News

Midmarket security leaders aren't as secure as they think, says Intruder's report

Partner Content  The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.…

SCION: Proven in banking and healthcare, slow to spread everywhere else

Feature  BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.…

Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job

Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft’s Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.…

AI helped send weekly threat signal count from 80 million to 400 billion, then helped response time shrink from two days to 30 minutes

Australia’s Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade.…

Operations and hospital networks not affected, we're told

Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.…

Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts'

Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses.…

Interpol says fraud schemes using the tech are 4.5x more profitable

AI is apparently good for the bottom line if your business is crime. Financial fraud schemes carried out with the help of artificial intelligence are 4.5 times more profitable than those that aren't enhanced, according to Interpol's latest estimates.…

Back button blunder in WebFiling service run by Companies House revealed confidential paperwork

Companies House was forced to pull down its record-filing platform for the entire weekend to rectify a "security issue" that exposed the personal details of company directors and other data to any logged in users.…

PLUS: Citrix CISO urges patch blitz; Mandiant founder reveals AI red-teaming tech; Bitter privacy news for Starbucks; And more

Infosec In Brief  Canadian outsourcer Telus Digital has admitted it fell victim to a cyberattack.…

And then they send victims to the legit VPN download to hide their tracks

A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.…

Operation Synergia's third season is the most productive to date

Ninety-four people were arrested as part of a global, multi-month cybercrime crackdown, Interpol revealed today.…

Take your YOLO and box it up

exclusive  NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project's commitment to security.…

Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed.…

Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy

AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.…

International cops stuck down 23 servers in 7 countries

Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, costing businesses and consumers millions.…

No rest for project maintainers battered by slew of vulnerability disclosures

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.…

Like deleting data, exposing keys, and loading malicious content, perhaps leading to government ban

China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.…

State news published a list of nearly 30 sites that could be targeted

Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…

Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims

A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.…

150k accounts nuked, 21 suspects arrested

Not every scam starts with malware or a compromised account. Sometimes all it takes is a friend request or a link shared via chat.…