Tag: control
-
Think agentic AI is hard to secure today? Just wait a few months
Cost effective fix: Do nothing: Kodezi’s Khan offers an interesting fix for that foundational problem: Don’t even try. He argues it’s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward. “Aim for containment rather than for perfection. You can’t really govern…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features.”It provides a single place to block current and future generative AI features in Firefox,” Ajit Varma, head of Firefox, said. “You can also review and manage individual AI features…
-
New phishing attack leverages PDFs and Dropbox
Masquerading as a safe document format: But after so many warnings about this over time, why are people still so trusting of PDFs and Dropbox?”Because, historically, they’ve actually been trained to be,” said Avakian. PDFs are routinely used in the business world and have been positioned as a safe, read-only document format for invoices, contracts,…
-
Pulsar RAT Targets Windows Systems via Per-User Run Key, Exfiltrates Sensitive Data
A sophisticated multi-stage malware campaign leveraging living-off-the-land techniques and in-memory payload delivery has been discovered targeting Windows systems. The attack employs Pulsar RAT, a full-featured remote access trojan combined with advanced stealer capabilities, using evasion techniques designed to bypass traditional security controls and maintain persistent access. The infection chain begins with a hidden batch file…
-
CultureAI Launches Global Partner Program
CultureAI has announced the launch of its global CultureAI Partner Program, designed to empower resellers, VARs, MSPs and MSSPs to help customers adopt AI with confidence, making critical AI usage controls accessible to all. As AI usage accelerates across enterprises, often through unsanctioned and embedded tools, organisations are facing a growing gap between AI adoption…
-
How risk culture turns cyber teams predictive
Tags: access, compliance, control, credentials, cyber, cybersecurity, data-breach, detection, identity, intelligence, jobs, ransomware, resilience, risk, serviceRisk culture: What it is when you strip the slogans: People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at…
-
Why non-human identities are your biggest security blind spot in 2026
Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, toolThe three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
Arsink RAT Targets Android Devices to Steal Sensitive Data and Enable Remote Access
Arsink is a cloud-native Android Remote Access Trojan (RAT) that steals sensitive data and grants attackers deep control over infected devices. In several builds, larger media is pushed through Google Apps Script into Google Drive, while other versions rely on Firebase Realtime Database (RTDB) and Firebase Storage, sometimes paired with Telegram for fast exfiltration. The…
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the >>castle and moat<< security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools act as the new control plane, stopping ransomware command-and-control (C2) callbacks and AI-driven phishing attacks…
-
FBI takes notorious RAMP ransomware forum offline
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-takes-notorious-ramp-ransomware-forum-offline
-
US Seizes $400 Million Linked to Helix Dark Web Crypto Mixer
US authorities take control of over $400 million in crypto, cash, and property tied to Helix, a major darknet bitcoin mixing service used by drug markets. First seen on hackread.com Jump to article: hackread.com/us-seizes-400m-helix-dark-web-crypto-mixer/
-
SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-0921, carries a CVSS score of 6.5 (Medium severity) and enables attackers to trigger denial-of-service (DoS) conditions on affected systems, compromising operational availability. Vulnerability…
-
OpenClaw AI Runs Wild in Business Environments
The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users’ computers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/openclaw-ai-runs-wild-business-environments
-
Hugging Face infra abused to spread Android RAT in a large-scale malware campaign
Abuse through smart hosting: Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories,…
-
Apple’s new privacy feature limits how precisely carriers track your location
Apple users are already accustomed to managing app-level location permissions, and a new privacy feature in iOS 26.3 extends that control to cellular networks. Called Limit … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/apple-limit-precise-location-ios/
-
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits
51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
-
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk. First seen on hackread.com Jump to article: hackread.com/cloud-migration-security-mistakes-how-to-avoid/
-
Cal.com Access Control Flaws Expose Millions of Bookings
Researchers found access control flaws in Cal.com that could enable account takeover and expose sensitive booking data across organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cal-com-access-control-flaws-expose-millions-of-bookings/
-
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated for approximately ten months with multi-platform remote access capabilities and integrated cryptocurrency mining operations. The…
-
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being…
-
CISA chief uploaded sensitive government files to public ChatGPT
Tags: access, chatgpt, cisa, compliance, control, cybersecurity, government, infrastructure, office, toolLeadership credibility questioned: The uploads triggered an internal DHS assessment involving the department’s then-acting general counsel Joseph Mazzara and chief information officer Antoine McCord, along with CISA’s chief information officer Robert Costello and chief counsel Spencer Fisher, the report said. The outcome has not been disclosed.According to the report, CISA spokesperson Marci McCarthy confirmed that…