Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Chinese hackers use new Atlas RAT malware in European cyberattacks
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]
Bend the beam like Beckham to defeat anti-jamming tech
It's hard to stop a signal jammer if you can't locate the source, say Rice University researchers
U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to te…
Cisco sees quantum networking as the future of networking
Particle entanglement, superposition and teleportation are key concepts in quantum physics. Einstein famously dismissed such phenomena as “spooky action at a distance.” Quantum …
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used t…
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's…
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]
Grep this: Microsoft grafts (most) Linux commands onto Windows
Coreutils serves over 75 Unix commands in Windows and PowerShell command lines
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and dat…
NAN124: AI and Trust in Modern Network Automation
Sif Baksh joins Eric Chou to share his professional experience and resources to help engineers get their arms around using AI in network automation. They discuss practical advantag…
Ring gets buzzed by class action for collecting visitors' faces without consent
The latest in a series of raised eyebrows over Familiar Faces and other AI ventures
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.6B Valuation to Scale…
TCG077: News Roundtable: Data Center Backlash and the AI Chip War
William and Eyvonne discuss recent tech news, including the growing political and community opposition to AI data centers driven by fears over power and water usage. They also anal…
No longer just a Copilot, Microsoft's AI wants to take the wheel
Always-on agent promises to keep work moving, provided you trust it with practically everything
Cisco Finesse Remote File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, po…
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthentic…
Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco…
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-…
Intel bit off more than it could chew with 18A process node
CFO Zinsner insists the troubled node was a one-off as 14A stays on track
Enterprise Spotlight: Rethinking cloud strategy in the age of AI
Cloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and sovereign clouds shake …
What is Cisco Cloud Control and why should customers care?
As is typical of Cisco, the company made several product announcements at its flagship event, Cisco Live. The most significant product announcement is Cisco Cloud Control, which re…
Don’t repeat 5G mistakes with 6G, plead mobile operators
NGMN wants a clear migration path before next-gen network rollouts begin
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
Will Broadcom’s VMware strategy keep paying big dividends?
Four years ago, when Broadcom announced plans to buy VMware, analysts recommended that enterprises start looking for an exit strategy based on Broadcom’s less-than-stellar track re…
The tech that could make Marvell the next trillion dollar company
CU later, rivals? That's if Broadzilla doesn't eat its lunch first
AI agents can now manipulate your organization. Are you ready?
SPONSORED POST: Agents with hands require a hands-on policy
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any …