Tag: Information Security Buzz

The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module.   The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all…

Read more →

Open source intelligence (OSINT) still sits outside the intelligence mainstream. If you’re not acquainted with the intelligence profession, you might not have come across the term at all. OSINT is the targeted collection and analysis of publicly available or licensable…

Read more →

TELUS Digital has fallen victim to a security incident in which unsanctioned actors accessed its systems.   Upon learning of this incident, the company said it took immediate action to resolve it and prevent any future breaches of its systems and environment.…

Read more →

Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information.  In a letter sent to affected staff members, the company said: “On or…

Read more →

Most conversations about AI in business start with the wrong question of “Can AI do the job?” It is entirely the wrong place to start. The real question for leadership is quieter but vastly more important…“Will this platform still exist,…

Read more →

Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information.  In a letter sent to affected staff members, the company said: “On or…

Read more →

“You’re cutting into my overtime. But if I can schedule upgrades to happen overnight and sleep better, I’m in!” This is what a network engineer recently told me as I was discussing network automation. Network infrastructure owners I speak with…

Read more →

Security researchers have demonstrated how a growing class of AI safety controls (known as AI judges) can be manipulated into approving content they are supposed to block.  In new research published by cybersecurity firm Palo Alto Networks’ threat intelligence team Unit 42, analysts describe how…

Read more →

Stryker, a global medical technology company based in Michigan, has fallen victim to a data-wiping attack. A hacktivist group affiliated with Iran’s intelligence services is claiming responsibility for the incident.  Reports coming from Ireland, Stryker’s largest base outside of the…

Read more →

Salesforce has warned customers that it has identified a campaign in which threat actors are exploiting customers’ overly permissive guest user settings to potentially access more data than targeted businesses intended.  “Evidence indicates the threat actor is leveraging a modified version of the open-source tool Aura Inspector (originally developed by Mandiant) to…

Read more →

A privacy controversy surrounding Meta Platforms’ Ray-Ban smart glasses has taken a new turn after security researchers uncovered dozens of exposed credentials linked to the company’s data-annotation contractor.  Last week, Swedish outlets Svenska Dagbladet and Göteborgs-Posten reported that footage captured by Meta’s smart glasses…

Read more →

Every penetration tester has had the moment. You are two days into an engagement, sifting through cloned repositories and intercepted HTTP responses, and a hardcoded AWS key appears in a config file that has been sitting in version control for…

Read more →

The first week after the new system went live was great.  You saw the rows of red and orange flash across your dashboard as the scans were completed.   Now, for the first time, the security team could say, with some authority, where…

Read more →

Australia’s recent decision to restrict social media access for children under 16 marks one of the most significant digital policy interventions the country has seen in years. The new policy reflects rising concern among policymakers around youth access to social…

Read more →

In September, cybercriminals pulled off one of the biggest ad fraud scams in recent memory by turning scores of user devices into “ghost click farms” that generated billions of fake ad impressions daily. Then, in January, another gang did it…

Read more →

Last year, Hong Kong police disclosed a reported case that would become a watershed moment in cybersecurity: a finance worker at global engineering firm Arup transferred $25 million to fraudsters after attending a video conference call with what appeared to…

Read more →

A new report from Thales highlights how artificial intelligence is reshaping the cybersecurity landscape, introducing new attack vectors while amplifying existing data protection challenges.  The 2026 Thales Data Threat Report finds that as organizations accelerate AI adoption, they are simultaneously increasing their exposure to cloud threats, identity…

Read more →

Fake tech support scams are not new. Historically, the goal was simple: convince someone to hand over a few hundred dollars in gift cards or give attackers remote access to a computer.  However, new research from Huntress highlights how familiar social-engineering tricks are evolving…

Read more →

As AI adoption matures, one trend is becoming impossible to ignore: the line between internal and customer-facing capabilities is blurring. AI agents that automate internal workflows or support employees are now being adapted into customer-facing use cases, powering chat assistants,…

Read more →

For much of the last decade, the CISO’s job has been framed as a race against increasingly sophisticated adversaries armed with automation, AI, and an expanding arsenal of attack tools. We’ve been told that security teams are losing ground, that…

Read more →