Cloud Security$32 billion Google-Wiz deal bodes well for cloud security, experts saySteve ZurierMarch 18, 2025Acquisition promises to blend Google Cloud’s AI depth with stronger cloud security from Wiz.
Cloud SecurityMicrosoft 365 environments exploited in business email attacksSteve ZurierMarch 17, 2025The BEC attacks rely on phishing lures that let the bad actors operate entirely within the Microsoft 365 ecosystem.
AI/MLOpenAI’s Operator AI agent can be used in phishing attacks, say researchersSteve ZurierMarch 14, 2025Researchers prove how attackers can use the added functionality in AI agents to launch phishing attacks.
AI/MLResearchers use jailbreak to build functional malware via DeepSeekSteve ZurierMarch 13, 2025Tenable researchers jailbreak DeepSeek to build a keylogger and ransomware.
Application securityXCSSET macOS malware variant targets Xcode projects of app developersSteve ZurierMarch 12, 2025XCSSET variant features enhanced stealth features that can lead to the exfiltration of sensitive financial information.
Vulnerability Management3 Ivanti flaws added to CISA list of known exploited vulnerabilitiesSteve ZurierMarch 11, 2025Ivanti Endpoint Manager flaws can grant unauthenticated attackers full compromise of vulnerable servers.
Vulnerability ManagementCritical 9.8 PHP flaw exploited in US, Japan and SingaporeSteve ZurierMarch 10, 2025Security pros say exploitation of critical PHP flaw could lead to system compromise and ransomware attacks.
Vulnerability ManagementMalvertising op targets almost 1M devices via malicious GitHub reposSteve ZurierMarch 7, 2025Three-stage campaign relies on consumer and corporate users downloading illegal content from malware-laden websites.
Governance, Risk and ComplianceShould contractors disclose vulnerabilities to get government work?Steve ZurierMarch 6, 2025House bill requires all federal contractors to submit to a vulnerability disclosure program.
DevOpsTyposquatting campaign targets financial sector Linux, macOS systemsSteve ZurierMarch 5, 2025At least seven typosquatting packages infiltrate the Go ecosystem.
