Tag: business
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
-
CISO Julie Chatman wants to help you take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
Texas AG Investigating Conduent, BCBS Texas in Hack
Will the Back-Office Services’ Firm Incident Shatter US Data Breach Records?. The Texas attorney general office has launched an investigation into the Conduent Business Services hacking incident, which affected about 15.5 million Texans, including about 4 million Blue Cross Blue Shield of Texas members. Will the nationwide victim tally shatter data breach records in the…
-
The foundation problem: How a lack of accountability is destroying cybersecurity
Tags: business, compliance, cybersecurity, healthcare, jobs, monitoring, risk, technology, training, vulnerabilityThe accountability gap: When leaders don’t take ownership, it shows up in predictable ways. Some are obvious, like teams that have a high turnover rate, projects that never finish or the same problems recurring month after month, year after year. Others, like technical debt, are far more insidious. Technical debt accumulates until it becomes a…
-
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files into AI-ready text and embeddings, and the vendor’s ecosystem footprint is often cited as spanning…
-
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager.The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. First seen on thehackernews.com…
-
5 key trends reshaping the SIEM market
Tags: ai, api, attack, automation, business, cloud, compliance, crowdstrike, cyber, cybersecurity, data, detection, edr, google, guide, Hardware, ibm, identity, incident response, intelligence, jobs, monitoring, msp, network, nis-2, saas, service, siem, soar, startup, technology, threat, tool, vulnerability, vulnerability-managementMarket split as midrange sales offset SME slump: A year on, Context’s data shows that this ongoing convergence of SIEM with security tools such as XDR and SOAR has triggered a structural split in the market.”Large midmarket firms are doubling down on unified platforms for compliance, while smaller organizations are investing less in SIEM entirely…
-
Die Lage der physischen Sicherheit 2026 – KI und Cloud verwandeln physische Sicherheit in ein Business-Asset
First seen on security-insider.de Jump to article: www.security-insider.de/physische-sicherheit-ki-business-asset-a-a29b67cbc8d192a3e4bd05d9bbb75425/
-
Securing Agentic AI Connectivity
Securing Agentic AI Connectivity AI agents are no longer theoretical, they are here, powerful, and being connected to business systems in ways that introduce cybersecurity risks! They’re calling APIs, invoking MCPs, reasoning across systems, and acting autonomously in production environments, right now. And here’s the problem nobody has solved: identity and access controls tell you…
-
The New CIO Mandate: From IT Operator to Strategy Architect
McKinsey Reveals How Top Performing Firms Are Redefining Tech Leadership. Before artificial intelligence dominated every technology conversation, the successful CIO focused on keeping business systems up and running while keeping costs in line. But in 2026, the picture is changing, according to McKinsey’s Global Tech Agenda 2026. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-cio-mandate-from-operator-to-strategy-architect-a-30745
-
Why identity recovery is now central to cyber resilience
Tags: access, ai, authentication, backup, business, cloud, compliance, cyber, data, email, identity, infrastructure, least-privilege, radius, ransomware, resilience, risk, service, strategyIdentity resilience: Implement immutable backups and automated recovery for identity systems such as Active Directory.Zero-trust architecture: Apply least-privilege access and continuous authentication to reduce the blast radius of an attack.Automated orchestration: Limit manual steps in recovery workflows so teams can respond faster under pressure.Regulatory readiness: Make audit-ready reporting and compliance validation part of resilience planning, not an afterthought.AI-ready protection: Account…
-
SmarterMail facing widespread attacks targeting critical flaws
The business email and collaboration software is being exploited for potential ransomware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/smartermail-attacks-critical-flaws-ransomware/812091/
-
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
Tags: access, ai, api, attack, automation, business, cloud, container, cyber, cybersecurity, data, exploit, finance, flaw, gartner, governance, identity, intelligence, iot, leak, network, risk, service, technology, threat, tool, update, vulnerability“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key Takeaways from Tenable: This is the latest among a recent string of recognitions Tenable…
-
Healthcare Networks, Financial Regulators, and Industrial Systems on the Same Target List
More than 25 million individuals are now tied to the Conduent Business Services breach as investigations continue to expand its scope. In Canada, approximately 750,000 investors were affected in the CIRO data breach. During roughly the same period, 2,451 vulnerabilities specific to industrial control systems were disclosed by 152 vendors. The latest ColorTokens Threat Advisory……
-
Cloud Security and Compliance: What It Is and Why It Matters for Your Business
Cloud adoption didn’t just change where workloads run. It fundamentally changed how security and compliance must be managed. Enterprises are moving faster than ever across AWS, Azure, GCP, and hybrid… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/cloud-security-and-compliance-what-it-is-and-why-it-matters-for-your-business/
-
Volvo Group hit in massive Conduent data breach
A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly…
-
Should CISOs Plan for Government as an Adversary?
Why Modern Threat Modeling Must Account for State Control of Infrastructure CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders – and it’s time for CISOs to reassess dependencies and trust boundaries. First seen…
-
Volvo Group North America customer data exposed in Conduent hack
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/volvo-group-north-america-customer-data-exposed-in-conduent-hack/
-
Microsoft 365 outage takes down admin center in North America
Microsoft is investigating an outage that blocks some administrators with business or enterprise subscriptions from accessing the Microsoft 365 admin center. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-admin-center-in-north-america/
-
How to govern agentic AI so as not to lose control
assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security…
-
Microsoft Acknowledges Exchange Online Spam Filter Mistakenly Blocks Valid Email
Microsoft is currently tackling a significant service degradation within Exchange Online that is disrupting business communications by incorrectly flagging legitimate emails as phishing attempts. The incident, tracked under the identifier EX1227432, began on February 5, 2026, and is causing valid messages to be trapped in quarantine rather than reaching their intended recipients. Spam Filter Mistakenly Blocks…
-
AI Is Transforming the Chief Data Officer Role
AI Elevates CDO Job From Gatekeeper to Data-Driven Change Agent. The chief data officer is being pushed out of the shadows and into the C-suite spotlight with the rise of AI. While the role emerged as one rooted in compliance and risk management, it has evolved to be a business driver, holding the keys to…
-
Admin Rights Are a Vulnerability, Not an Enabler
Enabling Practical Endpoint Control Without Productivity Trade-offs Removing local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk’s practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/admin-rights-are-vulnerability-enabler-p-4039
-
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-breach-smartertools-network-using-flaw-in-its-own-software/
-
Gartner-Prognose: Die sechs wichtigsten Cybersicherheits-Trends für 2026
Tags: ai, awareness, business, compliance, computing, cyberattack, cybersecurity, cyersecurity, framework, gartner, governance, resilience, risk, soc, tool, trainingLesen Sie, mit welchen Cybersecurity-Trends sich Unternehmen in diesem Jahr beschäftigen sollten.Auch im Jahr 2026 bleibt die Cybersicherheitslage angespannt. Doch was sind die wichtigsten Themen, Risiken und Chancen, mit denen sich Security-Entscheider aktuell befassen sollten?Das Marktforschungsunternehmen Gartner hat dazu folgende sechs Trends ermittelt: KI-Agenten werden zunehmend von Mitarbeitern und Entwicklern genutzt, wodurch neue Angriffsflächen entstehen.…
-
NIS2: Supply chains as a risk factor
Why supply chains are particularly vulnerable: The supply chain is an attractive target for attackers for several reasons. External partners often have privileged access, work with sensitive data, or are deeply integrated into operational processes. At the same time, they are often not subject to the same security standards as large organizations.Furthermore, there is a structural lack…
-
Romania’s national oil pipeline firm Conpet reports cyberattack
Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…
-
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware
The nightmare scenario for any modern business is simple but devastating: scammers clone your website, steal your domain identity, and rob your customers. By the time the complaints roll in, the money is gone, and your reputation is left in tatters. This practice, known as cybersquatting, is no longer just a nuisance it is a…
-
Six more vulnerabilities found in n8n automation platform
CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…