Tag: detection

New phishing attack leverages PDFs and Dropbox

Feb 3, 2026 5:13 AM

Tags: access, attack, authentication, awareness, business, cloud, control, detection, email, hacker, infrastructure, login, mail, mfa, phishing, service, threat, tool, training, zero-trust

Masquerading as a safe document format: But after so many warnings about this over time, why are people still so trusting of PDFs and Dropbox?”Because, historically, they’ve actually been trained to be,” said Avakian. PDFs are routinely used in the business world and have been positioned as a safe, read-only document format for invoices, contracts,…
Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security

Feb 3, 2026 12:13 AM

Tags: access, ai, api, attack, data, data-breach, detection, exploit, governance, hacker, healthcare, intelligence, malicious, risk, technology, threat, tool, waf

The “Good Enough” Trap If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked…
Anomalous Prompt Injection Detection in Quantum-Encrypted MCP Streams

Feb 2, 2026 5:14 PM

Tags: ai, detection, injection

Learn how to detect anomalous prompt injections in quantum-encrypted MCP streams using ai-driven behavioral analysis and post-quantum security frameworks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/anomalous-prompt-injection-detection-in-quantum-encrypted-mcp-streams/
How risk culture turns cyber teams predictive

Feb 2, 2026 3:14 PM

Tags: access, compliance, control, credentials, cyber, cybersecurity, data-breach, detection, identity, intelligence, jobs, ransomware, resilience, risk, service

Risk culture: What it is when you strip the slogans: People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at…
This stealthy Windows RAT holds live conversations with its operators

Feb 2, 2026 2:13 PM

Tags: access, data, detection, injection, malware, mitigation, monitoring, powershell, rat, reverse-engineering, theft, windows

RAT capabilities and stealer functionality: The .NET payload implements a remote access trojan that allows operators to interact directly with compromised systems. Unlike many commodity RATs that rely on periodic check-ins, this malware supports live command handling, enabling attackers to issue instructions and receive responses in near real-time.This interactive design allows operators to perform reconnaissance,…
NDSS 2025 Silence False Alarms

Jan 31, 2026 9:15 PM

Tags: blockchain, china, conference, cyber, data, detection, finance, Internet, network, tool, vulnerability

Session 11A: Blockchain Security 2 Authors, Creators & Presenters: Qiyang Song (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Heqing Huang (Institute of Information Engineering, Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of…
Ivanti patches two actively exploited critical vulnerabilities in EPMM

Jan 31, 2026 9:15 PM

Tags: access, apache, backup, data, detection, exploit, ivanti, malicious, mobile, network, password, penetration-testing, service, siem, software, update, vpn, vulnerability

install rpm url [patch_url] command.The RPM_12.x.0.x patch is applicable to EPMM software versions 12.5.0.x, 12.6.0.x, and 12.7.0.x. It is also compatible with the older 12.3.0.x and 12.4.0.x versions. Meanwhile the RPM_12.x.1.x patch is applicable to versions 12.5.1.0 and 12.6.1.0.”The RPM script does not survive a version upgrade,” the company warns. “If after applying the RPM…
A Head Start on Emerging Vulnerabilities with The Pentest Tool You Need!

Jan 30, 2026 5:22 PM

Tags: ai, cybersecurity, detection, malicious, penetration-testing, tactics, tool, vulnerability

The world of cybersecurity is undergoing a seismic shift. In 2026, AI-driven pentest tools are set to redefine how we approach vulnerability detection and exploitation. The conventional pentesting methods, which have served as the backbone of security assessments for decades, cannot be replaced, but given the hi-tech tactics of the malicious contemporaries, these tools simply……
MCP security: How to prevent prompt injection and tool poisoning attacks

Jan 30, 2026 4:22 PM

Tags: access, ai, api, attack, authentication, automation, best-practice, business, ceo, communications, control, credentials, data, defense, detection, email, endpoint, exploit, framework, github, governance, guide, incident response, infrastructure, injection, least-privilege, LLM, malicious, monitoring, network, radius, risk, service, siem, software, sql, supply-chain, threat, tool, unauthorized, vulnerability

The Model Context Protocol (MCP) has quickly become the open protocol that enables AI agents to connect securely to external tools, databases, and business systems. But this convenience comes with security risks. MCP servers store sensitive credentials, handle business logic, and connect to APIs. This makes them prime targets for attackers who have learned to…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses

Jan 30, 2026 4:22 PM

Tags: android, control, cyber, defense, detection, exploit, infrastructure, malicious, rat, service, social-engineering

A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid polymorphism. The campaign targets Android users via a dropper app named TrustBastion, often promoted through…
Inside Real-World SOC Detections: A Practical View of Modern Attack Patterns

Jan 29, 2026 8:22 PM

Tags: attack, credentials, cyberattack, detection, endpoint, identity, network, service, soc, tool

Executive Overview Modern cyberattacks rarely appear as a single loud event. Instead, they unfold as low-and-slow sequences across endpoints, networks, and identity platforms. Attackers blend into normal enterprise activity, using legitimate tools, valid credentials, and trusted services to evade traditional detection. This analysis presents real-world attack detections observed in enterprise environments, illustrating how correlated endpoint,…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems

Jan 29, 2026 4:26 PM

Tags: access, cyber, defense, detection, edr, endpoint, exploit, infrastructure, monitoring, tool, windows

Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and Response (EDR) solutions have significantly hardened defenses against conventional registry persistence techniques. Classic methods using…
Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Jan 28, 2026 10:25 PM

Tags: advisory, ai, container, detection, network, risk, tool, vulnerability

Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed,” the official advisory reads. “This allows attackers to escape the sandbox and run arbitrary code.” Sandboxes like vm2 are needed by web and other Node-based applications whose functionality enables users or tools to upload and execute scripts. Because user-controlled code is untrusted by nature, it cannot be allowed…
Memcyco Gets $37M to Fight AI-Powered Impersonation Attacks

Jan 28, 2026 1:21 AM

Tags: ai, attack, detection, risk, scam, startup

Digital Risk Protection Startup to Expand Preemptive Scam Detection Tools. With brand impersonation and account takeover attacks surging, Memcyco raised $37 million in Series A funding to scale its preemptive scam detection platform. The firm plans to grow its sales team, develop AI-based features and support new product launches in the coming year. First seen…
NDSS 2025 On the Robustness Of LDP Protocols For Numerical Attributes Under Data Poisoning Attacks

Jan 27, 2026 10:25 PM

Tags: attack, conference, data, detection, group, Internet, metric, network, oracle, privacy, vulnerability

Session 10C: Privacy Preservation Authors, Creators & Presenters: Xiaoguang Li (Xidian University, Purdue University), Zitao Li (Alibaba Group (U.S.) Inc.), Ninghui Li (Purdue University), Wenhai Sun (Purdue University, West Lafayette, USA) PAPER On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks Recent studies reveal that local differential privacy (LDP) protocols are…
AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report

Jan 27, 2026 10:25 PM

Tags: access, ai, attack, automation, chatgpt, compliance, control, data, detection, finance, google, governance, infrastructure, injection, insurance, intelligence, malicious, malware, microsoft, ml, monitoring, RedTeam, risk, saas, social-engineering, supply-chain, tactics, technology, threat, tool, vulnerability, zero-trust

Artificial intelligence and machine learning (AI/ML) are no longer emerging capabilities inside enterprise environments. In 2025, they became a persistent operating layer for how work gets done. Developers ship faster, marketers generate more content, analysts automate research, and IT teams rely on AI to streamline troubleshooting and operations. The productivity gains are real, but so…
NDSS 2025 Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach

Jan 27, 2026 10:25 PM

Tags: attack, conference, cyber, detection, exploit, Internet, monitoring, network, phishing, ransomware, risk, windows, zero-day

Session 10B: Ransomware Authors, Creators & Presenters: Christian van Sloun (RWTH Aachen University), Vincent Woeste (RWTH Aachen University), Konrad Wolsing (RWTH Aachen University & Fraunhofer FKIE), Jan Pennekamp (RWTH Aachen University), Klaus Wehrle (RWTH Aachen University) PAPER Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Ransomware attacks have become one of the most widely…
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability

Jan 27, 2026 4:21 PM

Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerability

Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…
Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain

Jan 27, 2026 5:20 AM

Tags: ai, detection, soc

What SOC teams need to monitor, triage, and contain when clawdbot-like agentic AI assistants. Includes detection signals, triage questions, and a containment playbook. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/clawdbot-style-agentic-assistants-what-your-soc-should-monitor-triage-and-contain/
Upwind Secures $250M to Extend CNAPP to AI, Data Security

Jan 27, 2026 12:20 AM

Tags: ai, cloud, data, detection, startup

Series B Round at $1.5B Valuation Backs Push Into AI, Application and Data Security. Cloud security startup Upwind has raised $250 million to expand its CNAPP capabilities beyond detection and response. The company aims to accelerate engineering investment and move into high-demand categories such as AI and data security, achieving a $1.5 billion valuation. First…
Rethinking Cybersecurity in a Platform World

Jan 27, 2026 12:20 AM

Tags: cio, ciso, cloud, compliance, cybersecurity, detection, endpoint, firewall, iam, threat, tool

How Consolidation Is Forcing CISOs and CIOs to Rethink Security Architecture For more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools – endpoint detection, firewalls, cloud security and IAM – each designed to address a specific threat or compliance requirement. But that approach is starting to break down.…
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1

Jan 26, 2026 9:21 PM

Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windows

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
NDSS 2025 ERW-Radar

Jan 26, 2026 7:21 PM

Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, software

Authors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
Identity Fraud: The New Crimewave Targeting Remote Work

Jan 26, 2026 6:21 PM

Tags: breach, deep-fake, detection, fraud, identity

The Urgency of High-Assurance Identity Proofing Amid Growing Identity Fraud Remote work has fueled a new crimewave built on stolen and synthetic identities. As deepfakes scale, high-assurance identity proofing – combining biometrics, liveness detection and verified IDs – becomes essential to verify users, prevent impersonation and protect enterprise access. First seen on govinfosecurity.com Jump to…
Identity Fraud: The New Crimewave Targeting Remote Work

Jan 26, 2026 6:21 PM

Tags: breach, deep-fake, detection, fraud, identity

The Urgency of High-Assurance Identity Proofing Amid Growing Identity Fraud Remote work has fueled a new crimewave built on stolen and synthetic identities. As deepfakes scale, high-assurance identity proofing – combining biometrics, liveness detection and verified IDs – becomes essential to verify users, prevent impersonation and protect enterprise access. First seen on govinfosecurity.com Jump to…
What capabilities should AI have for advanced threat detection?

Jan 26, 2026 7:21 AM

Tags: ai, cloud, detection, infrastructure, threat

How Secure Are Your Machine Identities in the Cloud Environment? Have you ever pondered the extent to which machine identities are secured within your organization’s cloud infrastructure? ×™×§×¨×§ businesses increasingly migrate to cloud environments, the management of Non-Human Identities (NHIs) has become a crucial aspect of a comprehensive security strategy. Machine identities, which are often……
Anomaly Detection in Post-Quantum AI Orchestration Workflows

Jan 26, 2026 5:21 AM

Tags: ai, cryptography, detection

Discover how to secure AI orchestration workflows using post-quantum cryptography and AI-driven anomaly detection for Model Context Protocol (MCP) environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/anomaly-detection-in-post-quantum-ai-orchestration-workflows/
Anomaly Detection in Post-Quantum AI Orchestration Workflows

Jan 26, 2026 5:21 AM

Tags: ai, cryptography, detection

Discover how to secure AI orchestration workflows using post-quantum cryptography and AI-driven anomaly detection for Model Context Protocol (MCP) environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/anomaly-detection-in-post-quantum-ai-orchestration-workflows/