Category: Information Security Buzz

A privacy controversy surrounding Meta Platforms’ Ray-Ban smart glasses has taken a new turn after security researchers uncovered dozens of exposed credentials linked to the company’s data-annotation contractor.  Last week, Swedish outlets Svenska Dagbladet and Göteborgs-Posten reported that footage captured by Meta’s smart glasses…

Read more →

Every penetration tester has had the moment. You are two days into an engagement, sifting through cloned repositories and intercepted HTTP responses, and a hardcoded AWS key appears in a config file that has been sitting in version control for…

Read more →

The first week after the new system went live was great.  You saw the rows of red and orange flash across your dashboard as the scans were completed.   Now, for the first time, the security team could say, with some authority, where…

Read more →

Australia’s recent decision to restrict social media access for children under 16 marks one of the most significant digital policy interventions the country has seen in years. The new policy reflects rising concern among policymakers around youth access to social…

Read more →

In September, cybercriminals pulled off one of the biggest ad fraud scams in recent memory by turning scores of user devices into “ghost click farms” that generated billions of fake ad impressions daily. Then, in January, another gang did it…

Read more →

Last year, Hong Kong police disclosed a reported case that would become a watershed moment in cybersecurity: a finance worker at global engineering firm Arup transferred $25 million to fraudsters after attending a video conference call with what appeared to…

Read more →

A new report from Thales highlights how artificial intelligence is reshaping the cybersecurity landscape, introducing new attack vectors while amplifying existing data protection challenges.  The 2026 Thales Data Threat Report finds that as organizations accelerate AI adoption, they are simultaneously increasing their exposure to cloud threats, identity…

Read more →

Fake tech support scams are not new. Historically, the goal was simple: convince someone to hand over a few hundred dollars in gift cards or give attackers remote access to a computer.  However, new research from Huntress highlights how familiar social-engineering tricks are evolving…

Read more →

As AI adoption matures, one trend is becoming impossible to ignore: the line between internal and customer-facing capabilities is blurring. AI agents that automate internal workflows or support employees are now being adapted into customer-facing use cases, powering chat assistants,…

Read more →

For much of the last decade, the CISO’s job has been framed as a race against increasingly sophisticated adversaries armed with automation, AI, and an expanding arsenal of attack tools. We’ve been told that security teams are losing ground, that…

Read more →

ReliaQuest’s 2026 Annual Threat Report reveals that 2025 saw an unparalleled escalation in AI- and automation-facilitated cyberattacks. Incident data from 2024 was compared to 2025, and ReliaQuest found that threat actors are now faster than ever. To remain ahead of the curve, security practitioners will need to adopt AI…

Read more →

In early 2026, a platform called Moltbook, later renamed OpenClaw, went viral for what appeared to be a startling development. Autonomous AI agents were posting, debating, upvoting, and forming communities without human participation. Basically, how most end-of-the-world sci-fi movies start.…

Read more →

A UK solicitor is under investigation for allegedly violating client confidentiality and waiving legal privilege after they confessed to uploading their clients’ confidential documents to ChatGPT.   This is in line with a warning issued by the Upper Tribunal that the…

Read more →

Cyber Risk is now a standing item in most boardrooms. You’ll find it in annual reports, audit committees, and regulatory filings. And still, cyber risk is not being addressed.  Not because boards don’t care, or because CISOs are not reporting. But because something fundamental…

Read more →

New evidence indicates that the North Korean state-sponsored Lazarus Group has adopted the infamous Medusa ransomware in its extortion attacks, including those against the healthcare and nonprofit sectors.  The Threat Hunter Team from Symantec and Carbon Black says these attacks have…

Read more →

Malware-fuelled ATM “jackpotting” attacks are surging across the United States, with the FBI warning that incidents have spiked sharply in 2025.  In a recent alert, the Bureau said it has recorded around 1,900 ATM jackpotting incidents since 2020. Alarmingly, more than…

Read more →

PayPal has disclosed a data breach that exposed some of its customers’ personal information and led to fraudulent transactions.  The company said it happed due to an error in its PayPal Working Capital (“PPWC”) loan application, an offering that gives businesses a cash advance based on…

Read more →

A bug has been causing Microsoft Copilot to read and summarise users’ confidential emails, and it’s been happening since late January.   Microsoft says the issue stems from a code error that bypassed data loss prevention (DLP) policies designed to stop sensitive information from being accessed in…

Read more →

Abnormal has discovered a new phishing kit that allows bad actors to steal usernames and passwords with a toolkit that spoofs live login pages and bypasses multi-factor authentication (MFA) protections.  Most phishing kits depend on static HTML clones of login pages, which,…

Read more →

Companies are investing in artificial intelligence at an unprecedented pace. Few areas of business remain untouched by automation, generation, or analysis through AI, yet what’s often missing from the conversation is how quickly this shift is redefining the threat landscape…

Read more →