Warrantless wiretaps cut off for a week following US Congress vote
Lawmakers have failed to extend a surveillance law that allows US intelligence agencies to monitor targets abroad without a warrant. Congress rejected a vote...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter219 articles found
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose earl...
Bernie Sanders’ AI Sovereign Wealth Fund Plan
Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: “Will the future of humanity be de...
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path ...
Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree
A newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and...
Comcast Business SecurityEdge Preferred strengthens security for small businesses
Comcast Business announced SecurityEdge Preferred, its most advanced network-native cybersecurity solution for small businesses. Because SecurityEdge Preferr...
Fake Windows and Office Activation Videos Spread Infostealers on TikTok and Instagram
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors le...
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government appr...
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automati...
Alert Fatigue Is Becoming a Security Threat of Its Own
As alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise. The post Al...
GoFlateLoader Hides Infostealers in Massive PE Overlay
GoFlateLoader, a widespread Golang loader that has become a go-to delivery mechanism for multiple infostealers including Lumma, Vidar, StealC, Amatera and Re...
GitHub Introduces Automatic Controls to Prevent Malicious npm Install Scripts
GitHub has announced a major security-focused overhaul of npm with the upcoming release of npm v12, introducing stricter default controls designed to mitigat...
What SRE teams need before they trust AI agents
The future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choos...
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convinc...
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a w...
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to ...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are acceleratin...
Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks
Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyb...
Infostealers Turn Millions of Devices Into Credential Theft Machines
As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime ope...
Autonomous AI agents duped into leaking sensitive data in phishing test
AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers,...