Vulnerability ManagementMicrosoft Office 365 MFA targeted by ‘SessionShark’ phishing kitLaura FrenchApril 25, 2025The malicious service is advertised to evade detection and closely mimic a real login page.
AI/ML‘Vibe coding’ using LLMs susceptible to most common security flawsLaura FrenchApril 24, 2025OpenAI’s models were most likely to produce vulnerable code in tests by Backslash Security.
Cloud SecurityGoogle fixes Cloud Composer privilege escalation vulnerabilityLaura FrenchApril 22, 2025Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.
RansomwareFog ransomware notes troll with DOGE references, bait insider attacksLaura FrenchApril 21, 2025Recent Fog samples are spread through phishing emails referencing pay adjustments.
Data SecurityHHS fines Guam hospital over ransomware attack, HIPAA violationsLaura FrenchApril 18, 2025A ransomware attack and incident involving former employees led to potential HIPAA violations.
IdentityIdentity-based cyberattacks a third of intrusions, drop infostealersLaura FrenchApril 17, 2025IBM’s X-Force 2025 Threat Intelligence Index reveals an increase in misuse of valid credentials.
RansomwareInterlock ransomware evolves tactics with ClickFix, infostealersLaura FrenchApril 16, 2025The lesserknown ransomware group uses fake updaters on compromised sites to lure victims.
AI/MLMalicious bots now make up more than a third of web trafficLaura FrenchApril 15, 2025About 44% of advanced bot traffic targets APIs, according to the Imperva 2025 Bad Bot Report.
AI/MLGenAI vulnerabilities fixed only 21% of the time after pentestingLaura FrenchApril 14, 2025Cobalt’s State of Pentesting Report 2025 reveals how GenAI security lags behind adoption.
Threat IntelligenceBlack Basta-like Microsoft Teams phishing leads to novel backdoorLaura FrenchApril 11, 2025A new PowerShell backdoor and persistence technique that hijacks TypeLib were discovered.
