Latest stories — Page 23

The Gentlemen RaaS Ships an In-House EDR Killer to Affiliates
GentleKiller bundles signed-driver abuse, third-party utilities, and a kill list of roughly 400 security processes — handed out as part of the affiliate package.

AutoJack: When the AI Browser Becomes the Initial Access Broker
Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.

Operation Endgame Sweep Takes Down SocGholish Loader Infrastructure
Dutch-led coalition disrupts servers and remediates 14,971 compromised WordPress sites, in the latest tranche of the multinational takedown effort.

Briefing: Apple Fixes Beats Bug, GCP Config Connector Flaw Enables Account Takeover, Velvet Ant's Decade in the Shadows
A Bluetooth eavesdropping patch, a quietly dangerous GCP misconfiguration vulnerability, and a threat actor that spent ten years undetected — here's what you may have missed.

FortiBleed Campaign Hits 86,644 FortiGate Boxes; CISA Pushes Customers to Lock Down
Russian-speaking operators are working through internet-exposed Fortinet appliances at scale. CISA wants admins moving now.

June Patch Tuesday Breaks OLE Automation, Leaves Word and Excel Silent on Failure
A Windows update shipped June 9 quietly severed the OLE bridge between Office apps and dozens of third-party tools. No error message. Just nothing.

The SOC Triangle Was Always a Lie We Accepted. AI Is Changing the Math.
Security operations have run on a structural compromise for decades — quality, consistency, or cost: pick two. That constraint is finally starting to bend.

AutoJack Exploit in Web-Enabled AI Agents: Bypassing Localhost Security
Microsoft uncovers RCE vulnerability in AutoGen Studio through local AI agent misuse.

Tool Sprawl Meets Agentic AI: Why SOCs Are Rethinking the Triage Stack
Forty tools, forty-three day dwell times. Vendors are pitching agentic AI as the fix. Analysts have questions.

Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.
Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.

Shadow AI Is an IAM Problem Now, Not a DLP Problem
The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.

Salesforce Cuts Klue Battlecards Tie-In After OAuth Token Compromise
The CRM giant pulled the competitive-intelligence app's integration on June 11 following a security incident that exposed connected customer data.

Security Protocols for SMBs Adopting Claude
Understanding and managing security risks with Claude’s AI solutions for small and medium-sized businesses.

Cisco Acquires WideField Security to Wire Identity Intelligence Into Splunk's Agentic SOC
The deal adds credential, session, and blast-radius visibility to Splunk's autonomous detection pipeline — filling a gap that pure log-correlation has always struggled with.

SearchLeak Shows How a Single Crafted URL Can Drain Your M365 Tenant
Varonis researchers chained three weaknesses in Copilot Enterprise Search into a full data-exfiltration path. Microsoft patched it. The attack class isn't going anywhere.

Beats Studio Buds Pick Up Patch for Bluetooth Pairing Flaw Rated 8.8
An Airoha SDK authorization bug let attackers within range pair without consent. Apple has shipped a firmware fix.

Splunk Enterprise RCE Flaw Under Active Exploitation, CISA Gives Feds 72 Hours
CVE-2026-20253 allows unauthenticated remote code execution in Splunk Enterprise. Attackers didn't wait long.

Two Critical NGINX Open Source Bugs Open the Door to Remote Code Execution
F5 patches a use-after-free in the HTTP/3 module and a second critical flaw. QUIC-enabled deployments are the immediate concern.

The Popa Botnet: When Your $40 Streaming Box Moonlights as a Residential Proxy
Researchers tie a four-year-old Android TV box botnet to NetNut, the residential proxy arm of NASDAQ-listed Alarum Technologies. The company disputes the framing.

Browser Add-Ons, AI Chat Links and In-Memory macOS Attacks: A Week the Internet Worked As Designed
Shady extensions, weaponised Claude conversations, fileless macOS intrusions and cloud agents turned into shells dominated the criminal feeds this week.

INC Ransomware Fills the LockBit Vacuum, Racks Up 830+ Victims
Two years after a quiet debut, INC has graduated from boutique RaaS to one of 2026's busiest extortion brands — riding the affiliate exodus from LockBit and BlackCat.