Tag: detection
-
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
A sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden within PNG images. The activity was initially detected by LevelBlue’s Managed Detection and Response (MDR) SOC through a SentinelOne alert involving a suspicious VBS file. The file, identified as Name_File.vbs, was located in a public downloads directory…
-
AI is breaking traditional security models, Here’s where they fail first
AI triage redefines the security team’s role : As AI systems increasingly triage vulnerabilities with high confidence, security teams face a subtle but consequential shift in responsibility. People no longer debate whether AI can reduce noise. It demonstrably can. The harder question is which responsibilities remain with security teams once triage is automated. Are they accountable for…
-
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks or months to uncover, infostealer infections move at machine speed. A typical scenario begins when…
-
Julius v0.2.0: From 33 to 63 Probes, Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines
TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and……
-
AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source
Alert fatigue is a persistent problem in security operations, but AiStrike is framing it as a symptom of a deeper issue: poor detection quality. At RSAC 2026, the company announced Continuous Detection Engineering, a capability designed to shift SOC teams from reactive alert triage toward ongoing, intelligence-driven detection optimization. The company’s own analysis across enterprise..…
-
AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source
Alert fatigue is a persistent problem in security operations, but AiStrike is framing it as a symptom of a deeper issue: poor detection quality. At RSAC 2026, the company announced Continuous Detection Engineering, a capability designed to shift SOC teams from reactive alert triage toward ongoing, intelligence-driven detection optimization. The company’s own analysis across enterprise..…
-
Cy4Data Labs Brings Real-Time Insider Threat Detection to RSAC 2026
Cy4Data Labs announced at RSAC 2026 that its flagship platform Cy4Secure now includes a Behavior Engine for insider threat detection, designed to bring the time it takes to identify and contain a data breach from more than 200 days down to seconds. The Behavior Engine is built around a three-phase response model: Detect, Deny, Eject……
-
Introducing Castle’s Research Team
How we think about research at Castle Bot detection and fraud prevention are adversarial by default. It is a cat-and-mouse game: attackers iterate, defenders respond, and the cycle keeps moving. AI has accelerated this dynamic on both sides. Attackers use it to quickly develop new bots, scale manual fraud operations, First seen on securityboulevard.com Jump…
-
Huntress Brings ITDR to Google Workspace as Identity Attacks Surge
Huntress has announced it is extending its Managed Identity Threat Detection and Response (ITDR) solution to Google Workspace, marking a significant expansion of the company’s cloud identity security coverage and coming at a telling moment. The announcement, made today at RSA Conference in San Francisco, coincides with Huntress surpassing 10 million Microsoft 365 identities protected…
-
New ‘StoatWaffle’ malware auto”‘executes attacks on developers
Tags: attack, detection, group, infrastructure, jobs, korea, malicious, malware, north-korea, threatContagious Interview, revisited: StoatWaffle isn’t an isolated campaign. It’s the latest chapter in the Contagious Interview attacks, widely attributed to North Korea-linked threat actors tracked as WaterPlum.Historically, this campaign has targeted developers and job seekers through fake interview processes, luring them into running malicious code under the guise of technical assessments. Previously, the campaign weaponized…
-
GitHub-hosted malware campaign uses split payload to evade detection
A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-malware-split-payload/
-
GitHub just made it much harder to ship a vulnerable pull request
GitHub is expanding its application security capabilities with AI-powered security detections designed to identify risks earlier in the development process, with public … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-ai-powered-detections-code-scanning/
-
GitHub just made it much harder to ship a vulnerable pull request
GitHub is expanding its application security capabilities with AI-powered security detections designed to identify risks earlier in the development process, with public … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/github-ai-powered-detections-code-scanning/
-
Why CISOs should embrace AI honeypots
Tags: access, ai, api, attack, breach, business, ciso, credentials, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, hacker, LLM, mitigation, open-source, RedTeam, risk, service, threat, tool, vulnerabilityWhy CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these…
-
Dataminr Launches Cyber Defense Suite That Fuses External Threat Signals With Internal Telemetry
Dataminr used RSAC 2026 to roll out Dataminr for Cyber Defense, a new product suite the company says is designed to move security teams from alert-driven response to preemptive, risk-prioritized action. The suite aims to combine Dataminr’s real-time event and threat detection with an organization’s internal telemetry so teams can quickly determine what matters to..…
-
Expel Launches Managed SIEM to Take Detection Engineering Off Security Teams’ Plates
Expel launched Managed SIEM on Monday at RSAC 2026, a co-managed service that puts the company’s detection engineers directly inside customers’ Microsoft Sentinel and Splunk Enterprise Security environments. The service is designed to address what Expel calls a fundamental mismatch between what SIEMs promise and what security teams actually end up spending time on. Most..…
-
Tuskira Unveils Federated Detection Engine at RSAC 2026
Tuskira announced its Federated Detection Engine at RSA Conference 2026, adding a new capability to its Agentic SecOps platform that lets security teams detect threats in real time directly across cloud, identity, endpoint, network, SaaS, infrastructure, and legacy SIEM environments without centralizing logs first. The traditional model of detection engineering depends on pulling data into..…
-
BSidesSLC 2025 So You Think You Can Detect? Lisa Li On Detection Testing In Production
Author, Creator & Presenter: Lisa Li , Security Engineer at Scale AI Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-so-you-think-you-can-detect-lisa-li-on-detection-testing-in-production/
-
Defenseless Defenders: Exploring Endpoint Detection and Response (EDR) Inhibitors
Learn how adversaries are shifting from evasion to systematically dismantling endpoint defenses to eliminate visibility, enforcement, and response. Explore how modern EDR inhibition techniques abuse legitimate system features and vulnerable drivers to quietly degrade protections with minimal detection. Understand why this once-advanced tradecraft is now standard practice”, and how it creates a critical blind spot…
-
Straiker Launches Discover AI and Expands Defend AI to Secure Enterprise Agent Deployments
Straiker arrived at RSAC 2026 with two products aimed squarely at the growing security gap in enterprise AI deployments: Discover AI, a new agent inventory and risk detection tool, and an expanded version of Defend AI built to handle the specific behaviors of coding agents, productivity agents, and custom-built agent platforms. The premise behind both..…
-
SentinelOne Announces AI Agent Security, Red Teaming, and Auto Investigation GA at RSAC 2026
SentinelOne used RSAC 2026 to push deeper into AI-native security, announcing four new offerings that extend its platform from threat detection into the governance and testing of AI systems themselves. The first is Prompt AI Agent Security, a real-time discovery and governance control plane built for AI agents and agentic workflows. It monitors and enforces..…
-
Kritische Lücke zwischen Erkennung und Eindämmung von Cyberangriffen
98 % der deutschen Organisationen sind überzeugt, Angriffe erkennen zu können doch fast 40 % haben Schwierigkeiten, sie zu stoppen, während die Anzahl KI-gestützter Angriffe weiter zunimmt. Die Studie »The Containment Gap Exploring the Distance Between Detection and Resilience« hat CyberEdge Group im Auftrag von Illumio durchgeführt (Bildquelle: Illumio) Eine neue… First seen on ap-verlag.de…
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Three
Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Your Lateral Movement Detection Tools Are Missing 90% of Attacks. Here’s Why.
Compare lateral movement detection tools vs. Attack Path Discovery. Understand how Morpheus AI correlates full attack paths in under 2 minutes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/your-lateral-movement-detection-tools-are-missing-90-of-attacks-heres-why/
-
TDL 018 – How To Think, Not What To Think – Mitch Prior
Tags: access, ai, apple, attack, backup, blockchain, business, cctv, china, ciso, cloud, computer, conference, control, credentials, cvss, cyber, cybersecurity, data, defense, detection, exploit, finance, firmware, google, infrastructure, intelligence, Internet, iot, jobs, law, mail, malware, military, network, phone, privacy, resilience, risk, router, software, strategy, switch, technology, threat, tool, vulnerability, wifi, zero-trustThe Human Algorithm in a Zero-Trust World In the latest episode of The Defender’s Log, host David Redekop sits down with cybersecurity expert Mitch Prior to discuss the intersection of high-tech security and human intuition. From their first meeting in 2018″, the early days of Zero Trust”, the duo explores why the “why” behind technical…
-
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result, First seen…