Tag: office
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
Tags: automation, cve, cvss, cyber, exploit, flaw, office, rce, remote-code-execution, vulnerabilityA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8, this flaw exposes enterprise office automation systems to full OS-level compromise without requiring any authentication. Vulnerability Overview CVE-2026-22679…
-
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild.The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/ First seen on…
-
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/weaver-e-cology-critical-bug-exploited-in-attacks-since-march/
-
Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers
What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office,…The…
-
The fake IT worker problem CISOs can’t ignore
Tags: access, ai, breach, business, captcha, cio, ciso, compliance, computer, control, credentials, crowdstrike, data, detection, edr, endpoint, fedramp, fraud, gartner, iam, identity, jobs, linkedin, mitigation, monitoring, network, north-korea, office, phone, risk, skills, tool, training, zero-trustWhat to do if you suspect a fake IT worker: When a CIO suspects a fake IT worker, next steps are important as the issue shifts from recruitment to insider risk management.During his time at MongoDB, George Gerchow, IANS faculty advisor and Bedrock Data CSO, oversaw the investigation after the company detected it had unknowingly…
-
Your work apps are quietly handing 19 data points to someone
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/workplace-apps-data-collection-privacy/
-
Passport to £££: Home Office adds £216M to travel doc contract before a single bid’s been placed
Tags: officeStart date pushed back a year, annual cost up a third, and UK’s now handing out eight million passports a year First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/passport_to_home_office_adds/
-
UK data watchdog accused of dragging feet on eVisa investigation
Despite longstanding data protection issues with the Home Office’s electronic visa system being flagged five months ago, the UK’s data regulator is yet to take any action First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642365/UK-data-watchdog-accused-of-dragging-feet-on-eVisa-investigation
-
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal…
-
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs
Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trustIn Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
-
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs
Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trustIn Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
-
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control…
-
Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by……
-
China-Linked Hackers Hide Behind Compromised Routers
Hackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now leveraging large-scale botnets made up of hacked small office/home office (SOHO) routers, IoT devices, and…
-
Hacked Devices Are Gateways for Chinese Nation-State Hackers
Routing Malicious Traffic Through Hacked IoT Devices Is Leading to ‘IoC Extinction’. Networks comprised of hacked domestic devices underpin a mounting number of Chinese nation-state hacking operations, warned British, U.S. and a slew of other national cybersecurity agencies. The networks comprise small office home office routers, IoT equipment and smart devices. First seen on govinfosecurity.com…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Chinese hackers using compromised networks to spy on Western companies, says Five Eyes
Companies urged to take countermeasures as Chinese hacking groups use networks of infected home and office devices ‘at scale’ to evade security monitoring systems First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641986/Chinese-hackers-using-compromised-networks-to-spy-on-Western-companies-says-Five-Eyes
-
A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W.
<div cla “Too small to target” is a dangerous cybersecurity myth, while “Where do I start?,” is a legitimate cyber defense question. Imagine leaving your office unlocked overnight”, not because you don’t have anything valuable, but because you assume no one would bother breaking in. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w/
-
Two MDO field reports every IT security lead should read
<div cla Tyler Swinehart, Director of Global IT & Security at IRONSCALES, has been publishing the kind of LinkedIn pieces I wish more practitioners would write. No vendor angle. No positioning. Just “here’s what I learned the hard way operating this thing in production, and here’s what nobody told me until it was too late.”…
-
Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns
Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems. First seen on hackread.com Jump to article: hackread.com/microsoft-vulnerabilities-drop-critical-flaws-double/
-
British Hacker Admits Stealing Millions in Virtual Currency From Targeted Companies
A 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to a Friday announcement from the U.S. Attorney’s Office for the Central District of California, the Scottish hacker admitted…
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Microsoft ends desktop detour for sensitivity labels in Office web apps
Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/15/microsoft-office-sensitivity-labels-permissions/
-
Microsoft drops its second-largest monthly batch of defects on record
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
The FCC Has a Fast Lane for Complaints About Trump’s Media Critics
Internal emails obtained by WIRED reveal how a conservative legal group with a direct line into FCC chairman Brendan Carr’s office built the case against Jimmy Kimmel and his employees. First seen on wired.com Jump to article: www.wired.com/story/the-fcc-has-a-fast-lane-for-complaints-about-trumps-media-critics/
-
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend
Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/davmail-6-6-0-released/
-
FBI takedown of W3LL phishing service leads to developer arrest
The FBI Atlanta Field Office and Indonesian authorities have dismantled the “W3LL” global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-takedown-of-w3ll-phishing-service-leads-to-developer-arrest/