Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrast...
Manufacturing
20 articles
Investigating the aftermath: understanding digital forensics after a cyber incident
Successfully recovering your business from a cyberattack often requires much more than just loading up backups. Although your first instinct is likely to pri...
European leaders unveil tentative deal for AI Act simplification, including a ban on nudification tools
The tentative deal responds to industry criticism by postponing enforcement of rules governing so-called “high-risk” AI tools involving biometrics and those ...
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.
ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free ...
DAEMON Tools installers compromised in new supply chain attack
The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtu...
New malware turns Linux systems into P2P attack networks
Attackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Mic...
8×8 updates CX platform with AI, analytics, and frontline management capabilities
8×8 has released a set of platform updates to the 8×8 Platform for CX that target the operational gaps most commonly stalling organizations, including AI dep...
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures ...
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings fro...
Johnson Controls CEM AC2000
View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following version...
Know who to watch before the incident finds you
Elastic Security v9.
AI-generated hunting leads: The hunt starts before you ask the question
Introducing AI-generated hunting leads, proactive, environment-aware threat hypotheses powered by Elastic Entity analytics and integrated AI reasoning.
Your UEBA is lying to you: Why entity record quality decides everything
Most entity analytics systems are confidently wrong. They track users who do not exist, generate risk scores built on noise, and call it behavioral analytics.
Why data centers now belong on the critical infrastructure list
As AI drives deeper dependence across business, supply chains, and national security, the buildings that run the cloud are becoming critical infrastructure —...
From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security
Elastic Security now lets analysts describe a threat behavior in plain language and receive a complete, validated Elasticsearch ES|QL detection rule in retur...