Flux RSS

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down.

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not

'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss RSAC 2026 The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec community, according to former NSA cyber boss Rob Joyce.…

Iran-linked attackers wiped employees' devices using Intune The US government has urged companies to better secure Microsoft Intune, an endpoint management tool that was abused in last week's cyberattack against med-tech firm Stryker.…

The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer

Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more, according to an analysis.

Midmarket security leaders aren't as secure as they think, says Intruder's report Partner Content The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.…

Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast

Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale

A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the Fortra blog.

DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report

Security researchers have challenged end-to-end encryption claims from popular commercial password managers

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

New TrendAI report warns that most security tools can’t protect against attacks on AI skills artifacts

Bugcrowd study reveals 82% of security researchers now use AI, a big increase from 2023 figures

Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO”

City of London Police has launched the UK’s national Report Fraud service