Tag: corporate
-
UK Agency Exposed Corporate Executive Data
Directory Traversal Flaw Found in Companies House. The British government’s company register service temporarily deactivated its online filing service after someone found a serious vulnerability that allowed people to access directors’ sensitive personal data and potentially even amend companies’ records or file bogus accounts on their behalf. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-agency-exposed-corporate-executive-data-a-31033
-
Flaw in UK’s corporate registry let directors rummage through rival records
Back button blunder in WebFiling service run by Companies House revealed confidential paperwork First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/companies_house_breach/
-
Companies House Web Glitch Exposes Corporate Details to Fraudsters
An issue with the Companies House website has put the personal and corporate information of millions at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/companies-house-glitch-exposes/
-
Security Affairs newsletter Round 567 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Starbucks data breach impacts 889 employees Storm-2561 lures victims to spoofed VPN sites to harvest corporate…
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
AI Agents Present ‘Insider Threat’ as Rogue Behaviors Bypass Cyber Defenses: Study
Artificial intelligence (AI) agents, once touted as the next frontier of corporate efficiency, are increasingly exhibiting deceptive and rogue behaviors that could overwhelm traditional cybersecurity. New research shows autonomous systems are now capable of collaborating to smuggle sensitive data, forge credentials, and even peer-pressure other AIs into bypassing safety protocols. According to findings from Irregular,..…
-
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks
Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
-
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks
Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
-
Announcing the 2026 CSO Hall of Fame honorees
Tags: ai, ceo, cio, ciso, corporate, cyber, cybersecurity, finance, google, group, infrastructure, international, jobs, resilience, risk, risk-management, sans, technologySelim Aissi, CEO & CSO, AGARobert S. Allen, Global CISO & Responsible AI Officer, GallagherMohit Chanana, CISO, Chevron Phillips ChemicalEdna Conway, Chief Operations & Risk Officer, TPO GroupJuan Gomez-Sanchez, VP, Cyber Resilience, McLane Company, Inc.Gary Harbison, Global CISO, Johnson & JohnsonMalcolm Harkins, Chief Security & Trust Officer, HiddenLayerBarry Hensley, CSO, Brown & BrownShaun Khalfan, SVP,…
-
CSO Awards 2026 celebrates world-class security strategies
4Wall Entertainment HMSA Aaron’s LLC Horizon BCBSNJ Accenture K&N Engineering Inc Adobe LyondellBasell Industries Aflac McDonald’s Ally Financial Medtronic PLC AmeriHealth Caritas Midcontinent Independent System Operator (MISO) Avangrid Moelis & Company Baptist Memorial Health Care Corporation Monster Energy California Housing Finance Agency MultiCare Health System Carvana National Cybersecurity Alliance Casey’s New Albany Floyd County Schools…
-
Hackers Pose as IT Staff in Microsoft Teams to Install Malware
Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
-
Attackers exploit FortiGate devices to access sensitive network information
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
-
The Economic Argument: The Real Cost of Insecure APIs in the AI Era
Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerabilityWhen cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
-
5 Actions Critical for Cybersecurity Leadership During International Conflicts
Tags: attack, backup, business, cloud, corporate, cyber, cybersecurity, data, exploit, government, incident response, infrastructure, international, iran, middle-east, military, network, resilience, risk, risk-assessment, russia, saas, service, supply-chain, technology, threat, ukraine, update, vulnerability, warfareThe recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness. Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the…
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
The Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security
Tags: access, ai, api, attack, breach, cloud, compliance, computing, container, control, corporate, cryptography, cyber, data, data-breach, detection, encryption, exploit, firewall, intelligence, mitigation, monitoring, PCI, resilience, risk, risk-assessment, service, software, strategy, tactics, threat, tool, vulnerabilityThe Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security andrew.gertz@t“¦ Thu, 03/05/2026 – 16:09 Multi-cloud data security threats are escalating at an unprecedented rate. According to Forrester and the 2025 Thales Global Cloud Data Security Study, the primary drivers of multi-cloud risks are: growing complexity, insufficient access controls, and the…
-
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
The FBI, working alongside international law enforcement agencies, has successfully dismantled the notorious cybercriminal forum LeakBase. Dubbed >>Operation Leak,<< this coordinated global effort resulted in the seizure of the platform's domains and its underlying infrastructure. LeakBase was a prominent online destination where cybercriminals gathered to buy, sell, and trade stolen databases, corporate data, and personal…
-
Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury
Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols. First seen on hackread.com Jump to article: hackread.com/institutional-defi-secure-bridges-decentralized-protocols/
-
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub. First seen on hackread.com Jump to article: hackread.com/telegram-used-sell-access-malware-stolen-logs/
-
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
Tags: access, cloud, corporate, credentials, cyber, data-breach, exploit, hacker, marketplace, network, ransomware, vpnHackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP, and cloud environments. The platform now acts as a high-speed bridge between compromised credentials and full network compromise, supporting ransomware operators, Initial Access Brokers (IABs), and hacktivist collectives. Telegram hosts popular…
-
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shadow-layer-organizations-supply/
-
Infostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen Credentials
The cybersecurity community is witnessing a rise in credential”‘stuffing attacks targeting corporate Single Sign”‘On (SSO) systems, with recent campaigns focusing on F5 BIG”‘IP devices. To understand the source of the stolen logins, Defused Cyber analyzed a dataset of 70 unique email”‘password pairs used in the attack. When cross”‘referenced with Hudson Rock’s cybercrime database of Infostealer…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
The $19.5 million insider risk problem
Routine employee activity across corporate systems carries an average annual cost of $19.5 million per organization. That figure comes from the 2026 Cost of Insider Risks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/insider-risk-costs-2026/
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
The Coming Regulatory Wave for AI Agents Their APIs
Tags: access, ai, api, attack, ciso, compliance, control, corporate, data, endpoint, finance, framework, governance, guide, infrastructure, leak, monitoring, regulation, risk, toolFor the past two years, the adoption of Generative AI has felt like a gold rush. Organizations raced to integrate Large Language Models and build autonomous agents to assist employees. They often bypassed standard governance processes in the name of speed and innovation. That era of unrestricted experimentation is rapidly drawing to a close. A…
-
How Discord Can Expose Corporate Data
Discord improves collaboration, but a compromised account can expose credentials, customer data and internal plans. Learn the risks and how to reduce exposure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-discord-can-expose-corporate-data/