A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. “The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign,” Fortinet…
Tag: EN
UK border tech budget swells by £100M as Home Office targets small boat crossings
Drone, satellite, and other data combined to monitor unwanted vessels The UK Home Office is spending up to £100 million on intelligence tech in part to tackle the so-called “small boats” issue of refugees and irregular immigrants coming across the…
Microsoft Launches Open-Source WinApp CLI to Streamline Windows App Development
Microsoft has unveiled the public preview of WinApp CLI (winapp), a new open-source command-line tool designed to simplify Windows app development for developers using diverse frameworks outside Visual Studio or MSBuild. Hosted on GitHub, the tool targets web devs with…
Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign
Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise…
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data
The WorldLeaks cybercrime group claims to have stolen information from the footwear and apparel giant’s systems. The post Nike Probing Potential Security Incident as Hackers Threaten to Leak Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the…
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents
AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits:…
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the “largest cyber attack” targeting Poland’s power system in the last week of December 2025. The attack was unsuccessful, the country’s energy minister,…
Children and chatbots: What parents should know
As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development This article has been indexed from WeLiveSecurity Read the original article: Children and chatbots: What parents should know
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper This article has been indexed from WeLiveSecurity Read the original article: ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
Hackers Exploiting telnetd Vulnerability for Root Access – Public PoC Released
Active exploitation of a critical authentication bypass vulnerability in the GNU InetUtils telnetd server (CVE-2026-24061) has been observed in the wild, allowing unauthenticated attackers to gain root access to Linux systems. The vulnerability, which affects GNU InetUtils versions 1.9.3 through…
Microsoft Shares BitLocker Keys with FBI to Unlock Encrypted Laptops in Guam Fraud Investigation
Microsoft gave U.S. federal agents the digital keys needed to unlock three encrypted laptops linked to a massive COVID unemployment scam in Guam. This case shows how cloud-stored encryption keys can help law enforcement, but also raises big privacy worries…
VoidLink: An In-Depth Look at the Nest Generation of AI Generated Malware
Discovering Void Link: The AI-Generated Malware Shaking Up Cybersecurity In this episode, we explore the fascinating discovery of ‘Void Link,’ one of the first documented cases of advanced malware authored almost entirely by artificial intelligence. Hosts delve into an eye-opening…
Android Malware Uses Artificial Intelligence to Secretly Generate Ad Clicks
Security researchers have identified a new category of Android malware that uses artificial intelligence to carry out advertising fraud without the user’s knowledge. The malicious software belongs to a recently observed group of click-fraud trojans that rely on machine…
Top 10 World’s Best Data Security Companies in 2026
In 2026, data has become the most valuable asset for businesses and the most targeted. With rising ransomware attacks, insider threats, AI-driven breaches, and strict global data protection regulations, organizations can no longer rely on basic security controls. This has…
11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)
Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from…
CISA won’t attend infosec industry’s biggest conference this year
But ex-CISA boss and new RSAC CEO Jen Easterly will be there exclusive The US Cybersecurity and Infrastructure Security Agency won’t attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.… This article has been indexed…
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 celebrates 9 years of the Cyber Threat Alliance, tracing its journey from a bold idea to a global leader in collaborative cyber defense. The post Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense appeared first…
Updated PCI PIN compliance package for AWS Payment Cryptography now available
Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS Payment Cryptography service. With AWS Payment Cryptography, your payment processing applications can use payment hardware security…
From runtime risk to real‑time defense: Securing AI agents
Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. The post From runtime risk to real‑time defense: Securing AI agents appeared first on Microsoft Security Blog. This article has been indexed from…