Author: Andy Stern
-
SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management
Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/specterops-launches-bloodhound-scentry
-
New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
-
CISA will shutter some missions to prioritize others
Tags: cisaThe agency has lost roughly one-third of its workforce since January 2025. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-cybersecurity-division-reorganization/812155/
-
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
Tags: access, attack, authentication, exploit, flaw, rce, remote-code-execution, update, vulnerabilityA critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
-
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/state-hackers-using-gemini-google-ai/
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
Roses Are Red, AI Is Wild: A Guide to AI Regulation
AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
-
4 Tools That Help Students Focus
Educators recognize the dual reality of educational technology (EdTech): its potential to sharpen student focus and detract from it. Schools must proactively leverage technology’s advantages while mitigating its risks to student productivity. Read on as we unpack the evolving importance and challenge of supporting student focus. We also detail four categories of classroom focus tools,…
-
Who’s the bossware? Ransomware slingers like employee monitoring tools, too
As if snooping on your workers wasn’t bad enough First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/ransomware_slingers_bossware/
-
Odido confirms massive breach; 6.2 Million customers impacted
Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of…
-
Advanced Threat Detection Proactive Cyber Defense Capabilities
In today’s rapidly evolving threat landscape, organizations must maintain continuous visibility, strong detection mechanisms, and rapid response capabilities to defend against increasingly sophisticated cyber adversaries. Our Security Operations framework demonstrates proven effectiveness in identifying, analyzing, and mitigating high-risk network threats in real time. Below are two recent case studies that highlight our proactive detection, investigative…
-
Roses Are Red, AI Is Wild: A Guide to AI Regulation
AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
-
The Agentic Virus: How AI Agents Become Self-Spreading Malware
In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot in enterprise identity. The problem: thousands of MCP deployments running with overly broad tokens, no authentication, and no connection to your identity fabric. The solution: federate everything through the Maverics AI Identity Gateway. That post assumed……
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
EU Privacy Watchdogs Pan Digital Omnibus
Critics Say Regulation Amendments Would Chip Away at Fundamental Rights. A slew of amendments to European tech regulations touted by the European Commission as necessary for boosting continental competitiveness is receiving pushback from privacy watchdogs unhappy with changes that could water down EU privacy laws. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/eu-privacy-watchdogs-pan-digital-omnibus-a-30744
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
<div cla Digital sovereignty is now a strategic imperative for many European organizations. According to a new IDC Market Note¹, “Sovereignty is not viewed just as a contractual consideration, but as an architectural one, and one of technical feasibility.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/idc-market-note-surging-demand-for-eu-data-sovereignty-drives-new-cybersecurity-cloud-partnership/
-
Neue Warn-App für Cybervorfälle gestartet
Die neue CYROS-App verknüpft Sicherheitswarnungen von Behörden und Fachquellen, um über Cybersicherheitsvorfälle zu informieren.Ransomware-Attacken, Phishing und digitale Sabotage: Vor dem Hintergrund der zunehmenden Cyberbedrohungslage hat das Frankfurter Cyberintelligence Institute (CII) ein digitales Warnsystem namens Cyber Risk”¯Observation”¯Service (CYROS) für Smartphones entwickelt.Die CYROS-App bündelt alle sicherheitsrelevanten Informationen aus behördlichen Warnmeldungen. Zu den Quellen zählen unter anderem das…
-
Hacker linked to Epstein removed from Black Hat cyber conference website
Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/12/hacker-linked-to-epstein-removed-from-black-hat-cyber-conference-website/
-
The Epstein Files Reveal Stunning Operational Security Fails
Plaintext Emails Trigger Police Probes Into Potential Leaks of State Secrets The volume of information contained in the Epstein Files, bizarre pictures they paint and our inability to know what they don’t document complicate attempts to understand what it all means. What is clear is the digital detritus that can be generated by just a…
-
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/hand-over-the-keys-for-shannons-shenanigans/
-
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/romanias-oil-pipeline-operator-conpet-confirms-data-stolen-in-attack/
-
IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
<div cla Digital sovereignty is now a strategic imperative for many European organizations. According to a new IDC Market Note¹, “Sovereignty is not viewed just as a contractual consideration, but as an architectural one, and one of technical feasibility.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/idc-market-note-surging-demand-for-eu-data-sovereignty-drives-new-cybersecurity-cloud-partnership/
-
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/hand-over-the-keys-for-shannons-shenanigans/
-
Proofpoint Expands AI Security Offerings With Acuvity Acquisition
Proofpoint announced Thursday that it has acquired a startup focused on AI security and governance, Acuvity. First seen on crn.com Jump to article: www.crn.com/news/security/2026/proofpoint-expands-ai-security-offerings-with-acuvity-acquisition
-
ApolloMD data breach impacts 626,540 people
A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties…
-
Next Gen Spotlights: Creating Quiet in Moments of Noise QA with Richard Allmendinger, CEO and Co-Founder of Veribee
Veribee is on a mission to reduce noise for software teams, by striving to minimise alert-heavy tools that create noise, as opposed to confidence in what’s actually secure. As one survey found, over two-thirds of security teams receive over 2,000 alerts a day (roughly one alert every 42 seconds), with 92% reporting missed or uninvestigated…
-
ApolloMD data breach impacts 626,540 people
A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties…
-
ApolloMD data breach impacts 626,540 people
A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties…
-
ServiceNow Prevents Deepfake Impersonation at the IT Service Desk with Nametag Identity Verification
First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/servicenow-prevents-deepfake-impersonation-at-the-it-service-desk-with-nametag-identity-verification/