Collecting Cyber-News from over 60 sources

Tag: corporate

Securing the service desk: Why social engineering attacks keep succeeding

Jun 24, 2026 4:34 PM

Tags: access, attack, corporate, mfa, password, service, social-engineering, software

Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/securing-the-service-desk-why-social-engineering-attacks-keep-succeeding/
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

Jun 24, 2026 11:34 AM

Tags: cloud, computing, corporate, cyber, group, scam

The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group.”These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds…
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Jun 23, 2026 7:34 PM

Tags: ai, corporate, email, marketplace

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address…
Webinar: How attackers bypass MFA and how defenders can respond

Jun 19, 2026 9:34 PM

Tags: access, ai, attack, corporate, mfa, phishing

Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-how-attackers-bypass-mfa-and-how-defenders-can-respond/
Cyberattack on Russian tech firm Astral disrupts business, government services for week

Jun 15, 2026 6:02 PM

Tags: access, authentication, business, corporate, cyberattack, email, government, russia, service

According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electronic human resources document management systems and authentication using digital certificates. First seen on therecord.media Jump to…
Lost in translation: Cybersecurity board reporting for CISOs

Jun 8, 2026 6:42 PM

Tags: ciso, corporate, cyber, cybersecurity, gartner, risk, risk-management

Cybersecurity board reports don’t always land. At the Security and Risk Management Summit 2026, Gartner analysts suggested a novel way to communicate cyber-risk to corporate directors. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366643884/Lost-in-translation-Cybersecurity-board-reporting-for-CISOs
Autonomous AI-driven worm can reason its way through corporate networks

Jun 3, 2026 3:42 PM

Tags: ai, corporate, network, worm

Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/autonomous-ai-worm-prototype/
Why Encrypted File Sharing Is Essential for Modern Businesses

Jun 2, 2026 1:42 AM

Tags: corporate

Consider the history of any recent corporate scandal, and it is quite possible to guess what the story… First seen on hackread.com Jump to article: hackread.com/encrypted-file-sharing-essential-modern-businesses/
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

May 30, 2026 8:42 PM

Tags: attack, authentication, breach, corporate, cve, exploit, flaw, hacker, network, vpn

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/
Everyone Suddenly Wants Claude’s Audit Logs

May 22, 2026 8:00 PM

Tags: access, api, compliance, corporate, crowdstrike, microsoft, network

27 Enterprises Integrate Claude’s Compliance API. More than two dozen enterprise security vendors, including Microsoft, CrowdStrike and Palo Alto Networks, have built integrations with Anthropic’s Claude Compliance API, an interface the company launched months ago to give corporate security teams access to Claude activity data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/everyone-suddenly-wants-claudes-audit-logs-a-31753
Old Breaches Resold as New Corporate Data Leaks

May 20, 2026 3:00 PM

Tags: breach, china, corporate, cyber, cybercrime, dark-web, data, group, leak

Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources toward investigating claims that often lack credibility. Group-IB identified a surge in high-volume data advertisements targeting companies across…
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

May 18, 2026 5:00 PM

Tags: breach, corporate, data, data-breach, group, hacking, theft

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

May 18, 2026 5:00 PM

Tags: breach, corporate, data, data-breach, group, hacking, theft

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
Bug bounty businesses bombarded with AI slop

May 18, 2026 4:01 PM

Tags: ai, bug-bounty, corporate, hacking

“Never-ending” AI slop strains corporate hacking reward schemes. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/05/bug-bounty-businesses-bombarded-with-ai-slop/
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

May 15, 2026 2:00 PM

Tags: attack, corporate, data, macOS, malicious, openai, supply-chain, unauthorized, update

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner.”Upon identification of the malicious activity, we worked quickly to investigate, contain, and…
KongTuke hackers now use Microsoft Teams for corporate breaches

May 14, 2026 3:00 PM

Tags: access, attack, breach, corporate, hacker, microsoft, social-engineering

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kongtuke-hackers-now-use-microsoft-teams-for-corporate-breaches/
What CISOs need to land a board role

May 14, 2026 12:01 PM

Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, training

Tips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
Lyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification Program

May 14, 2026 12:01 PM

Tags: ai, corporate, cyber, cybersecurity, finance

DUBAI, UAE, May 14, 2026, As autonomous AI agents begin to handle everything from corporate bank transfers to sensitive code deployments, the digital world is facing a new >>Wild West<< scenario: millions of autonomous entities operating without a badge or a passport. Today, OTT Cybersecurity LLC (the architects behind Lyrie.ai) announced a dual-milestone […] The…
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts

May 12, 2026 3:19 PM

Tags: attack, breach, corporate, cyber, data, data-breach, identity, threat

Global real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense >>pay or leak<< standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of corporate records online. This massive exposure highlights the growing danger of identity-based attacks targeting massive…
Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware

May 12, 2026 2:19 PM

Tags: corporate, cyber, hacker, malware, microsoft

Hackers are now abusing hijacked Microsoft Teams accounts and fake IT helpdesk chats to push a new, undocumented version of the Python”‘based ModeloRAT into corporate environments. Instead, they use compromised or newly created Microsoft Teams accounts that impersonate internal IT support and message employees directly, claiming to fix an urgent problem with their device or…
Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data

May 11, 2026 5:20 PM

Tags: access, corporate, cyber, data, exploit, flaw, malicious, microsoft, privacy, risk, vulnerability

Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If successfully exploited, malicious actors could bypass established security boundaries to access sensitive information processed, summarized,…
Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

May 7, 2026 1:48 PM

Tags: ai, corporate, data

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds”, and in thousands of cases, spill highly sensitive data onto the public internet. First seen on wired.com Jump to article: www.wired.com/story/thousands-of-vibe-coded-apps-expose-corporate-and-personal-data-on-the-open-web/
One in Eight Workers Has Sold Their Corporate Logins

May 6, 2026 11:48 AM

Tags: corporate, credentials, login

Cifas says that 13% of employees admit selling company credentials to a former colleague First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/one-eight-workers-sold-corporate/
Australia launches cyber review board modeled on version disbanded in US

May 5, 2026 3:48 PM

Tags: corporate, cyber, cyberattack, government, incident

The Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability. First seen on therecord.media Jump to article: therecord.media/australia-launches-cyber-review-board
4th May Threat Intelligence Report

May 4, 2026 4:49 PM

Tags: corporate, cyberattack, data, finance, intelligence, threat, unauthorized

Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems. Threat […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/4th-may-threat-intelligence-report/
Networks of Browser Extensions Are Spyware in Disguise

May 1, 2026 9:39 AM

Tags: ai, attack, corporate, data, governance, intelligence, leak, network, privacy, saas, spyware

Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of “analytics.” This unregulated “legal spyware” creates massive security gaps as employees unwittingly leak corporate URLs, SaaS dashboards, and research activity to third-party databases. With the rise of AI-native browsers and personal…
OpenAI’s Founding Promise Goes on Trial

Apr 30, 2026 12:39 AM

Tags: ai, corporate, intelligence, openai, technology

Elon Musk’s Lawsuit Threatens a $852B AI Empire. Elon Musk took the stand this week in a lawsuit that could unwind OpenAI’s corporate structure, derail its IPO bid and transform the artificial intelligence landscape. The stakes are high for enterprise customers that bet on OpenAI’s technology platform. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/openais-founding-promise-goes-on-trial-a-31550
Digital Risk to Executives: HR’s Role in Executive Protection

Apr 29, 2026 5:39 PM

Tags: corporate, risk

Nisos Digital Risk to Executives: HR’s Role in Executive Protection Executives are increasingly targeted based on their digital footprint, not just their corporate access… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/digital-risk-to-executives-hrs-role-in-executive-protection/
Digital Risk to Executives: HR’s Role in Executive Protection

Apr 29, 2026 5:39 PM

Tags: corporate, risk

Nisos Digital Risk to Executives: HR’s Role in Executive Protection Executives are increasingly targeted based on their digital footprint, not just their corporate access… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/digital-risk-to-executives-hrs-role-in-executive-protection/
Digital Risk to Executives: HR’s Role in Executive Protection

Apr 29, 2026 5:39 PM

Tags: corporate, risk

Nisos Digital Risk to Executives: HR’s Role in Executive Protection Executives are increasingly targeted based on their digital footprint, not just their corporate access… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/digital-risk-to-executives-hrs-role-in-executive-protection/