access ai android api apple attack authentication backdoor breach browser business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Dialogflow CX ‘Rogue Agent’ Flaw Enabled AI Chatbot Data Theft
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/dialogflow-cx-rogue-agent-flaw-enabled-ai-chatbot-data-theft also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors 9 top bug bounty programs launched in 2025…
-
Big Brand Jobs Scam Targets Marketing Pros’ Google Accounts
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-brand-jobs-scam-marketing-pros-google-accounts also interesting: 7 biggest cybersecurity stories of 2024 Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI 13 ways attackers use…
-
EU Pushes for Domestic AI Momentum
Eurozone Banks Told to Strengthen Controls Amid AI Vulnerability Disclosure Wave. Europe is planning for improved capabilities to evaluate the cybersecurity implications of frontier artificial intelligence models – and will possibly mount a grand challenge for developing AI-powered cybersecurity systems – as part of a new strategy unveiled Tuesday. First seen on govinfosecurity.com Jump to…
-
UK Govt Pairs Agentic AI Initiative With Cyber Resilience Pledge
NCSC Launches AI Research, Governance and Resilience Measures. The U.K. government unveiled an AI-driven Cyber Shield initiative alongside a Cyber Resilience Pledge signed by 60 organizations, seeking to automate vulnerability management, strengthen governance and improve national resilience as ransomware and AI-enabled threats escalate. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-govt-pairs-agentic-ai-initiative-cyber-resilience-pledge-a-32172 also interesting: Cybersecurity Snapshot:…
-
Atrium Health to Pay $1.8M to Settle Web Tracker Lawsuit
Tags: googleNC Nonprofit Is Latest Organization to Resolve Claims Involving Online Trackers. Atrium Health has agreed to pay $1.8 million to settle class action litigation stemming from its previous use of pixel tracking codes on its patient portal, which allegedly unlawfully shared sensitive patient information with third-party firms including Meta and Google for marketing purposes. First…
-
Deepfake CSAM lawsuit against xAI, Grok expands
Two new alleged victims detailed how Grok was used by friends and family to generate sexual images of them as minors. The suit also adds Stability AI as a defendant. First seen on cyberscoop.com Jump to article: cyberscoop.com/deepfake-csam-lawsuit-grok-xai-expands-stability-ai/ also interesting: Countering Voice Fraud in the Age of AI Has GetReal cracked the code on AI…
-
Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)
Spain arrested a suspected CARR and Z-Pentest collaborator in an FBI-led probe for aiding pro-Russian hackers, coordinating attacks, and using crypto. Spanish National Police arrested a man in Palencia last March on charges of membership in and collaboration with a terrorist organization, glorifying terrorism, and computer damage. The investigation, carried out jointly with the FBI,…
-
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/ also interesting: Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying…
-
The Most Elusive Criminal Quality: Anonymity
Suspected Scattered Spider Member Reportedly Unmasked After Making Death Threat How did investigators unmask a 19-year-old suspected Scattered Spider extortionist? Amateur sleuths have highlighted Microsoft-gathered device telemetry in charging documents. But a researcher said he was quickly unmasked and tracked for years, after he sent her a death threat. First seen on govinfosecurity.com Jump to…
-
Selling Cyber: Anthropic’s Fable 5 Raises Security Tradeoffs
Panel Examines Costs, Security Limits, Enterprise Adoption of Fable 5 and Mythos 5. Anthropic’s Claude Fable 5 and Mythos 5 demonstrate major advances in coding and reasoning while raising new questions about exploit generation, enterprise AI spending, data governance and the growing urgency of faster vulnerability remediation, according to the panelists on Selling Cyber. First…
-
5 Things To Know About GuidePoint Security’s New CEO
Tags: ceoGuidePoint Security announced Tuesday that it has promoted company veteran Scott Rachford to serve as its new CEO, succeeding company founder Michael Volk in the role. First seen on crn.com Jump to article: www.crn.com/news/security/2026/5-things-to-know-about-guidepoint-security-s-new-ceo also interesting: Mitarbeiter entlarvt CEO-Imitation ‘Deliberate attack’ deletes shopping app’s AWS and GitHub resources LinkedIn sues ProAPIs for $15K/Month LinkedIn data…
-
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.Security…
-
RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts.Zimperium’s zLabs, which found the operation, says it looks like a new variant of Oblivion,…
-
Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device’s web management panel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/ also interesting: NETGEAR Router Flaw Allows Full Admin Access by Attackers CERT/CC Warns of Hidden Admin Backdoor in Tenda Router…
-
Januscape Linux VM Escape Flaw Affects Intel and AMD Systems
Januscape (CVE-2026-53359) enables guest-to-host VM escape in Linux KVM on Intel and AMD systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/januscape-linux-vm-escape-flaw-affects-intel-and-amd-systems/ also interesting: Critical Vulnerability in Crowdstrike Falcon Sensor for Linux Enables TLS MiTM Exploits React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web New Fragnesia Linux flaw lets attackers gain…
-
Spain Arrests Suspected Russian Hacktivist After FBI Tip
Investigators Say Suspect Supported CARR, Z-Pentest and NoName057(16). Spanish authorities, acting on FBI intelligence, arrested a man accused of supporting Cyber Army of Russia Reborn, Z-Pentest and NoName057(16), underscoring international efforts to dismantle Russian state-linked hacktivist networks targeting critical infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spain-arrests-suspected-russian-hacktivist-after-fbi-tip-a-32169 also interesting: Spain Arrests Suspected Russian Hacktivist…
-
Spain Arrests Suspected Russian Hacktivist After FBI Tip
Investigators Say Suspect Supported CARR, Z-Pentest and NoName057(16). Spanish authorities, acting on FBI intelligence, arrested a man accused of supporting Cyber Army of Russia Reborn, Z-Pentest and NoName057(16), underscoring international efforts to dismantle Russian state-linked hacktivist networks targeting critical infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spain-arrests-suspected-russian-hacktivist-after-fbi-tip-a-32169 also interesting: Spain Arrests Suspected Russian Hacktivist…
-
Phishing Attacks Targeted Facebook Users With Fake Verification Offer
Attacks also used a compromised chatbot in campaign to steal sensitive information from Business Users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-facebook-fake-verification/ also interesting: Key strategies to enhance cyber resilience China-linked hackers target Japan’s national security and high-tech industries Privacy Roundup: Week 11 of Year 2025 Not all cuts are equal: Security budget choices…
-
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC.”The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the…
-
‘GitLost’ Flaw Leaks Private Data From GitHub’s Agentic Workflows
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org’s public repository and then silently pull data from its private repos, too. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/gitlost-leaks-private-data-github-agentic-workflows also interesting: GitHub Copilot prompt injection flaw leaked sensitive data from private repos Lack of isolation in agentic browsers resurfaces old…
-
Google Search Uploads Can Train AI Unless You Opt Out
Google Search uploads may be used to train AI unless users opt out, raising privacy and data governance concerns for businesses. The post Google Search Uploads Can Train AI Unless You Opt Out appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-search-uploads-train-ai-opt-out/ also interesting: 17 hottest IT security certs for higher pay…
-
AI Sovereignty Is a New Test for Enterprises
Enterprises are Rethinking Operational Risks to Gain Greater Control of AI Stacks. IBM reports that only 9% of executives fully understand their AI dependencies, while 71% say switching vendors would be difficult. AI sovereignty concerns reached a fevered pitch for tech leaders last month after Anthropic switched off two of its most capable artificial intelligence…
-
AI Sovereignty Is a New Test for Enterprises
Enterprises are Rethinking Operational Risks to Gain Greater Control of AI Stacks. IBM reports that only 9% of executives fully understand their AI dependencies, while 71% say switching vendors would be difficult. AI sovereignty concerns reached a fevered pitch for tech leaders last month after Anthropic switched off two of its most capable artificial intelligence…
-
AI Sovereignty Is a New Test for Enterprises
Enterprises are Rethinking Operational Risks to Gain Greater Control of AI Stacks. IBM reports that only 9% of executives fully understand their AI dependencies, while 71% say switching vendors would be difficult. AI sovereignty concerns reached a fevered pitch for tech leaders last month after Anthropic switched off two of its most capable artificial intelligence…
-
7 Arrested Over World’s Top Anime Piracy Site HiAnime
Tags: unclassifiedVietnamese police, aided by US Homeland Security and ACE, arrested seven people accused of running HiAnime, tied to $12.85M in ad revenue. First seen on hackread.com Jump to article: hackread.com/7-arrested-top-anime-piracy-site-hianime/ also interesting: Lenovo Laptops und ThinkPads betroffen – Sicherheitslücken in Lenovo-Produkten Channel Brief: OPSWAT Acquires InQuest, Commvault Intros New Security Integrations Deutsche Digitale Bibliothek Hatespeech-Ermittlungen:…
-
Supreme Court allows Texas app law requiring age verification to take effect
A student advocacy organization and tech trade group had appealed to the high court to stay the Texas App Store Accountability Act on an emergency basis until the lower court rules. First seen on therecord.media Jump to article: therecord.media/supreme-court-allows-texas-app-law-age-verification-to-take-effect also interesting: Rising Ransomware Issue: English-Speaking Western Affiliates Ransomware in 2024: New players, bigger payouts, and…
-
Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-cluster-roundcube/ also interesting: Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint…
-
Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-cluster-roundcube/ also interesting: Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint…
-
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown.The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across…
-
Spain arrests suspected member of pro-Russian hacktivist groups
The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spain-arrests-suspected-member-of-pro-russian-hacktivist-groups/ also interesting: TDL 008 – Defending the Frontline: Ransomware, AI, and Real-World Lessons TDL 008 – Defending…
-
QA: Solving Synthetic Media Challenges Before All Trust is Lost
Synthetic media has moved from technical curiosity to mainstream threat in just a few years, with deepfakes now cheap enough to produce that a free app and a handful of seconds of scraped audio can generate convincing fakes. The consequences stretch well beyond political misinformation: corporate fraud running into tens of millions of dollars, biometric…
-
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud
Check Point Software has announced that its Cloud Firewall offering is now available on the AWS European Sovereign Cloud, as the cybersecurity giant becomes an official partner for Amazon’s new independent European cloud infrastructure. The move is designed to help European organisations meet increasingly stringent data residency and operational autonomy requirements under EU regulatory frameworks,…
-
Iran-linked MuddyWater espionage campaign targets organisations across four continents
A new threat intelligence report from WatchGuard is warning organisations worldwide to strengthen behavioural detection capabilities after uncovering an espionage campaign by the Iran-linked threat group MuddyWater that successfully targeted high-value organisations across four continents. The report details how the group, also known as Seedworm, targeted organisations across manufacturing, aviation, financial services, education, professional services…
-
The industries being reimagined by AI
Throughout human history, technology has changed what we think is possible. Once, communication meant sending a letter. Now, we are all buried under a constant stream of emails, messages and notifications. AI marks another major inflection point. For the first time, ordinary people can communicate with computers in natural language, not code. That shift is…
-
Pentesting is dead. Long live pentesting.
Penetration testing has been a cornerstone of cybersecurity for decades. For many organisations, it is part of an annual security programme, providing reassurance for boards, evidence for customers and insurers and a demonstration of compliance with regulatory requirements. It is also one of the most commonly purchased cybersecurity services. Despite its widespread use, penetration testing is actually one of the least…
-
Huntress Signs Giacom to Widen UK MSP Access to Managed Detection and Response
Huntress has struck a new distribution partnership with UK channel marketplace Giacom, giving the managed service providers (MSPs) on Giacom’s Cloud Market platform direct access to Huntress’ Agentic Security Platform and its 24/7 AI-centric Security Operations Centre (SOC). The deal is one of two announced this week, alongside a parallel agreement with MSP Nordics covering Denmark, Finland, Iceland, Norway and Sweden, as Huntress looks…
-
Forescout recognised by NATO for cybersecurity capabilities across IT and OT environments
Forescout Technologies Inc. has been added to the NATO Information Assurance Product Catalogue (NIAPC), marking formal recognition that the company’s cybersecurity platform meets NATO’s information assurance requirements for deployment across mission-critical defence environments. Maintained by the NATO Communications and Information Agency (NCIA), the NIAPC serves as a trusted catalogue of cybersecurity technologies that have been…
-
Registration Now Open for International Cyber Expo 2026
Registration is now open for International Cyber Expo 2026, one of the UK’s flagship two-day cybersecurity events which set to return to Olympia London on 2930 September 2026, bringing together thousands of security professionals, technology providers and policymakers to explore the latest developments shaping the cyber landscape. With cyber threats at a peak and the…
-
George Murnane’s One-Question Test for Real AI
Ask George Murnane how to separate real artificial intelligence from a marketing slogan, and he gives you one question: what does the model predict, and what is its loss function? George Peter Murnane has spent more than three decades running asset-intensive aviation businesses, 14 of those years as a chief operating officer, a chief financial…
-
Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure
Private aviation runs on tight margins and tighter schedules. The AI tools Jet.AI built to optimize both placed the company in an unusual vantage point: watching production inference workloads run against real operational constraints, before the data center power shortage became a mainstream story. Mike Winston, investor and founder of Jet.AI (NASDAQ: JTAI), built those…
-
BeyondTrust Patches Authentication Bypass Vulnerabilities
BeyondTrust has patched four RS and PRA vulnerabilities, including two critical authentication bypass flaws. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/beyondtrust-patches-authentication-bypass-vulnerabilities/ also interesting: GeoVision 0-Day Vulnerability Exploited in the Wild Laserjet: Teils kritische Schwachstellen gefährden zahllose HP-Drucker How to create a ransomware playbook that works How to create a ransomware playbook that works
-
Bei Cloud-Ausfall droht fast jedes zweite Unternehmen lahmgelegt zu werden
Tags: cloudFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/cloud-ausfall-jedes-zweite-unternehmen-lahmgelegt also interesting: The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture In der Cloud abgelegt: Terabyte an Bewegungsdaten von VW-Elektroautos gefunden Google Cloud unveils open protocol for agentic payments Europe Spurs Digital Sovereignty With $213M Cloud Contract
-
Britain plans to build autonomous AI ‘Cyber Shield’ to defend nation
The capability, called Cyber Shield, is designed to counter a threat the National Cyber Security Centre (NCSC) said could see attackers “move at machine speed and greater scale, reducing opportunities for detection and response.” First seen on therecord.media Jump to article: therecord.media/britain-plans-autonomous-ai-cyber-shield also interesting: 12 most innovative launches at RSA 2025 China-linked hackers target Taiwan…
-
Britain plans to build autonomous AI ‘Cyber Shield’ to defend nation
The capability, called Cyber Shield, is designed to counter a threat the National Cyber Security Centre (NCSC) said could see attackers “move at machine speed and greater scale, reducing opportunities for detection and response.” First seen on therecord.media Jump to article: therecord.media/britain-plans-autonomous-ai-cyber-shield also interesting: Microsoft Sentinel: A cloud-native SIEM with integrated GenAI Top 5 AI…
-
Businesses modernizing networks for AI fear expanding attack surface, limited visibility
IT leaders are worried that security controls aren’t keeping pace with threats to AI systems. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-network-expansion-security-concerns-cisco/824581/ also interesting: 12 most innovative launches at RSA 2025 Your Data, Your Responsibility: Securing Your Organization’s Future in the Cloud Summer: Why cybersecurity must be strengthened as vacations abound Tenable Named a…
-
Businesses modernizing networks for AI fear expanding attack surface, limited visibility
IT leaders are worried that security controls aren’t keeping pace with threats to AI systems. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-network-expansion-security-concerns-cisco/824581/ also interesting: Why domain-based attacks will continue to wreak havoc Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability What CISOs need to know about new tools for securing MCP servers…
-
Bösartige Bots auf Reiseportalen: Thales warnt vor Account Takeover, API-Missbrauch und Vertrauensverlust
Tags: apiFür die Branche entsteht daraus ein strategischer Handlungsdruck. Wer Buchungssysteme, APIs, Treuekonten und Kundendaten nicht wirksam schützt, riskiert mehr als technische Störungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/boesartige-bots-auf-reiseportalen-thales-warnt-vor-account-takeover-api-missbrauch-und-vertrauensverlust/a45693/ also interesting: Datenpanne bei Palo Alto Networks, Zscaler und Cloudflare Stop Leaking API Keys: The Backend for Frontend (BFF) Pattern Explained Lessons from the PocketOS…
-
Authentication Bypass – Kritische SimpleHelp RMM-Schwachstelle wird aktiv ausgenutzt
Tags: authenticationFirst seen on security-insider.de Jump to article: www.security-insider.de/simplehelp-schwachstelle-oidc-auth-bypass-cve-2026-48558-a-b785971ada922f189ff5f132eaefaba6/ also interesting: Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack RSA enhances risk-based authentication solution Post-Quantum Key Exchange for MCP Authentication FIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutes
-
Scattered Spider’s Structure More Like a Cybercrime Collective Than a Unified Gang
Group-IB analysis argued Scattered Spider is a decentralized collective of independent clusters First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scattered-spider-as-cybercrime/ also interesting: Russian CryptoBytes Hackers Target Windows Machines with UxCryptor Ransomware New FrigidStealer infostealer infects Macs via fake browser updates US Readies Huione Group Ban Over Cybercrime Links UAT-8099: Chinese-speaking cybercrime group targets high-value IIS…
-
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn’t guarantee a secure pipeline, and how organizations can better govern their CI/CD workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-github-actions-attack-pattern-your-ci-security-scanners-miss/ also interesting: Linux wiper malware hidden in malicious Go modules on GitHub Threat Actors Exploit VS…

