Tag: detection
-
Why application security must start at the load balancer
Tags: application-security, attack, authentication, breach, business, compliance, control, credentials, defense, detection, encryption, exploit, finance, guide, healthcare, identity, incident response, infrastructure, Internet, nist, risk, service, technology, threat, tool, waf, zero-trustInternet traffic hits the load balancerThe load balancer forwards traffic as fast as possibleSecurity happens laterThe problem is simple. If the first system doesn’t enforce trust, everything behind it is already compromised by design. Example 1: Financial services: The team invested heavily in downstream security tools. But the load balancer accepted weak TLS versions and…
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
Ransomware groups switch to stealthy attacks and long-term access
Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
-
Microsoft Defender Enhances Security with URL Click Alerts for Microsoft Teams
Microsoft is expanding its threat detection capabilities by extending Microsoft Defender for Office 365 (MDO) URL click alerting into Microsoft Teams. This critical update allows security teams to detect, investigate, and respond to potentially malicious link clicks within Teams messages, expanding threat monitoring beyond traditional email vectors. By surfacing these alerts, organizations can identify threats…
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…
-
Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security
Tags: access, ai, business, ciso, cloud, compliance, control, data, data-breach, detection, email, endpoint, infrastructure, leak, microsoft, monitoring, risk, risk-management, saas, toolWhen Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate. For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it…
-
Emulating the Systematic LokiLocker Ransomware
AttackIQ has released a new attack graph that emulates the behaviors of LokiLocker ransomware, a .NET based strain active since at least mid-August 2021. The malware combines defense evasion and impact techniques, including disabling Task Manager and Windows Firewall, as well as deleting Volume Shadow Copies to hinder detection and prevent restoration. First seen on…
-
How to Cut MTTR by Improving Threat Visibility in Your SOC
How better threat visibility and real-time intelligence reduce MTTR, improve SOC response speed, and strengthen resilience through faster detection and containment. First seen on hackread.com Jump to article: hackread.com/how-to-cut-mttr-improving-threat-visibility-soc/
-
Phishing”‘Led Agent Tesla Campaign Uses Process Hollowing and Anti”‘Analysis to Evade Detection
Agent Tesla continues to cement its status as one of the most persistent remote access trojans (RATs) in the global threat landscape. Known for its data”‘stealing capabilities and extensive distribution network, this malware remains a weapon of choice for low”‘skilled cybercriminals seeking sophisticated results. The latest variant follows a multi”‘stage delivery sequence involving several fileless…
-
What is Polymorphic Malware?
Malware continues to evolve, becoming more sophisticated and harder to detect. One of the most challenging types is polymorphic malware, malicious software that constantly changes its code to evade detection by traditional security systems. In a world where cyber threats are growing in scale and complexity, understanding how polymorphic malware works and how to… First…
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
AI-Driven Behavioral Heuristics for Quantum-Era Threat Detection
Explore how AI-driven behavioral heuristics and post-quantum security protect Model Context Protocol (MCP) deployments from advanced AI-age threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-driven-behavioral-heuristics-for-quantum-era-threat-detection/
-
AI Shocks the Cybersecurity Market
Tags: ai, business, compliance, crowdstrike, cybersecurity, data, defense, detection, governance, identity, incident response, intelligence, ml, okta, risk, service, software, threat, tool, update, vulnerabilityThe cybersecurity market was jolted last week after Anthropic dropped a bombshell announcement. The company’s new AI Claude model identified 500 previously unknown high-risk vulnerabilities hidden in widely used software. That is not a minor milestone. It is a technically significant achievement and a clear demonstration of how quickly AI capabilities are advancing. What came…
-
AI Shocks the Cybersecurity Market
Tags: ai, business, compliance, crowdstrike, cybersecurity, data, defense, detection, governance, identity, incident response, intelligence, ml, okta, risk, service, software, threat, tool, update, vulnerabilityThe cybersecurity market was jolted last week after Anthropic dropped a bombshell announcement. The company’s new AI Claude model identified 500 previously unknown high-risk vulnerabilities hidden in widely used software. That is not a minor milestone. It is a technically significant achievement and a clear demonstration of how quickly AI capabilities are advancing. What came…
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
IP Lookup for Enterprise Authentication: How to Use IP Reputation, VPN/Proxy Detection, and Risk-Based MFA
Learn how IP lookup, reputation checks, VPN detection, and risk-based MFA strengthen enterprise authentication and prevent fraud. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ip-lookup-for-enterprise-authentication-how-to-use-ip-reputation-vpn-proxy-detection-and-risk-based-mfa/
-
Zwei Drittel der Sicherheitsvorfälle lassen sich auf Schwachstellen im Zusammenhang mit Identitäten zurückführen
Sophos stellt seinen neuen Active-Adversary-Report 2026 vor, der die Ergebnisse aus der Analyse von weit mehr als 600 realen Cyberangriffen präsentiert. Die Forschungen der Sophos- Incident-Response (IR)- und Managed-Detection and Response (MDR)-Teams bestätigen, dass die Masche Identitätsklau weiter auf dem Vormarsch ist 67 Prozent aller untersuchten Vorfälle waren identitätsbezogene Angriffe. Die Telemetrieauswertung zeigt, […]…
-
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
NDSS 2025 Generating API Specifications For Bug Detection Via Specification Propagation Analysis
Session 13B: API Security Authors, Creators & Presenters: Miaoqian Lin (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi…
-
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize…
-
NDSS 2025 Generating API Parameter Security Rules With LLM For API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
-
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
The stealer employs a broad data-theft toolkit: The researchers noted that the Python implementation acts as a wide-net data harvester. It collects system information, extracts browser-stored data, and pulls details from communication platforms, including Telegram and Discord. Additional modules target VPN configurations, retrieve selected files from the host, and can deliver other payloads, suggesting the…