. This guide breaks down why AI adoption…
AI, Apps, Compliance, Cybersecurity, Data Security, Exploits, Global Security News, privacy, Risk Management
CISOs step into the AI spotlight
Serving in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army, where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump into a foxhole and pick up a weapon,”…
AI, Global Security News
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide…
Global Security News
AI Is Forcing CEOs to Make a Stark Choice: Lay Off Workers or Make Them Do More
Company bosses are splitting into two camps over what the technology’s best, immediate benefits are. Neither calls for more hiring anytime soon.
AI, Global Security News
Are Those Brake Lights or a House on Fire? Your Security Camera Can’t Tell.
AI is allowing home-security cameras to offer detailed descriptions of what they see. The notifications are often spot on. They can also be wildly wrong.
AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
How Criminals Created SMS Blasters to Fake Cellphone Towers and Hack Thousands of Phones in Canada
Canadian authorities have dismantled what appears to be one of the most technically sophisticated financially motivated telecom attacks publicly documented in North America after arresting three suspects accused of operating vehicle-mounted “SMS blaster” systems that impersonated legitimate cellular towers, induced nearby mobile devices into attaching to rogue infrastructure, delivered phishing messages to those devices—likely through…
AI, Global Security News
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […]
AI, Global Security News, Risk Management
Identity discovery: The overlooked lever in strategic risk reduction
If you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an attacker could move once inside. Uncertainty about whether identity programs are actually reducing risk, or just managing symptoms. Identity discovery sits at the center…
AI, Data Breaches, Global Security News, Risk Management
Fusion Signage achieves ISO 27001 certification and hits 20,000 user licence milestone
In what is turning out to be a month of major achievements Fusion Signage, often referred to as Australia’s user-friendliest digital signage software, has officially achieved ISO 27001 certification and hit their 20,000 user licence milestone all in the same week. Fusion Signage MD James Ingram ISO 27001 is the leading international standard for information security…
AI, Global Security News, Network Security
Can I do that with policy? Understanding the AWS Service Authorization Reference
Understanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approaches that won’t work. You’ve likely encountered questions like: Can I use AWS Organizations service control policies (SCPs) to prevent the creation of security groups that allow traffic from 0.0.0.0/0? Can I block…
AI, APAC, Cloud Security, Cybersecurity, Europe, Exploits, Global Security News, Risk Management
The Mythos Discovery: What It Means for Vulnerability Disclosure
The Mythos Discovery: What It Means for Vulnerability Disclosure AI just broke vulnerability disclosure at scale. Earlier this month, Anthropic’s Claude Mythos Preview AI model discovered 27-year-old bugs that survived decades of human review. Now the industry’s top security leaders are calling it a watershed moment. Here’s what software vendors need to know. What Happened…
Apps, Cybersecurity, Global Security News
What Are The Security Features On The QuickBooks Desktop?
This post answers the question – what are the security features on the QuickBooks Desktop? QuickBooks software from Intuit is businesses and individuals’ most widely used accounting application. It’s highly convenient to use for payroll management, bill payment, expense management, and business payments. Traditionally, users installed QuickBooks on their Desktops and could only access their…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Funding, Global Security News, Network Security, Risk Management, Venture
AI is one of the two monumental shifts in cyber today
It’s 2026, when nobody can confidently say what the future of security is going to look like. Everyone is trying (what else can we do), but judging by all the progress around AI in recent months, we are all going to be wrong. The biggest mistake we all make is assuming that the future is…
Global Security News
Tim Cook Told Me His Advice for Apple’s Next CEO
He remembers what Steve Jobs told him 15 years ago. Now that Cook is stepping down, he has a message for his own successor.
Cybersecurity, Global Security News
Zero-Trust Hosting: What It Means and Why It’s Becoming the Standard
In this post, I will talk about zero-trust hosting and show you what it means and why it’s becoming the standard. Let’s get the obvious problem out of the way first. Zero trust has been talked about for fifteen years. It appears in every vendor deck, every security strategy document, and roughly every third conference…
AI, Global Security News
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
The deepfake dilemma: From financial fraud to reputational crisis
Deepfake technology has crossed a critical threshold. What was impossible 10 years ago and required specific expertise only a few years ago is now cheap and accessible. Worse, it’s now good enough to fool a wide range of employees and executives. In fact, a 2025 Gartner survey found that 43% of cybersecurity leaders experienced at…
AI, Cloud Security, Exploits, Global Security News
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers on Anthropic’s Claude Mythos, which autonomously found thousands of zero-day vulnerabilities across major operating systems and browsers, generated working…
AI, Global Security News
How big data trends power the next generation of AI models
GUEST OPINION: What if the secret to building a perfect artificial intelligence was not found in the algorithms but in the garbage we leave behind? For years, the tech industry treated information like a digital hoard. We saved everything but understood little. Today, that hoarding pays off as vast amounts of data fuel a revolution…
AI, Global Security News
What Your AI Knows About You
Plus, WSJ readers sound off on their EVs, what happened when a man fell in love with Gemini and AI companies that “come in peace.”
AI, china, Data Breaches, Global Security News, Network Security, Risk Management
Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub
Threat actors are claiming responsibility for what could be one of the largest data breaches in China’s history — allegedly stealing more than 10 petabytes of data from a key national supercomputing facility tied to scientific and defense research. “The reports that hackers with the alias of FlamingChina stole 10 petabytes of data containing Chinese…
AI, Global Security News
MCA Australia opens its major summer exhibition Data Dreams: Art and AI, part of the Sydney International Art Series 2025–26
Who holds the power behind the algorithm? Can machines dream? What does it mean to be human in an age of AI? A groundbreaking exhibition which asks how artificial intelligence is transforming the way we live, think and create.
AI, Global Security News
New X-ray vision for electronics lets scientists monitor working chips remotely
Adelaide University researchers have developed a breakthrough way to observe what is happening inside electronic chips while they are operating — without touching them, taking them apart, or switching them off.
AI, Cybersecurity, Global Security News, Network Security, privacy
What Is a Proxy Server and Why It Matters Today
In this post, I will talk about what is a proxy server and why it matters today. In 2026, proxy servers remain a crucial tool for managing online privacy, access, and network efficiency. Platforms like buy proxy offer reliable solutions that let individuals and organizations mask IP addresses, filter content, and optimize traffic flow. While…
AI, APAC, Exploits, Global Security News, Politics
Apple leans into the component crisis storm
What does a well-managed company do in a tough business environment? It works to separate obstacle from opportunity, and then exploits its advantages, scale, and timing to turn the former into the latter. Apple’s history is full of examples of this kind, from the 150 calls a young Steve Jobs made cold-calling investors to Apple’s recent move to…
Global Security News
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
A conversation between Cisco Talos and Cisco Security leaders on identity, vulnerabilities, and what defenders should focus on in 2025.
AI, Global Security News
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A processes, and how trust is built over time. O’Rourke also addresses how buyer sophistication has raised the bar for suppliers,…
Global Security News
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages.
Cybersecurity, Exploits, Global Security News
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare:…
Global Security News
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases
Anthropic didn’t intend to introduce Mythos this way. Details of what it calls its most capable AI model yet surfaced through a data leak in its content management system (CMS), revealing a LLM with sharply improved reasoning and coding skills. The data leak, which was the result of the company’s staffers inadvertently exposing material about…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases
Anthropic didn’t intend to introduce Mythos this way. Details of what it calls its most capable AI model yet surfaced through a data leak in its content management system (CMS), revealing a LLM with sharply improved reasoning and coding skills. The data leak, which was the result of the company’s staffers inadvertently exposing material about…
AI, Global Security News
Everyone Hates iPhone Autocorrect. An Update Fixes One of the Biggest Problems.
Here’s what iOS 26.4 does to improve your typing, plus some tips to help you reclaim your keyboard.
Global Security News
What the Legendary Bell Labs Can Teach Us About Innovation
The R&D organization had an outsize influence on 20th-century technologies. What was the secret to its success?
AI, Global Security News
6Q4:How AI Is Moving from Promise to Practice
A look beyond the artificial intelligence hype: What will it take for real value to start showing up as companies implement AI? The post 6Q4:How AI Is Moving from Promise to Practice appeared first on RTInsights.
AI, Endpoint, Exploits, Global Security News
Hexnode CEO: MacBook Neo forces IT to rethink its budget laptop strategy
Apple’s MacBook Neo (reviewed here) challenges what we expect from budget laptops. Accompanied by shrewd enterprise-focused moves, the new model gives Apple a chance to convert hitherto resistant IT purchasers to adopt its platforms. I spoke with Hexnode CEO Apu Pavithran to get some sense of this potential. Apple’s decision to introduce a $599 laptop is hugely significant, said Pavithran.…
AI, Data Breaches, Global Security News
Why a ‘Near Miss’ Database Is Key to Improving Information Sharing
Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls?
AI, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hosted threat briefing held alongside the RSA Conference 2026 in San Francisco on Tuesday. “We…
AI, Cybersecurity, Global Security News
AI in the SOC: What Could Go Wrong?
Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here’s what they learned.
AI, Global Security News, Risk Management
Your AI agents are moving sensitive data. Do you know where?
In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues the deeper threat is autonomous AI agents operating across systems with no visibility into what data they…
Global Security News
AI Is Rewriting the Old Rules of Google Search and SEO
Winning the search war now depends less on keywords and more on what strangers are saying about you on Reddit.
Global Security News
Move fast and save things: A quick guide to recovering a hacked account
What you do – and how fast – after an account is compromised often matters more than it may seem
AI, Cybersecurity, Global Security News, malware, Network Security, privacy, Risk Management
Free Antivirus Software Face-Off: Which One Protects Best?
Free antivirus software isn’t what it used to be. It’s better. In 2025, some of the most respected names in cybersecurity are offering powerful tools at no cost. If you’re looking for solid protection without opening your wallet, you’re in the right place. I tested and reviewed the top free antivirus products available today, focusing…
AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Can you prove the person on the other side is real?
In my role, I spend a lot of time thinking about what “trust” means when money, grief and identity collide. By 2026, the real competition in our space won’t be who automates fastest or offers the most AI features. It will be who can still tell a legitimate executor, beneficiary or family representative from a…
AI, Compliance, Cybersecurity, Data Breaches, Data Security, Exploits, Global Security News, privacy, Risk Management
CISOs rethink their data protection strategies
Scott Kopcha witnessed what CISOs everywhere are seeing: employees eager to use artificial intelligence, whether through public models or custom AI tools, accessing company data at a breathtaking rate and volume. Kopcha already had a mature data protection strategy in place; as a law firm, his organization had a long history of safeguarding sensitive data.…
Cybersecurity, Global Security News
What An Agentic Investigation Looks Like
In this post, I will show you what an agentic investigation looks like. Detection, the act of identifying potential security incidents or anomalies, has been a major focus for security teams over the years. But detection is only part of the solution; it’s investigation that ultimately stops threats. Investigation is the subsequent process of analyzing…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
The cyber perimeter was never dead. We just abandoned it.
Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it. The FBI’s Winter SHIELD effort is the operational side of…
AI, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection
Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited? In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts,…
AI, Apps, Compliance, Global Security News
Microsoft Introduces AI-Focused Microsoft 365 E7
Microsoft is taking another swing at what AI inside workplace software should actually look like. This time, the company is packaging it into a new enterprise tier for Microsoft 365, along with a feature that turns Copilot from a helpful assistant into more of a digital coworker. M365 E7 tier bundles Copilot, Entra identity, and…
AI, Endpoint, Exploits, Global Security News
Jack & Jill went up the hill — and an AI tried to hack them
What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even unexpectedly masquerades as Donald Trump to get its way. This was what CodeWall found in a recent red-teaming experiment when it pitted its autonomous AI…
AI, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Venture
There’s only one kind of tool security teams should be building with AI
I am not sure what I’ve been doing on social media over the past year (particularly on LinkedIn), but these days my feed is filled with posts of security people who build some very cool tools. There’s so much excitement that with LLMs, anyone can now be a product developer, which means that security teams…
AI, Global Security News, malware
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below – QuickLens – Search Screen…
AI, Apps, Global Security News, Government & Policy, Politics, privacy, Risk Management
OpenAI on Surveillance and Autonomous Killings: You’re Going to Have to Trust Us
OpenAI claims it has accomplished what Anthropic couldn’t: securing a Pentagon contract that won’t cross professed red lines against dragnet domestic spying and the use of artificial intelligence to order lethal military strikes. Just don’t expect any proof. Sam Altman, OpenAI’s CEO, announced the company’s big win with the Defense Department in a post on…
AI, Apps, Global Security News, Network Security
The ‘Attachment Economy’ is now coming to your desk
What do tech companies have to do to get your attention? Have you heard about the Attachment Economy? It’s the next evolution of the Attention Economy. The Attention Economy concept was first articulated by economist Herbert A. Simon in 1971. He wrote that “a wealth of information creates a poverty of attention.” The idea was…
AI, Cybersecurity, Global Security News
What happens when AI teams compete against human hackers
A cybersecurity competition produced what may be the largest controlled dataset comparing AI-augmented teams to human-only teams on professional-grade offensive security tasks. The event, called NeuroGrid, ran for 72 hours on the Hack The Box platform and drew 1,337 registered human-only teams and 156 registered AI-agent teams competing across 36 challenges in nine security domains…
AI, Global Security News, malware
3 Android theft protection additions you should absolutely activate
BRRRRRRRRRREAKING NEWS, y’all: Despite what the internet’s many misleading headlines may lead you to believe, Android security (gasp!) isn’t actually all that scary. You know that by now, right? Any reasonably recent Android device has layers upon layers of built-in protection. You’ve got mountains of Android security settings standing by and waiting to protect you…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Russia
Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack
An exploit kit that may have originated from a leaked U.S. government framework is behind what researchers are calling the first mass-scale attack on iOS, the operating system for Apple’s iPhones. Traces of the exploits, found in the work of Chinese cybercriminals, also have been spotted in Russian attacks on Ukraine and used by a…
AI, Europe, Global Security News, Network Security
$100 radio equipment can track cars through their tire sensors
When people consider what might track their movements, they think of smartphone apps, GPS services, or roadside cameras. The tires of a new car rarely enter that equation. Researchers at IMDEA Networks Institute, together with European partners, found that Tire Pressure Monitoring System (TPMS) sensors inside each wheel broadcast unencrypted wireless signals containing persistent identifiers.…
AI, Data Breaches, Data Security, Global Security News, Risk Management
AI Now Top Risk as 47% of Cloud Data Unencrypted: Thales
A new report warns that artificial intelligence is quickly becoming what it calls the “new insider threat,” and many companies are not ready. According to the 2026 Thales Data Threat Report, nearly half of sensitive cloud data, 47%, remains unencrypted, even as AI systems gain broader access to corporate information. AI ranked as top data…
Cybersecurity, Global Security News
VIDEO INTERVIEW: Schools Are Swimming in Student Data. Hackers Have Noticed.
Yubico’s Geoff Schomburgk on why education is cybersecurity’s most overlooked soft target, and what passkeys can do about it.
Global Security News
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
HBO’s “The Pitt” is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.
AI, Exploits, Global Security News
AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities
In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in pre-production, and reduces the manual setup that has limited adoption. Klippert also describes how organizations…
AI, Cybersecurity, Global Security News, Risk Management
Celebrating Two Years of CSF 2.0!
Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF…
AI, Apps, Cybersecurity, Endpoint, Global Security News, malware, Risk Management
Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences
Security professionals rely on early detection signals to prioritize and contain incidents. But what happens when a fully capable RAT generates none? In a recent investigation, the ANY.RUN experts uncovered a new Go-based remote access trojan we named Moonrise. At the time of analysis, it wasn’t detected on VirusTotal and had no vendor signatures tied to it. That’s the problem teams can’t ignore: credential theft, remote command execution, and persistence…
Global Security News
The Active Adversary Report: Safety in numbers
What a long, strange trip it’s been Categories: Security Operations Tags: Active Adversary
AI, Cybersecurity, Global Security News
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious…
Global Security News
It’s Called the ‘Fitbit for Farts’—and It’s No Joke
Scientists developing a new underwear-able hope to do for gastroenterology what the Apple Watch did for cardiology.
AI, Cybersecurity, Global Security News, malware
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,
Global Security News
Webinar: Power up your exam prep!
Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your peers for this live interactive webinar on February 20, 2026 at 7:00 PM CET. Find out what to do in the months,…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
Finding a common language around risk
Here’s what nobody tells you about risk management: your cyber team speaks Klingon, your operations folks speak Elvish and your strategy people speak ancient Greek. And somehow, you expect them all to protect the same castle. We’ve watched this play out more times than we care to count. The CISO warns about ransomware threats. Operations…
AI, Exploits, Global Security News
Don’t panic over CISA’s KEV list, use it smarter
In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security teams should use it. He shares his perspective as a former section chief for KEV at CISA and breaks down common misunderstandings about what the list represents. He points…
AI, Endpoint, Exploits, Global Security News, Risk Management
Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail
More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools… only to unknowingly grant remote servers deep access to their browser activity. LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access. “We found over…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
260K Users Exposed in AI Extension Scam
More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools — only to unknowingly grant remote servers deep access to their browser activity. LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access. “We found…
AI, Apps, Global Security News, privacy
Apple study shows why we want to control AI
Apple’s latest machine learning research seems to confirm what most of us intuitively know already. It shows that while people are open to using AI, they also want to hang onto their own personal agency and want the decision-making processes used by this intelligent tech to be transparent. Those are some of the conclusions drawn…
AI, Cybersecurity, Global Security News
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild.
In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been
AI, APAC, Apps, Compliance, Cybersecurity, Exploits, Global Security News, Risk Management
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Calendar invite to silently compromise an entire system,” analysts, consultants, security leaders, and even Anthropic didn’t dispute the facts. But the revelation did reignite the debate about…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
The Myth of “Known APIs”: Why Inventory-First Security Models Are Already Obsolete
You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The problem is that this way…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
The Myth of “Known APIs”: Why Inventory-First Security Models Are Already Obsolete
You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The problem is that this way…
AI, Global Security News, Risk Management
The Wide Reach of Epstein’s Web
Plus, our football obsession, taming an AI addiction and the cancer risk of what we eat.