Security
Workday CRM breach amplifies fears of an alliance between ShinyHunters and Scattered Spider
Cybercrime supergroup feared to be using sophisticated social engineering techniques in joint attacks against big-name victims.
Cybersecurity
Security
Russian hackers hijacked a Norwegian dam, opened literal and metaphorical floodgates
"The aim of this type of operation is to cause fear and chaos among the population. Russia has become more dangerous."
Security
"The security vs compliance fight makes no sense": Unlocking the rewards of risk management
Scrut Automation CISO Nicholas Muy discusses why security pros are learning to embrace (if not always love) governance, risk, and compliance.
Quantum
Countdown to Q-Day: How to prevent a quantum decryption disaster
"The foundations of digital security are at stake. Traditional cryptographic techniques may soon be vulnerable to quantum..."
Security
Dark web Initial Access Brokers are selling hacked network access for as little as $500, study reveals
Investigators find that crooks offer consumer-style hack'n'mix bundles that package access with privilege or other treats.
Cybersecurity
Cursor fixes RCE vulnerability as developers' trust in AI coding tools plummets
"AI-powered tools are introducing attack surfaces we’ve never seen before. We’re entering a new era of security threats."
Opinion
Non-humans in the loop: AI agents and a shift to autonomous threat response
"By 2028, agentic AI will be embedded in a third of all enterprise software, with a growing share of operational decisions made autonomously."
Cybersecurity
Cost of a data breach hits historic all-time high in the US, drops globally: IBM warns of growing shadow AI risk
"AI is accelerating across the enterprise, but the security and governance needed to protect it aren’t keeping pace."
Cybercrime
The rise of Dark LLMs: DDoS-for-hire cybercriminals are using AI assistants to mastermind attacks
Lawbreaking language models lower the barrier of entry for unskilled crooks and make it frighteningly easy to launch crime campaigns.
Security
Microsoft blames China for SharePoint ToolShell attacks, governments and nuclear weapons agency targeted
Fear turned to panic as scary 9.8 CVSS vulnerability came under active exploitation by bad guys including nation-state attackers.
Ransomware
UK public bodies to be banned from making payments to ransomware gangs
"These new measures help undermine the criminal ecosystem that is causing harm across our economy."
Security
Sharepoint under attack: Microsoft rocked by "high-severity, high-urgency" Toolshell zero-day
"You should assume that you have been compromised at this point. Patching alone is insufficient to fully evict the threat."