Collecting Cyber-News from over 60 sources

Tag: detection

Watchguard übernimmt CloudSpezialisten Perimeters.io und erweitert das Cloud-Sicherheitsportfolio

May 6, 2026 11:50 PM

Tags: cloud, detection, usa

Mit der gerade bekannt gegebenen Akquise des in den USA ansässigen Unternehmens Perimeters.io sichert sich Watchguard Technologies zusätzliche Kompetenz im Bereich Cloud-Application- Security. Zeitgleich wurde bereits die Lösung <> (CloudDR) vorgestellt, die auf der Sicherheitstechnologie von Perimeters basiert. CloudDR bietet durchgängige Transparenz, integrierte Erkennung und automatisierte Reaktionsmöglichkeiten für Cloud-Anwendungen über eine […] First seen on…
New malware turns Linux systems into P2P attack networks

May 6, 2026 2:48 PM

Tags: access, attack, authentication, backdoor, control, credentials, detection, framework, linux, login, malicious, malware, monitoring, network, password, service, tool

Persistence through rootkits and PAM backdoors: The researchers also wrote of QLNX’s use of rootkits and Linux Pluggable Authentication Modules (PAM) to establish long term persistence. According to Trend Micro, the malware leverages rootkit functionality to conceal malicious activity, processes, and components from administrative tools and security monitoring systems.The malware was also observed tampering with…
When the Breach Gets In Through the CEO’s Inbox, Not the Firewall

May 6, 2026 1:48 PM

Tags: authentication, breach, ceo, detection, endpoint, firewall, framework, mfa, vulnerability, zero-trust

Security teams have put in a lot of effort in the last decade to make sure that security parameters are as robust as possible. Because of this, zero trust frameworks, multi-factor authentication, endpoint detection, patched vulnerabilities have become baseline requirements for security. The technical stack for security has never been more sophisticated. And yet, breaches…
Train like you fight: Why cyber operations teams need no-notice drills

May 6, 2026 11:48 AM

Tags: breach, business, cloud, communications, credentials, cyber, cybersecurity, detection, framework, healthcare, injection, login, military, psychology, ransomware, risk, skills, soc, threat, training, update

The Yerkes-Dodson inverted-U curve: Performance rises with arousal to an optimal point, then falls sharply.Wikimedia Commons, CC-ZeroWhat repeated no-notice drills do is shift a team’s position on that curve. By building familiarity with threat-level arousal, they raise the threshold at which stress becomes performance-impairing. The stimulus is no longer novel. The cascade is shorter. Executive…
Cutting the cost of SIEM rule conversion

May 6, 2026 7:47 AM

Tags: detection, siem

You inherit two thousand detection rules from an acquisition. They are written for a platform your company does not use. Your senior detection engineer estimates six months to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/arulecon-siem-rule-conversion/
BlueVoyant Prepares SaaS Push Under New CEO John Hernandez

May 6, 2026 12:44 AM

Tags: ai, business, ceo, detection, microsoft, risk, saas, service, supply-chain

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs. BlueVoyant named John Hernandez – the former leader of Quest’s Microsoft security business – as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.…
Researchers report Amazon SES abused in phishing to evade detection

May 5, 2026 11:47 PM

Tags: cybersecurity, detection, email, kaspersky, phishing, service

Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/researchers-report-amazon-ses-abused-in-phishing-to-evade-detection/
Trellix Source Code Breach Highlights Growing Supply Chain Threats

May 5, 2026 11:47 PM

Tags: breach, control, detection, supply-chain, threat

Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trellix-source-code-breach-supply-chain-threats
Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor

May 5, 2026 3:48 PM

Tags: backdoor, cyber, detection, group, india, phishing, rat, russia

Silver Fox is running a tax”‘themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campaign shows how the group is steadily evolving from commodity RAT delivery to…
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

May 5, 2026 1:48 PM

Tags: access, control, credentials, data, detection, infection, infrastructure, malicious, malware, microsoft, phone, rat, rust, startup, theft, threat, tool, update, windows

Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
Attackers Exploit Amazon SES to Send Authenticated Phishing Emails

May 5, 2026 11:47 AM

Tags: control, cyber, detection, email, exploit, phishing, service, threat

Attackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while tricking victims into revealing sensitive data. To achieve this, threat actors continuously refine their techniques, using…
RMM Tools Fuel Stealthy Phishing Campaign

May 4, 2026 11:51 PM

Tags: detection, monitoring, phishing, tool

Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rmm-tools-stealthy-phishing-campaign
Amazon SES increasingly abused in phishing to evade detection

May 4, 2026 10:49 PM

Tags: detection, email, phishing, service

The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-ses-increasingly-abused-in-phishing-to-evade-detection/
prompted 2026 Why Most ML Vulnerability Detection Fails

May 4, 2026 6:48 PM

Tags: ai, detection, ml, vulnerability

Author, Creator & Presenter: Jenny Guanni Qu, AI Researcher At Pebblebed Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/unprompted-2026-why-most-ml-vulnerability-detection-fails/
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware

May 4, 2026 2:49 PM

Tags: detection, malware, microsoft, threat, update

What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them…The…
The fake IT worker problem CISOs can’t ignore

May 4, 2026 11:48 AM

Tags: access, ai, breach, business, captcha, cio, ciso, compliance, computer, control, credentials, crowdstrike, data, detection, edr, endpoint, fedramp, fraud, gartner, iam, identity, jobs, linkedin, mitigation, monitoring, network, north-korea, office, phone, risk, skills, tool, training, zero-trust

What to do if you suspect a fake IT worker: When a CIO suspects a fake IT worker, next steps are important as the issue shifts from recruitment to insider risk management.During his time at MongoDB, George Gerchow, IANS faculty advisor and Bedrock Data CSO, oversaw the investigation after the company detected it had unknowingly…
How CISOs should utilize data security posture management to inform risk

May 4, 2026 11:48 AM

Tags: access, ai, automation, business, ciso, compliance, control, cyber, data, detection, finance, iam, incident response, monitoring, open-source, remote-code-execution, risk, service, siem, software, tool, update, vulnerability

Applying the principles at any maturity level: Whether you’re working with a full DSPM platform, a lightweight open-source scanner or even manual data inventories, CISOs can use this thinking to apply quantification (or at least an order of magnitude) to risk decisions. For example, you may have a written policy in place that a database…
AI-Powered Threat Actors Accelerate 0-Day Discovery at Machine Speed

May 4, 2026 10:52 AM

Tags: ai, cyber, detection, exploit, threat, zero-day

Threat actors are already using AI models as autonomous operators to discover and exploit 0″‘days in minutes, thereby collapsing the time and cost required to run complex intrusion campaigns. This shift, first clearly visible in late 2025 operations, is forcing defenders to rethink detection, containment, and even how they define insider risk. Until 2025, attackers…
DigiCert Root Certificates Incorrectly Detected as Malware by Microsoft Defender

May 4, 2026 9:48 AM

Tags: cyber, detection, malware, microsoft, threat, windows

On May 3, 2026, system administrators and everyday users worldwide experienced a sudden, massive spike in severe security alerts from Microsoft Defender. The native Windows security platform began aggressively flagging system files as >>Trojan:Win32/Cerdigent.A!dha.<< This unexpected detection caused widespread panic across IT departments, leading many professionals to believe a sophisticated threat actor had actively compromised…
What researchers learned about building an LLM security workflow

May 4, 2026 7:48 AM

Tags: detection, LLM, tool

Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/building-llm-security-workflow/
Addressing the Edge Security Paradox

May 3, 2026 10:50 AM

Tags: data, defense, detection, infrastructure, network, threat

The paradox of edge security describes how technologies designed to strengthen network defenses can also create new vulnerabilities. Edge devices improve performance and support localized threat detection by processing data closer to its source, yet modern enterprise environments often operate thousands of distributed endpoints. This rapid expansion of edge infrastructure increases the number of systems..…
Claude Security Enters Public Beta for Enterprise Customers

May 1, 2026 7:42 AM

Tags: ai, application-security, cyber, detection, exploit, tool, vulnerability

Anthropic has officially launched the public beta of Claude Security, an advanced vulnerability detection and remediation tool now available to Claude Enterprise customers. Powered by the highly capable Claude Opus 4.7 model, this platform shifts application security testing from basic pattern matching to deep, contextual analysis. As AI accelerates the timeline between discovering and exploiting…
Malicious PyTorch Lightning Packages Found on PyPI

May 1, 2026 5:39 AM

Tags: attack, best-practice, breach, cloud, control, credentials, data, data-breach, detection, endpoint, exploit, github, infrastructure, malicious, malware, network, open-source, pypi, risk, service, supply-chain, threat, tool, unauthorized, update

<div cla TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions. If downloaded, these malicious versions have likely…
Deep#Door Python Backdoor Evades Detection On Windows

Apr 30, 2026 5:39 PM

Tags: backdoor, credentials, detection, rat, windows

Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deepdoor-python-backdoor-windows/
Benchmarking AI Pentesting Tools: A Practical Comparison

Apr 30, 2026 2:40 PM

Tags: ai, detection, penetration-testing, tool, vulnerability

We benchmarked 4 AI pentesting tools: Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/benchmarking-ai-pentesting-tools-a-practical-comparison/
Benchmarking AI Pentesting Tools: A Practical Comparison

Apr 30, 2026 2:40 PM

Tags: ai, detection, penetration-testing, tool, vulnerability

We benchmarked 4 AI pentesting tools: Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/benchmarking-ai-pentesting-tools-a-practical-comparison/
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

Apr 30, 2026 2:40 PM

Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trust

What it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
WAF Defense in Crisis? NSFOCUS Locks Down “Ghost Bits” Attacks in Advance

Apr 30, 2026 12:39 PM

Tags: attack, defense, detection, flaw, risk, threat, waf

Incident Review In April 2026, Black Hat Asia 2026 disclosed a systematic security threat named Ghost Bits, targeting underlying encoding flaws in the Java ecosystem that can render mainstream WAF/IDS defenses completely ineffective. The core of this risk lies in inconsistent encoding interpretations of the same input between the security detection chain and the application……