‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks
Cisco’s Talos researchers have identified a China‑linked adversary‑in‑the‑middle framework called DKnife, operating since at least 2019. The platform comprises seven Linux‑based implants that perform deep packet inspection, traffic manipulation, and delivery of backdoors such as ShadowPad and DarkNimbus. DKnife targets Chinese‑speaking users across desktop, mobile, and IoT environments and shares tactics with the previously known Spellbinder framework. Its capabilities include DNS hijacking, Android update interception, credential theft, and phishing page hosting.
Compromised dYdX Npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Security researchers uncovered a supply‑chain attack on dYdX's official npm package @dydxprotocol/v4-client-js and its PyPI counterpart dydx‑v4‑client. The compromised versions, published with legitimate maintainer credentials, embed wallet‑stealing code and, in the Python case, a remote‑access trojan. dYdX acknowledged the breach,...
MintMCP’s Governance Platform Helps Organizations Deploy, Monitor, and Secure AI Agents
MintMCP introduced an enterprise governance platform that lets organizations deploy, monitor, and secure AI agents and MCP servers at scale. The solution offers one‑click MCP server provisioning, real‑time agent activity tracing, and configurable guardrails to block risky actions. It also...
5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel
The House Energy Subcommittee advanced five bipartisan bills aimed at strengthening both physical and cyber defenses of the United States electric grid and broader energy infrastructure. The legislation updates Department of Energy programs, extends cybersecurity support for rural utilities through...
Why Attackers No Longer Need to Break In: The Rise of Identity-Based Attacks
Attackers increasingly purchase stolen credentials on dark‑web markets, enabling silent, long‑duration breaches without traditional malware. Identity‑based attacks now dominate, with 97 % involving passwords and machine accounts outnumbering human users by roughly 82 to 1, creating unmanaged attack surfaces. Social‑engineering phone...
New Wave of Odyssey Stealer Targets macOS Users in Active Cyberattack Campaign
A new wave of Odyssey Stealer is actively targeting macOS users across more than twenty countries, expanding far beyond its initial foothold in the United States and Western Europe. The malware is delivered through fake CAPTCHA pages that mimic legitimate...
February 2026 Patch Tuesday Forecast: Lots of OOB Love This Month
Microsoft’s February 2026 Patch Tuesday follows a heavy January with 92 Windows 11/Server 2025 and 79 Windows 10 vulnerabilities addressed. Three out‑of‑band (OOB) patches were released in January to fix remote‑desktop credential prompts, Outlook .pst cloud storage errors, and a zero‑day Office vulnerability...
Kasada Account Intelligence Combats Manual Fraud and Abuse
Kasada has launched Account Intelligence, a real‑time solution that detects manual, account‑level fraud and abuse before financial loss occurs. The product uses high‑fidelity device telemetry linked to account behavior, allowing early identification of credential abuse, promo fraud, and coordinated multi‑account...
Your PQC Pilot Might Fail, and That’s Okay
Enterprises are moving from curiosity to action on post‑quantum cryptography (PQC), launching pilots that often stumble because existing stacks lack support. The article argues that pilot failures are intentional, serving to surface interoperability, skill and inventory gaps before regulatory or...
The Other Offense and Defense
The Super Bowl is portrayed as a live‑fire cybersecurity exercise where a temporary mega‑enterprise of stadium, broadcast, betting and IoT systems is assembled in days. This massive, multi‑vendor environment expands the attack surface dramatically, forcing security teams to adopt zero‑trust,...
OpenAI Launches Trusted Access for Cyber to Expand AI-Driven Defense While Managing Risk
OpenAI announced Trusted Access for Cyber, a program that provides vetted defenders with controlled access to its most advanced cybersecurity model, GPT‑5.3‑Codex, via ChatGPT. The initiative pairs this privileged access with $10 million in API‑credit grants to support defensive research and...
Cryptocurrencies Are Rife with Scams and Money Laundering
The cryptocurrency ecosystem is increasingly plagued by scams and money‑laundering schemes, with criminal thefts reaching $3.4 billion in 2025 and individual losses topping $713 million. Blockchain analytics firms report divergent estimates of illicit flows – Chainalysis cites $82 billion in laundering, while TRM Labs...
Mobile Privacy Audits Are Getting Harder
Mobile privacy audits face verification gaps as apps hide data flows behind permissions and encrypted traffic. The new mopri framework combines static analysis of APKs with dynamic, user‑driven execution to capture real‑world network activity on Android devices. It offers modular...
CentOS 9 Security Flaw Enables Privilege Escalation – PoC Released
A critical use‑after‑free vulnerability has been discovered in the `sch_cake` packet scheduler of the CentOS 9 Linux kernel. The flaw lets a local user trigger memory corruption and execute arbitrary code with root privileges, as demonstrated by a publicly released proof‑of‑concept....
Phishing and OAuth Token Vulnerabilities Lead to Full Microsoft 365 Breach
Researchers identified two medium‑severity flaws—a publicly accessible email API endpoint and verbose error handling that discloses OAuth tokens—that can be combined to launch authenticated phishing campaigns inside Microsoft 365 tenants. By exploiting the open relay, attackers send messages that appear to...
The Hidden Cost of Putting Off Security Decisions
Hanah Darley, Chief AI Officer at Geordie AI, warns that postponing security decisions creates a hidden "visibility debt" that compounds over time. Each quarter without adequate insight allows shadow IT, legacy systems, and unmanaged assets to proliferate, leading to larger...
Spam Campaign Distributes Fake PDFs, Deploys Remote Monitoring Tools for Ongoing Access
A spam campaign is distributing PDFs that appear to be Adobe Acrobat updates, but the attachment redirects users to a spoofed download page that installs legitimate Remote Monitoring and Management (RMM) tools such as TrustConnect and Datto RMM. By leveraging signed...
Cybersecurity Earnings Season Kicks Off with Beats From Fortinet, NetScout and Qualys
The cybersecurity earnings season opened with Fortinet, NetScout and Qualys all beating analyst expectations. Fortinet posted Q4 adjusted EPS of $0.81 on $1.91 billion revenue, up 15% YoY, while NetScout delivered EPS of $1.00 despite flat revenue, and Qualys reported EPS...
Spain's Ministry of Science Shuts Down Systems After Breach Claims
Spain's Ministry of Science, Innovation and Universities announced a partial shutdown of its electronic services after a technical incident that appears to be a cyberattack. A hacker using the alias “GordonFreeman” claimed to have exploited an IDOR flaw to gain...
From Backup to ResOps: How Commvault Is Reframing Cyber Resilience
Commvault is repositioning from traditional backup to a ResOps model that unifies data protection, identity resilience, and cyber recovery across hybrid and multicloud environments. The launch of its Cloud Unity platform introduces AI‑driven synthetic recovery, allowing clean, point‑in‑time restores without...
Ransomware Gang Uses ISPsystem VMs for Stealthy Payload Delivery
Ransomware operators are exploiting ISPsystem’s VMmanager by deploying default Windows virtual machines that reuse identical hostnames and system identifiers. Sophos discovered the same hostnames across VMs used by multiple ransomware groups, including LockBit, Conti, BlackCat/ALPHV and Ursnif, as well as...
Quantum Computing Digest — Q1 2018
The first quarter of 2018 saw quantum computing move from laboratory experiments to strategic initiatives. Google announced a 72‑qubit Bristlecone processor aimed at quantum supremacy, while Intel introduced a 49‑qubit silicon‑spin Tangle Lake chip and Alibaba made an 11‑qubit system...
Mastercard and UAE Team to Counter Cyberthreats
Mastercard has entered a strategic cybersecurity partnership with the United Arab Emirates Cyber Security Council to develop forward‑looking policies and publish a joint report on the nation’s threat landscape. The report warns that malicious actors are increasingly targeting critical sectors...
ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are
The Department of Homeland Security rolled out the Mobile Fortify app in spring 2025 to let ICE and CBP agents scan faces and generate candidate matches, but the technology cannot positively verify identities. Records show the tool has been used over...
Bolt Picks Socure to Secure ID Verification Platform
Bolt, the checkout and payments platform, announced a partnership with identity‑verification specialist Socure. By embedding Socure’s RiskOS and its global Identity Graph into Bolt ID, the service gains predictive risk signals and compliance decisioning. The integration is designed to boost...
CISA Orders Agencies to Patch and Replace End-of-Life Devices, Citing Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding operational directive requiring federal agencies to inventory, replace, and continuously monitor end‑of‑support (EOS) edge devices after detecting active exploitation by advanced threat actors, some linked to nation‑states. Agencies have three...
OIG Audit of Hospital’s Cybersecurity Finds Vulnerabilities in Common Web Applications
The U.S. Department of Health and Human Services Office of the Inspector General audited a large southeastern hospital and identified security gaps in four internet‑accessible web applications. The hospital, a 300‑bed facility that relies on the HITRUST Common Security Framework...
Berlin Hospitals Threatened by Spate of Attacks
Berlin’s Hospital Association has warned of a surge in unexplained incidents targeting hospitals, ranging from drone incursions and cyberattacks to forced entries and arson. Intelligence agencies have classified at least some of these events as potential security threats, prompting heightened...
Microsoft to Shut Down Exchange Online EWS in April 2027
Microsoft announced that the Exchange Web Services (EWS) API for Exchange Online will be blocked on October 1, 2026 and fully retired on April 1, 2027. Administrators can create an allow‑list by August 2026 to bypass the October block, after which Microsoft will pre‑populate allow...
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The AISURU/Kimwolf botnet launched a record‑setting DDoS attack in November 2025, peaking at 31.4 Tbps and lasting just 35 seconds. Cloudflare, which automatically mitigated the traffic, said the attack is part of a surge in hyper‑volumetric HTTP assaults, with average sizes...
Italian University La Sapienza Goes Offline After Cyberattack
Rome’s La Sapienza, Europe’s largest university, suffered a cyberattack that forced a complete shutdown of its IT network. Authorities and the university’s technical task force identified the incident as a ransomware operation attributed to the pro‑Russian group Femwar02, using the...
Irish SMEs Turn to Practical Cyber Solutions as AI-Driven Threats Rise, Vodafone Tells SFA Event
At the Small Firms Association’s SFA Connect event, Vodafone Ireland highlighted that 94% of Irish SMEs feel unprepared for AI‑driven cyber attacks, yet adoption of basic safeguards remains low. Only 21% of SMEs use multifactor authentication and more than half...
Trust by Design: Updating Your Digital Workplace Charter for the Age of AI Assistants
AI adoption is outpacing employee trust, driving widespread use of unsanctioned "Shadow AI" tools. This behavior creates institutional amnesia, where valuable insights disappear from corporate knowledge bases. The article argues that a one‑page digital‑workplace charter—updated with AI‑specific purpose, vision, and...
Data Breach at Govtech Giant Conduent Balloons, Affecting Millions More Americans
A ransomware attack in January 2025 crippled Conduent’s systems and has now been linked to at least 15.4 million affected Texans and 10.5 million Oregonians, far exceeding the company’s earlier estimate of four million victims. The breach exposed names, Social Security numbers, medical...
Domestic Surveillance Fears Loom over Congress Debate to Renew Spying Power
Congress is debating the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, which allows warrantless collection of foreign communications but often sweeps up U.S. persons. Recent Trump-era domestic surveillance orders and expanded data‑provider definitions have heightened Democratic concerns...
Romanian Oil Pipeline Operator Conpet Discloses Cyberattack
Romanian pipeline operator Conpet disclosed a ransomware attack that crippled its corporate IT systems and took its public website offline, while its core transport operations remained unaffected. The Qilin gang claimed responsibility, alleging the theft of nearly 1 TB of internal...
When Cloud Logs Fall Short, the Network Tells the Truth
Cloud migrations create fragmented logs that leave blind spots, making real‑time visibility essential for security. Network telemetry provides a consistent, provider‑agnostic signal that overcomes log inconsistencies across multi‑cloud environments. By integrating traffic mirroring, flow logs, and TLS/DNS metadata, organizations can...
FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access
FireCompass introduced Explorer, a credit‑based freemium platform that delivers AI‑powered autonomous penetration testing for web applications, APIs, and external infrastructure. The service lets security teams launch self‑serve tests within minutes and receive evidence‑backed exploit paths rather than generic alerts. By...
Operant AI Debuts Agent Protector to Secure Autonomous AI Agents at Scale
Operant AI announced Agent Protector, a real‑time security platform for autonomous AI agents. The solution delivers shadow‑agent discovery, zero‑trust enforcement, inline threat detection, and secure enclaves to protect both managed and unmanaged agents across cloud, SaaS, and development environments. It...
Intruder Warns of Data Risks in Moltbot AI Assistant
Intruder released research exposing critical security gaps in Moltbot, an open‑source, self‑hosted AI assistant. The study shows that default deployments often lack firewalls, credential validation, and sandboxing, leaving cloud instances exposed. Attackers are exploiting misconfigurations to harvest API keys, conduct...
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Security researcher Sygnia uncovered a coordinated network of more than 150 cloned law‑firm websites used in an AI‑powered fraud scheme. The domains are spread across multiple registrars, each with its own SSL certificate and often hidden behind Cloudflare to evade...
Cohesity Deepens Google Cloud Integration
Cohesity has integrated Google Cloud Threat Intelligence directly into the Cohesity Data Cloud UI and added Google Private Scanning for secure, privacy‑preserving malware detonation. The enhancement gives customers real‑time visibility into indicators of compromise and streamlines threat analysis without leaving...
VS Code Configs Expose GitHub Codespaces to Attacks
Orca Security discovered that GitHub Codespaces automatically executes VS Code configuration files in the *.vscode* folder when a repository or pull request is opened. Malicious JSON files such as settings.json or devcontainer.json can inject bash commands, leading to remote code execution...
Torq Hires Virgin Atlantic CISO to Lead Agentic AI Shift
Torq, an agentic security operations platform, announced the hiring of former Virgin Atlantic CISO John White as Field CISO. White, who led a multi‑year transformation of Virgin Atlantic’s cyber defenses using Torq’s AI SOC platform, joins the company after its...
Smartphones Now Involved in Nearly Every Police Investigation
A new Cellebrite report shows digital evidence, especially from smartphones, now underpins almost every police investigation. Ninety‑five percent of law‑enforcement practitioners consider it essential, and 97% identify smartphones as the top source, up from 73% in 2024. Consequently, 62% of...
Sanctioned Bulletproof Host Linked to Hijacking of Old Home Routers
Researchers at Infoblox uncovered a global DNS hijacking campaign that compromised outdated home routers in more than 30 countries. Attackers altered router DNS settings, redirecting traffic through servers owned by Aeza International, a U.S.-sanctioned Russian bulletproof hosting provider. The rerouted...
Substack Discloses Breach Exposing Its User Details After Four-Month Delay
Substack announced that a security breach exposed subscriber email addresses, phone numbers and internal metadata after attackers accessed the data in October 2025. The intrusion went undetected until February 2026, giving threat actors a four‑month dwell time. The company confirmed...
Space Force May Be Done with R-GPS, but Congress Isn’t
The Space Force ended funding for the Resilient GPS (R‑GPS) program in FY2026, opting to focus on the GPS III F modernization path, while Congress added $15 million in the 2026 spending bill to keep R‑GPS development alive. R‑GPS sought to use commercial,...
The Buyer’s Guide to AI Usage Control
Enterprises are grappling with an explosion of AI tools embedded in SaaS, browsers, and shadow applications, yet most security programs still rely on legacy, perimeter‑focused controls. The new Buyer’s Guide for AI Usage Control highlights that AI risk resides in...
Asset Intelligence as Context Engineering for Cybersecurity Operations
The article introduces Asset Intelligence as a disciplined approach to context engineering for cybersecurity operations. It argues that fragmented security data—ranging from patch status to identity records—creates contradictory views that hinder both human analysts and AI agents. By aggregating, correlating,...
