Tag: infosec
-
New infosec products of the week: March 13, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Binary Defense, Mend.io, OPSWAT, Singulr AI, SOC Prime, Terra Security, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/13/new-infosec-products-of-the-week-march-13-2026/
-
ClickFix attackers using new tactic to evade detection, says Microsoft
AppData\Local that is then invoked through cmd.exe to write a VBScript to %Temp%. The batch script is executed via cmd.exe with the /launched command-line argument, and is then executed again through MSBuild.exe, resulting in LOLBin abuse. The script connects to Crypto Blockchain RPC endpoints, indicating etherhiding technique, and also performs QueueUserAPC()-based code injection into chrome.exe…
-
New infosec products of the week: March 6, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Beazley Security, Push Security, Samsung, and Tufin. Samsung brings Digital Home Key … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/06/new-infosec-products-of-the-week-march-6-2026/
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
New infosec products of the month: February 2026
Here’s a look at the most interesting products from the past month, featuring releases from Aikido Security, Avast, Armis, Black Duck, Compliance Scorecard, Fingerprint, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/new-infosec-products-of-the-month-february-2026/
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
New infosec products of the week: February 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Compliance Scorecard, Impart Security, Redpanda, and Virtana. Impart enables safe, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/new-infosec-products-of-the-week-february-20-2026/
-
UK.gov launches cyber ‘lockdown’ campaign as 80% of orgs still leave door open
Digital burglaries remain routine, and data shows most corps still don’t stick to basic infosec standards First seen on theregister.com Jump to article: www.theregister.com/2026/02/17/govt_launches_cyber_lockdown_push/
-
New infosec products of the week: February 13, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Armis, Black Duck, Portnox, and SpecterOps. Armis Centrix brings unified, AI-driven … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/new-infosec-products-of-the-week-february-13-2026/
-
New infosec products of the week: February 13, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Armis, Black Duck, Portnox, and SpecterOps. Armis Centrix brings unified, AI-driven … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/new-infosec-products-of-the-week-february-13-2026/
-
New infosec products of the week: February 6, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Avast, Fingerprint, Gremlin, and Socure. Gremlin launches Disaster Recovery Testing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/06/new-infosec-products-of-the-week-february-6-2026/
-
New infosec products of the month: January 2026
Tags: infosecHere’s a look at the most interesting products from the past month, featuring releases from Acronis, Booz Allen Hamilton, cside, Descope, JumpCloud, MIND, Noction, Obsidian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/new-infosec-products-of-the-month-january-2026/
-
Crooks are hijacking and reselling AI infrastructure: Report
Tags: access, ai, api, attack, authentication, business, cloud, communications, control, credentials, cybersecurity, data, data-breach, endpoint, exploit, firewall, group, infosec, infrastructure, intelligence, Internet, LLM, malicious, marketplace, risk, service, skills, technology, theft, threat, training, vulnerabilityexposed endpoints on default ports of common LLM inference services;unauthenticated API access without proper access controls;development/staging environments with public IP addresses;MCP servers connecting LLMs to file systems, databases and internal APIs.Common misconfigurations leveraged by these threat actors include:Ollama running on port 11434 without authentication;OpenAI-compatible APIs on port 8000 exposed to the internet;MCP servers accessible without…
-
New infosec products of the week: January 23, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from cside, Obsidian Security, Rubrik, SEON, and Vectra AI. cside targets hidden website … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/23/new-infosec-products-of-the-week-january-23-2026/
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
Best of British: UK’s infosec envoys include Cisco, Palo Alto, and Accenture
Minister unwraps ambassadors of the Software Security Code of Practice First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/uk_security_code_practice/
-
Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs
mcp-server-git versions prior to 2025-12.18.The three vulnerabilities are·CVE-2025-68143, an unrestricted git_init.·CVE-2025-68145, a path validation bypass.·CVE-2025-68144, an argument injection in git_diff.Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to…
-
New infosec products of the week: January 16, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Acronis, JumpCloud, Noction, and SpyCloud. Acronis Archival Storage brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/16/new-infosec-products-of-the-week-january-16-2026/
-
Possible software supply chain attack through AWS CodeBuild service blunted
Developers shouldn’t expose build environments: CSOs should ensure developers don’t expose build environments, Meghu said. “Using public hosted services like GitHub is not appropriate for enterprise code management and deployment,” he added. “Having a private GitLab/GitHub, service, or even your own git repository server, should be the default for business, making this attack impossible if…
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
Week in review: WatchGuard Firebox firewalls attacked, infosec enthusiasts targeted with fake PoCs
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building cyber talent through competition, residency, and real-world … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/28/week-in-review-watchguard-firebox-firewalls-attacked-infosec-enthusiasts-targeted-with-fake-pocs/
-
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/fake-poc-exploits-webrat-malware/
-
CISA flags ASUS Live Update CVE, but the attack is years old
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-asus-live-update-cve-but-the-attack-is-years-old/
-
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-all-cisa-linked-alerts-are-urgent-asus-live-update-cve-2025-59374/