Collecting Cyber-News from over 60 sources

Tag: corporate

Palo Alto Networks Moves to Secure Agentic Endpoints with Koi Deal

Feb 18, 2026 11:00 PM

Tags: access, ai, corporate, data, endpoint, network, risk, startup, technology

Palo Alto Networks has agreed to acquire Israeli startup Koi Security, marking a timely strategic push to confront the risks of AI agents operating inside corporate systems with broad access to data yet limited oversight. Palo Alto Networks plans to integrate Koi’s technology, known as Agentic Endpoint Security, into its Prisma AIRS AI security platform..…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Cybercrime Goes Corporate: Huntress Report Reveals Rise of Scalable, Stealth-First Attacks

Feb 18, 2026 7:58 PM

Tags: attack, corporate, cyber, cybercrime, exploit, group, hacker, threat

Cybercriminals are no longer lone hackers exploiting flashy zero-days; they are running streamlined, profit-driven operations that mirror legitimate businesses. That’s the key takeaway from the newly released Huntress 2026 Cyber Threat Report, which exposes how organised cybercrime groups are standardising their playbooks to maximise efficiency and revenue. Drawing on telemetry from more than 4.6 million…
From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

Feb 18, 2026 1:58 PM

Tags: ai, api, cloud, corporate, defense, governance, technology, threat

The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions,…
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks

Feb 18, 2026 1:58 PM

Tags: control, corporate, cve, cyber, data-breach, endpoint, exploit, ivanti, mobile, network, remote-code-execution, vulnerability, zero-day

Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run arbitrary commands on exposed EPMM servers, effectively giving them full control of the mobile device…
AI in the Middle: Turning Web-Based AI Services into C2 Proxies The Future Of AI Driven Attacks

Feb 17, 2026 3:58 PM

Tags: ai, attack, corporate, malware, service, threat

ey Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive egress. Threat actors are already capitalizing on this shift. Across the malware ecosystem, AI is…
EU Parliament Suspends AI Integration on Corporate Devices Over Cybersecurity Fears

Feb 17, 2026 12:58 PM

Tags: ai, corporate, cyber, cybersecurity, data, intelligence, tool, vulnerability

The European Parliament has taken a precautionary step by disabling built-in artificial intelligence features on work devices issued to lawmakers and staff members, citing unresolved cybersecurity and data protection risks. The decision follows an internal IT security assessment that identified potential vulnerabilities in how AI-powered tools handle sensitive information. According to an internal communication from the Parliament’s…
Finding a common language around risk

Feb 16, 2026 11:58 AM

Tags: ceo, cio, ciso, corporate, cyber, cybersecurity, defense, framework, governance, guide, intelligence, lessons-learned, metric, monitoring, phishing, ransomware, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, training, update

Building one culture from three languages: The Organizational Risk Culture Standard (ORCS) offers something most frameworks miss: it treats culture as the foundation, not the afterthought. You can’t bolt culture onto existing processes and call it done. Culture is how people actually think about risk when no one is watching. It’s the shared beliefs that…
Memory price explosion triggers PC buying spree

Feb 14, 2026 1:58 PM

Tags: corporate

DRAM doubles, NAND jumps 70% as corporate buyers race the clock First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/memory_pc_rush/
‘Crazy’ Hackers Strike Through Remote Monitoring Software

Feb 14, 2026 1:58 AM

Tags: access, corporate, cybersecurity, hacker, monitoring, ransomware, software, tool

VoidCrypt Ransomware Variant Taps RMM Tools, Says Huntress. Management isn’t the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools – simultaneously open to remote connections and with privileged local access – are good for wiggling into corporate networks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crazy-hackers-strike-through-remote-monitoring-software-a-30759
Corporate AI Use Shifts from Hypothetical Risk to Everyday Reality, New Research Shows

Feb 13, 2026 5:58 PM

Tags: ai, corporate, data, risk

Organisations are now deploying AI as a routine part of everyday work, far beyond pilot projects and theoretical risk debates, according to a new January snapshot of real-world usage data released by CultureAI this week. The research highlights how AI is being used in ordinary workflows and reveals the emerging patterns that are generating the…
Phishing Campaigns Target Users with Fake Meeting Invites and Update Alerts via Zoom, Teams, and Google Meet

Feb 13, 2026 2:58 PM

Tags: access, attack, corporate, cyber, exploit, google, malicious, microsoft, monitoring, phishing, social-engineering, tool, update

An ongoing wave of phishing campaigns exploiting fake meeting invites from popular video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The attacks use social engineering to lure corporate users into downloading malicious “software updates,” which are, in reality, digitally signed remote monitoring and management (RMM) tools that grant attackers full remote access to…
Hackers turn bossware against the bosses

Feb 13, 2026 5:58 AM

Tags: access, advisory, attack, awareness, computer, control, corporate, cybersecurity, data, email, endpoint, hacker, identity, infosec, infrastructure, malicious, mfa, monitoring, network, phishing, ransomware, risk, sans, software, tool, training, unauthorized, vulnerability

Ensure these risks are catalogued: Johannes Ullrich, dean of research at the SANS Institute, said this report is an example of how corporate IT teams build infrastructure that attackers then abuse. It’s known that employee monitoring software and security software have been misused like this in the past, he said. He pointed out that software…
What CISOs need to know about the OpenClaw security nightmare

Feb 12, 2026 8:58 AM

Tags: access, ai, api, attack, authentication, china, ciso, computer, control, corporate, credentials, email, endpoint, exploit, firewall, gartner, google, injection, mfa, microsoft, monitoring, network, open-source, openai, radius, risk, skills, startup, supply-chain, tool, vulnerability

OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
OpenClaw Scanner: Open-source tool detects autonomous AI agents

Feb 12, 2026 7:58 AM

Tags: ai, corporate, open-source, tool

A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/openclaw-scanner-open-source-tool-detects-autonomous-ai-agents/
Digital Hygiene for High-Profile Individuals

Feb 12, 2026 6:58 AM

Tags: corporate, vulnerability

Nisos Digital Hygiene for High-Profile Individuals Digital vulnerability isn’t limited to corporate executives. Any individual with a public profile faces similar – and sometimes even greater – digital exposure risks… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/digital-hygiene-for-high-profile-individuals/
Cybercriminals Exploit Employee Monitoring and SimpleHelp Tools in Ransomware Attacks

Feb 12, 2026 6:58 AM

Tags: attack, control, corporate, cyber, cybercrime, exploit, monitoring, network, ransomware, threat, tool

Threat actors are abusing legitimate remote monitoring tools to hide inside corporate networks and launch ransomware attacks. Net Monitor for Employees Professional is a commercial workforce monitoring tool by NetworkLookout that offers remote screen viewing, full remote control, file management, shell command execution, and stealth deployment. While intended for productivity oversight, these rich administrative capabilities make it…
Crazy ransomware gang abuses employee monitoring tool in attacks

Feb 11, 2026 8:58 PM

Tags: attack, corporate, detection, monitoring, network, ransomware, software, tool

A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/
The blind spot every CISO must see: Loyalty

Feb 6, 2026 9:13 AM

Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trust

How the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
APT27 Launches Stealthy Attacks on Corporate Networks, Evades Detection

Feb 6, 2026 9:13 AM

Tags: apt, attack, corporate, cyber, cyberattack, defense, detection, group, network, threat

A new, highly sophisticated cyberattack campaign that reveals how attackers are bypassing modern defenses to infiltrate corporate networks. The investigation points to a stealthy, multi-stage intrusion likely orchestrated by the threat group known as APT-Q-27, or >>GoldenEyeDog<<. The attack began with a common, everyday task: a customer support agent clicking a link in a support…
Operant AI’s Agent Protector Aims to Secure Rising Tide of Autonomous AI

Feb 5, 2026 4:14 PM

Tags: ai, corporate, gartner, intelligence

As the enterprise world shifts from chatbots to autonomous systems, Operant AI on Thursday launched Agent Protector, a real-time security solution designed to govern and shield artificial intelligence (AI) agents. The launch comes at a critical inflection point for corporate technology. Gartner predicts that by the end of 2026, 40% of enterprise applications will feature..…
Full Spectrum AI Security: FireTail’s Platform Update for the AI-Enabled Workforce FireTail Blog

Feb 4, 2026 1:13 AM

Tags: access, ai, api, browser, chatgpt, chrome, ciso, cloud, control, corporate, data, email, governance, grc, group, jobs, LLM, monitoring, risk, service, skills, technology, tool, unauthorized, update, vulnerability

Feb 03, 2026 – Jeremy Snyder – The rise of generative AI has changed how businesses operate. In almost every company, leaders are looking for ways to use AI to work faster and smarter. However, this shift has created a major challenge for security teams. Most of the AI activity inside an organization is currently…
The ‘Invisible Risk’: 1.5 Million Unmonitored AI Agents Threaten Corporate Security

Feb 3, 2026 7:13 PM

Tags: ai, api, corporate, open-source, risk

A massive >>invisible workforce<< of autonomous digital workers has arrived in the corporate world, but new research suggests it may be operating largely out of control. Large enterprises across the U.S. and UK have already deployed 3 million AI agents, according to a study released by Gravitee, an open-source leader in API and agentic management……
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials

Feb 3, 2026 1:13 PM

Tags: attack, business, corporate, credentials, detection, password, phishing

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/password-stealing-phishing-pdf/
Attackers Harvest Dropbox Logins Via Fake PDF Lures

Feb 3, 2026 12:13 AM

Tags: corporate, credentials, login, malware, phishing

A malware-free phishing campaign targets corporate inboxes and asks employees to view request orders, ultimately leading to Dropbox credential theft. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-harvest-dropbox-logins-fake-pdf-lures
Hanging Up on ShinyHunters: Experts Detail Vishing Defenses

Feb 2, 2026 7:13 PM

Tags: attack, authentication, corporate, data, defense, exploit, phishing, software

Sophisticated Voice Phishing Campaigns Don’t Exploit Any Software Vulnerabilities. Amidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use live video verification to safeguard authentication changes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hanging-up-on-shinyhunters-experts-detail-vishing-defenses-a-30657
Google Uncovers Major Expansion in ShinyHunters Threat Activity Using New Tactics

Feb 2, 2026 11:13 AM

Tags: authentication, corporate, credentials, cyber, cybercrime, extortion, google, identity, mfa, phishing, service, software, tactics, threat

A substantial expansion in cybercrime operations using tactics consistent with ShinyHunters-branded extortion campaigns. These sophisticated operations employ advanced voice phishing (vishing) and victim-branded credential harvesting websites to compromise corporate environments by stealing single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. While the methodology of targeting identity providers and Software-as-a-Service (SaaS) platforms remains consistent with…
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

Jan 30, 2026 7:24 PM

Tags: ai, automation, corporate, credentials, rce, remote-code-execution, risk, vulnerability

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeover. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-flaws-n8n-compromise-customer-security
National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat

Jan 30, 2026 1:21 PM

Tags: corporate, crime, cyber, finance, fraud, threat

Cyber fraudsters targeting corporate finance departments costs businesses millions a year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nca-natwest-warning-over-invoice/