Tag: Information Security Buzz

Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect. The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtect portals and gateways.…

Read more →

On 6 December 2024, the Constitutional Court of Romania took an unprecedented step: it annulled the first round of the country’s presidential election. Not over ballot-box fraud, nor over irregularities in the count, but because one candidate, the previously unknown…

Read more →

CrowdStrike has shared details of a coordinated operation used to disable the Glassworm botnet, which targets software developers and leverages open-source ecosystems to deploy malware. The CrowdStrike Counter Adversary Operations team, in partnership with Google and the Shadowserver Foundation, took…

Read more →

Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT…

Read more →

For a long time, cybersecurity has been viewed as a technology-based problem, with leaders focused on crafting intelligent protective systems designed to prevent major attacks. However, as the threats faced by modern organizations grow increasingly sophisticated, agile, and unpredictable, the…

Read more →

For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next…

Read more →

Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks.  The new…

Read more →

According to the 2026 Verizon Data Breach Investigations Report, the threat environment is transforming in terms of speed, scale, and interconnected risk. For the first time in its history, vulnerability exploitation was identified as the top initial access vector, representing 31% of attacks, and…

Read more →

The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against.  Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the…

Read more →

As organizations shift from vulnerability management (VM) to exposure management (EM), the role of the VM analyst must evolve or become outmoded.   This necessary transition forces analysts to move beyond the job description of scanning and patching and into more…

Read more →

A security breach notification process has been initiated by 7-Eleven as a result of a security incident where an outside party was able to gain access to their systems containing franchisers’  information.  According to a breach notification filed with the state of Maine, the company discovered that threat…

Read more →

UK’s National Cyber Security Centre (NCSC) has advised businesses to proceed with caution when considering the implementation of agent-based AI, suggesting that agentic AI represents an entirely different kind of security problem compared to generative AI.  According to a recent blog post and global guidance, produced in…

Read more →

As organizations shift from vulnerability management (VM) to exposure management (EM), the role of the VM analyst must evolve or become outmoded.   This necessary transition forces analysts to move beyond the job description of scanning and patching and into more…

Read more →

Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server.  Although Microsoft has not issued any patches for this security vulnerability, they…

Read more →

OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing certificates and require macOS users to update their applications by 12 June.   In a security advisory published this week, the company…

Read more →

A new report from Tenable is warning that organizations are creating what it describes as a growing “AI exposure gap,” as enterprises race to deploy AI tools and cloud-native services faster than security and governance teams can keep up.  The “Cloud and AI…

Read more →

West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May.   The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of…

Read more →

Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery. The…

Read more →

I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architects AI governance. For weeks at the beginning of the year, Microsoft 365 Copilot read…

Read more →

Foxconn has confirmed that several of its North American factories were hit by a cyberattack, after the Nitrogen ransomware group claimed to have stolen 8TB of data comprising more than 11 million files.  According to the bad actor, the information supposedly obtained contains private directives, project details,…

Read more →