The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It […]
From code to boardroom: A GenAI GRC approach to supply chain risk
I know the pressure chief information security officers face right now. We spent years hardening our own perimeter, then a few more managing the third-party […]
Xillen Stealer: Advanced Features Bypass AI Detection and Steal Password Manager Data
The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across platforms. Documented initially by Cyfirma […]
Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Gain Higher Privileges
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a […]
With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?
Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise. The original article found […]
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, […]
Switching to Offense: US Makes Cyber Strategy Changes
The US national cyber director describes the next cyber strategy as focusing “on shaping adversary behavior,” adding consequences and aggressive response. The original article found […]
How to turn threat intel into real security wins
Security leaders aren’t short of data, they’re short of decisions. Here’s how to turn threat feeds into an operating model that measurably reduces loss, accelerates […]
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, […]
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks […]