Cybersecurity

• The era of AI is reshaping both opportunity and risk faster than any shift security leaders have seen. • Every organization is feeling the momentum; and for security teams, the q

• Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign

• NY’s 2026-27 budget bill mandates 3D printers to include blocking tech that blocks firearm designs. • The algorithm scans every print file, refusing prints flagged as potential f

• The CTEM Divide: Why 84% of Security Programs Are Falling Behind A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark

• Cyberattacks & Data Breaches Cyber Risk Data Privacy Cybersecurity Operations News Breaking cybersecurity news, news analysis, commentary, and other content from around the world

• In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. • I described one

• 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure A significant chunk of the exploitation attempts targeting a newly disclosed security flaw i

• ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806 Handler on Duty: Guy Bruneau Threat Level: green My next class: Application Security: Secu

• SSH worm exploited weak passwords, compromising Linux systems in seconds. • Attack used credential brute force, uploading a 4.7 KB bash script via SCP. • Script established persi

• Executive Summary Between June and December 2025, the official hosting infrastructure for the text editor Notepad++ was compromised by a state-sponsored threat group known as Lot

• In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.

• CISOs should focus on harnessing and securing AI and building new skills among their people. • Vision and change management can transform security.

• Apple Patches Everything: February 2026 Today, Apple released updates for all of its operating systems (iOS, iPadOS, macOS, tvOS, watchOS, and visionOS). • The update fixes 71 di

• How a platform engineering team embeds supply chain security into infrastructure without slowing developers.

• Share Link copied to clipboard! • Content types Best practices Topics AI and agents Security operations SIEM and XDR As the agentic era reshapes security operations, leaders face

• Kimwolf botnet infected millions of IoT devices, turning them into relays for malicious traffic. • In late 2025, the botnet began targeting I2P to hide control servers from taked

• Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data.

• Table of Contents Incident analysis Disguise as a visual novel ‘Game’ source files analysis HijackLoader Not only games Distribution Recommendations for protection Indicators of

• Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks.

• WSL lets users run a full Linux environment inside Windows, eliminating need for VMs or dual boot. • WSL2’s lightweight virtualized kernel boosts compatibility and performance fo

• Prompt Injection Via Road Signs Interesting research: ‘CHAI: Command Hijacking Against Embodied AI.’ Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases

• CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) unveiled its20

• The year in figures - 44.99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam - 32.50% of all spam emails were sent from Russia - K

• Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall, the region lagged in curbing Telnet traffic.

• Executive Summary During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by the

• Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

• With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.

• Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. • One of today’s mos

• That helpful ‘Summarize with AI’ button? • It might be secretly manipulating what your AI recommends. • Microsoft security researchers have discovered a growing trend of AI memor

• AI-Generated Text and the Detection Arms Race In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by arti

• CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today released

• Share Link copied to clipboard! • Content types Research Topics Actionable threat insights AI and agents Security management Large language models (LLMs) and diffusion models now

• LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous mo

• The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk (WHD) instances to get an initial fo

• Executive Summary Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. • The difficu

• In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. • This updated tactic deliberately crashes victims’ browsers and then att

• Share Link copied to clipboard! • Content types News Topics Office of the CISO Security management Security operations Every conversation I have with information security leaders

• CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today issuedBin

• Executive Summary This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. • We refer to the group’s activity as the Shadow Campaigns. • We asse

• Introduction Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, a

• Today, we are releasing new research on detecting backdoors in open-weight language models. • Our research highlights several key properties of language model backdoors, laying t

• Threat Research Center Insights Opinions Why Smart People Fall For Phishing Attacks By:Ria Bhatia Ria Bhatia Published:February 3, 2026 Categories:Business Email CompromiseCyberc

• UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. • Introduction On February 2, 2026, the developers of Note

• Scattered Lapsus ShinyHunters (SLSH) uses harassment, threats, even swatting to extort firms. • They notify journalists and regulators, amplifying pressure beyond typical ransomw

• Iconics Suite SCADA system vulnerable (CVE-2025-0921) allows privilege escalation via unnecessary file system operations. • Exploitation can corrupt critical binaries, leading to

• In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-f

• Threat Research Center Insights Opinions Understanding the Russian Cyberthreat to the 2026 Winter Olympics By:Justin Moore Justin Moore Published:January 29, 2026 Categories:Cybe

• UPD 30.01.2026: Added technical details about the attack chain and more IoCs. • On January 20, a supply chain attack has occurred, with the infected software being the eScan anti

• CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) is calling on cri

• HoneyMyte upgraded CoolClient backdoor with new features, enhancing persistence and stealth. • The group deployed multiple browser login data stealers across recent campaigns. •

• Kimwolf botnet, 2M infected devices, compromised Badbox 2.0 control panel screenshot. • Badbox 2.0: China-based botnet on Android TV streaming boxes, over ten million devices, us

• A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. • The goal of this feature is to replace User Account Control (UAC) with a mo

• CTA founded in 2014, uniting Palo Alto, Fortinet, McAfee, and Symantec for shared threat intelligence. • Shifted industry from proprietary intel to collaborative defense, raising

• CISA releases first product categories list for post‑quantum cryptography (PQC) adoption. • List identifies hardware and software that support or will support PQC standards. • De

• Attackers embed a benign page that calls an LLM API to generate malicious JavaScript in real time. • Prompt engineering bypasses AI safety guardrails, producing polymorphic phish

• Kimwolf botnet has infected over 2 million IoT devices, enabling massive DDoS attacks. • It scans local networks of compromised systems to spread to additional vulnerable devices

Azure Private Endpoints can unintentionally expose resources to DoS attacks. Attack vectors include accidental admin deployments, vendor setups, and malicious actors. Over 5% of Az

• Threat Research Center Insights Anatomy of an Attack Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering By:Randy Stone Randy Stone Published:January 16

• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte

• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change