Tag: corporate
-
Dark Patterns, Children’s Data and Corporate Fiduciary Risk
How UX Decisions Are Becoming Regulatory Liabilities for CISOs Children’s data is entering a new regulatory era where dark patterns, defaults and monetization choices can signal breached fiduciary duty. As privacy, safety and consumer laws converge globally, CISOs must treat manipulative UX, consent flows and retention practices as core security and governance risks. First seen…
-
2 Separate Campaigns Probe Corporate LLMs for Secrets
A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
-
DPRK Hackers Earn $600M Posing as Remote Workers
The landscape of corporate espionage has undergone a fundamental transformation. For decades, security teams focused their efforts on identifying disgruntled employees or negligent contractors the traditional >>insider threat.<< Today, the most dangerous infiltrator is not a rogue staffer but rather a sophisticated operative hired under pretenses, operating as part of an organized, state-sponsored recruitment program.…
-
What security teams can learn from torrent metadata
Tags: corporateSecurity teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/12/torrent-metadata-osint-research/
-
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
Security researchers last year wrote about a surge in the use by threat actors of the legitimate XMRig cryptominer, and cybersecurity firm Expel is now outlining the widening number of malicious ways they’re deploying the open-source tool against corporate IT operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/use-of-xmrig-cryptominer-by-threat-actors-expanding-expel/
-
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
Researchers at the World Economic Forum have shown that threat actors can use commercial deepfake tools to bypass corporate security protections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wef-deepfake-faceswapping-security/
-
The Cyber Express Weekly Roundup: Schools, Hacktivists, and National Cyber Overhauls
The opening week of 2026 has already highlighted the complexity of global cyber threats, with incidents affecting governments, educational institutions, and corporations alike. From school closures to corporate breaches and international policy shifts, cybersecurity news demonstrates that attacks are no longer confined to technical systems; they have real-world consequences for operations, public trust, and the…
-
JFrog stärkt Marketingführung: Genefa Murphy übernimmt CMO-Rolle
Murphy war zuletzt Chief Marketing & Content Officer bei Udemy, einer der weltweit größten KI-gestützten Plattformen für Kompetenzentwicklung. Davor leitete sie als CMO bei Five9 sowie als SVP & CMO bei Micro Focus und als Global VP of Corporate Marketing and Communications bei Hewlett Packard Enterprise zentrale Marketing- und Kommunikationsbereiche. First seen on infopoint-security.de Jump…
-
JFrog stärkt Marketingführung: Genefa Murphy übernimmt CMO-Rolle
Murphy war zuletzt Chief Marketing & Content Officer bei Udemy, einer der weltweit größten KI-gestützten Plattformen für Kompetenzentwicklung. Davor leitete sie als CMO bei Five9 sowie als SVP & CMO bei Micro Focus und als Global VP of Corporate Marketing and Communications bei Hewlett Packard Enterprise zentrale Marketing- und Kommunikationsbereiche. First seen on infopoint-security.de Jump…
-
Report: Increase Usage of Generative AI Services Creates Cybersecurity Challenge
Ray Canzanese said that increased reliance on managed corporate accounts should provide cybersecurity teams with more visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/report-increase-usage-of-generative-ai-services-creates-cybersecurity-challenge/
-
The Key Principles of Corporate Governance
What Is Corporate Governance? Corporate governance refers to the system of rules, practices, and processes used to direct and control an organization. It establishes how decisions are made, who has the authority to make them, and how those decisions are reviewed over time. Corporate governance defines the relationship between the board of directors, executive leadership,……
-
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-file-sharing-sites-targeted-for-corporate-data-theft-attacks/
-
Sergey Petrossov’s Aero Ventures Addresses Aviation’s Younger, Tech-Focused Buyer Demographic
Tags: corporatePrivate aviation’s typical buyer used to be straightforward: corporate executive, mid-50s, established wealth. That profile is still prominent, but it’s changing fast. Buyers under 45 now account for 29% of pre-owned private jet transactions, nearly double their share from a decade ago, according to Jetcraft’s 2025 market report. These younger buyers are also spending more:…
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
European Space Agency confirms breach of “external servers”
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/
-
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
-
Think you can beat ransomware? RansomHouse just made it a lot harder
Tags: access, attack, backup, corporate, data, detection, encryption, endpoint, extortion, incident response, leak, monitoring, ransom, ransomware, strategy, updateRansomHouse attempts double extortion: Beyond the cryptographic update, RansomHouse leverages a double extortion model, which involves exfiltrating data and threatening public disclosure in addition to encrypting it, to add pressure on victims to pay.This layered pressure tactic, already a common feature of modern ransomware attacks, complicates incident response timelines and negotiating strategies for corporate security…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What is the future of Non-Human Identities in cybersecurity
How Do Non-Human Identities Enhance Cybersecurity in Cloud Environments? Imagine where machine identities significantly outnumber human identities within corporate networks. This scenario is no longer a prediction but a reality, making the management of Non-Human Identities (NHIs) an essential aspect of cybersecurity. With organizations increasingly rely on cloud technologies, understanding and effectively managing NHIs can……
-
Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role
Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration. First seen on hackread.com Jump to article: hackread.com/keyboard-lag-amazon-north-korea-impostor-remote-role/
-
Clop Ransomware Group Targets Gladinet CentreStack Servers to Exfiltrate Data
Tags: attack, corporate, cyber, data, exploit, extortion, group, intelligence, Internet, ransomware, vulnerabilityThe notorious Clop ransomware group has launched a new data extortion campaign targeting internet-facing Gladinet CentreStack file servers, exploiting an unknown vulnerability to steal sensitive corporate information. Incident responders from the Curated Intelligence community first identified this campaign, which marks the latest in a series of Clop attacks targeting enterprise file transfer and storage solutions.…
-
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers analyzed a blocked link reported by a customer, revealing a complex chain of obfuscation designed…
-
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers analyzed a blocked link reported by a customer, revealing a complex chain of obfuscation designed…