Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
Stressors, AI Forcing Changes to Cybersecurity Teams
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Operation Escaneo Signals Shift in LatAm Threat Landscape
The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.
Novo Nordisk Breach Exposes Software Development Pipeline Risk
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
FIFA Bug Exposed World Cup Streams to Remote Takeover
A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.
Salesforce Data Thefts Continue via Klue App Compromise
Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.
Get Out of Security Debt by Tackling the Exposure Problem
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
EU Gets a Head Start in Developing 6G Network Security
"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.
AIINC Ransomware Thrives by Mastering the Basics
INC ransomware group has achieved success by focusing on fundamental attack strategies rather than sophisticated techniques. The group strategically targets sectors like healthcare where operational disruptions create urgent pressure to pay ransoms quickly, maximizing their likelihood of payment.
AISweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
A large-scale credential-harvesting campaign has compromised over 30,000 Fortinet devices globally, with attackers successfully compiling working credentials across multiple sectors in nearly 200 countries. The active threat represents a significant security risk for enterprise organizations relying on Fortinet infrastructure for network security.
AIUK Social Media Ban for Minors Has Privacy Experts Worried
The UK government plans to implement a ban prohibiting users under 16 from accessing user-to-user social media platforms, a move that has raised significant concerns among privacy experts. The policy faces technical challenges around age verification mechanisms and potential privacy implications for both minors and adults who must prove their age.
AISecurity Community Slams US Ban on Exporting Mythos, Fable
Security experts have signed an open letter urging the US government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 AI models. The ban has drawn criticism from the security community, who argue against limiting access to these advanced language models.
AIFileless Phantom Stealer Targets Browser Credentials
A new fileless malware variant called Phantom Stealer has emerged targeting browser credentials through memory-only execution. The malware employs sophisticated anti-analysis techniques throughout its infection chain to evade detection by security tools, representing an evolution in credential theft tactics.
AISprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-linked threat actor, has deployed a previously undocumented Windows variant of the SprySOCKS backdoor that leverages kernel drivers to evade detection. The malware campaign has targeted government entities across Honduras, Taiwan, Thailand, and Pakistan, representing a significant evolution from the original Linux-based version.
AIRokarolla Android Trojan Levels Up to Full Device Control, Persistence
The Rokarolla Android Trojan has evolved beyond traditional banking fraud to incorporate comprehensive device surveillance and remote control capabilities. The malware is being distributed through fraudulent TikTok and Chrome application downloads, representing a significant escalation in mobile threat sophistication.
AI'Lorem Ipsum' Malware Pivots to ClickFix Delivery
A malware campaign utilizing compromised WordPress sites has shifted its delivery method to ClickFix techniques. Security researchers have identified potential connections between this campaign and Vice Society, a known ransomware and data extortion group, raising concerns about escalating threat sophistication.
AICopilot 'SearchLeak' Attack Allows 1-Click Data Theft
A critical three-stage 'SearchLeak' attack vulnerability in Microsoft Copilot has been patched that enabled one-click data theft through AI prompt-injection techniques. The attack exploited hidden URLs and other variables to extract sensitive information, representing an emerging class of security threats targeting AI-powered enterprise tools.
AIMost CISOs Report Pressure to Bury Bad Security News
A significant number of Chief Information Security Officers (CISOs) are experiencing pressure from executive leadership to suppress or delay disclosure of security incidents and vulnerabilities. This pressure stems from conflicts between business objectives and transparent security reporting, creating ethical and operational challenges for security leaders. The trend highlights a concerning gap be
AIChina-Nexus Actor Spy on US Researchers Undetected for a Year
Google identified and stopped a year-long cyber espionage campaign by a China-linked threat actor that targeted US researchers. The attackers compromised RedCAP credentials to infiltrate multiple research institutions and exfiltrate sensitive data, remaining undetected throughout the extended operation.
AIThe Beginning of the End of Social Engineering
AI-native operating systems are fundamentally changing cybersecurity defense strategies by embedding intelligence directly into the OS layer to detect and prevent social engineering attacks. This architectural shift transfers the burden of identifying phishing, pretexting, and other manipulation tactics from end users to automated systems, potentially reducing the human error factor that accounts