Federal prosecutors have charged a Russian national with conspiracy to commit unauthorized computer access in connection with a sprawling cyber-espionage campaign linked to the Russia-aligned threat group Void Blizzard, according to a criminal complaint filed in federal court this week. Denis Nikolayevich Obrezko, a Russian citizen, is accused of breaking into systems owned by companies…
Category: AI
AI, Apps, Compliance, Global Security News, Network Security, privacy
WWDC: What IT admins need to know
Under-the-hood AI changes and efficiency improvements at the OS layer across Apple’s platforms are certainly the highlights at WWDC 2026. But there have also been significant changes IT admins will need to prepare for, particularly around Declarative Device Management (DDM). The Intel age is over Apple warned us this was coming, but macOS 27 will not support Intel at all.…
AI, Global Security News
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed report
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and…
AI, Global Security News
The AI Exchange: Innovators in Payment Security Featuring SecurityMetrics
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
AI, Global Security News
See the VCs and Family Offices at the Core of the Mega IPO Wave
About three dozen investors, from Silicon Valley titans to a family office in Tampa, hold stakes in SpaceX, OpenAI and Anthropic.
AI, Global Security News
Segmentation Works for OT If Operators Are Paying Attention
Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.
AI, Global Security News
Proxmox releases Mail Gateway 9.1 with quarantine and backup encryption changes
Proxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the firewall and internal mail servers, screening incoming and outgoing traffic for spam, viruses, Trojans, and phishing attempts. Updated system components Version 9.1 runs on Debian 13.5 Trixie and…
AI, Global Security News
How autonomous defense and remediation stands up to AI cyber threats
AI tools like ADR can help humans and machines work side-by-side to defeat today’s threats.
AI, Apps, Global Security News
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
AI, Apps, Global Security News
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
Team Cymru Expands APJ Operations With New Sydney Hub
External threat intelligence provider Team Cymru has announced the expansion of its Asia-Pacific and Japan (APJ) operations, with Sydney serving as the company’s regional operational hub. The announcement follows RISEx Sydney, where Team Cymru leadership met with customers, partners, and public-sector stakeholders from across the region. Expansion responds to regional cyber visibility demand According to…
AI, Global Security News
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. […]
AI, Global Security News
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding
AI, Global Security News, malware
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw in viewers before sending them to external download sites. One campaign centered on fake software installation…
AI, Cybersecurity, Global Security News
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody…
AI, Global Security News, malware, Network Security
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished…
AI, Global Security News, malware
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions.
AI, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
ServiceNow fixes API issue after reports of suspicious tenant activity
ServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and reports of suspicious activity linked to their environments. According to the company’s advisory, the vulnerability was initially reported through…
AI, APAC, Global Security News, Network Security
OSF Digital Joins Salesforce FDE Partner Network
OSF Digital, a Salesforce-exclusive consulting and services firm, has been chosen to participate in the Salesforce Forward Deployed Engineering (FDE) Partner Network. Salesforce FDE partner network builds agentic AI skills OSF Digital will join a network of firms adopting deep learning, expert skills, and specialized training from Salesforce’s internal teams to help organizations “turn agentic…
AI, Cybersecurity, Exploits, Global Security News
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about the flaw, which is remotely exploitable without authentication, may result in remote code execution, and…
AI, Cybersecurity, Global Security News
Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats
Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours
AI, Global Security News
‘Mythos-level’ Fable model released to public: How Anthropic plans to prevent misuse
Safeguard layers aim to block and reroute cyber-related requests while retaining Mythos-level capabilities.
AI, Global Security News
AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
AI vendor FDEs: Key considerations and concerns
When it comes to AI deployments, IT leaders are often caught in an awkward middle space, trying to reconcile conflicting directives from senior management with constantly changing AI models, capabilities, and costs; data governance and security needs; and the limitations of their own team. “Very few real benefits can be attained by simply purchasing an…
AI, Exploits, Global Security News, malware, Risk Management
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges…
AI, china, Global Security News, Government & Policy
FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information. The post FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort appeared first on Help Net Security.
AI, Global Security News
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed
AI, Global Security News, Network Security, Risk Management
What SRE teams need before they trust AI agents
The future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choose to trust them. In high-stakes systems, trust is never granted because a demo looks impressive; it is earned through observability, constraints, accountability and repeated evidence that the system helps…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
China-linked recon botnet outpaces enterprise defenses
A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen’s Black Lotus Labs as JDY, now comprises more than 1,500 compromised small office and home office, or…
AI, Exploits, Global Security News, Network Security
Fortinet patched a new critical FortiSandbox flaw
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe issue, tracked as CVE-2026-25089 (CVSS score of 9.8), is an OS command injection flaw in FortiSandbox products. The vulnerability could…
AI, Global Security News
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain…
AI, Global Security News, privacy, Venture
How to opt out of Google’s new AI training default
Heads-up, my fellow Android-appreciating animals: Google’s in the midst of rolling out a subtle change to its privacy settings that’s well worth your while to notice. The change includes a new clause that says the company can use images, files, video, and audio from your interactions with Google Lens, Search, and Gemini Live to train…
AI, Global Security News, malware
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to the latest Malwarebytes survey. The share increased from 66% in 2025 to 85% in 2026.…
AI, APAC, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Politics, Risk Management
Frontier AI models offer sneak peak of seismic cyber shifts ahead
The advent of Claude Mythos combined with the release of OpenAI’s GPT-5.5 have changed the threat model for CISOs. The arrival of those frontier AI models — and the ones soon to follow — makes it much easier to discover and chain vulnerabilities at a speed and scale that will require most cyber departments to…
AI, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score
I’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is that phishing-as-a-service operators are buying aged…
AI, Global Security News
Check Point expands MSP platform with with AI governance and unified security bundles
Check Point has announced a major expansion of its Managed Service Provider (MSP) platform, designed to help MSPs secure AI adoption, streamline operations and simplify managed security delivery. The announcement brings together three strategic innovations under a single MSP vision: Securing AI and AI usage for MSPs A new multi-tenant MSP management platform with Management…
AI, Compliance, Cybersecurity, Europe, Global Security News, malware, Network Security, Risk Management
From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe. Over the past few weeks, the ANY.RUN team joined Infosecurity Europe in London, CONFidence Conference in Kraków, and C1b3rWall Congress in Ávila. While every event had its own focus, the discussions pointed in the same direction: security teams need faster investigations,…
AI, Europe, Global Security News, Network Security
HubSpot Partner Ecosystem Projected to Reach $42B by 2030
HubSpot is betting big that its partners will turn software into gold as the internet shifts from a network of websites into a playground for AI agents. According to data from the 2026 HubSpot Partner Report — The State of Ecosystems — the customer platform’s partner network has been named one of the top 10…
AI, Global Security News
IDnow launches Trust Platform to help regulated firms move from KYC to continuous trust
IDnow has announced the launch of the IDnow Trust Platform, designed to help regulated organisations orchestrate identity verification, fraud prevention, biometric authentication, and qualified digital trust services throughout the customer lifecycle. “The identity industry is entering its biggest transformation since onboarding first went digital,” said Andreas Bodczek, CEO of IDnow. “For years, organisations treated identity…
AI, Compliance, Global Security News, Network Security
VMware Renewals Put Broadcom Migration Pressure Back in Focus
It is that time again for VMware customers. With another major renewal cycle approaching and a new wave of contracts set to expire in early 2027, organizations are once again weighing whether the platform remains worth the cost—and what options exist if it does not. Higher costs open VMware environments to potential migrations For MSPs,…
AI, Apps, Global Security News, Network Security
Rubrik Q&A: New Partner Integrations, AI Solutions Launched
Recently, Rubrik, a security and AI operations company, made a series of announcements, including new partner integrations and a new agentic-first AI platform. The announcements represent Rubrik’s ongoing commitment to ensuring enterprises are agentic-ready and resilient. You can read more about the announcements here. In light of these new announcements, below is a Q&A with…
AI, Apps, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security
JDY Botnet Evolves After KV Takedown, Targets Military Networks
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…
AI, Data Breaches, Global Security News
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. […]
AI, Global Security News
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install”…
AI, Global Security News
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone pulling an update during that window pulled in an autonomous attack bot named hackerbot-claw along…
AI, Global Security News
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of datasets used to train embodied AI. Human demonstrators offer a cheaper source of data, and…
AI, Global Security News, Risk Management
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report. Mobile AI visibility gaps Enterprises lack visibility into a large share of mobile AI activity taking place on both corporate-owned…
AI, Global Security News
OpenAI Considers Drastic Price Cuts, Anticipating War for Users With Anthropic
The company might lower prices for tokens, the central unit for gauging AI costs, though the discussions are still in flux.
AI, Global Security News
Anthropic’s New Fable AI Model Is Met With User Backlash Over Restrictions
Guardrails make the powerful model less useful for AI researchers, though the company said it would grant safeguard-free access to the science community.
AI, Global Security News
What the SpaceX IPO Means for This Texas Border Town
Watch Micah Maidenberg report from Brownsville, Texas, the largest city in a region already straining to accommodate Elon Musk’s grand ambitions.
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
GitHub finally pulls the plug on automatic install script execution for npm
The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are changing, GitHub said in its changelog, noting, “it…
AI, Global Security News
What to Know About Drone-Boat Maker Behind Iran Helicopter Crew Rescue
Saronic’s unmanned Corsair plucked two aviators from the Strait of Hormuz; startup is worth $9.3 billion.
AI, Global Security News
The hidden cost of enterprise AI: 6.4 hours a week babysitting bots
While AI is proliferating across the workplace, it is introducing a new productivity paradox: While the technology makes work feel faster, it actually pushes more burden onto employees to provide context, perform quality checks, then rinse and repeat across numerous disparate tools. This, according to a new survey of 6,000 full-time digital workers by Glean’s…
AI, Global Security News
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.
AI, Global Security News
Bug bounties in the Mythos era
How AI is rewriting vulnerability research, and how our program has adapted
AI, Global Security News, Government & Policy
JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities
Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S. government’s takedown of KV in early 2024.
AI, Exploits, Global Security News
ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks
The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a “gadget chain,” to target both cloud and on-premises Oracle PeopleSoft instances.
AI, Cybersecurity, Global Security News
Smashing Security podcast #471: This AI worm just rewrote its own rules
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their creation had quietly removed the list of…
AI, Exploits, Global Security News
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […]
AI, Global Security News, Government & Policy
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information.
AI, Global Security News
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […]
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38%…
AI, china, Data Breaches, Funding, Global Security News, Government & Policy, Network Security
OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers
OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers. The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center…
AI, Endpoint, Exploits, Global Security News, Network Security
Ivanti patches critical Sentry flaws that lead to full device takeover
IT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523, credited to researcher Bryan Lam, allows attackers to bypass authentication and create arbitrary administrative accounts on appliances. The…
AI, Global Security News
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the ‘npm install’ command. […]
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management
News alert: Cloud security report finds fragmented tools widening the cloud complexity gap
WASHINGTON, Jun. 10, 2026, CyberNewswire–The 2026 Cloud Security Report from Cybersecurity Insiders, produced in collaboration with Fortinet, finds that 69% of organizations cite tool sprawl and visibility gaps as the top factor limiting cloud security effectiveness. Based on a survey of 1,163 IT and cybersecurity professionals, the report shows the strain: 66% lack strong confidence…
AI, Global Security News
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. […]
AI, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
ConnectWise Platform Brings Predictive IT to MSPs
ConnectWise is making a substantial change to the way it wants customers to interact with its software stack. This week, the company unveiled the ConnectWise Platform, a new environment that pulls together PSA, RMM, cybersecurity, automation, orchestration, agentic AI, and third-party integrations. ConnectWise introduces its Predictive IT platform The launch sits within a larger Predictive…
AI, Global Security News
Apple Silicon boosts the TCO benefit of Macs — report
Apple Silicon Macs fail at less than half the rate of Intel Macs, dramatically reducing the platform’s already industry-leading total cost of ownership (TCO), according to data revealed by London, UK-based Apple reseller Hoxton Macs. While it’s true the data is based on a relatively small sample group, it does seem to reflect what the industry in…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CISA directive orders agencies to prioritize vulnerability patching in a new way
The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control…
AI, Cybersecurity, Endpoint, Global Security News, Network Security, Venture
What Israeli dominance in cyber means for non-Israeli cybersecurity founders
Over the past five years, it surely feels like Israeli cybersecurity startups have taken over. The biggest exit of recent years – Wiz – is an Israeli company. CyberArk, acquired by Palo Alto Networks, is an Israeli company. Armis, which just exited to ServiceNow, is also an Israeli company. That is not to say that…
AI, Apps, Exploits, Global Security News
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.…
AI, Global Security News, malware, Network Security
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. […]
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’
June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that need urgent assessment. There’s also one older flaw under exploit, and some patches affecting…
AI, Global Security News
Identity theft is turning into a chain reaction for victims
For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, according to the organization’s 2026 Trends in Identity Report. The report is based…
AI, Global Security News
How AI Is Changing IT Channel Partner Programs
Partner programs across the IT channel are undergoing a major transformation as AI adoption accelerates and vendors rethink how they engage with MSPs and solution providers. In this Channel Insider Partner POV discussion, Victoria Durgin and Jordan Smith explore how traditional vendor programs are evolving, why collaboration and ecosystem strategies are becoming more important, and…
AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
Who Runs the Ransomware Group ‘The Gentlemen?’
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator…
AI, APAC, Cybersecurity, Global Security News, Network Security
Kaseya Unveils MSP Success Ecosystem for Efficient Growth
Global provider of AI-powered IT management and cybersecurity software, Kaseya, announced the launch of MSP Success, a unified growth ecosystem that brings together Kaseya’s growth and business acceleration programs, including MSP Success Digital Marketing, MSP Success Peer, and the Kaseya Community. Kaseya unifies its partner marketing and peer groups This unification is meant to help…
AI, Exploits, Global Security News
AISLE Snapshot keeps source code under enterprise control during vulnerability scanning
AISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection inside their own environments, at a fraction of the cost, with source code and security data that never leave their control. Organizations are under increasing pressure to secure growing codebases against a rapidly expanding vulnerability landscape.…
AI, APAC, Apps, Europe, Global Security News
EU Unveils Tech Sovereignty Package and Chips Act 2.0
The EU has unveiled its much-anticipated European Technological Sovereignty Package, comprising two pieces of legislation intended to boost the continent’s independence in cloud services, AI and semiconductors. The Cloud and AI Development Act seeks to foster the growth of AI models and apps, as well as the buildout of supporting infrastructure, with a specific goal…
AI, Endpoint, Exploits, Global Security News, Government & Policy, malware, Russia
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088
Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend…
AI, Global Security News, Risk Management
Drata brings visibility, control and auditability to enterprise AI agents
Drata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems. While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is…
AI, Exploits, Global Security News
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical details about the former, which may be used by attackers to craft a working exploit. About Ivanty…
AI, Global Security News, Network Security
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser window embedded within a webpage. Victims who click a Microsoft sign-in button are presented with what appears to…
AI, Cybersecurity, Endpoint, Europe, Global Security News, malware, Network Security, Risk Management
Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss
Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practice, it often feels reactive. You are chasing whispers of activity through log noise, querying SIEM fields that barely reflect real attacker behavior and writing detections against technique descriptions that…
AI, Cybersecurity, Exploits, Global Security News
Microsoft feud escalates as researcher drops new Windows zero-day
The long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, has published exploit code for a new zero-day flaw dubbed RoguePlanet. The researcher said their exploit uses a race…
AI, Global Security News
Building reusable workflows with custom agents in Copilot CLI
Developers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to pile up small steps such as re-running the same commands, re-explaining context, and translating logs into a form a team can act on. Custom agents in GitHub Copilot CLI…
AI, Global Security News
Why I’m leaving Copilot for Gemini
I’ve been using and writing about Microsoft Copilot since it was publicly released in 2023. I’ve reviewed it, written articles about using it more effectively, explained how to curb hallucinations in it and other similar tools, and detailed how to use it in concert with Microsoft 365. It’s also been my go-to generative AI (genAI)…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to…
AI, Global Security News
New Fable 5 Is a “Mythos-Class” LLM Available to All, Anthropic Announces
Anthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to use
AI, Apps, Cybersecurity, Global Security News, Risk Management
Autonomous AI agents duped into leaking sensitive data in phishing test
AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacker. Varonis Threat Labs said it built an OpenClaw AI agent called Pinchy to…
AI, Global Security News
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. […]
AI, Global Security News, privacy, Risk Management
Welcome to AI’s creepy era
For the past few days, I’ve been immersed in Google’s latest vision of the future — an AI-infused dashboard that taps into info from all of your Google app activity and then uses that data to cook up a series of daily “stories” designed to “connect you with what matters.” And — believe me, I…
AI, Exploits, Global Security News, Risk Management
Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows
The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with…
AI, Apps, Exploits, Global Security News, Network Security
Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks
Rubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business (MVB) at machine speed. At a time when powerful AI models collapse the window between vulnerability discovery…
AI, Global Security News, privacy
Apple brings Private Cloud Compute to third-party data centers
Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device models while maintaining Apple’s security and privacy guarantees. The system was originally built on Apple silicon and…
AI, Apps, Exploits, Global Security News
F5 adds AI-powered threat detection and API security for on-premises environments
F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and exploitation, giving attackers faster access to offensive capabilities. The new features expand the…
AI, Cybersecurity, Global Security News, Risk Management
Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests
Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
AI red teaming comes of age
When Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot catamaran,” he tells CSO. At the time, Microsoft’s approach looked familiar to anyone in cybersecurity:…