Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and…
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors
In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft. The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42. This article has been indexed…
Iran-nexus APT Dust Specter targets Iraq officials with new malware
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry…
The Silent Supply Chain: Why Your Fourth-Party Vendor is Your Biggest Blindspot
The CDK Global breach exposed how niche vendors can cripple entire industries. Move beyond questionnaires to continuous, AI-driven monitoring of third-, fourth- and nth‑party dependencies, dynamic prioritization, and threat‑informed supply‑chain risk management. The post The Silent Supply Chain: Why Your…
IT Security News Hourly Summary 2026-03-06 12h : 8 posts
8 posts were published in the last hour 10:36 : Apache ActiveMQ Flaw Enables DoS Attacks via Malformed Network Packets 10:36 : Transport for London says 2024 breach affected 7M customers, not 5,000 10:36 : Cyolo PRO 7.0 expands OT-first…
Apache ActiveMQ Flaw Enables DoS Attacks via Malformed Network Packets
Security researchers have uncovered a significant vulnerability in Apache ActiveMQ, a popular open-source message broker used by enterprises to route data between applications. Tracked as CVE-2025-66168, this security flaw allows malicious actors to trigger unexpected broker behavior and potential denial-of-service…
Transport for London says 2024 breach affected 7M customers, not 5,000
Authority says attackers accessed systems holding data tied to millions of Oyster and contactless users Transport for London has confirmed that a 2024 breach exposed the data of more than 7 million people – a far larger crowd than the…
Cyolo PRO 7.0 expands OT-first secure remote access with AI session intelligence
Cyolo has released Cyolo PRO (Privileged Remote Operations) v7.0, a major update that expands OT-first secure remote access and strengthens protection for critical infrastructure and industrial environments without disrupting operations. Secure remote access (SRA) tools focus primarily on managing access.…
Hexnode IdP brings device-aware authentication and zero trust to enterprise access
Hexnode has announced the launch of Hexnode IdP. By introducing this native identity layer, Hexnode delivers enterprise-grade authentication and identity management within a single, unified framework. While debuting as a dedicated Identity Provider (IdP), the solution marks a significant expansion…
U.S. CISA adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the…
Exploits and vulnerabilities in Q4 2025
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks. This article has been indexed from Securelist Read the original article:…
The Zero-Trust Paradox: Why Email Whitelists are Undoing Millions in Security Investment
Zero-trust collapses when email whitelists create permanent exceptions. Here’s why this hidden risk undermines modern security investments. The post The Zero-Trust Paradox: Why Email Whitelists are Undoing Millions in Security Investment appeared first on Security Boulevard. This article has been…
Cursor Automations turns code review and ops into background tasks
Cursor Automations, the always-on agent platform from Cursor, is expanding with a new generation of autonomous systems that streamline code review, incident response, and other engineering workflows. The platform runs AI agents on schedules or in response to development events.…
FBI Probes Attack On Intelligence Network
FBI says it is responding to cyber-incident reportedly involving system used to manage wiretaps, foreign intelligence surveillance warrants This article has been indexed from Silicon UK Read the original article: FBI Probes Attack On Intelligence Network
Amazon Hit By US E-Commerce Outage
Tens of thousands of users in US report errors, fluctuations in Amazon US e-commerce platform on Thursday This article has been indexed from Silicon UK Read the original article: Amazon Hit By US E-Commerce Outage
AWS-LC Flaw Exposes Amazon Users to Attacks by Bypassing Certificate Chain Validation
Amazon issued a critical security bulletin (2026-005-AWS) detailing three high-severity vulnerabilities in AWS-LC, its open-source cryptographic library. Discovered through a coordinated disclosure process with the AISLE Research Team, these flaws pose a serious risk to cloud infrastructure. Developers rely heavily…
16-28 February 2026 Cyber Attacks Timeline
In the second half of February 2026 I collected 80 events with a threat landscape dominated by malware with 42%, ahead of account takeovers and ransomware. This article has been indexed from HACKMAGEDDON Read the original article: 16-28 February 2026…
Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025
The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable…
Data Security Firm Evervault Raises $25 Million in Series B Funding
The company has raised a total of $46 million in funding for its developer-focused encryption and orchestration platform. The post Data Security Firm Evervault Raises $25 Million in Series B Funding appeared first on SecurityWeek. This article has been indexed…
Collaboration Critical As Geopolitical Pressures, AI Reshape Cybersecurity
Collaboration is more important than ever—and doable—according to the WEF’s Global Security Outlook 2026 report. The post Collaboration Critical As Geopolitical Pressures, AI Reshape Cybersecurity appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article:…
OpenAI’s GPT-5.4 doubles down on safety as competition heats up
In the midst of recent developments and controversies surrounding a contract with the U.S. Department of Defense, OpenAI released the GPT-5.4 model. The release comes at a time when users are reportedly leaving ChatGPT for rival chatbots, particularly Anthropic’s Claude.…
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the…
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While…
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets. This article has been indexed from Malwarebytes Read the original article: Fake CleanMyMac site installs SHub Stealer and backdoors crypto…