Collecting Cyber-News from over 60 sources

Tag: business

Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass

May 21, 2026 3:00 PM

Tags: apache, authentication, business, cyber, flaw, open-source, password, rce, remote-code-execution, vulnerability

A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source Enterprise Resource Planning (ERP) platform used for managing business processes. When an administrator flags a…
Two U.S. Executives Plead Guilty in India-Based Tech Support Fraud Schemes

May 21, 2026 9:00 AM

Tags: business, ceo, cyber, fraud, india, service

Two U.S.-based business executives have pleaded guilty to their roles in enabling large-scale tech-support fraud operations linked to call centers in India, according to the U.S. Department of Justice. Adam Young, 42, former CEO of a telecommunications services company based in Miami, and Harrison Gevirtz, 33, former CSO from Las Vegas, admitted to knowingly supporting…
Instructure cyberattack reignites ransom payment debate

May 20, 2026 4:00 PM

Tags: breach, business, ciso, cyberattack, cybercrime, data, ransom

Instructure struck a deal to recover its stolen data — likely paying a hefty ransom. For CISOs, deciding whether to negotiate with cybercriminals should come down to business risk. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366642963/Instructure-cyberattack-reignites-ransom-payment-debate
Microsoft Launches New Surface AI PCs for Business Buyers

May 19, 2026 10:00 PM

Tags: 5G, ai, business, microsoft

Microsoft launched new Surface for Business PCs with Intel Core Ultra Series 3 chips, AI features, 5G options, and enterprise security tools. The post Microsoft Launches New Surface AI PCs for Business Buyers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-surface-for-business-ai-pc-refresh/
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

May 19, 2026 10:00 PM

Tags: apple, business, crypto, data, google, macOS, malware, microsoft, password, threat

A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft

May 19, 2026 10:00 PM

Tags: apple, business, crypto, data, google, macOS, malware, microsoft, password, threat

A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
Check Point Wants AI Agents to Do What Security Teams Can’t: Manage Networks at Machine Speed

May 19, 2026 5:00 PM

Tags: ai, business, firewall, network, zero-trust

Check Point has launched an agentic orchestration platform that can end the policy drift, stalled Zero Trust projects, and manual configuration backlogs that have plagued enterprise security teams for decades. The company’s Agentic Network Security Orchestration Platform is built around autonomous AI agents that translate business intent directly into firewall policy, tighten configurations in real…
7 tips for accelerating cyber incident recovery

May 19, 2026 12:00 PM

Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, update

Emphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
Boulevard of Broken Dreams: 2 Decades of Cyber Fails

May 18, 2026 11:00 PM

Tags: breach, business, cyber, moveIT, update

From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
Boulevard of Broken Dreams: 2 Decades of Cyber Fails

May 18, 2026 11:00 PM

Tags: breach, business, cyber, moveIT, update

From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
Secure, Fast, Reliable: The Best Cloud Storage Providers for Businesses in 2026

May 18, 2026 8:00 PM

Tags: business, cloud

Discover the X best business cloud storage providers of 2026. Secure, fast, and reliable solutions reviewed to streamline your workflow. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cloud/best-cloud-storage-for-business/
How to Reduce Phishing Exposure Before It Turns into Business Disruption

May 18, 2026 4:01 PM

Tags: attack, business, data-breach, detection, email, phishing, risk, soc

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread.Early phishing detection closes…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
Crime increasingly a ‘serious barrier’ to UK growth, say business leaders

May 18, 2026 12:02 AM

Tags: attack, business, country, crime, cyber, fraud, government, theft

British Chambers of Commerce survey shows firms ‘are dealing with rising levels of theft, fraud and cyber-attacks’UK business leaders have warned that crime is becoming an increasingly “serious barrier” to growing Britain’s economy amid a rise in shoplifting, fraud and cyber-attacks against companies.The British Chambers of Commerce (BCC), which represents tens of thousands of businesses…
The AI oversight paradox: Is the investment worth the cost of watching it?

May 15, 2026 7:00 AM

Tags: ai, business, strategy

Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/ai-workforce-impact-report/
How Fintech APIs Are Modernizing Business Cash Flow Management

May 14, 2026 6:00 PM

Tags: api, business, fintech

Business cash flow is often harder to manage than revenue. A company can have strong sales and still… First seen on hackread.com Jump to article: hackread.com/fintech-apis-modernize-business-cash-flow-management/
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

May 14, 2026 4:00 PM

Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theft

The campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents

May 14, 2026 1:00 PM

Tags: access, ai, business, cloud, control, cyber, flaw, intelligence

A newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason Kao, exposes a critical gap between user interface restrictions and backend enforcement in modern AI-integrated cloud services.…
What CISOs need to land a board role

May 14, 2026 12:01 PM

Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, training

Tips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
Palo Alto Networks bets on identity security for autonomous AI with Idira launch

May 14, 2026 12:01 PM

Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerability

CISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
West Pharmaceutical warns of ransomware attack impacting business operations

May 12, 2026 10:18 PM

Tags: attack, business, data, hacker, network, ransomware, service

West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems. First seen on therecord.media Jump to article: therecord.media/west-pharmaceutical-warns-of-ransomware-attack-impacting-operations
Amazon Quick authorization bypass let users reach blocked AI chat agents

May 12, 2026 6:19 PM

Tags: ai, business, intelligence, service

Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/12/fog-security-amazon-quick-authorization-bypass/
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

May 12, 2026 5:19 AM

Tags: access, attack, business, control, cve, cybersecurity, exploit, flaw, group, incident response, infosec, linux, LLM, mitigation, risk, service, strategy, switch, technology, tool, update, vulnerability, zero-day

), a logic bug which lets users easily obtain root access, and Dirty Frag, which abuses weaknesses in how the Linux kernel handles fragmented memory pages. The Dirty Frag attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). The proposal has set off a furious…
UK government renews calls to sign Cyber Resilience Pledge

May 12, 2026 1:19 AM

Tags: business, cyber, government, resilience

Westminster renews calls for business leaders to sign up to its yet-to-be-launched Cyber Resilience Pledge and highlights growth, and challenges, for the UK’s cyber economy. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642938/UK-government-renews-calls-to-sign-Cyber-Resilience-Pledge
Securing AI Agent Orchestration In The Enterprise: Best Practices For 2026

May 11, 2026 9:19 PM

Tags: ai, best-practice, business, cloud, cybersecurity, intelligence

Global businesses are racing to deploy artificial intelligence, sometimes at the expense of their cybersecurity postures. The rise of “agentic AI” is especially notable, due to its potential to automate business workflows, cloud operations, engineering tasks and cybersecurity. Not only are AI agents getting more capable, but they can also work much faster than humans,…
AI security is repeating endpoint security’s biggest mistake

May 11, 2026 5:20 PM

Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, update

Most AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…