OPSWAT has announced OPSWAT Predictive Alin AI, its first proprietary AI-based threat detection engine for the MetaDefender Platform. This AI-based innovation introduces a new category of capability within the MetaDefender Platform, a high-confidence predictive layer that works alongside existing detection…
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included…
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared…
The Hidden Security Risks of Shadow AI in Enterprises
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing…
STX RAT Hides Remote Desktop, Steals Data to Dodge Detection
A stealthy new remote access trojan, dubbed STX RAT, that blends hidden remote desktop control with powerful infostealer capabilities while using advanced evasion and encryption techniques to stay under the radar of security tools. The operators rely on opportunistic initial access, including…
Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
Security researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tracked as CVE-2026-20160, this flaw carries a near-maximum CVSS score of 9.8. It allows remote, unauthenticated attackers to execute commands…
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on macOS Tahoe 26.4 while preserving the same underlying…
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor…
NSFW app leak exposes 70,000 prompts linked to individual users
MyLovely.AI leaked personal data, explicit prompts, and images of over 100,000 users, exposing many to sextortion and doxxing. This article has been indexed from Malwarebytes Read the original article: NSFW app leak exposes 70,000 prompts linked to individual users
Intruder expands cloud security with agentless container image scanning
Intruder has announced the release of Container Image Scanning, a new upgrade to its cloud security capabilities that automatically scans container images for vulnerabilities, granting customers actionable insight into container risk without deploying and maintaining scanning agents across their estates.…
Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group This article has been indexed from www.infosecurity-magazine.com Read the original article: Middle East Hack-for-Hire Operation Traced to South Asian…
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead This article has been indexed from www.infosecurity-magazine.com Read the original article: Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
On Microsoft’s Lousy Cloud Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence…
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. The post The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security appeared first on SecurityWeek. This…
CMMC Non-Compliance: Violations of FCA
Key Takeaways For many defense contractors, CMMC treated as a security project. It is discussed in terms of controls, readiness work, outside assessors, documentation, and the cost of getting prepared. Of course, all of that is important. But beyond that,…
They’re Here! Is Your Mainframe Ready for Cyberthreats From Outer Space?
With over 15,000 satellites in orbit, hackers are using unencrypted signals to bypass terrestrial defenses. Learn why space-based cybersecurity is no longer science fiction. The post They’re Here! Is Your Mainframe Ready for Cyberthreats From Outer Space? appeared first on Security Boulevard. This article has been indexed from…
Politicians Are Spending More Money on Security as They Increasingly Become Targets
Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence. This article has been indexed from Security Latest Read the original article: Politicians Are Spending More Money on Security as They Increasingly…
30,000 private Facebook images allegedly downloaded by Meta employee
The accused didn’t just browse around; he built a custom script designed to circumvent Meta’s internal detection systems. This article has been indexed from Malwarebytes Read the original article: 30,000 private Facebook images allegedly downloaded by Meta employee
Human Risk in Geopolitical Conflict: Iran War Lessons
Nisos Human Risk in Geopolitical Conflict: Iran War Lessons The war in the Middle East that began on February 28th has dominated headlines, disrupted markets, and forced boardrooms into emergency conversations about exposure… The post Human Risk in Geopolitical Conflict:…
Advenica’s File Scanner Kiosk scans USB media for malware
Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on external media for file transfers, organisations face increased vulnerability to malware. The File Scanner Kiosk addresses…
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities This article has been indexed from www.infosecurity-magazine.com Read the original article: Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
From the field to the report and back again: How incident responders can use the Year in Review
The Year in Review distills Talos IR’s observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here’s how. This article has been indexed from Cisco Talos Blog Read the original article:…
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
Microsoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain controllers and web servers. By leveraging the new Microsoft Security Exposure Management tool, the system now uses context-aware intelligence to…
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A massive alleged breach has hit China’s National Supercomputing Center (NSCC) in Tianjin. A hacker claims to have exfiltrated over…