Tag: corporate
-
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the…
-
Anton’s Vibe Coding Experience: A Reflection on Risk Decisions
Tags: access, ai, application-security, authentication, business, compliance, corporate, credentials, data, google, linkedin, LLM, risk, toolLook, I’m not a developer, and the last time I truly “wrote code” was probably a good number of years ago (and it was probably Perl so you may hate me). I am also not an appsec expert (as I often remind people). Below I am describing my experience “vibe coding” an application. Before I go…
-
How searching for a VPN could mean handing over your work login details
What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-searching-for-a-vpn-could-mean-handing-over-your-work-login-details/
-
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
-
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users
Threat actors are increasingly turning to trusted infrastructure to launch their attacks, making it harder for automated security tools to flag malicious activity. A newly identified phishing campaign highlights this growing trend by abusing compromised websites to harvest valuable corporate credentials. Cybersecurity researchers have uncovered a sophisticated new phishing campaign where attackers hijack legitimate websites…
-
Stryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices Lost
Global medical technology giant Stryker suffered a massive cybersecurity incident on March 11, 2026, resulting in the remote wiping of thousands of corporate devices. A pro-Iranian hacktivist group known as Handala has claimed responsibility for the attack, which severely disrupted Stryker’s internal Microsoft environment, manufacturing, and shipping operations. Technical Execution Vector Unlike traditional destructive cyberattacks,…
-
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
-
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
-
UK Agency Exposed Corporate Executive Data
Directory Traversal Flaw Found in Companies House. The British government’s company register service temporarily deactivated its online filing service after someone found a serious vulnerability that allowed people to access directors’ sensitive personal data and potentially even amend companies’ records or file bogus accounts on their behalf. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-agency-exposed-corporate-executive-data-a-31033
-
Flaw in UK’s corporate registry let directors rummage through rival records
Back button blunder in WebFiling service run by Companies House revealed confidential paperwork First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/companies_house_breach/
-
Companies House Web Glitch Exposes Corporate Details to Fraudsters
An issue with the Companies House website has put the personal and corporate information of millions at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/companies-house-glitch-exposes/
-
Security Affairs newsletter Round 567 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Starbucks data breach impacts 889 employees Storm-2561 lures victims to spoofed VPN sites to harvest corporate…
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
AI Agents Present ‘Insider Threat’ as Rogue Behaviors Bypass Cyber Defenses: Study
Artificial intelligence (AI) agents, once touted as the next frontier of corporate efficiency, are increasingly exhibiting deceptive and rogue behaviors that could overwhelm traditional cybersecurity. New research shows autonomous systems are now capable of collaborating to smuggle sensitive data, forge credentials, and even peer-pressure other AIs into bypassing safety protocols. According to findings from Irregular,..…
-
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks
Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
-
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks
Threat actors are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools to breach corporate networks and establish persistent access. This tactic allows attackers to bypass traditional security defenses by blending malicious activities with routine administrative tasks. The Surge of RMM Abuse The exploitation of remote management software has become a primary initial access vector…
-
Announcing the 2026 CSO Hall of Fame honorees
Tags: ai, ceo, cio, ciso, corporate, cyber, cybersecurity, finance, google, group, infrastructure, international, jobs, resilience, risk, risk-management, sans, technologySelim Aissi, CEO & CSO, AGARobert S. Allen, Global CISO & Responsible AI Officer, GallagherMohit Chanana, CISO, Chevron Phillips ChemicalEdna Conway, Chief Operations & Risk Officer, TPO GroupJuan Gomez-Sanchez, VP, Cyber Resilience, McLane Company, Inc.Gary Harbison, Global CISO, Johnson & JohnsonMalcolm Harkins, Chief Security & Trust Officer, HiddenLayerBarry Hensley, CSO, Brown & BrownShaun Khalfan, SVP,…
-
CSO Awards 2026 celebrates world-class security strategies
4Wall Entertainment HMSA Aaron’s LLC Horizon BCBSNJ Accenture K&N Engineering Inc Adobe LyondellBasell Industries Aflac McDonald’s Ally Financial Medtronic PLC AmeriHealth Caritas Midcontinent Independent System Operator (MISO) Avangrid Moelis & Company Baptist Memorial Health Care Corporation Monster Energy California Housing Finance Agency MultiCare Health System Carvana National Cybersecurity Alliance Casey’s New Albany Floyd County Schools…
-
Hackers Pose as IT Staff in Microsoft Teams to Install Malware
Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
-
Attackers exploit FortiGate devices to access sensitive network information
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
-
The Economic Argument: The Real Cost of Insecure APIs in the AI Era
Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerabilityWhen cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
-
5 Actions Critical for Cybersecurity Leadership During International Conflicts
Tags: attack, backup, business, cloud, corporate, cyber, cybersecurity, data, exploit, government, incident response, infrastructure, international, iran, middle-east, military, network, resilience, risk, risk-assessment, russia, saas, service, supply-chain, technology, threat, ukraine, update, vulnerability, warfareThe recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness. Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the…
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
The Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security
Tags: access, ai, api, attack, breach, cloud, compliance, computing, container, control, corporate, cryptography, cyber, data, data-breach, detection, encryption, exploit, firewall, intelligence, mitigation, monitoring, PCI, resilience, risk, risk-assessment, service, software, strategy, tactics, threat, tool, vulnerabilityThe Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security andrew.gertz@t“¦ Thu, 03/05/2026 – 16:09 Multi-cloud data security threats are escalating at an unprecedented rate. According to Forrester and the 2025 Thales Global Cloud Data Security Study, the primary drivers of multi-cloud risks are: growing complexity, insufficient access controls, and the…
-
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
The FBI, working alongside international law enforcement agencies, has successfully dismantled the notorious cybercriminal forum LeakBase. Dubbed >>Operation Leak,<< this coordinated global effort resulted in the seizure of the platform's domains and its underlying infrastructure. LeakBase was a prominent online destination where cybercriminals gathered to buy, sell, and trade stolen databases, corporate data, and personal…
-
Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury
Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols. First seen on hackread.com Jump to article: hackread.com/institutional-defi-secure-bridges-decentralized-protocols/
-
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub. First seen on hackread.com Jump to article: hackread.com/telegram-used-sell-access-malware-stolen-logs/