Stamus Networks Expands AI-Driven Investigation and Threat Hunting Capabilities with Clear NDR Update
Stamus Networks has launched Clear NDR U42.2, the latest version of its AI‑driven network detection platform. The update adds four new Model Context Protocol tools, bringing the suite to 14, and introduces a redesigned Analyst Operations Console with 23 advanced dashboards. It also delivers 32 new threat‑hunting filter sets, expanded REST API endpoints, and scalability for over 500 probes and 500 million tracked hosts. The enhancements aim to speed investigations, reduce analyst friction, and integrate AI agents more tightly into security operations.
Quantum Computing’s Double-Edged Sword Could Threaten Cybersecurity: Report
Kaspersky warns that Asia Pacific’s rapid quantum‑computing expansion could undermine existing cybersecurity defenses. The region’s market is projected to surge from $392.1 million in 2024 to $1.78 billion by 2032, driven by heavy investment from China, Japan, India and others. Quantum machines could...
Terra Security Unifies Web, AI and Network Testing Under One Agentic Platform
Terra Security announced continuous exploitation validation for network infrastructure, extending its agentic offensive security platform beyond web applications and AI systems. The solution deploys hundreds of AI agents alongside human reviewers to probe environments, consolidating web, AI, and network findings...
ArmorCode Gives Security Teams AI Workers for Exposure and Remediation
ArmorCode unveiled Anya Agents, an agentic AI framework built on its patented platform, to automate enterprise‑scale security workflows such as triage, exposure analysis, remediation, validation, and compliance. The agents draw on ArmorCode’s Context Risk Graph, merging CVE data, asset inventories,...
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A new Mini Shai‑Hulud supply‑chain campaign compromised the NPM maintainer account atool, flooding more than 320 NPM packages—including the popular timeago.js and echarts‑for‑react—with malicious versions. The malicious payloads install‑time code that reads GitHub Actions runner memory, harvests credentials from over 130...
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
A fake Word Online phishing page is being leveraged to deliver a silent MSI installer that launches ScreenConnect remote‑access software, then hides its activity with HideUL. The attack chain—email, fake preview, installer, remote tool—uses trusted enterprise utilities, allowing it to...
AI Is Rewriting the Cybersecurity Stack
Anthropic has launched Project Glasswing, a closed‑beta initiative that leverages its Claude Mythos Preview model to automate vulnerability discovery at scale. The company pledged $100 million in usage credits and enlisted 12 heavyweight launch partners—including AWS, Microsoft, Google, NVIDIA, JPMorgan Chase and Palo Alto Networks—plus...
The Zero-Trust Paradox: Why Systems Built to Eliminate Trust May Be Destroying It
Zero‑trust architectures, formalized by NIST and pioneered by Google’s BeyondCorp, replace perimeter‑based security with continuous verification, least‑privilege access, and micro‑segmentation. While the model demonstrably shrinks attack surfaces, early deployments reveal an unintended side effect: employees feel surveilled, interpreting constant checks...
Why Cyber Defence Is Like an Onion
Barney de Villiers, security director at payments startup Stitch, will unveil a cyber‑security adaptation of the military Survivability Onion at the Cape Town ITWeb Security Summit on 26 May 2026. The model emphasizes eliminating unnecessary systems to shrink the attack...
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
Typosquatting has evolved from mistyped URLs into a supply‑chain threat, with AI‑generated look‑alike domains embedded in trusted third‑party scripts. Malicious npm and PyPI uploads surged 156 % YoY, enabling campaigns to launch in under ten minutes. The December 2025 Trust Wallet Chrome‑extension breach,...
Real-World ICS Security Tales From the Trenches
Industrial control system (ICS) security is far messier than policy manuals suggest, as real‑world incidents reveal persistent APT threats, ill‑suited IT tools, and default‑credential exposures. FortiGuard uncovered an undocumented n‑day vulnerability used by an Iranian‑linked actor to maintain footholds in...
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Security firm Barracuda has identified a new scareware called CypherLoc that has launched roughly 2.8 million attacks since early 2026. The malware is delivered via phishing emails that load a malicious web page which only activates under specific conditions, evading sandbox...
Encryption Consulting Launches CertSecure Manager v3.3 with Zero-Touch Certificate Renewals
Encryption Consulting unveiled CertSecure Manager v3.3, a certificate lifecycle management platform that automates zero‑touch renewals across all major web, load‑balancer and database servers. The update expands support to 11 certificate authorities, adding Google Public CA and AWS alongside existing providers. New...
ANC Members Under Threat Following Data Breach
A breach exposing roughly 2 GB of African National Congress (ANC) member data has surfaced, revealing ID numbers, mobile contacts, home addresses and passport‑style photos. Cybersecurity firm Bitcrack confirmed the leak’s authenticity, though the ANC dismissed the reports as “fake news”...
Why some Security Fixes Never Reach Your Vulnerability Dashboard
In late April 2026 a malicious Bitwarden CLI package was published to npm for about 90 minutes, stealing cloud and GitHub tokens from any developer who ran npm install. Bitwarden later issued CVE‑2026‑42994, but the CVE serves only as a retroactive alert...
Webworm: New Burrowing Techniques
ESET’s 2025 analysis reveals that the China‑aligned APT group Webworm has expanded its toolkit with two novel backdoors—EchoCreep, which leverages Discord, and GraphWorm, which uses Microsoft Graph API via OneDrive—for command‑and‑control. The group has moved its targeting from Asia toward...
Security Is Like Insurance: You only Value It After the Crash
The piece underscores that the human element drives the majority of cyber incidents, with 74% of breaches linked to employee error, social engineering or stolen credentials. High‑profile attacks such as SolarWinds and the 2023 MGM Resorts ransomware—where a simple phone...
IBM Brings Its Most Advanced AI-Powered Security Portfolio to Clients, and Is Strengthened by Ongoing Project Glasswing Work
IBM announced an expanded AI‑powered security portfolio, highlighted by the IBM Concert platform that unifies application, infrastructure and network signals to pre‑empt vulnerabilities. The company also deepened its partnership with Anthropic as part of Project Glasswing, a coalition aimed at...
Wall Street Watchdogs Pause Some Cyber Exams After Mythos Shock
U.S. regulators, including the Federal Reserve and OCC, have temporarily paused cyber‑related examinations of the nation’s largest banks to give them time to assess risks from Anthropic’s new Mythos AI model. Anthropic announced limited access to Mythos and launched Project...
AI Resilience: Why Trust and Security Must Be the Foundation of AI Adoption
Enterprises are racing to embed AI into core operations, but security lags behind, creating a widening exposure to both traditional cyber threats and AI‑specific attacks. The article highlights how model poisoning, prompt injection, and unsecured AI agents are becoming common...
Max-Severity Flaw in ChromaDB for AI Apps Allows Server Hijacking
A max‑severity vulnerability (CVE‑2026‑45829) was discovered in ChromaDB’s Python FastAPI server, allowing unauthenticated attackers to execute arbitrary code. The flaw resides in an endpoint that loads a model from Hugging Face before authentication, letting malicious payloads run even if the...
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon’s 2026 Data Breach Investigations Report warns that vulnerability exploitation surged 31% to become the leading initial‑access vector, while only 26% of critical flaws were fully remediated in 2025. The volume of detected vulnerabilities exploded, with records rising from 68.7 million...
Attackers Hit Vulnerabilities Hard Last Year, Making Exploits the Top Entry Point for Breaches
Verizon’s 2026 Data Breach Investigations Report shows exploits became the leading initial access vector, responsible for 31% of over 22,000 breaches—up from 20% the prior year. Only 26% of critical vulnerabilities in the CISA Known Exploited Vulnerabilities (KEV) catalog were...
Contractor’s Public GitHub Account Exposed GovCloud and CISA Credentials
An unsecured personal GitHub repository, labeled “Private‑CISA,” publicly exposed AWS GovCloud credentials, GitHub tokens, and internal CISA documentation. The repo, created by a contractor and live since November 2025, contained 844 MB of Kubernetes configs, scripts, and plain‑text passwords before being taken...
Hackers Using AI Just Found a ‘Zero-Day.’ The Spyware Industry Is Watching.
Google disclosed that hackers for the first time employed artificial intelligence to locate and weaponize a zero‑day vulnerability that could bypass two‑factor authentication across its services. The breakthrough collapses the traditional cost, time and expertise barriers to zero‑day development, a...
Wireless Security Is a Battle of AI Vs. AI
A Cisco survey of 6,098 organizations reveals that 85% suffered at least one wireless security incident in the past year, with 58% incurring financial losses—half exceeding $1 million annually. AI‑generated or automated attacks now top the threat landscape, cited by 35%...
CISA Exposes Secrets, Credentials in 'Private' Repo
GitGuardian researcher uncovered a public GitHub repository labeled “Private‑CISA” that belonged to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The repo, accessible since Nov 13 2025, contained 844 MB of sensitive data—including plain‑text passwords, AWS tokens, SAML certificates, CI/CD logs, and Kubernetes...
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
SentinelOne has uncovered SHub Reaper, a new macOS malware that blends infostealer and backdoor capabilities. The variant disguises itself as Apple, Google and Microsoft updates, using fake WeChat and Miro installers and typosquatted domains to lure victims. It bypasses Apple’s...
The Real Reason CMMC Costs Are Shocking Companies
The Cybersecurity Maturity Model Certification (CMMC) is now in phased rollout, and companies are confronting the combined expense of implementing NIST SP 800‑171 controls and paying for third‑party assessments. Official DoD estimates list assessment fees around $105,000‑$118,000 for three years, but those...
Microsoft Pushes Personal Accounts Away From SMS Codes Toward Passkeys
Microsoft is phasing out SMS verification codes for personal accounts, steering users toward passkeys, the Microsoft Authenticator app, and verified email addresses for sign‑in and recovery. The change affects Outlook.com, Xbox, Microsoft 365 and other consumer services. Passkeys rely on device‑based...
Massive Npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised
A coordinated supply‑chain attack compromised more than 300 npm packages in the AntV ecosystem, a suite of data‑visualization tools originally built by Alibaba. Attackers hijacked the maintainer account “atool” and published malicious versions within a 22‑minute window, embedding malware that...
Azure Hub-and-Spoke Generally Available for HCP Vault Dedicated
HashiCorp announced that Azure hub‑and‑spoke networking for HCP Vault Dedicated is now generally available. The new capability lets enterprises attach Vault to a centralized Azure virtual network without bespoke routing, peering, or firewall exceptions. By leveraging HashiCorp Virtual Networks, customers...
Cyber Security Moves Up the SMB Agenda as AI Adoption Exposes Operational Gaps
Small and medium-sized businesses are elevating cyber security to a top strategic priority as AI, SaaS, and third‑party integrations expand their attack surface. A new IDC‑sponsored study of 2,200 SMBs across North America, Europe and South Africa finds 60% plan...
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Researchers at HUMAN’s Satori team uncovered a sophisticated Android ad‑fraud operation named Trapdoor, leveraging 455 malicious utility‑style apps and 183 C2 domains. At its peak the scheme generated 659 million ad‑bid requests per day and prompted more than 24 million app installs,...
Anthropic Shifts Stance on Mythos to Enable Shared Threat Intelligence
Anthropic announced that its AI‑driven cybersecurity platform Mythos will now permit partners to share threat findings, best practices, and tools with each other, the public, and media outlets. Until now Mythos was limited to a few tech firms and U.S....
The Glasswing Warning: What Companies Outside the Inner Circle Must Do Now
Anthropic’s Claude Mythos preview, a reasoning‑first AI model, has autonomously uncovered thousands of high‑severity zero‑day vulnerabilities across major operating systems and browsers. Only a privileged inner circle—Apple, Amazon and Microsoft—has been granted early access to begin remediation, leaving the rest...
Orange and WEF Launch Tool to Map Cybercrime
Orange’s Cyberdefense unit and the World Economic Forum have launched Cosmos, a new component of the WEF’s Cybercrime Atlas initiative. Using open‑source research and Orange’s threat‑intelligence platform, Cosmos will build a universal taxonomy and interactive knowledge‑graph of the global cyber‑crime...
CROCS Turns OT Cyber Policy Into Action
CROCS, the Air Force’s Cyber Resiliency Office for Control Systems, is moving Pentagon OT cyber directives into concrete actions. The office has built a 100‑point cyber plan, tracks each initiative, and convenes over 100 OT experts each month. It also...
Hackers Have Compromised Dozens of Popular Open Source Packages in an Ongoing Supply-Chain Attack
Hackers have launched a new supply‑chain assault, hijacking a developer account to publish over 630 malicious versions across 317 open‑source packages in just 20 minutes. Cybersecurity firms StepSecurity and SafeDep flagged the rapid rollout, which targets credential‑stealing code embedded in...
US Cyber Agency CISA Exposed Reams of Passwords and Cloud Keys to the Open Web
U.S. Cybersecurity and Infrastructure Security Agency (CISA) discovered that a contractor employee inadvertently published spreadsheets on GitHub containing plaintext passwords, cloud access tokens, and other credentials for CISA and Department of Homeland Security systems. Security researcher Guillaume Valadon identified the exposure,...
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Microsoft’s Digital Crimes Unit filed a civil suit in New York to dismantle Fox Tempest, a cyber‑crime enabler that sold malware‑signing‑as‑a‑service. The group’s infrastructure, including the Signspace.cloud site and roughly 1,000 accounts, was sinkholed and hundreds of VPS instances were disabled....
Microsoft Disrupts Cybercrime Service Offering Malware Disguised as Legitimate Software
Microsoft disrupted the “malware‑signing‑as‑a‑service” operation known as Fox Tempest, seizing its website, shutting down hundreds of virtual machines, and blocking related code‑hosting sites. The group sold code‑signing certificates that made ransomware and other malware appear legitimate, charging thousands of dollars per...
3 in 4 Compromised Healthcare Devices Expose Patient Records, Flare Report Reveals
Flare’s 2026 State of Healthcare Credential Exposure report documents a 33% year‑over‑year surge in compromised healthcare credentials, with nearly three‑quarters of infected devices leaking EHR/EMR logins. The United States accounts for 48% of all healthcare‑related credential logs surfaced on underground...
Microsoft Disrupts Cybercrime Service that Abused Software Verification Systems en Masse
Microsoft’s Digital Crimes Unit secured a court order to dismantle Fox Tempest, a threat group that ran a malware‑signing‑as‑a‑service. The group sold more than 1,000 forged code‑signing certificates, charging up to $9,500 each, enabling ransomware gangs to bypass security controls....
Anthropic’s Mythos Threatens Healthcare Cybersecurity: 6 Updates
Anthropic’s Claude Mythos preview can autonomously discover and exploit zero‑day vulnerabilities across major operating systems and browsers, a leap in AI‑driven cybersecurity. Researchers found thousands of previously unknown flaws before the model’s restricted release, and even users with limited training...
Building an Efficient Side-Channel-Resilient Post-Quantum Root-of-Trust Design
The OpenTitan project introduces a hardware‑software co‑design that hardens post‑quantum ML‑DSA for root‑of‑trust devices against side‑channel attacks. Dedicated mask‑conversion accelerators and vectorized arithmetic in the OTBN reduce the performance penalty of full masking to roughly 2‑4×, making secure boot feasible....
Applying OpenTelemetry Security Practices in Legacy Environments
OpenTelemetry is expanding into manufacturing and other legacy environments, but traditional systems lack the flexibility to apply cloud‑native security controls. The article explains that security must shift from the source to the telemetry pipeline, emphasizing the role of the OpenTelemetry...
AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines
DragonForce ransomware‑as‑a‑service group alleges it exfiltrated 390 GB from AdvancedHEALTH, including 2.3 million patient records—83 k of them minors—and a trove of business documents, threatening to publish 1,000 lines daily until a ransom is paid. AdvancedHEALTH has not confirmed the claim, though an...
Internet Explorer May Be Dead, but Its Ghost Still Runs Malware
Microsoft’s legacy mshta.exe utility, a component of the retired Internet Explorer, remains a favorite living‑off‑the‑land binary for attackers. Bitdefender’s research shows MSHTA is being leveraged in active campaigns involving loaders like CountLoader, stealers such as LummaStealer, and the PurpleFox backdoor....
Understanding the Modern Cybercrime Landscape
HPE’s 2025 "In the Wild" report reveals that cybercriminal groups have industrialized their operations, leveraging automation and generative AI to scale attacks. The study identifies five inter‑related factors shaping today’s threat landscape: heightened network expectations, tighter financial constraints, increasingly complex...