Storm-2561 Targets Enterprise VPN Users with SEO Poisoning, Fake Clients
Microsoft warned that the cyber‑crime group Storm‑2561 is hijacking search‑engine results to distribute trojanized VPN clients, stealing corporate credentials and covering its tracks. The campaign uses SEO poisoning to push spoofed download pages for popular VPN solutions, delivering digitally signed malware hosted on GitHub. The payload drops a fake Pulse Secure client, side‑loads a Hyrax‑based infostealer, and persists via the RunOnce registry key before redirecting victims to the legitimate client. The operation has been active since May 2025 and leverages a valid certificate to evade detection.
The Cyber Perimeter Was Never Dead. We Just Abandoned It.
The article argues that the network perimeter is not dead, but has been neglected as organizations focus on cloud‑native identities. Federal actions—FBI’s Winter SHIELD operation and CISA’s BOD 26‑02 directive—force a hard look at weak authentication, excessive privileges, and unsupported edge...
AWS Expands Security Hub for Multicloud Security Operations
Amazon Web Services has broadened AWS Security Hub into a centralized multicloud security operations platform. The enhanced service aggregates risk signals from AWS and third‑party tools, delivering near‑real‑time analytics, automated analysis, and prioritized insights across multiple cloud providers. New capabilities...
Threat Intelligence by ESET Is a Game Changer
ESET reports a mixed security outlook for India, with overall threat detections falling 12 % YoY while ransomware incidents jumped 70 % between late‑2024 and early‑2025. Phishing remains the most common attack vector, and AI‑driven deep‑fake and ransomware threats are intensifying. The...
The OT Security Time Bomb: Why Legacy Industrial Systems Are the Biggest Cyber Risk Nobody Wants to Fix
Legacy operational technology (OT) in energy and pharma plants still relies on outdated operating systems like Windows XP and insecure protocols such as Modbus, creating a hidden cyber‑risk. While IT teams adopt zero‑trust and AI‑driven defenses, OT environments remain unpatched...
OpenAI to Acquire Promptfoo to Strengthen AI Agent Security Testing
OpenAI announced it will acquire Promptfoo, an AI testing startup whose tools detect adversarial prompts, jailbreak attempts, and safety violations in large language model applications. Promptfoo’s technology, already deployed by more than a quarter of Fortune 500 firms, will be integrated...
When AI Safety Constrains Defenders More than Attackers
Security teams are encountering AI safety guardrails that block legitimate defensive tasks such as threat modeling, phishing simulations, and red‑team code generation. Research shows open‑weight models can be bypassed in multi‑turn attacks with success rates up to 93%, while enterprise‑approved...
Challenges and Projects for the CISO in 2026
CISOs face a 2026 threat landscape where AI‑driven attacks are faster, cheaper, and more credible, forcing a shift from prevention to rapid response. Experts warn that a growing internet monoculture and quantum decryption threats will magnify breach impact. Identity verification...
The 10-Hour Problem: How Visibility Gaps Are Burning Out the SOC
According to a Forrester Consulting study commissioned by NETSCOUT, 61% of SOC analysts spend more than ten hours each week in the analysis phase due to fragmented visibility. Inadequate network analysis and visibility (NAV) forces analysts to manually stitch logs...
Anthropic AI Ultimatums and IP Theft: The Unspoken Risk
Anthropic’s Claude AI is caught between a massive Chinese extraction campaign and a U.S. government ban that forces the model out of federal systems. China‑based firms generated over 16 million interactions to map Claude’s reasoning, tool use and coding abilities, while...
How to Know You’re a Real-Deal CSO — and Whether that Job Opening Truly Seeks One
Recruiters struggle to find genuine Chief Security Officers (CSOs) because the role now demands deep technical expertise, business acumen, and executive communication. Title inflation leads firms to hire or promote candidates who excel in architecture but lack governance, risk‑prioritization, and...
How CISOs Can Build a Resilient Workforce
Cybersecurity leaders face mounting workforce challenges as skill gaps, burnout, and unpredictable threat spikes strain limited budgets. CISOs like Stephen Ford and Jon France emphasize data‑driven staffing, AI‑augmented workflows, and early‑career pipelines to sustain teams. The 2025 ISC2 study shows...
Why Application Security Must Start at the Load Balancer
Application security should begin at the load balancer, not deeper in the stack. Organizations often treat load balancers solely as performance devices, leaving encryption, protocol hygiene, and abuse controls to downstream tools. This architectural gap lets attackers exploit weak TLS...
Boards Don’t Need Cyber Metrics — They Need Risk Signals
Security teams flood boards with counts of attacks, patches, and alerts, but executives need signals that translate those numbers into business risk. Experts argue that time‑based metrics like detection and containment speed, and financial exposure indicators, better reveal whether risk...
Fake Zoom Meeting Silently Installs Surveillance Software, Says Malwarebytes
Malwarebytes uncovered a new fake‑Zoom meeting scam that silently installs a covert build of the Teramind employee‑monitoring tool on Windows workstations. Victims are lured by a realistic Zoom waiting room, then an automatic “Update Available” countdown triggers a silent download...
What Does Business Email Compromise Look Like?
Business email compromise (BEC) continues to surge, costing $2.7 billion in 2022—a 12.5% increase over the prior year. Attackers masquerade as CEOs, HR staff, or trusted vendors, using deep reconnaissance, AI‑generated voice cloning, fake invoices, QR codes, and conversation hijacking to...
What Are the Types of Ransomware Attacks?
Ransomware has evolved into a multi‑strain ecosystem, ranging from classic crypto ransomware that encrypts data to double‑extortion variants that also threaten public leaks. Newer models such as encryption‑less, locker, scareware, and Ransomware‑as‑a‑Service (RaaS) broaden the attack surface and lower the...
US Dominance of Agentic AI at the Heart of New NIST Initiative
The U.S. National Institute of Standards and Technology (NIST) has launched the AI Agent Standards Initiative under the Center for AI Standards and Innovation (CAISI) to develop industry‑led standards for autonomous AI agents. The effort aims to cement U.S. leadership,...
A New Approach for GenAI Risk Protection
Generative AI’s rapid consumer adoption has exposed enterprises to data leakage risks, prompting security teams to reassess protection strategies. Traditional DLP solutions are expensive and cumbersome, limiting their use to large organizations. Two viable paths emerge: purchasing enterprise‑grade GenAI licenses...
The New Paradigm for Raising up Secure Software Engineers
AI‑assisted coding is set to dominate enterprise development, with Gartner projecting 90% of engineers using AI assistants by 2028. As AI automates line‑level vulnerability detection, security teams face a surge in code volume and reduced review windows. This forces a...
Cyber Attacks Enabled by Basic Failings, Palo Alto Analysis Finds
Palo Alto Networks’ 2026 Global Incident Response Report shows cyber‑attack timelines have collapsed, with the fastest breaches moving from initial access to data exfiltration in just 72 minutes, down from nearly five hours in 2024. The acceleration is largely driven...
Leaky Chrome Extensions with 37M Installs Caught Divulging Your Browsing History
Security researcher Q Continuum identified 287 Chrome extensions that secretly transmit users' browsing histories, affecting an estimated 37 million installations worldwide. The extensions span categories such as VPNs, productivity utilities, and shopping add‑ons, and many request broad host permissions that enable...
10 Years Later, Bangladesh Bank Cyberheist Still Offers Cyber-Resiliency Lessons
A decade after the Bangladesh Bank heist, the 2016 cyberattack that attempted to steal $951 million via the SWIFT network remains a benchmark for nation‑state hacking. Attackers used spear‑phishing malware to obtain valid SWIFT credentials, executing 35 fraudulent payment orders, of...
CISOs Must Separate Signal From Noise as CVE Volume Soars
The FIRST forecast predicts 2026 will see roughly 59,000 CVEs, with extreme scenarios approaching 118,000, far exceeding the 48,000 reported in 2025. The surge stems from more CVE Numbering Authorities, expanded bug‑bounty programs, and AI‑driven discovery, not a sudden drop...
Windows Shortcut Weaponized in Phorpiex-Linked Ransomware Campaign
Forcepoint X‑Labs uncovered a Phorpiex‑driven phishing campaign that weaponizes Windows shortcut (LNK) files to deliver Global Group ransomware. The emails use a double‑extension lure such as "Document.doc.lnk" and hide the true file type behind Windows’ default extension hiding. Once opened,...
Single Prompt Breaks AI Safety in 15 Major Language Models
Microsoft researchers uncovered a novel attack called GRP‑Obliteration that uses a single benign‑sounding prompt to strip safety guardrails from 15 major language and image models. By hijacking the Group Relative Policy Optimization training loop, the method rewards harmful completions, driving...
Never Settle: How CISOs Can Go Beyond Compliance Standards to Better Protect Their Organizations
CISOs are urged to move past traditional compliance checklists and adopt a risk‑first strategy that anticipates emerging threats such as AI‑driven attacks, third‑party vulnerabilities, and future quantum risks. While standards like HIPAA, SOC 2, and ISO 27001 provide a useful baseline, they...
Schrödinger’s Cat and the Enterprise Security Paradox
Security leaders often operate under a paradox: dashboards show compliance while unseen breaches may exist. The article likens this to Schrödinger’s cat, arguing that without direct observation, an organization is simultaneously secure and compromised. It distinguishes the “paper company” of...
NIS2: Supply Chains as a Risk Factor
The EU’s NIS2 directive expands cybersecurity obligations beyond a company’s own network to include every external partner in the supply chain. It mandates that firms systematically identify, assess, and continuously monitor risks from service providers, cloud vendors, and subcontractors. The...
The Silent Security Gap in Enterprise AI Adoption
Enterprises are rapidly integrating generative AI into core workflows, but security models have not kept pace. Sensitive data now flows through AI inference requests—prompts containing source code, contracts, PII, and strategic logic—yet these streams sit outside traditional visibility and control...
Software Supply Chain Risks Join the OWASP Top 10 List, Access Control Still on Top
The 2025 OWASP Top 10 introduces software supply chain failures and mishandling of exceptional conditions as new entries, while broken access control retains the top spot after 20 years. Security misconfiguration rises to second place, and AI‑generated code is highlighted in the...
Threat Actors Hijack Web Traffic After Exploiting React2Shell Vulnerability: Report
Researchers at Datadog Security Labs report that threat actors are exploiting the React2Shell vulnerability (CVE‑2025‑55182) in React Server Components to compromise NGINX servers managed via Boato Panel, hijacking web traffic and redirecting users to malicious sites. The attacks target a...
Zero Trust in Practice: A Deep Technical Dive Into Going Fully Passwordless in Hybrid Enterprise Environments
Eliminating passwords in hybrid Active Directory and Microsoft Entra ID environments requires a complete redesign of identity architecture, not a simple switch. Success hinges on three prerequisites—cloud Kerberos trust, device registration, and Conditional Access policies—forming a prerequisite triangle. Organizations must...
From Credentials to Cloud Admin in 8 Minutes: AI Supercharges AWS Attack Chain
Threat actors used a publicly exposed AWS credential to launch an AI‑assisted attack that achieved full administrative control in under eight minutes. Large language models generated malicious Lambda code, enabling rapid privilege escalation, lateral movement across 19 principals, and costly...
Shai-Hulud & Co.: The Software Supply Chain as Achilles’ Heel
Supply‑chain attacks have evolved from passive typosquatting to active worms, exemplified by the Shai‑Hulud malware. Shai‑Hulud steals developer credentials, republishes infected npm packages, and can trigger a dead‑man switch that erases evidence. The worm’s ability to move across languages and...
This Stealthy Windows RAT Holds Live Conversations with Its Operators
Point Wild researchers uncovered a new Windows campaign deploying the Pulsar RAT, a .NET‑based remote access trojan that lives entirely in memory. The infection chain starts with a per‑user Registry Run key that launches a PowerShell loader, which decodes Donut‑generated...
When Responsible Disclosure Becomes Unpaid Labor
Responsible disclosure is increasingly failing as organizations delay acknowledgment, dispute severity, and provide little compensation, turning ethical research into unpaid labor. The recent React2Shell (CVE-2025-55182) case shows coordinated response can work, yet exploitation still spread quickly. In contrast, unbacked open‑source...
Startup Amutable Plotting Linux Security Overhaul to Counter Hacking Threats
Berlin‑based startup Amutable, founded by former Red Hat and Microsoft engineers including systemd creator Lennart Poettering, announced a mission to bring determinism and verifiable integrity to Linux systems. The company plans to replace heuristic security with cryptographic verification of boot processes and...
The CSO Guide to Top Security Conferences
The CSO editorial team compiled a calendar of security conferences slated for February through May 2026, covering more than 30 events across Asia, Europe, North America and Australia. Highlights include multiple Gartner Security & Risk Management Summits, the BSides community...
Human Risk Management: CISOs’ Solution to the Security Awareness Training Paradox
Human risk management (HRM) is emerging as a solution to the security awareness training (SAT) paradox, where 70‑90% of breaches originate from employee actions despite billions spent on training. While SAT spending is projected to grow 15% annually, its efficacy...
EU’s Answer to CVE Solves Dependency Issue, Adds Fragmentation Risks
The European Union has launched the Global Cybersecurity Vulnerability Enumeration (GCVE.eu) database, aggregating advisories from over 25 public sources into a single, searchable platform hosted by Luxembourg’s CIRCL and co‑funded by the EU’s FETTA project. The initiative aims to mitigate...
NIST’s AI Guidance Pushes Cybersecurity Boundaries
NIST’s Center for AI Standards and Innovation released a formal Request for Information targeting secure practices for autonomous AI agents, signaling a shift from broad, principle‑based AI risk guidance to concrete, operational controls. The agency highlighted the limits of treating...
Sicarii Ransomware Locks Your Data and Throws Away the Keys
Sicarii ransomware generates a fresh RSA key pair on each victim system and discards the private key, making encrypted data unrecoverable even after ransom payment. This defect breaks the standard ransomware‑as‑a‑service model that relies on attacker‑held private keys for decryption....
Always-On Privileged Access Is Pervasive — and Fraught with Risks
Enterprises are plagued by pervasive always‑on privileged access, with 91 % of users remaining logged in at their highest privilege level. Legacy governance, mergers, cloud migrations and rapid fixes have left dormant privileged accounts embedded in critical workflows, creating a massive...
Delegation Is a Risk Decision Every Leader Makes, Not an Ops Choice
Leaders increasingly delegate decision‑making authority to software, turning routine operational choices into enterprise‑level risk decisions. When systems automatically issue credits, payments, or pricing adjustments, the underlying authority often lacks explicit ownership, exposing organizations to financial, legal, and reputational fallout. Security...
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
Microsoft Handed over BitLocker Keys to Law Enforcement, Raising Enterprise Data Control Concerns
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
NETSCOUT Recognized for Leadership in Network Detection and Response
NETSCOUT has been named a leader in network detection and response (NDR) by Quadrant Knowledge Solutions’ 2025 SPARK Matrix. The company’s Omnis Cyber Intelligence platform leverages Adaptive Service Intelligence to inspect packets at up to 100 Gbps, delivering deep, context‑rich metadata...
Smarter DDoS Security at Scale
NETSCOUT introduced Arbor Edge Defense (AED), a selective decryption solution that inspects only suspicious encrypted traffic to mitigate DDoS attacks hidden in TLS 1.3 sessions. Traditional full‑traffic decryption is resource‑intensive, creating blind spots for security teams. AED combines known‑source blocking,...
Vulnerability Prioritization Beyond the CVSS Number
The article argues that relying solely on CVSS scores misguides vulnerability prioritization. Real‑world incidents like Equifax, SolarWinds, and Log4Shell show that medium‑scoring flaws can cause outsized damage when they propagate through interconnected systems. It introduces the Unified Linkage Model (ULM)...