Tag: communications
-
Poland shifts away from Signal following cyberattacks on officials’ accounts
Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follows repeated cyberattacks targeting Signal accounts belonging to politicians, military personnel, and public servants. Officials believe the campaigns…
-
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theftThe campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
-
BlackBerry doubles down on secure communications
Having sold its Cylance endpoint security portfolio to Arctic Wolf, the former smartphone pioneer is doubling down on military-grade encryption and post-quantum cryptography to shield critical infrastructure from AI-driven threats First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643081/BlackBerry-doubles-down-on-secure-communications
-
Tables Turned: Gentlemen Ransomware Group Suffers Data Leak
Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics. Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure. First seen on govinfosecurity.com Jump to article:…
-
FCC Softens Ban on Foreign-Made Routers
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fcc-softens-foreign-router-ban
-
Microsoft Teams on Android Now Lets Users Join External Meetings Through SIP
Microsoft is set to bridge the gap in enterprise unified communications with a highly anticipated update to its conference room hardware. Starting in June 2026, Microsoft Teams Rooms on Android will officially support joining third-party external meetings through Session Initiation Protocol (SIP). This strategic development aims to deliver seamless cross-platform interoperability for organizations relying on…
-
Train like you fight: Why cyber operations teams need no-notice drills
Tags: breach, business, cloud, communications, credentials, cyber, cybersecurity, detection, framework, healthcare, injection, login, military, psychology, ransomware, risk, skills, soc, threat, training, updateThe Yerkes-Dodson inverted-U curve: Performance rises with arousal to an optimal point, then falls sharply.Wikimedia Commons, CC-ZeroWhat repeated no-notice drills do is shift a team’s position on that curve. By building familiarity with threat-level arousal, they raise the threshold at which stress becomes performance-impairing. The stimulus is no longer novel. The cascade is shorter. Executive…
-
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email, with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare […]…
-
Palo Alto Networks Targets AI Agent Gateway With Portkey Buy
Startup Acquisition Adds Centralized Policy Control Over Agent Communications. Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/palo-alto-networks-targets-ai-agent-gateway-portkey-buy-a-31574
-
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trustWhat it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
Microsoft Expands Copilot Agent Mode for Outlook Inbox and Calendar Tasks
Microsoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This agentic update enables the system to handle routine triage, resolve rescheduling conflicts, and prioritize communications in…
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
AI is reshaping DevSecOps to bring security closer to the code
Tags: access, ai, api, application-security, attack, authentication, automation, breach, business, cloud, communications, compliance, container, control, data, data-breach, detection, exploit, governance, infrastructure, injection, least-privilege, risk, service, skills, software, sql, strategy, supply-chain, threat, tool, training, vulnerabilityExplicit security requirements elevate AI benefits: While deploying AI with DevSecOps is helping to shift the emphasis on security to earlier in the development lifecycle, this requires “explicit instruction to do it right,” says Noe Ramos, vice president of AI operations at business software provider Agiloft.”AI coding assistants accelerate development meaningfully, but they optimize for…
-
The Latest Push to Extend Key US Spy Powers Is Still a Mess
A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns”, with smoke and mirrors. First seen on wired.com Jump to article: www.wired.com/story/the-latest-push-to-extend-key-us-spy-powers-is-still-a-mess/
-
China-linked hackers targeted Mongolian government using Slack, Discord for covert communications
The group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unknown backdoor on the network of a Mongolian government institution. First seen on therecord.media Jump to article: therecord.media/china-linked-hackers-target-mongolian-gov-slack-discord
-
Apple Patches Privacy Issue Exposing Signal Message Data Through Notifications
Apple recently rolled out iOS 26.4.2 and iPadOS 26.4.2 to patch a critical privacy vulnerability affecting millions of users. Released on April 22, 2026, this vital security update addresses a flaw that could accidentally expose sensitive message data from secure applications, most notably Signal. By downloading this update, users can prevent their private communications from…
-
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China”‘nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote shell access, file operations, and session management rather than any obvious monetization features. Communications are…
-
Oracle April 2026 Critical Patch Update Addresses 241 CVEs
Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates 34 issues (7.1% of all patches) were assigned a critical severity rating Oracle Communications received the highest…
-
UK probes Telegram, teen chat sites over CSAM sharing concerns
Tags: communicationsOfcom, the United Kingdom’s independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it’s being used to share child sexual abuse material (CSAM). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-probes-telegram-teen-chat-sites-over-csam-sharing-concerns/
-
From Analytics to “Interception”: How Website Tracking Became a Wiretap Problem”, and What Companies Should Do About It
There is a certain irony in watching a statute designed to prevent clandestine eavesdropping on telephone calls become one of the most aggressively deployed tools against ordinary website functionality. The federal Wiretap Act”, codified as part of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 25102522″, was never intended to regulate marketing pixels, session…
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
Russia appears to block social media platform Bluesky amid wider internet restrictions
Russian digital rights organization RKS Global told Recorded Future News that Bluesky had been added to the registry of banned websites maintained by Russia’s communications watchdog Roskomnadzor. First seen on therecord.media Jump to article: therecord.media/russia-cracks-down-bluesky-internet
-
Apache Tomcat Flaws Enable EncryptInterceptor Bypass
Tags: apache, communications, cyber, exploit, flaw, open-source, risk, software, update, vulnerabilityThe Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The newly discovered vulnerabilities could allow attackers to compromise encrypted communications, exploit flawed patches, and bypass client…
-
UK government threatens tech bosses with jail time if they do not adequately fight nudification tools
A U.K. communications regulator, Ofcom, has said it will be cracking down on the spread of the images in the aftermath of the Grok scandal, which led to millions of “nudified” images of women and children to be circulated worldwide. First seen on therecord.media Jump to article: therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
-
The cyber winners and losers in Trump’s 2027 budget
Tags: cisa, communications, compliance, corporate, cyber, cybersecurity, defense, government, group, infrastructure, international, network, office, risk, service, strategy, threatFigure 1- Top gainers in Trump’s 2027 budget. Compilation from OMB cross-cut tables. CSOSeveral smaller agencies, including the EPA, Department of Education, Tennessee Valley Authority, Federal Mine Safety and Health Review Commission, and the US Army Corps of Engineers, also stand to post modest gains under the 2027 budget. Losers: DHS, VA, and research programs…
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…