Tag: when

The fake call detection feature works automatically when both the caller and recipient are using the Phone by Google app.

Lessons from the Canvas cyberattack

June 3, 2026

Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…

Lessons from the Canvas cyberattack

June 3, 2026

Lessons from the Canvas cyberattack

June 3, 2026

Apple’s M1 MacBook Air refuses to die

June 2, 2026

Apple surprised everyone with the power and performance of the M1 MacBook Air when it launched the laptop in late 2020. And more than five years later, those Macs show no sign of slowing down, handling everything users care to throw at them. The Mac still boots almost instantly, races through daily tasks, offers battery life…

What One Predator Case Can Reveal About an Online Platform’s Safety Gaps

June 1, 2026

When a predator contacts a child through an online platform, the details of how it happened often expose…

Microsoft fixes KB5089549 Windows security update install issues

June 1, 2026

Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). […]

$11 billion reasons Apple’s App Store tax is worth paying

May 28, 2026

Apple publishes its App Store fraud prevention report every year,. And when it does, the company presses the point that its curated system brings much value to developers and customers, including highly effective protection against fraud. It says it prevented more than $2.2 billion in potentially fraudulent transactions in 2025 alone. A tax worth paying The company said…

AI models more vulnerable than claimed when faced with iterative attacks

May 27, 2026

CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazon have significantly worse risk profiles when pressured in multi-turn attacks compared…

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

May 27, 2026

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day.…

Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin

May 27, 2026

What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard solution, adopted by 74 Fortune 100 companies. Celebrating a decade of ANY.RUN, CEO Aleksey Lapshin shared his perspective on the evolution of the company,…

UAC-0057 Attack Detection: OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES Fuel Phishing Campaigns Against Ukrainian State Organizations

May 25, 2026

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse trusted identities, compromised legitimate accounts, and familiar online services to increase victim interaction. Europol notes that phishing techniques remain a main distribution vector for data-stealing malware, while CERT-UA’s latest advisory shows that the same social engineering logic continues…

Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers

May 22, 2026

When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.

CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices

May 22, 2026

BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-45585 vulnerability, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access…

How to Reduce Phishing Exposure Before It Turns into Business Disruption

May 18, 2026

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection…

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. Experts at cloud security company Wiz and,…

The AI oversight paradox: Is the investment worth the cost of watching it?

May 14, 2026

Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI adoption (Source: Globalization Partners) 62% of business leaders said they felt pressure from their organizations to use AI, while…

CVE-2026-42945: 18-Year-Old NGINX Rewrite Flaw May Enable Unauthenticated RCE

May 14, 2026

Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-42945 vulnerability stands out as an 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may…

CVE-2026-46300: Fragnesia Linux Kernel Flaw Grants Root via Page Cache Corruption

May 14, 2026

Local privilege-escalation bugs remain especially dangerous when they turn an ordinary user foothold into immediate root access. The CVE-2026-46300 vulnerability, nicknamed Fragnesia, is a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that allows an unprivileged local attacker to write arbitrary bytes into the page cache of read-only files and escalate privileges. Public reporting…

OpenAI CEO Sam Altman Takes Stand in Elon Musk Megatrial

May 12, 2026

The trial centers around Musk’s donations to the AI lab when it was a non-profit and its conversion to a for-profit company.

CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk

May 11, 2026

Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an…

Apple needs to fix admin authentication in ABM

May 11, 2026

Apple’s platforms are secure by design, but when it comes to authentication, the company seems to be protecting employees more than it protects IT admins. It’s an attack vector just waiting to be exploited — if it hasn’t been already. As noted first by Six Colors, the problem is that administrator and People Manager accounts on Apple Business…

Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

May 11, 2026

Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions

Webinar: Why network incidents escalate and how to fix response gaps

May 6, 2026

Most network incidents don’t escalate due to a lack of alerts; they escalate when response breaks down. This webinar explores how to fix gaps in triage, enrichment, and coordination. […]

CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

May 6, 2026

Edge security appliances remain high-value targets, especially when a flaw can be exploited before a patch is widely available. The CVE-2026-0300 vulnerability is a critical buffer overflow in the User-ID Authentication Portal, also known as Captive Portal, in Palo Alto Networks PAN-OS. Palo Alto rates it 9.3/10 when the portal is exposed to the internet…

CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

May 6, 2026

What Happens in the First 24 Hours After a New Asset Goes Live

April 30, 2026

When a new asset goes live, attackers start scanning within minutes. Sprocket Security shows how automated attacks move from discovery to compromise in under 24 hours. […]

Who’s the better CEO, Apple’s Tim Cook or Microsoft’s Satya Nadella?

April 29, 2026

Tim Cook’s impending retirement as Apple’s CEO marks the end of an era — the years when the Apple-versus-Microsoft fight dominated the tech world. Of course, it’s been a long time since those two companies ruled by themselves. These days, Google, Meta, OpenAI, Anthropic and Amazon are just as influential. Still, Cook’s decision to step…

SAS makes AI governance the centerpiece of its agent strategy

April 28, 2026

Enterprises are quickly moving from AI experimentation to deployment, however, when agentic AI begins making more decisions, invoking more tools, and operating across fragmented data environments, there can be an erosion of visibility, governance, and trust. SAS laid out its answer to that problem at its annual conference, SAS Innovate, introducing a new family of…

NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later

April 28, 2026

Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and “enculturation.”

Feuding Ransomware Groups Leak Each Other’s Data

April 28, 2026

When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.

Can Apple’s new CEO turn things around?

April 28, 2026

When Apple rolled out hardware chief John Ternus as the CEO to replace Tim Cook, the reaction was kind but muted. That’s because Ternus has said nothing yet to indicate he has a specific plan to position Apple for the future. (To be fair, he’s said next to nothing about anything — no easily found…

Is Your MacBook’s Fan Loud? Here are Some Fixes!

April 28, 2026

Is your MacBook’s fan loud? In this post, I will show you some fixes. When you use your MacBook, there are times when you hear the fan being too loud and out of control. If that’s the case, then you need to figure out ways to solve the issue fast. The good thing with this…

After Mythos: New Playbooks For a Zero-Window Era

April 28, 2026

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding…

Optimize security operations through an AWS Security Hub POC

April 27, 2026

April 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for planning your POC. AWS Security Hub prioritizes your critical security issues…

Tim Cook’s legacy: a successful CEO who stumbled over AI

April 23, 2026

Apple’s Tim Cook was viewed as a worthy successor to Steve Jobs when he took over as CEO in August 2011, two months before Jobs’ death. Apple products became successful (and profitable) in many ways due to his success as COO, where he whipped company operations and supply chains into shape. Cook expanded the company’s…

AI is one of the two monumental shifts in cyber today

April 21, 2026

It’s 2026, when nobody can confidently say what the future of security is going to look like. Everyone is trying (what else can we do), but judging by all the progress around AI in recent months, we are all going to be wrong. The biggest mistake we all make is assuming that the future is…

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

April 16, 2026

You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television…

UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine

April 16, 2026

Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…

AI Is Getting Smarter. Catching Its Mistakes Is Getting Harder.

April 14, 2026

As chatbots and agents grow more powerful and ubiquitous, recognizing the moments when they go rogue can be tricky.

Review: The Psychology of Information Security

April 14, 2026

Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change management, and usability research. About the author Leron Zinatullin is the CISO…

What Your AI Knows About You

April 12, 2026

Plus, WSJ readers sound off on their EVs, what happened when a man fell in love with Gemini and AI companies that “come in peace.”

Hungarian government email passwords exposed ahead of election

April 10, 2026

When voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian government email accounts are circulating online, many of them associated with national security. These…

Hungarian government email passwords exposed ahead of election

April 10, 2026

Common Mistakes to Avoid When Using Walk-Through Metal Detectors

April 10, 2026

Discover the most common mistakes when using walk-through metal detectors and learn how to improve security, accuracy, and performance with expert tips. In an age where security threats are becoming increasingly sophisticated, walk-through metal detectors have evolved into a frontline defense tool across airports, offices, public venues, and high-security zones. While these systems are designed…

This problem might not need a solution: customer-service bots that code for free

April 10, 2026

Why bother paying for your own generative AI (genAI) tokens when you can have the computations done for free using a competitor’s AI-powered customer service bot? That question is at the heart of a CIO.com report that explores the trend and various ways to block it. It’s possible the best response to this kind of…

Why is the timeline to quantum-proof everything constantly shrinking?

April 9, 2026

When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…

Threat Actors Get Crafty With Emojis to Escape Detection

April 8, 2026

When 🤖 means “bot available,” 🧰 signifies “toolkit,” or 💰💰💰 translates to “big ransom,” bad actors can evade filters and keep it all on the down-low.

A framework for securely collecting forensic artifacts into S3 buckets

April 8, 2026

When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and validate remediation efforts. NIST 800-86, Guide to Integrating Forensic Techniques into Incident Response, defines digital forensics as a process comprised of four basic phases: collection, examination, analysis, and reporting. This blog post focuses…

More Honeypot Fingerprinting Scans, (Wed, Apr 8th)

April 8, 2026

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes! Most “medium interaction” honeypots, like the one we are using, are just simulating various systems. These simulations are incomplete. For example, we are using the…

Building Phishing Detection That Works: 3 Steps for CISOs

April 8, 2026

90% of attacks start with phishing. For CISOs, the real pain begins when the SOC cannot quickly tell whether a suspicious alert is just noise or the start of credential theft, account compromise, malware delivery, or wider business disruption. Modern phishing campaigns are designed to create exactly that uncertainty. QR codes, redirect chains, CAPTCHAs, phishing kits, and AI-generated lures can all hide the real objective until late…

Building Phishing Detection That Works: 3 Steps for CISOs

April 8, 2026

The Hidden Cost of Recurring Credential Incidents

April 7, 2026

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential

As breakout time accelerates, prevention-first cybersecurity takes center stage

April 7, 2026

Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.

Beyond the billion-dollar banking oversight: How process intelligence can surface vital warning signs

April 5, 2026

GUEST OPINION: When one of Australia’s Big Four financial institutions recently self-reported over $1 billion in potentially fraudulent loans, the industry’s focus immediately turned to the sophistication of the bad actors. But for those of us looking at the mechanics of global banking, the more pressing question isn’t how the documents were doctored, it’s how…

I Uploaded My Blood Work to AI. Am I Oversharing?

April 4, 2026

When you connect medical records and health data to a chatbot, you get results. But you must understand the risks.

A core infrastructure engineer pleads guilty to federal charges in insider attack

April 3, 2026

When Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, and scheduling unauthorized tasks on the domain controller. After he shut down key systems and accounts, he sent…

A core infrastructure engineer pleads guilty to federal charges in insider attack

April 3, 2026

UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT

April 1, 2026

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse the credibility of trusted institutions and familiar digital services to increase victim interaction. In late March 2026, CERT-UA revealed a phishing campaign tracked as UAC-0255 in which attackers impersonated the agency and attempted to infect organizations across Ukraine’s…

9 ways CISOs can combat AI hallucinations

April 1, 2026

AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk assessments, incorrect policy guidance, or even inaccurate incident reports. Cybersecurity leaders say the real trouble starts when AI moves past writing summaries and begins making judgment calls. That’s when it’s…

Revisiting ‘The Jetsons’: Where’s My Flying Car and Three-Hour Workday?

March 30, 2026

The 1960s version of the future is way more fun than our reality—but when it comes to innovations, we’re catching up.

Chris Roberts, Star Citizen and the $600M bet on building the ultimate digital universe

March 29, 2026

When Chris Roberts talks about Star Citizen, he doesn’t describe a game in the conventional sense. He talks about a universe: one that has taken more than a decade, hundreds of millions of dollars, and some of the most ambitious engineering in the industry to bring to life. iTWire spoke with Roberts exclusively while he was recently…

DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)

March 29, 2026

A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could help…

The ‘AI slop’ backlash kills Sora

March 27, 2026

OpenAI just killed Sora. That’s an amazing development. When the company rolled out the video-creation site, and later the app, reviewers called it a trailblazer because it combined video creations with sound effects, spoken dialog, and the ability for users to generate a specific character using a reference image and reuse them in multiple videos…

Don’t sleep on this powerful new Chrome security booster

March 27, 2026

When it comes to staying safe online, the teensiest shred of common sense goes an impressively long way. That’s absolutely true on Android, as I’ve been preaching for more years than I can even remember at this point — and it’s true on the web, too, especially when you’re working within the desktop browser you…

A cunning predator: How Silver Fox preys on Japanese firms this tax season

March 27, 2026

Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs

March 26, 2026

AI models often hallucinate or make costly mistakes when tasked with recommending software versions, upgrade paths, and security fixes — leading to significant technical debt.

Are Bots Replacing Workers? These Skeptics Aren’t So Sure

March 25, 2026

It’s trendy to cite artificial intelligence when cutting jobs, but the reality is more complicated.

MY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudge

March 25, 2026

SAN FRANCISCO — I was in the room at Stanford in February 2015 when President Obama used the bully pulpit to launch what became a decade of hard-won public-private collaboration in cybersecurity. It didn’t take much to tear it asunder. At RSAC 2026 this week, that decade of work is suddenly on the line —…

A Slack Android upgrade worth finding

March 25, 2026

Man, when it comes to Android, Slack sure has been slackin’. The app is generally considered the go-to, standard tool for most professional communication — right? And yet, somehow, it has managed to exist on the most used mobile operating system all this time without offering up a single Android widget to make our on-the-go…

Microsoft details AI prompt abuse techniques targeting AI assistants

March 24, 2026

Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025 OWASP guidance for LLM applications. “Detecting abuse is challenging because it exploits natural language, such…

What’s coming next for LLMs and AI agents?

March 23, 2026

“Three or four years ago, we were super excited when our [AI] models could solve eighth-grade math problems,” Jeff Dean, chief scientist, Google DeepMind and Google Research, said during a panel discussion at Nvidia’s GTC developer show last week. By last year, Google’s Gemini had reached the gold-medal standard at the International Mathematical Olympiad and…

When algorithms decide: The hidden role of AI in insurance claims

March 19, 2026

GUEST OPINION: When you file an insurance claim after an accident, you probably assume that a human adjuster will review your case file and decide how much compensation you’ll get. That may have been true several years ago, but today’s claims are being evaluated by artificial intelligence (AI) algorithms. Many of today’s insurance companies rely…

Meta, TikTok Steal Users’ Sensitive PII When They Click on Ads

March 18, 2026

Tracking pixels let social media companies spy on their own customers when they click over to advertiser sites, gleaning credit card info, currency type, and more.

Microsoft shuffles more of its senior leadership

March 17, 2026

The senior leadership shuffle at Microsoft continued on Tuesday when company CEO Satya Nadella announced that the company is unifying the commercial and consumer Copilot systems in a new division overseen by Jacob Andreou. Andreou, former CVP of product and growth at Microsoft AI, will oversee a division that Nadella, in an internal advisory, said…

Dell: Cut AI cloud costs with data-center class desktops

March 16, 2026

Why rely on a data center when you can run full-fledged AI models — typically found in the cloud — on your desktop? That’s the argument Dell is making with its new PCs, one of which has a data-center class GPU and can run AI models with a trillion parameters. Dell’s Pro Max GB300 desktop…

When Bots Outnumber Humans: The New Reality of Monitoring Web Traffic

March 16, 2026

In this post, we spoke with Todd Persen on when bots outnumber humans and the new reality of monitoring web traffic. Automated traffic now represents a substantial share of activity moving across the internet. According to the Imperva 2025 Bad Bot Report, automated programs accounted for 51 percent of all web traffic. meaning non human activity now…

Microsoft investigates classic Outlook sync and connection issues

March 13, 2026

Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. […]

Yes, you can run Windows on a MacBook Neo

March 13, 2026

Remember the good old days of 2020 when Apple’s then-new M1 Macs were setting fresh records for Mac performance? You might also recall when those same Macs were described as being the fastest PCs to run Windows when using the Parallels virtualization software. If you recall that, and if light use of legacy Windows utilities or tools is…

The best Android keyboard apps for on-the-go productivity

March 12, 2026

Quick: When was the last time you thought about the keyboard app on your phone? If you’re like most people, the answer is probably somewhere between “a ridiculously long time ago” and “never.” And it’s no wonder: Keyboard apps are easy to forget! You install one — or stick with whatever came loaded on your…

Does Anthropic deserve the trust of the cybersecurity community?

March 12, 2026

The cybersecurity industry runs on trust. The belief that when a vendor says they will behave a certain way, they will, that critical CVEs are in fact critical, or when companies say they’re GDPR compliant, they really are. But earning trust is not a one-and-done thing. Anthropic understood this better than any AI company. As…

Jack & Jill went up the hill — and an AI tried to hack them

March 10, 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even unexpectedly masquerades as Donald Trump to get its way. This was what CodeWall found in a recent red-teaming experiment when it pitted its autonomous AI…

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

March 10, 2026

You can’t control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder’s Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The…

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

March 10, 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing…

Why Business Success Depends on IT Excellence

March 9, 2026

GUEST OPINION: IT is the business. When systems fail, operations stop, revenue halts, and customers lose trust. The COO of KLM captured this reality succinctly: “Nobody flies without IT.” In a digital economy, technology underpins every function, from customer experience to core operations. This reality places extraordinary responsibility on IT teams and raises an important question:…

Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity

March 9, 2026

Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize his calendar around the cognitive load of processing sound. It was manageable. Then, in July 2025, it…

Why We Make Bad Security Decisions When the Stakes Are High

March 6, 2026

In this post, you will learn why we make bad security decisions when the stakes are high. Even the most seasoned professionals can falter when stress is at its peak. High-pressure situations test our judgment and often lead to risky security choices, regardless of experience or training. This article explores why so many organizations and…

The Best Pollo AI Alternative in 2026?

March 5, 2026

In this post, I will talk about the best Pollo AI alternative in 2026. When most people compare AI tools, they look at features. When creators and marketers compare AI tools, they look at something else: Return on investment. If you are searching for the best Pollo AI alternative in 2026, you are probably asking…

How a cybersecurity boss framed his own employee

March 4, 2026

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling…

Smashing Security podcast #457: How a cybersecurity boss framed his own employee

March 4, 2026

How to Avoid Confidentiality Gaps in Early-Stage Startups

March 4, 2026

Startups often expose sensitive data during pitches and hiring. Learn when to use NDAs and simple workflows to close confidentiality gaps.

How Technology Is Quietly Transforming the Way Businesses Scale

March 4, 2026

There was a time when scaling a business meant opening a new location, hiring more staff, and spending heavily on infrastructure. Today, the rules have changed entirely. Technology has become the silent engine behind business growth, working in the background while entrepreneurs focus on what they do best. The transformation is not loud or dramatic…

$100 radio equipment can track cars through their tire sensors

March 3, 2026

When people consider what might track their movements, they think of smartphone apps, GPS services, or roadside cameras. The tires of a new car rarely enter that equation. Researchers at IMDEA Networks Institute, together with European partners, found that Tire Pressure Monitoring System (TPMS) sensors inside each wheel broadcast unencrypted wireless signals containing persistent identifiers.…

Marquis v. SonicWall Lawsuit Ups the Breach Blame Game

February 26, 2026

When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.

How to lose friends and DDoS people

February 25, 2026

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear…

Smashing Security podcast #456: How to lose friends and DDoS people

February 25, 2026

MWC: When it comes to 6G, Apple is a leader, not a follower

February 25, 2026

Does anyone remember when Apple was about to collapse because it didn’t offer 5G iPhones? Well, things have changed since then and as we make our way toward the 6G network transition expected in 2030 or so, Apple is ready to take part. How do I know this? Because Apple will have a presence at…

Know the red flags: Business email compromise signs to look out for

February 24, 2026

When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there. These digital predators don’t rely on brute force, but are patient, tactical, and they exploit one weakness above all: human trust. If you’re in the cybersecurity game, spotting a BEC attack can mean the difference…

Cyber defense: From reactive to proactive

February 24, 2026

When systems are attacked, we should respond. But how much better would it be if we could anticipate attacks before they strike and stop them with a proactive defense? Faced with today’s cybersecurity challenges, that is no simple task. “It’s a cat-and-mouse situation. AI is changing the speed and sophistication of attacks, and AI is…

Anthropic’s Claude Code Security rollout is an industry wakeup call

February 24, 2026

When Anthropic launched a “limited research preview” of its Claude Code Security offering on Friday, Wall Street investors sent the stocks of the largest cybersecurity vendors plunging. But did the Anthropic rollout warrant such a reaction? After all, those companies, including CrowdStrike, Zscaler, Palo Alto Networks and Okta, are preparing their own agentic capabilities, and…

AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AI, Global Security News

AI, Global Security News

AI, Global Security News

AI, Global Security News, malware, privacy

AI, Global Security News, Risk Management

AI, Global Security News

AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management

AI, Exploits, Global Security News, Government & Policy, malware

AI, Global Security News

AI, Exploits, Global Security News, malware, Network Security, Risk Management

AI, Global Security News, Risk Management

AI, Cloud Security, Global Security News, Network Security, privacy, Risk Management

AI, Compliance, Global Security News

AI, Exploits, Global Security News

AI, Exploits, Global Security News, Network Security

AI, Global Security News

AI, Apps, Exploits, Global Security News, malware, Network Security, Risk Management

AI, Exploits, Global Security News, Risk Management

AI, Global Security News

Global Security News, Network Security

AI, Exploits, Global Security News, malware, Network Security, Risk Management

AI, Exploits, Global Security News, malware, Network Security, Risk Management

AI, Global Security News

AI, Apps, Global Security News, Network Security, Risk Management

AI, Cybersecurity, Global Security News

Cybersecurity, Global Security News

AI, Exploits, Global Security News

AI, APAC, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

AI, Apps, Global Security News, privacy

AI, Apps, Compliance, Cybersecurity, Data Breaches, Funding, Global Security News, Network Security, Risk Management, Venture

AI, Global Security News

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

AI, Global Security News

AI, Global Security News

AI, Data Breaches, Global Security News, Government & Policy

AI, Data Breaches, Global Security News, Government & Policy

AI, Cybersecurity, Global Security News

AI, Global Security News

AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy

AI, Global Security News

AI, Apps, Cybersecurity, Global Security News, Risk Management

Global Security News, Network Security