Tag: defense

NSA Tells Feds: Zero Trust Must Go Beyond Login

Feb 3, 2026 1:13 AM

Tags: access, authentication, defense, login, zero-trust

New NSA Guidance Demands Continuous Access Checks, Implementation Overhaul. The National Security Agency’s new zero trust guidance instructs agencies to move beyond login-based security by continuously assessing user behavior and app-layer activity in real time, aiming to close gaps that allow post-authentication abuse and elevate federal defenses against modern threats. First seen on govinfosecurity.com Jump…
AI Threats in 2026: A SecOps Playbook

Feb 2, 2026 8:14 PM

Tags: ai, defense, risk, threat

As AI-driven threats accelerate in 2026, security teams must evolve their defenses to manage new risks and maintain resilience. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-threats-in-2026-a-secops-playbook/
Hanging Up on ShinyHunters: Experts Detail Vishing Defenses

Feb 2, 2026 7:13 PM

Tags: attack, authentication, corporate, data, defense, exploit, phishing, software

Sophisticated Voice Phishing Campaigns Don’t Exploit Any Software Vulnerabilities. Amidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use live video verification to safeguard authentication changes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hanging-up-on-shinyhunters-experts-detail-vishing-defenses-a-30657
âš¡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Feb 2, 2026 3:14 PM

Tags: ai, attack, botnet, defense, exploit, office, ransom, risk, threat, update, zero-day

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt, and how fast attackers try to stay…
Pompelmi: Open-source secure file upload scanning for Node.js

Feb 2, 2026 8:14 AM

Tags: defense, open-source, service, software

Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/pompelmi-open-source-secure-file-upload-scanning-node-js/
Polish Grid Hack Underlines European Need for Active Defense

Jan 31, 2026 9:15 PM

Tags: attack, cyberattack, defense, hacking, infrastructure, russia

Russian Hacking Shows Limits of Preventive Measures. Europe must step up its active defenses against cyberattacks and modernize its IT infrastructure, a leading expert has warned in the wake of a major attack on Poland’s energy grid attributed to Russian hackers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/polish-grid-hack-underlines-european-need-for-active-defense-a-30651
AI Compliance Tools: What to Look For FireTail Blog

Jan 30, 2026 8:42 PM

Tags: ai, antivirus, api, attack, automation, backdoor, business, cloud, compliance, control, credit-card, data, defense, email, finance, framework, GDPR, governance, grc, guide, identity, injection, intelligence, jobs, LLM, login, malicious, mitre, network, nist, okta, remote-code-execution, risk, risk-management, siem, software, threat, tool, training, unauthorized, vulnerability

Jan 30, 2026 – Alan Fagan – Quick Facts: AI Compliance ToolsManual tracking often falls short: Spreadsheets cannot track the millions of API calls and prompts generated by modern AI systems.Real-time is required: The best AI compliance tools monitor live traffic, not just static policy documents.Framework mapping matters: Firetail automatically maps activity to the OWASP…
Holiday Hits: Hackers Love to Strike When Defenders Are Away

Jan 30, 2026 7:24 PM

Tags: attack, cybersecurity, defense, hacker

Honeypots Reveal Automated Bots’ ‘Attack Intensity’ Surged Over Christmastime 2025. Memo for cybersecurity defenders: Honeypots reveal attack intensity surged over the recent holiday period, as hackers continued their well-known propensity for probing defenses and striking in the off hours, using highly automated bots, to try and maximize their dwell time before discovery. First seen on…
Manufacturers fortify cyber defenses in response to dramatic surge in attacks

Jan 30, 2026 6:21 PM

Tags: attack, cyber, defense, network, vulnerability

IT/OT convergence and other trends are making the manufacturing industry’s networks more vulnerable and more frequently targeted, but sector leaders are working to improve their cyber posture. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/manufacturing-sector-cyber-threats-collaboration-ransomware/810930/
Manufacturers fortify cyber defenses in response to dramatic surge in cyberattacks

Jan 30, 2026 5:22 PM

Tags: cyber, cyberattack, defense, network, vulnerability

The IT/OT convergence and other trends are making the manufacturing industry’s networks more vulnerable and more frequently targeted, but sector leaders are working to improve their cyber posture. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/manufacturing-sector-cyber-threats-collaboration-ransomware/810930/
MCP security: How to prevent prompt injection and tool poisoning attacks

Jan 30, 2026 4:22 PM

Tags: access, ai, api, attack, authentication, automation, best-practice, business, ceo, communications, control, credentials, data, defense, detection, email, endpoint, exploit, framework, github, governance, guide, incident response, infrastructure, injection, least-privilege, LLM, malicious, monitoring, network, radius, risk, service, siem, software, sql, supply-chain, threat, tool, unauthorized, vulnerability

The Model Context Protocol (MCP) has quickly become the open protocol that enables AI agents to connect securely to external tools, databases, and business systems. But this convenience comes with security risks. MCP servers store sensitive credentials, handle business logic, and connect to APIs. This makes them prime targets for attackers who have learned to…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk

Jan 30, 2026 4:22 PM

Tags: backdoor, browser, chrome, credentials, cyber, defense, espionage, government, hacking, iran, login, microsoft, powershell, risk

TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent SpearSpecter campaign analysis.”‹ APT42 deploys TAMECAT in long-term espionage operations against senior defense and government…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses

Jan 30, 2026 4:22 PM

Tags: android, control, cyber, defense, detection, exploit, infrastructure, malicious, rat, service, social-engineering

A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid polymorphism. The campaign targets Android users via a dropper app named TrustBastion, often promoted through…
KnowBe4 feiert ein Jahrzehnt KI-Innovation mit sieben aktiven KI-Agenten auf dem Markt

Jan 30, 2026 12:21 PM

Tags: ai, cyersecurity, defense, intelligence

KnowBe4 blickt auf ein Jahrzehnt Pionierarbeit im Bereich der künstlichen Intelligenz (KI) in der Cybersicherheit zurück. In diesem Jahr feiert das Unternehmen das zehnjährige Jubiläum seit der Veröffentlichung der Beta-Version von AIDA (Artificial Intelligence Defense Agents). Dieser Meilenstein stärkt die Position von KnowBe4 bei Sicherheitstrainings von Menschen und KI-Agenten sowie seine Position als einziger Anbieter…
KnowBe4 feiert zehn Jahre KI-Innovation mit sieben AI Defense Agents im Einsatz

Jan 30, 2026 12:21 PM

Tags: ai, defense, phishing, smishing

Bereits seit 2016 arbeitet KnowBe4 auf Basis von über 15 Jahren gesammelter Daten zu Benutzerverhalten und Bedrohungsinformationen an KI-gesteuerten Sicherheitslösungen. Das Unternehmen kombinierte frühzeitig Phishing, Vishing und Smishing First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-feiert-zehn-jahre-ki-innovation-mit-sieben-ai-defense-agents-im-einsatz/a43511/
Measuring Agentic AI Posture: A New Metric for CISOs

Jan 30, 2026 5:21 AM

Tags: access, ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, intelligence, metric, radius, risk, strategy, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
The Agentic AI Posture Score: A New Metric for CISOs

Jan 29, 2026 6:25 PM

Tags: ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, metric, radius, risk, strategy, threat, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems

Jan 29, 2026 4:26 PM

Tags: access, cyber, defense, detection, edr, endpoint, exploit, infrastructure, monitoring, tool, windows

Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and Response (EDR) solutions have significantly hardened defenses against conventional registry persistence techniques. Classic methods using…
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components

Jan 29, 2026 4:26 PM

Tags: backdoor, cyber, defense, malicious, malware, ransomware, service

Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…
How Can CISOs Respond to Ransomware Getting More Violent?

Jan 29, 2026 3:24 PM

Tags: business, ciso, defense, mfa, ransomware, update

Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
NIST’s AI guidance pushes cybersecurity boundaries

Jan 29, 2026 9:23 AM

Tags: access, ai, ciso, control, cybersecurity, data, defense, exploit, framework, intelligence, nist, risk, risk-assessment, software, threat

The limits of ‘AI is just software’: NIST’s instinct to frame AI as an extension of traditional software allows organizations to reuse familiar concepts, risk assessment, access control, logging, defense in depth, rather than starting from zero. Workshop participants repeatedly emphasized that many controls do transfer, at least in principle.But some experts argue that the…
Acting CISA Chief Flagged for Uploading Sensitive Government Files Into ChatGPT

Jan 29, 2026 8:21 AM

Tags: chatgpt, cisa, cyber, cybersecurity, defense, government

The acting head of the federal government’s top cyber defense agency triggered an internal cybersecurity warning last summer after uploading sensitive government documents into a public version of ChatGPT, according to four Department of Homeland Security officials familiar with the incident. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-chief-internal-cybersecurity-warning/
Old Windows quirks help punch through new admin defenses

Jan 28, 2026 3:21 PM

Tags: defense, google, windows

Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/google_windows_admin_exploit/
Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority

Jan 27, 2026 6:24 PM

Tags: breach, cybersecurity, defense, extortion, healthcare, risk

A new report from Trellix reviews the biggest breaches, describes the most effective defenses and profiles the most dangerous attackers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/health-care-cybersecurity-threats-report-trellix/810608/
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

Jan 27, 2026 4:21 PM

Tags: defense, malware, windows

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/malware-delivery-via-windows-app-v-lolbin/
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

Jan 27, 2026 2:21 PM

Tags: attack, cybersecurity, defense, exploit, threat, vulnerability

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.Which exposures truly matter? Can attackers exploit them? Are our defenses effective?Continuous Threat Exposure First…
Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

Jan 27, 2026 5:20 AM

Tags: authentication, bug-bounty, control, corporate, defense, email, github, guide, hacker, malicious, malware, microsoft, vulnerability

disabling the ability to run lifecycle scripts, commands that run automatically during package installation,saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if…
NDSS 2025 ERW-Radar

Jan 26, 2026 7:21 PM

Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, software

Authors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Jan 26, 2026 4:21 PM

Tags: attack, defense, hacker, threat

The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
Lazarus Hackers Target European Drone Manufacturers in Active Campaign

Jan 26, 2026 4:21 PM

Tags: attack, cyber, cyberespionage, defense, group, hacker, hacking, korea, lazarus, north-korea

The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…