Latest stories — Page 19

Zero Trust in OT: A Pragmatic 90-Day Action Plan
Aligning zero trust architecture with operational technology environments through a strategic, actionable 90-day plan.

Hotel Front Desks Hit by Photo-ZIP Phishing Dropping Node.js Implant
Microsoft flags an unattributed campaign active since April 2026 against hospitality targets in Europe and Asia.

Frontier AI Is a Pressure Test, Not a New Threat Model
The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.

Citizen Lab: Cellebrite UFED Used on Pivovarov iPhone Three Months After Russia Sales Halt
Forensic traces and a Russian court filing place a UFED extraction on the activist's device in June 2021, raising hard questions about post-sale controls on dual-use forensic kit.

Turla's STOCKSTAY: A Fresh .NET Backdoor Aimed at Kyiv and Rome
Google's threat hunters tie the Russian FSB-linked crew to a previously undocumented Windows implant hitting Ukrainian military targets and Italy-focused diplomatic entities.

MCP's Enterprise Overhaul Hands Security Problems to Developers
A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.

GDPR Turns Ten: A Decade of Fines, Frustration, and Unfinished Business
Six billion euros in penalties later, Europe's data regulation has reshaped corporate behavior — and created a compliance burden that companies say is quietly strangling AI development on the continent.

Philip Martin Takes the CISO Chair at Uber
The former Coinbase security chief steps into one of tech's more scrutinised security roles, bringing a résumé that spans crypto, defence contracting, and cloud infrastructure.

ICS Security's 25-Year Reunion Is Headed to Nashville
The Industrial Control Systems Cybersecurity Conference marks a quarter-century in October 2026, touching down at the W Nashville for three days of OT threat intelligence.

Featured Chrome Ad Blocker with 10M+ Installs Carries Dormant JS Injection Capability
Researchers flagged a Featured-badge extension that can pull and execute remote JavaScript — a capability common to supply-chain abuse clusters tracked across the Chrome Web Store.

The Week in Cheap Crime: Stale Creds, Trusted Apps, and Phishing Through the Front Door
Not elite. Not cinematic. Just effective — and that's the problem.

Account Takeovers Still Outrunning Detection, Vendors Push Behavioral AI as Answer
Compromised credentials remain the cheapest entry point on criminal marketplaces. A new webinar argues behavioral models, not static rules, are the only way to close the gap.

Iranian Group Handala Claimed It Could Poison California's Water. Forensics Say Otherwise.
California Water Service brought in Mandiant after Handala threatened disruption. Investigators found no evidence the group ever touched operational technology.

Why SOCs Still Can't Answer 'What Happened?' — The Case for Network Detection
Alert-driven triage keeps missing context. NDR proponents argue packet truth is the only ground truth left.

CVE-2025-67038: Lantronix Serial-to-IP Flaw Moves From Research to Active Exploitation
A vulnerability disclosed through the BRIDGE:BREAK project is now seeing exploitation in the wild, raising fresh concerns about attacker interest in operational technology network edges.

Gaslight: A Rust macOS Stealer That Tries to Talk Your AI Analyst Out of Looking
The implant ships with an embedded prompt injection payload aimed at LLM-assisted reverse engineering tools — a small but telling escalation in adversarial UX.

CIOs Are Running AI Governance Without a Playbook — and the Clock Is Running
Boards want AI returns. Employees want access. Compliance teams want guardrails. The CIO is stuck in the middle of all three.

Mistic Backdoor Shows Up in IAB-Brokered Intrusions Across Four Verticals
A quiet new implant tied to the KongTuke access broker is landing on insurance, education, IT, and professional services networks — and it's not riding a CVE to get there.

Compliance Theatre Has a Reckoning Coming. FedRAMP 20x Is the Opening Act.
Most SOC 2 and ISO 27001 reports audit a curated version of history, not operational reality. A federal cloud-security overhaul is forcing the question nobody wanted to answer: does passing audits actually mean anything?

Cisco Catalyst SD-WAN Bug Hit as Zero-Day Months Before Disclosure
Mandiant says an unidentified actor exploited CVE-2026-20245 for at least two months before Cisco's public advisory, gaining root on affected appliances.

Mistic Backdoor Ties to IAB Selling Enterprise Footholds to Ransomware Gangs
A new in-memory backdoor named Mistic has been active since April, and the threat actor behind it has reportedly funneled access to Qilin, Akira, Black Basta, and others.