📰 News i read

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are hackers in Russia.

CISA has mandated that all federal agencies patch this vulnerability, designated CVE-2026-32202, by May 12. According to a Microsoft advisory, exploitation of the flaw could lead to access to sensitive data, but attackers would not be able to gain control of the system.

However, one security expert has warned that the considerable gap between the time Microsoft identified the bug and the date by which the systems must be patched leads to increased risk.

The patch gap

Lionel Litty, CISO for security company Menlo, said that an incomplete patch for CVE-2026-21510 that resulted in the issue tracked as CVE-2026-32202 adds to the problem. “This has been a theme for many years. A vulnerability exists and the vendor has not been thorough enough in dealing with it, so a small variation has not been fully patched. What normally happens is that they’ve dealt with the main vulnerability, but there are still side effects.” The result of this is that there is a further delay in a complete fix while a new update is developed.

The big problem, said Litty, is the so-called patch gap. He said that initially there’s a gap between the time the vendors find a vulnerability and the time it issues a patch, and there is also a subsequent gap between the patch being issued and organizations completing the update. For example, he noted, if an update interrupts users’ work, they may be reluctant apply it. ”We can see on our platform that many users don’t update for weeks, or even months,” he said.

He pointed out that the vendors themselves are acting efficiently. But, he said, “as a CISO, I have to decide what level of pain to inflict on our users.”

A difficult balance

Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal  agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21 days.

“In cases of high-risk exploitation, CISA can shorten the deadline to three days,” he said. “But in the case of CVE-2026-32202, the CVSS score was rated at 4.3, and even though the vulnerability has been actively exploited, the rating does not meet the policy threshold for a faster patch cycle. In this case, CISA allotted a 14-day deadline, which meets its aggressive timeline standard based on the vendor rating.”

He said that there is indeed an argument that the 14 day window to patch a vulnerability that is being actively exploited in the wild is too long. But, he said, “I’m assuming in this case, the reason why it was not elevated to an emergency directive type patch cycle (which would require as little as 48 to 72 hours to patch) is due to Microsoft’s rating, as well as several other factors”.

Avakian explained his reasoning: “First, organizations can help mitigate the risk without applying a full patch by blocking certain ports for traffic at the firewall perimeter,” he said. “This type of countermeasure helps to reduce the risk while the 14-day patch window clock is ticking. The longer window gives testers added time to test patches being applied properly in a test/staging environment before rolling to production.”

Secondly, he said, “it’s one thing [for IT] to patch systems quickly, but it’s another when they’re rushed, because that carries the potential for additional unintended risk of breaking critical systems and applications if something goes wrong, or if the patch wasn’t tested properly.”

Avakian did agree that CISOs are facing a difficult balancing act, where they have to weigh risk against the stability of systems. 

And, as Litty pointed out, the situation is constantly changing; the emergence of AI will cause more issues in the future. “We’re seeing a shrinking gap as AI becomes part of the problem,” he said, adding that AI use means people with fewer technical skills are able to exploit systems, and do so more quickly, so CISOs should not assume that sophisticated attacks are coming from nation states. There needs to be a change of mindset within organizations to deal with this.

“You can no longer spend a few weeks testing an upgrade and then implementing it: you have to do things much faster,” he said.

Canonical’s web infrastructure was knocked offline by a distributed denial-of-service (DDoS) attack, disrupting core Ubuntu services relied on by developers and security teams globally. 

“A direct extortion message sent to the Ubuntu team by the hacktivist group ‘The Islamic Cyber Resistance in Iraq – 313 Tea,’ has been detected,” said VECERT Analyzer in their X post. 

Canonical DDoS Attack 

The outage illustrates the extent to which enterprises depend on open-source infrastructure like Ubuntu to support cloud platforms, enterprise systems, and development workflows. 

When Canonical’s services became unavailable, the impact went beyond website access and affected core security operations. 

Key resources, including the Ubuntu Security API for CVEs and security notices — commonly used for automated patching — were temporarily unavailable, disrupting routine security operations. 

The disruption was caused by a volumetric DDoS attack that overwhelmed Canonical’s infrastructure with traffic, reducing service availability.  

Islamic Cyber Resistance in Iraq – 313 Team

Responsibility for the attack has been claimed by the Islamic Cyber Resistance in Iraq – 313 Team, a hacktivist group believed to have ties to Iran’s Ministry of Intelligence and Security (MOIS). 

The group has a history of politically motivated campaigns targeting government, financial, and technology platforms.

For organizations that rely on Ubuntu’s security feeds, the disruption caused immediate impacts, including delayed patch deployment, reduced visibility into newly disclosed vulnerabilities, and interruptions to automated remediation processes. 

Although the Ubuntu operating system itself and its distributed package repositories remained largely operational due to mirrored infrastructure, several essential management and update services were affected. 

These included Launchpad, Snap services, and the Livepatch API — systems that organizations rely on to maintain consistent, secure, and up-to-date environments at scale.

The timing of the attack added complexity, coinciding with the disclosure of a critical Linux vulnerability and limiting some organizations’ ability to access timely patching guidance during a key response window.  

The attackers reportedly issued an extortion demand via a Session-based messaging channel, warning services would remain offline if unmet — highlighting a broader trend of combining disruption with coercive tactics. 

The attack is still ongoing at the time of publication.

Building Resilience Against Service Disruptions 

Organizations can minimize the impact of service disruptions by improving resilience across update, monitoring, and response workflows. 

Establishing redundancy, maintaining local resources, and preparing for offline operations are essential to sustaining continuity when external services are unavailable. 

• Implement redundancy for vulnerability intelligence by integrating multiple threat intelligence feeds.
• Maintain internal package mirrors or caching proxies to reduce reliance on external Ubuntu repositories.
• Cache and pre-stage critical updates and security data to enable continued patching during outages.
• Monitor upstream dependencies and establish alerting for service disruptions that could impact operations.
• Apply compensating controls such as network segmentation, WAFs, and EDR/XDR tools when patching is delayed.
• Limit risk exposure by pausing non-essential changes and isolating high-risk systems during service disruptions.
• Regularly test incident response and “offline mode” plans to ensure teams can operate effectively when external services are unavailable.

Together, these measures help organizations build operational resilience, ensuring they can maintain security and continuity even when critical external dependencies are disrupted. 

Growing Threats to Upstream Infrastructure 

This incident reflects a broader shift in how threat actors approach disruption. 

Hacktivist groups are increasingly targeting upstream infrastructure to create widespread operational impact and draw attention to geopolitical objectives. 

Open-source platforms like Ubuntu play a central role in global IT operations, which makes them high-value targets due to their broad downstream dependencies.

As these types of disruptions become more common, organizations are turning to zero trust principles to reduce reliance on any single system and strengthen resilience across their environments. 

The post Canonical Hit by Sustained DDoS Attack, Disrupting Ubuntu Services Worldwide appeared first on eSecurity Planet.

The MSSP market is moving toward packaged, AI-enabled security services as customers struggle with talent shortages, breach costs and new risks from autonomous AI.

Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT.

The post In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability  appeared first on SecurityWeek.

The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million.

The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first on SecurityWeek.

Major Threats & Vulnerabilities

Software Supply Chain and CI/CD Exploits

Researchers uncovered a malicious campaign targeting SAP npm packages that secretly stole developer and CI/CD credentials through preinstall scripts and GitHub-based command and control. SAP has yet to comment on the incident, which highlights the growing risk of dependency poisoning in enterprise ecosystems.

Another critical flaw was found in Google’s Gemini CLI, allowing remote code execution in CI/CD environments. The Gemini CLI vulnerability has been patched, but organizations are urged to validate inputs, enforce least privilege, and isolate build environments to prevent similar pipeline attacks.

Web and SaaS Vulnerabilities

A hardcoded API key in ClickUp’s JavaScript exposed hundreds of enterprise and government emails for over a year. The ClickUp API key leak highlights the persistent risk of embedded credentials in SaaS platforms. Organizations should enforce MFA and eliminate hardcoded secrets immediately.

In another incident, a popular WordPress plugin with over 70,000 installs was found to contain a dormant backdoor capable of remote code execution. The plugin’s self-update mechanism concealed the malicious code for years, emphasizing the importance of plugin audits and integrity checks.

A flaw in Robinhood’s account creation process allowed attackers to send phishing emails from legitimate company addresses. The Robinhood bug has been fixed, but the case demonstrates how trusted branding can be exploited for social engineering attacks.

Critical Enterprise Vulnerabilities

Microsoft SharePoint administrators are urged to patch immediately following the discovery of a zero-day flaw affecting over 1,300 servers. The SharePoint zero-day vulnerability (CVE-2026-32201) allows remote code execution and is actively being exploited. Organizations should prioritize patching and restrict internet exposure.

Industry News

Law Enforcement and Global Cybercrime

Ukrainian police dismantled a hacking ring responsible for hijacking and selling over 610,000 Roblox accounts. The Roblox account hijacking ring generated roughly $225,000 in illicit profits and demonstrates the growing monetization of gaming-related cybercrime.

European authorities also took down a €50 million cryptocurrency fraud network that used fake investment platforms and remote access tools. The operation employed over 450 people, marking one of the largest crypto scams dismantled to date.

Corporate Breaches and Cloud Security

Two major industrial firms—Itron and Medtronic—reported cyber intrusions this week. Itron’s incident affected corporate IT systems, while Medtronic’s breach, attributed to the ShinyHunters group, exposed millions of records. These events highlight the widening gap between IT and OT security practices.

Home security giant ADT suffered a breach impacting 5.5 million users after attackers accessed its Salesforce cloud through a compromised Okta SSO login. Although alarm systems and payment data were unaffected, this marks ADT’s third breach since 2024, underlining the importance of identity security in cloud environments.

AI Governance and Ethics

The Vatican issued AI ethics guidelines to combat deepfake misinformation, emphasizing transparency and human oversight. In a related move, the Vatican also formalized a strict AI ethics framework banning manipulative AI and prohibiting clergy from using AI-generated sermons, reinforcing its stance on responsible technology use.

AI and Technology Industry Developments

Cisco’s open-source Model Provenance Kit aims to verify AI model origins and integrity, addressing supply chain risks in AI development. Meanwhile, OpenAI is reportedly developing an AI-driven smartphone that replaces traditional apps with intelligent agents, signaling a potential shift in mobile computing paradigms.

Security Tips & Best Practices

How Secure Are Your AI Agents?

• Apply zero trust principles and enforce least privilege access for AI agents using secure authentication and scoped permissions.
• Continuously monitor agent behavior and secure data pipelines with guardrails and validation.
• Use an AI safety checklist and test incident response scenarios to prepare for agent compromise or malicious outputs.

Guardz Warns MSPs of Cloud Ransomware and BEC Risks

• Monitor for AI-driven identity attacks and password compromises.
• Implement stronger SaaS security controls to mitigate BEC losses.
• Leverage AI detection tools with high accuracy rates to detect threats early.

Is Your Build Pipeline Truly Trusted?

• Enforce dependency security by pinning versions, using SBOMs, and verifying artifacts with signing tools like sigstore.
• Harden CI/CD pipelines and secrets management by restricting permissions and eliminating hardcoded credentials.
• Implement runtime monitoring to detect anomalous behavior and respond to potential supply chain compromises.

Patch SharePoint Servers Immediately

• Identify and patch all systems vulnerable to CVE-2026-32201.
• Restrict internet exposure of SharePoint servers.
• Implement access controls and monitor for exploitation attempts.
• Prioritize patch deployment across all affected environments.
• Review Microsoft’s latest security guidance for mitigation steps.

Tools & Resources

• Cisco’s Model Provenance Kit – an open-source tool for verifying AI model lineage and integrity.
• Agentic Data Pipeline Design Guide – a framework for building autonomous, feedback-driven AI data systems.
• LogicMonitor’s Autonomous IT Platform – integrates AI reasoning for automated remediation and observability.
• Cloud Cost Management Strategies – guidance on reducing data egress costs through compression and caching.
• Cloud vs. Hybrid Cloud Guide – a resource outlining optimal deployment models for performance and efficiency.

If you want to see more from our Newsletter Archive please click here.

The post Supply Chain Attacks, AI Security, and Major Breaches Define This Week in Cybersecurity in May 2026 appeared first on eSecurity Planet.

Ryan Goldberg of Georgia and Kevin Martin of Texas were each sentenced to four years in prison. 

The post Two US Security Experts Sentenced to Prison for Helping Ransomware Gang appeared first on SecurityWeek.

The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage.

The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek.

Security researchers are warning about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). 

This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface without credentials, potentially take over servers and all hosted sites.

The vulnerability, tracked as CVE-2026-41940, has been added to the Known Exploited Vulnerabilities catalog by the Cybersecurity and Infrastructure Security Agency (CISA), meaning there is evidence it is being used in real-world attacks.

Because cPanel/WHM is used by over a million sites worldwide, including banks and health organizations, the potential impact is huge. In simple terms, the bug can act like a front‑door key to a big chunk of the web’s hosting infrastructure.

cPanel released patches on April 28, 2026, and urged all customers and hosts to update. It said all supported versions after 11.40 are affected, including DNSOnly and WP Squared.

Hosting providers including Namecheap, HostGator, and KnownHost temporarily blocked access to cPanel interfaces while patching, treating this as a critical authentication bypass and reporting exploit attempts going back to late February 2026.

How to stay safe

While it’s up to the hosting companies and website owners to patch as quickly as possible, there are ways to reduce your risk if a site you use is compromised.

As always, limit the data you share with websites to what’s absolutely necessary. Data they don’t have can’t be stolen.

When ordering from an online retailer, don’t tick the box to save your card details for future purchases as they will be stored on the server.

If there’s an option to check out as a guest, use it. It reduces the amount of personal data tied to an account.

Don’t reuse passwords. When one site is compromised, having the same credentials in several places turns it into a multi‑account takeover problem. A password manager can help you create complex unique passphrases, and remember them for you.

Where possible, pay by credit card. In many regions, this gives you stronger fraud protection.

Your details are probably already for sale. 

FIND OUT HERE

When a site you trust gets hacked

If you think you’ve been affected by a data breach, take the following steps:

• Check the company’s advice. Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for impersonators. The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.
• Set up identity monitoring, which alerts you if your personal information is found being traded illegally online and helps you recover after.

What do cybercriminals know about you?

Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.

SCAN NOW

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.

The post Cisco Releases Open Source Tool for AI Model Provenance  appeared first on SecurityWeek.

Business email compromise (BEC) is still thriving even in organizations that have implemented multi-factor authentication (MFA). As security professionals, we often assume that MFA is the silver bullet for email security, but real-world incidents suggest otherwise. Attackers exploit human behaviors, process gaps and operational blind spots that MFA alone cannot address. In many modern BEC cases, no account is technically compromised at all, which places these attacks outside the protection boundary of MFA controls.

In 2019, Toyota Boshoku Corporation fell to a BEC attack with an employee transferring over $30m to scammers following a cloned email from a 3rd party company with urgency citing the need for the transaction to be completed urgently so as not to slow down Toyota’s production line. There was no indication that the Toyota employee’s email had been compromised. Take also the 2024 case of Arup where attackers impersonated a senior manager using Deepfake voices and videos and convinced a member of the finance team to make payments totaling $25m. The compromise did not rely on stolen credentials but on carefully orchestrated social engineering, timing and the finance team’s procedural shortcuts.  The technical safeguards could have been strong, but human oversight proved to be the weakest link. In both cases, the failure occurred at the decision point, not at the authentication layer, exploiting trust, timing and established, convenient, approval habits.

Where security controls end and business risk begins

From experience, this scenario is all too common. Organizations often focus on deploying security technology without addressing human workflows and culture. This often includes shiny new EDR technology which are used to check boxes for audit and compliance purposes, and which CIOs are quick to sign off on to show stakeholders they are cyber resilient. This is not a failure of EDR itself, but of how security investments are scoped. Endpoint and identity controls protect systems, but they do not govern how financial approvals, vendor changes or executive requests are validated in practice.

MFA reduces risk but cannot replace the need for process controls, verification routines and continuous awareness training especially as there are now AITM phishing kits which bypass MFA in the wild. The operational blind spots being exploited sit in business workflows where speed, trust and authority override verification, particularly in finance and procurement processes.

These blind spots exist because business processes are optimized for speed and continuity, not verification. Finance teams are trained to keep operational lines moving, and attackers who have now taken cognizance of this, use this advantage to their own advantage by introducing urgency or invoking authority. When a request appears legitimate, time-sensitive and from someone with perceived authority, employees often follow familiar patterns rather than pause to challenge intent. This is not a failure of technology, but a failure of process design.

Practical steps for IT leaders include redesigning approval workflows so that high-value transactions require multi-step verification including out-of-band call to confirm, simulating BEC scenarios in realistic exercises to identify gaps in response and decision-making, embedding security awareness into daily routines using micro-learning and real incident reviews, and empowering teams to challenge unusual requests without fear of reprisal. Instances of successful attacks can also be shared with employees who distribute invoices, financial documents or oversee making decisions regarding transfers

Designing approval workflows that thwart BEC attacks

Redesigning approval workflows means explicitly defining what constitutes a high-risk request, such as first-time payments, changes to vendor banking details, sudden payment requests from an executive or requests that bypass standard procedures. These requests should require independent verification using known contact details, not information provided in the email itself.

When reviewing and redesigning approval workflows, organizations should begin by asking salient, hard, operational questions at the decision-making point. Does this request align with how payments are normally initiated/approved? Is the requester the typical communication channel and tone? Has this vendor or account been paid before, and under similar circumstances? Does the email tally with the one on the sender’s company website without alterations? Is there a different reply-to email visible? Can a quick call to confirm be made? Teams should also ask what assumptions are being made under time pressure, whether authority is being inferred rather than verified, and who is accountable if the decision turns out to be wrong. These questions force employees to slow down, recognize deviations from normal behavior and treat unusual requests as potential security events rather than routine business tasks.

Simulating BEC transcends phishing tests and should mirror real business scenarios, including urgent executive requests or supplier payment changes, allowing organizations to observe how staff respond to pressure and ambiguity. Effective simulations introduce urgency, impersonate authority figures with typosquatted emails and exploit realistic business contexts such as end-of-quarter payments, supplier changes and times of the year when attackers like to strike such as festive periods and before holidays. Participants are observed on how they verify requests, whether they escalate concerns and how quickly they move to execution without confirmation. The outcome is not a pass or fail score but can provide insight into where processes encourage compliance over caution. These simulations allow organizations to refine approval rules, reinforce escalation paths and normalize verification as part of everyday operations.

Empowerment must be formalized through policy, making it clear that pausing or escalating a suspicious request is expected behavior, not an obstacle to productivity. Staff who report suspicious requests also should be encouraged and used as good examples in internal communications where possible.

Using friction and alerts in workflows

Insights from cross-border operations is that attackers exploit time pressure and executive assumptions often seen in CEO/CFO themed fraud. Teams often follow cues from perceived authority, scoped by attackers from email flows and urgency often attached to making large payments, tying them to critical business needs. By implementing friction in critical workflows such as mandatory pauses for large transfers or automated anomaly alerts, organizations can reduce risk without hampering productivity

Effective friction does not mean indiscriminately grinding the business or its process to a halt. Mandatory pauses for large or unusual transfers create space for verification and reduce impulsive decisions and actions. During these pauses, specific actions should occur, such as email/signature checks, verbiage, secondary approval, independent confirmation or automated checks against historical payment behavior as stated above.

Automated anomaly alerts are only useful when they focus on deviations that matter and are tied to clear response expectations. Alerts should prioritize scenarios such as out-of-hours payment requests, changes to established vendor details or transfers that fall outside normal patterns. Ownership of BEC-related alerts should sit with teams that control financial decisions, such as finance operations, fraud risk units or cross-functional payment risk groups that combine security and business authority, rather than being routed exclusively to noisy SOC queues.

To reduce false positives also, the concept of enhanced monitoring for priority accounts should also be introduced. This can be made better by routing emails containing specific payment keywords to these risk groups to evaluate before landing in the intended inboxes.

What security leaders should change now

BEC continues to succeed because human decision points are rarely treated as security-critical systems. MFA, email filtering and endpoint protections remain necessary, but they do not control how people make decisions under pressure. Until financial and executive workflows are designed with the same rigor applied to technical systems, attackers will continue to exploit the impact of human behavior on cybersecurity with social engineering and human weaknesses at the top of the pile.

Added to this, there should also be clear ownership of BEC risk at the leadership level. If no single role is accountable for payment verification failures, responsibility defaults to frontline staff under pressure who often bear the brunt of being sacked or prosecuted following successful BEC attacks. Assigning ownership to finance leadership, risk committees or cross-functional governance groups ensures that process failures are treated as systemic issues rather than individual mistakes.

Although equally important, leaders should not measure success solely by the number of blocked phishing emails, but by how often verification steps are followed, how many payment requests are challenged and how quickly suspicious transactions are paused and reviewed.

In conclusion, security leaders who reduce BEC risk align people, processes and technology so that verification becomes routine, hesitation is acceptable and authority is never assumed without confirmation. In 2026 and beyond, business workflows should continue to be treated as a core part of the security architecture and not a peripheral component.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

Declining job satisfaction means that only one in three (34%) cybersecurity professionals plan to stay with their current employer, increasing the pressure on CISOs’ talent retention strategies.

And according to a survey of 500 cybersecurity professionals by IANS and Artico Search, while salary remains important it is not the primary driver of retention.

Flexible work models correlate strongly with satisfaction and retention, however. Hybrid work arrangements, particularly those that require only one to two days onsite per week, also tend to reduce the desire for talented cybersecurity staffers to jump ship, according to IANS’s Cybersecurity Talent Report.

The researchers found that wage growth is more important in minimizing staff turnover than the absolute value of compensation packages.

“As pressure on cyber teams skyrockets, CISOs who double down on mentorship, coaching, and career development can create a sense of purpose and progression that helps their employees avoid burnout,” says Nick Kakolowski, senior research director at IANS.

Cybersecurity staff who feel their employer views security as a priority (73%) are more likely to stay than those working for enterprises who perceive little or no organizational backing for security, where the desire to stay with their current employer drops to just 19%.

“Visibility, career growth, and support from security leadership are necessary to keep high performers,” adds Steve Martano, an IANS faculty member and partner at Artico Search.

Cybersecurity training and certification body ISC2 estimates that the global cybersecurity workforce gap peaked at 4.8 million in 2024. Although budget cuts last year have reduced the number of unfilled cybersecurity roles, the employment market remains tight and highly competitive. In CIO.com’s State of the CIO survey, cybersecurity tied AI for the hardest skill to fill despite notably higher demand for AI talent (42% to 38%).

Career progression and workplace autonomy

Along with flexibility, recruitment experts polled by CSO say that cybersecurity professionals consistently look for opportunities to develop their skills, to have agency over how they work, and to have their expertise taken seriously.

“When candidates see a defined career progression, the offer of ongoing certifications and training, direct visibility into strategy, and access to modern security stacks, that’s when your role becomes desirable,” says Archie Payne, president at recruitment agency CalTek Staffing.

Employers that fail to offer some form of remote, or at least hybrid work, will miss out on a sizable portion of the talent pool.

“We regularly see candidates decline otherwise strong offers because of rigid location requirements,” Payne says. “Again, top candidates know they are in-demand and won’t settle for a role that doesn’t support their work-life balance needs.”

Skills development

Richard Demeny, founder and CTO at Canary Wharfian, an online finance career platform, says that graduates and early professionals know they are calling the shots because even at the entry level talent is scarce.

“[New entrants] are prioritizing opportunity and learnings, as pay is pretty much standard across the board, except for maybe high-finance areas like hedge funds,” Demeny says.

“These professionals know that staying at the same employer for long will greatly limit their professional development: Often times, the best way to supercharge their knowledge, skills, and network is to simply change workplaces,” he adds, regarding rising employee turnover rates.

David Berwick, director at Adria Solutions, argues that CISOs need to be more consistent in their attempts to retain cybersecurity workers.

“Clear progression, realistic workloads, visible support from leadership, and flexibility where it makes sense,” says Berwick. “The organizations that get those fundamentals right tend to attract and retain people far more effectively than those relying on compensation alone.”

Avoiding burnout

Oliver Legg, co-founder of cybersecurity recruiter Aspiron Search, says that employee burnout is a growing problem for CISOs managing security teams.

“What we’re seeing in the market is that retention goes beyond pay and depends heavily on the environment you create, the support you show, and how you evolve alongside an increasingly complex threat landscape,” says Legg.

Security teams need to stay up to date with modern tooling to both defend against adversaries and keep teams engaged and effective.

“Cyber pros working with outdated tools or purely reactive processes are far more likely to disengage and look elsewhere,” Legg warns.

Growth and elevation

Offering cybersecurity staff learning opportunities can be a powerful driver of engagement and retention.

“Providing opportunities to attend or speak at industry conferences, along with support for new or refreshed certifications, helps teams stay motivated and continue developing,” Legg advises.

CalTek Staffing’s Payne notes that cybersecurity professionals are both “highly specialized and in high demand.” This means workers are “constantly being approached by companies eager for their talents and are well aware that their skills are in short supply,” he says.

Job candidates increasingly ask sharper questions about what their growth path would look like and whether they’ll have a voice in security strategy rather than focusing on compensation alone, according to Payne.

Earning employee engagement

Retention has become less about preventing dissatisfaction and more about continuously earning engagement.

“One of the biggest drivers of turnover we see is a disconnect between what the candidate was promised during the hiring process and what’s actually supported internally,” Payne says. “Many companies talk about security being ‘mission-critical’ but operate with chronically understaffed security teams, or don’t give the CISO budget authority.”

Payne concludes: “Strong candidates can spot this kind of problem very quickly, and they’ll leave just as fast.”

The first time I approached an OT environment, I assumed that the strategies effective in IT cybersecurity would be equally applicable. I was wrong. The experience revealed a fundamental difference, highlighting the need for a distinct approach to OT cyber risk management.

The mistake was not technical. It was conceptual. I was treating OT as another security domain that needed stronger controls, better tooling and greater discipline. But OT lives under different conditions. Systems stay in service for years, sometimes decades. Patching is limited. Change windows are negotiated. Vendor dependencies are part of daily operations. Asset visibility is often incomplete and the highly distributed environments depend heavily on third-party access.

In summary, OT cyber risk fundamentally constitutes a challenge of leadership and governance. The primary concern at scale is not isolated technical controls at individual sites, but rather the enterprise’s ability to ensure consistent decision-making across all sites through clearly defined roles and shared accountability.

OT changes the nature of cyber risk

Boards have improved their cyber oversight of IT, but OT requires a different perspective. Here, cyber risk goes beyond data and compliance into operational processes, industrial assets and critical services.

OT architecture begins in the physical world, moves through control systems and operations networks, and increasingly connects to enterprise systems and cloud services. This creates a consequence profile distinct from IT, in which cyber risk directly affects physical operations.

OT operating constraints include long asset lifecycles, incomplete asset visibility, embedded third-party access, fragmented ownership across engineering, operations, site leadership, vendors and security. IT cyber assumptions often fail in OT because risk and responsibility structures diverge fundamentally.

The governance baseline for OT remains thin, as reflected in recent World Economic Forum research that highlights broader issues of leadership and oversight. Only 16 percent of organizations with industrial environments report OT security issues to their boards and just 20 percent maintain dedicated OT security teams. Furthermore, in only 36 percent of cases is the CISO directly responsible for OT security. These low levels of reporting and responsibility indicate not only a maturity gap in organizational processes but, more critically, a substantial accountability gap that directly reinforces the thesis: OT cyber risk management at scale is fundamentally a challenge of leadership and governance, rather than solely a technical concern.

At scale, a local weakness becomes an enterprise coordination issue. Differences in maturity, ownership, vendor dependencies and business priorities create uneven exposure. The board question is not whether OT controls exist, but whether the enterprise can make consistent, defensible decisions about OT cyber risk before and during disruption.

At scale, incident outcomes become leadership outcomes

Effective OT oversight shifts from control-by-control discussions to scenario and consequence analysis.

Common OT exposure paths include remote access abuse, shared accounts, weak segmentation, infected maintenance media, compromised workstations and poorly governed vendor connectivity. In OT, these exposures have direct operational consequences. A SCADA compromise can reduce visibility across power operations. Poor remote access governance can degrade rail operations. Infected media can trigger plant downtime. Unauthorized parameter changes can force emergency shutdowns and manual safety validation.

OT risk appetite cannot be reduced to the enterprise itself. OT impact may extend to the economy, environmental, critical services and, sometimes, human safety. As the consequences broaden, oversight standards must rise. A technical control gap is one risk. A governance structure that cannot support safe, coherent decisions under pressure is a different order of magnitude in terms of exposure.

In OT, incident outcomes are determined by leadership choices made before disruption begins.

• Should the organization isolate quickly to stop propagation, or continue operating in a constrained way to protect essential output?
• Should authority be centralized to improve consistency, or federated to improve speed and local judgment?
• Should the organization restore quickly, or verify process integrity first and accept a longer recovery path?
• Should vendor and remote support remain broadly enabled for operational convenience, or be reduced because it has become part of the real perimeter?

No single option is always correct. The key is whether leaders understand trade-offs before action is required. Executive decisions such as isolate versus operate, centralize versus federate and restore versus verify change outcomes. These are governance choices, not technical defaults.

I have seen both sides of this in practice. In one environment, centralization accelerated capability building. It improved consistency, but it also introduced the risk of slower decisions in a crisis because authority sat too far from the operational edge. In another, responsibility was distributed across business units, which improved local ownership but increased coordination risk under stress. The lesson was never ideological. It was operational. The operating model had to match the risk reality.

This is also why the strongest board-level conversations in OT are rarely about tools first. They are about decision rights, escalation logic, crisis thresholds and assurance. The NIST Cybersecurity Framework 2.0 is useful here not because it provides boards with a script, but because it explicitly frames cybersecurity as part of how organizations understand and manage cyber risk.

What boards should ask now

Boards do not need to become technical experts in OT. They do need to demand decision-grade oversight.

First, clarify the operating model. Who owns OT cyber risk across the enterprise? Where does business unit accountability sit? Which decisions are centralized and which are delegated? Who has authority in a crisis when continuity and containment are in tension? If these answers are unclear, residual risk is likely underestimated.

To help make this concrete, consider two common operating models. In a centralized model, OT cyber risk governance, tooling decisions and incident response authority reside primarily at the enterprise or group level, typically under the leadership of a central security or risk function. Local sites implement enterprise direction but have limited autonomy to define controls or crisis actions. In contrast, a federated model grants more decision rights to individual business units or operating sites. Here, local leaders often own OT cyber controls, incident triage and vendor management, while the central organization coordinates standards and provides guidance. Each model brings different trade-offs in consistency, speed and local adaptation. Directors should ask management to clarify which approach is in place today and why it fits the organization’s risk profile.

Second, identify the two or three OT cyber scenarios that would most impact continuity, key operations and external defensibility. Scenarios should be concrete enough to guide priorities, budget and crisis preparation. Generic statements about protecting critical infrastructure are not enough.

Third, require assurance. Boards should ask whether a baseline exists and whether it has been independently tested for effectiveness. Governance and assurance should sit above the technical baseline and operating model. In OT, site assessments, adversarial simulations, tabletop exercises and validation of remote access controls provide more insight than maturity scoring.

Fourth, address innovation. AI and cloud are changing operational environments, even when adoption begins at the physical layer. The leadership agenda is moving toward governance, resilience and control of increasingly complex digital dependencies. For OT, boards should treat these shifts as operating model and assurance questions, not just technology questions.

This is where the board agenda becomes practical. Directors should ask management to clarify decision rights, define the top OT cyber scenarios, establish an enterprise minimum baseline for priority environments and run independent assurance on the sites or operations that matter most. These are not technical housekeeping tasks. They are the foundations of defensible oversight.

This article builds on a recent RSAC session on managing OT risk at scale, but the lesson is broader. OT cyber risk at scale is not simply a controls problem. It is a leadership problem because real outcomes depend on governance, accountability and pre-agreed trade-offs. The organizations that navigate OT disruption better are usually not the ones with the most ambitious slide decks. They are the ones who decided in advance how they will govern, escalate, verify and recover.

That is what the shift boards should insist on. In OT, resilience is built by decisions made before the incident alarm sounds.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

Artificial intelligence has had an immediate and profound impact on software development. Coding practices, coding tools, developer roles, and the software development process itself are all being reimagined as AI agents advance on every stage of the software development life cycle, from planning and design to testing, deployment, and maintenance.

Download the May 2026 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World and learn how to harness the power of AI-enabled development.

Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions.

The post Hugging Face, ClawHub Abused for Malware Distribution appeared first on SecurityWeek.

A new alert from the FBI says criminal enterprises are hacking both brokers and carriers to steal cargo for resale.

The post FBI Warns of Surge in Hacker-Enabled Cargo Theft appeared first on SecurityWeek.

The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.

The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek.

According to IDC, agentic AI is on track to become mainstream infrastructure. The analyst firm expects 45% of organizations to have autonomous agents operating at scale across critical business functions by 2030. In enterprise SOCs, AI is already reshaping functions like alert triage, enrichment, data correlation, IOC validation and initial containment. It could soon move up the stack to take on more complex tasks like incident investigation, root cause analysis, and response.

“AI acts as a force multiplier in the SOC,” says Nicole Carignan, senior VP, security and AI strategy at Darktrace. But harnessing that promise will require organizations to invest now in reskilling analysts, redesigning processes, building new technical roles, and establishing guardrails and governance frameworks to ensure autonomous AI agents operate safely. “It’s not enough to simply deploy an AI solution. Security practitioners must understand how the underlying machine learning techniques function, what their strengths and limitations are, and how to evaluate their outputs,” Carignan says. “Without explainability and trust, AI risks are exacerbating alert fatigue rather than solving it.”

Here is what security leaders need to know — and do — to prepare their SOCs for the agentic AI era.

Reskill analysts to become AI collaborators and overseers

Increasingly, human roles in the SOC will shift from hands-on execution to supervision, governance, design, and oversight. As AI agents take on more operational tasks, analysts will need to focus on managing AI systems, interpreting outputs, and resolving the nuanced challenges machines cannot handle, says Casey Ellis, founder of Bugcrowd. “Jobs won’t disappear, they’ll adapt. The key is ensuring that SOC professionals are prepared for this shift through ongoing education, training, and tooling.”

Few expect the transition will occur organically or without friction. Many SOC leaders will need to reskill existing staff to manage AI effectively; to interrogate AI reasoning; enrich investigations with contextual insight; and apply informed human analysis to AI-driven outputs.

When acting on an AI tool’s recommendation, analysts must understand what questions the agent asked, which data sources it queried, and what evidence informed its decision, according to Dov Yoran, co-founder and CEO of Command Zero. From there, they need to be able to pivot to additional data sources, pursue new artifacts, and extend the investigative timeline as needed. “Junior analysts who might not know how to start an investigation from scratch can become effective by learning how to extend and refine what the agent produced,” Yoran says. “It’s a different skill set from traditional SOC work, and in many ways, a more accessible one.”

In the SOC of the future, analysts must also act as adversarial reviewers of AI-driven conclusions. That’s because AI systems can introduce hallucinations, training-data bias, and other vulnerabilities while also being vulnerable to adversarial manipulation. Analysts need to recognize these risks to ensure decisions remain grounded and defensible, says Ensar Seker, CISO at SOCRadar. “Analysts need to be trained less as button-pushers and more as adversarial reviewers of AI output. That means understanding how models reason, where they fail, how bias and data gaps surface, and how to interrogate confidence levels and assumptions. The goal isn’t to ‘trust AI faster,’ but to develop the instinct to ask: What would make this conclusion wrong?” Seker says.

Analysts will also play a critical role in enabling organization-specific context into AI-driven workflows. Without that context, agents risk missing threats, amplifying noise, or triggering risky actions based on incomplete information. SOC leaders need to remember that “AI agents are only as smart as the context they have access to,” Yoran says. Analysts must learn to annotate identities, maintain watch lists, document recurring false-positive patterns, and build enrichment layers that strengthen future investigations, he said, “This is knowledge work, not data work.”

Ultimately, the objective is not to outperform AI, but to do better where AI falls short. For example, “accept that autonomous alert triage will become table stakes,” Yoran says. “Your processes need to shift from ‘how do we triage every alert’ to ‘how do we handle escalations from autonomous investigations’.”

Build capabilities for AI governance, content and quality

Upskilling existing analysts alone is not enough. As AI agents begin operating across tools, making decisions and triggering actions with minimal human involvement, the demands on the SOC will extend well beyond traditional analyst capabilities, experts say.

Content engineering, for instance, is one emerging requirement. In an AI-enabled SOC, detection engineers will no longer write only static rules. They must design dynamic content such as questions, prompts and investigation templates that agents can use to reason, enrich data, correlate signals and act autonomously. These content engineers curate the structured inputs that power agents, including telemetry, threat models, and playbooks.

“This is the most underappreciated role in AI-powered security operations,” Yoran notes. “These are people who build and maintain the questions that agents can ask, the investigation plans that guide autonomous work, and the knowledge bases that provide context,”. Organizations need someone who can translate detection logic from their SIEM, import best practices from frameworks like MITRE ATT&CK, and encode institutional knowledge into the platform. “This isn’t traditional security engineering, it’s closer to knowledge management combined with threat intelligence,” he says.

Mature SOCs will also require clear ownership of AI governance and agent oversight. That includes roles that have oversight over model risk evaluation, prompt and policy management, continuous performance validation, and even red teaming the agents themselves, Seker says. “You don’t need a massive new team, but you do need clear accountability for how autonomous decisions are made, tested, and constrained.”

Another emerging need is analysts with deep fluency in data management. An AI-driven SOC will require professionals who understand how information should be classified, protected, normalized, and monitored to ensure reliable conclusions. “With 64% of organizations planning to add AI-powered solutions to their security stack in the next year, it is critical for professionals to cross-skill in AI,” Carignan says. “Cybersecurity professionals must become fluent in AI and data, developing a deeper understanding of data classification, governance, and model behavior.” Cross-skills in data science, machine learning, and cybersecurity enable analysts to critically evaluate AI outputs, tune models for security use cases, and adapt defenses as threats evolve, making them indispensable in an AI-augmented SOC.

Frank Dickson, an analyst at IDC, urged organizations to think of this capability as similar to a data architect role. “The key to getting value from AI is having data located in a place where you can get to it, having it formatted in a homogeneous way so you can do analysis on it, and then manage the data,” he says. “The success of your AI initiative is going to be tied to the effectiveness of your ability to get data. A data architect manages that.”

Dickson also emphasized the need for an “orchestration platform engineer” role responsible for ensuring effective communication and workflow integration across security tools. The SOC of the future will not hinge on a single platform but on an interconnected ecosystem of SIEM, EDR, SOAR, identity, cloud and other systems that must operate in concert to support AI-driven, agentic investigations and automation, Dickson tells. Dedicated orchestration expertise will become essential to maintain reliable data flows and automation logic in such an environment, he noted.

Redesign SOC processes and playbooks where needed

Organizations will need to review and rework SOC processes and playbooks to ensure their AI-augmented SOC is consistent, efficient and continuously learning. Yoran recommends that SOC leaders focus on codifying institutional knowledge into AI agent-accessible questions and plans. Translate playbooks into investigation plans that AI agents can follow on a repeatable basis. In situations where an agent might hit a wall, have processes in place for a smooth handoff to a human analyst and build feedback loops for continuous improvement, Yoran adds.

“Playbooks must shift from step-by-step human procedures to intent-based guardrails,” Seker points out. “Instead of telling analysts how to investigate, define what outcomes are allowed, what actions are prohibited, and when human approval is mandatory.”. The objective is not to micromanage every alert but to assume AI agents operate continuously across tools, with humans only supervising exceptions, edge cases, and strategic decisions.

SOCs also need to rethink metrics, accountability, and documentation within the SOC. Traditional performance indicators, such as ticket closure rates or mean time to resolution, may need to broaden to include model accuracy, escalation quality, and the effectiveness of automated containment actions. “The biggest mistake is optimizing for speed metrics instead of investigation quality,” Yoran says. “I see this constantly: vendors promising 90% faster time to resolution or reduce tier-one workload by 80% or close alerts in seconds instead of hours. These metrics while seductive are dangerous,” he cautions. “Making the same mistake faster benefits no one. An incomplete investigation that closes in two minutes isn’t better than a thorough investigation that takes 30 minutes.”

Auditability too becomes critical. All AI-driven decisions should be traceable, explainable, and reviewable from both an internal governance standpoint and for external compliance requirements.  “If you can’t explain why an AI took an action to an auditor, regulator, or executive, it shouldn’t be allowed to take that action. Explainability isn’t a nice-to-have; it’s a prerequisite for autonomy,” Seker says.

Implement AI guardrails and principles

Formal guardrails and operating principles are going to be critical in SOCs where AI agents influence decisions, initiate responses and help prioritize threats. That means setting defined boundaries around data access and model behavior, having processes to validate responses and making sure humans remain in the loop on all high-impact decisions.

Focus areas should include approval thresholds for autonomous actions, figuring out allowed and disallowed actions for an agent, protecting against prompt injection attacks, testing and red-teaming of agentic workflows and ensuring IR policies are updated for AI-driven actions. “Require transparent decision trails, rate limiting, least-privilege, and instant override,” Seker advises. “Hard limits on action scope, blast radius, and privilege are non-negotiable. Agents should operate under least-privilege identities, with explicit kill-switches, change-control boundaries, and environment awareness. The key is to ensure that AI is never allowed to silently escalate its own authority or modify guardrails without human approval.”

IDC analyst Dickson pointed to identity and access as two other areas to focus on by way of guardrails and policies. “In the past, when we gave humans access, we often over-provisioned by default. That approach does not work with agents. With agentic AI, permissions must start at least privilege, defined precisely from day one.”

The focus should be on ensuring no standing privileges, implementing dynamic authorization and establishing clear role definitions, Dickson says. “Agentic AI is enormously powerful. Constraining access correctly is non-negotiable.”

There’s no playbook for leading through today’s cyber risk — only experience. The CSO Cybersecurity Awards & Conference, May 11-13, brings together CISOs and senior security executives for peer‑driven insight, unfiltered conversations, and practical strategies that drive real business impact. Secure your seat before it fills up.

CSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017.

Until fixes are available for what’s been dubbed the Copy Fail logic bug (CVE-2026-31431), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.

With root access, a threat actor can do anything to a system, from data theft to data erasure.

“The CopyFail vulnerability is significant because it is easy to exploit and affects most, if not all, Linux systems currently in production,” Ullrich said in an email.

“On the other hand,” he noted, “privilege escalation vulnerabilities are somewhat common, and an attacker must first be able to execute code on the system to exploit them. Common configuration weaknesses can also open the door to privilege escalation.”

Still, this vulnerability should be addressed, but does not require specific prioritization. “As soon as patches are released, they should be applied,” he said. “A reboot may be necessary to fully protect affected systems after the patch is applied.”

As of midday Thursday, only Arch Linux had released a patch, he said. But he believes other distributions will likely release one in the next few days.

“Until then,” he added, “there is an option to add a specific kernel parameter, but applying it requires a reboot and is not feasible in a large environment, at least not before a patch is released.”

Kernel logic bug

The vulnerability was discovered by researchers at South Korea-based Theori, in part with the help of its AI vulnerability scanner. It was reported to the Linux kernel security team on March 23. On April 1, patches were committed to the mainline kernel, with a CVE assigned on April 22. General public disclosure was made only this week when Theori published a blog on its work.

Copy Fail is a logic bug in the Linux kernel’s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system; Theori’s exploit is a single 732-byte Python script. The result: that unauthorized user obtains root access.

The vulnerability also allows an escape from Kubernetes containers, Theori added, which it said it will explain in a future blog.

CSOs, Linux admins, and others can find more information about the issue at the Copy Fail website, which is maintained by the Theori researchers.

Theori said the systems that should be patched first when fixes are released are multi-tenant Linux hosts; systems with Kubernetes containers; continuous integration runners and build farms including GitHub actions, GitLab runners or Jenkins agents; and cloud SaaS systems running user code, such as notebook hosts, agent sandboxes, serverless functions, or any tenant-supplied container or script.

‘Enormous’ number of affected distros

The number of affected distributions is “enormous,” said Kellman Meghu, CTO of Canadian incident response firm DeepCove Security, “and the speed [at which] this hit was not nearly long enough to get the kernel patched, tested and distributed to every distro” after discovery of the flaw last month.

“There is not much of anything you can do but start your inventory of risky systems and watch for each distro update,” he said. “Apply kernel patches immediately (if possible) and try to isolate or monitor any shared Linux systems until patched. Ask all your vendors and third party supply chains for their plans and risk assessments to ensure you are careful interacting with other systems that could be at risk.”

For Debian, Ubuntu, and other Debian-based systems, the exploitable code is in a separate kernel module that could be disabled via kernel commands, Meghu added. However, many other distros compile it into the kernel and may not be as easily changed. This is unique to each distro, he said, so having an inventory and a plan for each is vital to getting ahead of the vulnerability.

[Related content: VoidLink malware targets Linux cloud servers]

Straight line logic flaw

Copy Fail isn’t the first high-profile privilege escalation bug, Theori researchers noted. Dirty Cow (CVE-2016-5195) required winning a race condition in the VM subsystem’s copy-on-write path. It often needed multiple attempts to succeed, and sometimes crashed the system. Dirty Pipe (CVE-2022-0847) was version-specific and required precise pipe buffer manipulation. But Copy Fail is a straight-line logic flaw, the researchers said, which triggers without races, retries, or crash-prone timing windows.

The exploit Theori created worked on Ubuntu, Amazon Linux, RHEL, and SUSE Linux.

Shared systems under ‘extreme risk’

“The exploit is trivial,” said DeepCove Security’s Meghu. “The good news is, it’s not a remote code execution, which gives us breathing room to patch when fixes are available, but there needs to be priority placed on any shared systems, since any local user could easily escalate their privilege to root. Those systems are under extreme risk right now.”

His biggest fear is that an exploit could become be part of a chain of attacks. Because the escalation of privilege part of it is trivial to accomplish, he said, “I am not at all thrilled about waiting for patches.” An exploit could hit all of an IT department’s Linux systems and containers, as well as the organization’s supply chain, and it will take a “significant amount of work” to patch and verify every system, he said, which means CSOs will need to have a good handle on their software inventory and dependencies.

“I am also very worried about the endless amount of Linux-based hardware devices out there that probably don’t get patched often, if at all, and will be part of IoT or consumer systems for years to come,” Mehgu added. “If you are in the business of supporting Linux-based hardware devices, this is not going to be a good day for you.”

“This [vulnerability] makes the living off the land attacks incredibly easy,” he concluded, “so watching your systems for unusual activity has never been more critical.”

Frontier AI models inspired by Anthropic’s Claude Mythos could arm attackers with advanced capabilities that the banking sector is ill equipped to cope with, Australia’s financial regulator, the Australian Prudential Regulation Authority (APRA), has warned.

In a letter addressed to the country’s financial sector this week, the body lays out how the arrival of Claude Mythos has upended decades-long assumptions about the cybersecurity risk associated with regulated financial services.

APRA raises multiple concerns. The biggest is simply that the industry has been caught in the headlights of an unknown risk factor brought about by a model, Claude Mythos, that they have still not been able to examine for themselves.

As the technology spreads, threat actors will use similar models to uncover flaws more quickly and easily, potentially overwhelming the speed with which these can be addressed by today’s patching and remediation programs.

Governance not keeping up

Before drawing its conclusions, APRA had engaged with the industry, finding that governance was failing to keep up with the change in risk that AI is signaling. During that research, the letter said, “APRA observed a tendency to treat AI risk as ‘just another technology’. This misses key differences such as the distinct characteristics of predictive systems, adaptive behaviour in models, ethical considerations such as inherent bias, and privacy and data risks.”

The body identifies several areas for improvement. The biggest is the urgent need to more rapidly identify and remediate vulnerabilities, something that would require a major overhaul of current processes. Organizations also needed “robust security testing across AI‑generated code, software components, and libraries,” coupled with deeper assessment of major AI platforms and services.

“AI can shorten the attack cycle and increase speed, coordination and impact. At the same time, entities are using AI to improve threat hunting and vulnerability identification, with the challenge being remediating at the speed with which vulnerabilities are identified,” APRA said.

Accessing Mythos

It’s barely three weeks since Anthropic made Claude Mythos public on April 7 and it’s hard to recall a development that’s caused as much cybersecurity alarm in such a short space of time.

Earlier this week, Michael Theurer, the chief supervisor of Bundesbank, Germany’s financial regulator, echoed APRA’s concern, telling Reuters that European banks need access to Claude Mythos to defend themselves against the sort of cyberattacks this type of model could make possible.

“I consider ​it necessary that the European Commission and governments in Europe now also approach the company, or rather the United States, to request that the technology be shared. There has to ​be an official request so that we in Europe can also benefit from the insights,” Theurer said.

Anthropic has reportedly privately indicated that it will soon give banks outside the US access to Claude Mythos. However, the reference to the US in Theurer’s remarks alludes to the possibility that the timing of this access might be affected by the political relationship between the EU and the Trump administration.

Given the interdependence of global banks, it seems unlikely that the US administration would delay wider access to Claude Mythos, even as it negotiates to resolve its recent public spat with Anthropic over the company’s designation as a supply chain risk. However, given recent complaints that only US tech companies have so far been given access via the Claude Mythos industry program, Project Glasswing, it’s clear there is some unease.

Targeting will ‘skyrocket’

The underlying worry, of course, is institutional interconnectedness; an attack on one financial organization could easily turn into a wider systemic problem if the flaw is severe enough.

According to Joe Brinkley of penetration testing firm Cobalt, “the barrier to entry for state-level cyber capabilities has now been lowered to the cost of an API key.” And given that banks currently take weeks to fix high-severity vulnerabilities, this underscores the need for change, he pointed out.

“Organizations that continue to treat offensive security as a periodic check-box exercise rather than a continuous, AI-integrated function are effectively waiting for the inevitable,” Brinkley said. “If the banking sector doesn’t automate its defense to match the speed of the attack, the targeting of financial services will skyrocket as the easy wins become fully automated.”

Additionally, according to Steve Tait, CTO at cloud security company Skyhigh Security, AI models such as Claude Mythos represent an opportunity as well as a threat.

“Cybersecurity has always been an arms race, and pairing security expertise with advanced AI solutions will help teams fight AI with AI,” he said. “If both attacker and defender have access to the same models, then the playing field will be the same as it is today: broadly equal but moving at a thousand miles an hour.”

When it comes to EDR compatibility within an MDR offering, MSPs are weighing two key priorities: native EDR integration or the flexibility to support multiple solutions.

Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services.

In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.

In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members.

Recently, ConsumerWorld.org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.

This is a screenshot of the example they sent us.

As you can see, the email comes from [email protected]. It wasn’t spoofed, which means it passes standard security checks (DKIM, SPF, DMARC).

While the body of the email says that you received a payment of ¥1 JPY (a whopping $0.0063), the subject line tells a different story:

“Pending charge of USD 987.90 for account activation. Questions? Call-(888) 607-0685.”

As an extra bonus for the scammers, the email contains personalized details—the recipient’s actual name and a real transaction ID.

The number in the subject line is not PayPal’s. The legitimate contact number appears inside the email.

Scam or legit? Scam Guard knows.

TRY IT NOW

The intention of the email is straightforward.

Recipients think:

1. “Oh no! There’s a pending charge for $987.90.”
2. “The amount doesn’t match what I see in the email body—that’s weird and scary.”
3. “I need to call this number immediately to dispute this charge.”

They call the number in the subject line, only to reach tech support scammers.

These scammers pretend to be PayPal support and may try to:

• Get you to “verify” payment methods
• Collect banking details
• Convince you to install remote access tools
• Take control of accounts or devices
• All of the above

How the subject line is altered is still unclear. Based on PayPal’s documented email behavior, subject lines are typically fixed and not meant to include arbitrary free text or phone numbers. Our findings indicate that the subject line was already weaponized at the point PayPal’s systems signed the email. If someone along the way had rewritten the subject, the dkim=pass header.d=paypal.com result would likely fail.

One possibility is that the scammer abused PayPal’s note or remittance field in a way that surfaces in certain payout templates, including the subject line and HTML <title>, even though normal merchant payment‑received emails don’t allow arbitrary subjects.

We have contacted PayPal for comment and will update this post if we hear back.

How to avoid PayPal scams

The best way to stay safe is to stay informed about the tricks scammers use. Learn to spot the red flags that almost always give away scams and phishing emails, and remember:

• Use verified, official ways to contact companies. Don’t call numbers listed in suspicious emails or attachments.
• Beware of someone wanting to connect to your computer remotely. One of the tech support scammer’s biggest weapons is their ability to connect remotely to their victims. If they do this, they essentially have total access to all of your files and folders.
• Report suspicious emails to PayPal. Send the email to [email protected] to support their investigations.

If you’ve fallen victim to a tech support scam:

• Paid the scammer? Contact your bank or card provider and let them know what’s happened. You can also file a complaint with the FTC or your local law enforcement, depending on your region.
• Shared a password? Change it anywhere it’s used. Consider using a password manager and enable 2FA for important accounts.
• Gave access to your device? Run a full security scan. If scammers had access to your system, they may have planted a backdoor so they can revisit whenever they feel like it. Malwarebytes can remove these and other software left behind by scammers.
• Watch your accounts: Keep an eye out for unexpected payments or suspicious charges on your credit cards and bank accounts.
• Be wary of suspicious emails. If you’ve fallen for one scam, they may target you again.

Pro tip: Malwarebytes Scam Guard recognized this email as a call back scam. Upload any suspicious text, emails, attachments, and other files to ask for its opinion. It’s really very good at recognizing scams. 

Something feel off? Check it before you click.  

Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.  

Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.  

Try it free → 

With Mythos signaling a new era of near-instant exploitation, Anthropic positions Claude Security to help defenders keep pace.

The post Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge appeared first on SecurityWeek.

Industrialized cybercrime delivers attacks with greater scale, speed and success. Defenders must match this with use of AI and automation.

The post AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours appeared first on SecurityWeek.

For MSSPs, the rapid business adoption and deployment of AI assistants and agents are both a challenge and an opportunity.

A supply chain attack targeting SAP npm packages is putting enterprise development environments at risk. 

Aikido researchers discovered malicious code designed to steal credentials and secrets from developer systems and CI/CD pipelines. 

The attack “… harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes,” said Raphael Silva, security researcher at Aikido security.

“With LLMs working to ‘make it work’ as fast as possible with little security oversight, organizations need good guardrails that catch dangerous install scripts, risky dependency updates, [and] hardcoded secrets,” said Isaac Evans, co-founder and CEO of Semgrep in an email to eSecurityPlanet.

Inside the SAP npm Package Compromise 

This issue affects SAP Cloud Application Programming Model (CAP) and Cloud MTA packages, meaning developers and build systems may have unknowingly executed malicious code during normal dependency installation. 

According to researchers, the compromised packages included @cap-js/sqlite v2.2.2, @cap-js/postgres v2.2.2, @cap-js/db-service v2.10.1, and mbt v1.2.48.

How the npm Preinstall Attack Worked 

The attack leveraged npm’s preinstall script functionality, which runs automatically during package installation. 

In this case, the script executed a loader (setup.mjs) that downloaded the Bun JavaScript runtime and used it to run an obfuscated payload. 

This technique allowed the attackers to execute malicious code as part of a routine and trusted development process, requiring no additional user interaction.

Credential Theft and Data Targeting 

Once executed, the payload acted as an information stealer, targeting a broad set of sensitive data. 

This included npm and GitHub authentication tokens, SSH keys, cloud credentials for AWS, Azure, and Google Cloud, Kubernetes configurations, and CI/CD pipeline secrets. 

The malware also attempted to extract secrets directly from CI runner memory, bypassing common protections such as log masking and increasing the likelihood of credential exposure.

Command-and-Control and Propagation Techniques 

Researchers also observed that the malware used GitHub as part of its command-and-control (C2) infrastructure. 

Stolen data was encrypted and uploaded to repositories under victim accounts, while specially crafted commit messages were used as a dead-drop mechanism to retrieve additional tokens. 

The payload also attempted to self-propagate by using stolen credentials to compromise additional npm packages and repositories.  

Aikido researchers have linked the activity to the TeamPCP threat group, which has previously conducted similar supply chain attacks against companies like Bitwarden and Checkmarx.

Reducing Risk in Software Supply Chains 

As software supply chain attacks become more common, organizations need to take a proactive approach to reducing risk across development environments. 

Modern applications rely heavily on third-party packages and automated pipelines, creating multiple opportunities for compromise if not properly secured. 

• Remove compromised packages, rebuild affected systems from trusted sources, and rotate all potentially exposed credentials.
• Implement strong dependency controls by pinning versions, verifying package integrity, and using private registries or approved package allowlists.
• Restrict and audit package lifecycle scripts, and limit execution of untrusted code during installation and build processes.
• Enforce least privilege, short-lived tokens, and multi-factor authentication for developer accounts, CI/CD systems, and package repositories.
• Secure CI/CD pipelines with isolated, ephemeral builds, limited network access, and continuous monitoring for anomalous activity.
• Continuously scan, monitor, and analyze dependencies and environments using DevSecOps tools.
• Test incident response plans and use attack simulation tools with scenarios around software supply chain attacks.

These measures help organizations reduce software supply chain exposure and build resilience against emerging threats. 

Why Software Supply Chains Are a Target 

This attack reflects a broader shift in how threat actors approach initial access. 

As organizations increasingly depend on open-source and vendor-managed packages, software supply chains have become a practical entry point for compromise. 

By targeting trusted distribution channels, attackers can introduce malicious code into environments through routine processes like dependency installation or updates, often without immediate detection. 

These risks are leading organizations to adopt zero trust solutions that help continuously verify access and limit the impact of compromised software dependencies.

The post SAP npm Supply Chain Attack Targets Developer Credentials  appeared first on eSecurity Planet.

Security teams need better control over which AI tools are allowed, where they come from, and what access they have.

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them?

Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them.

The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.

This operation targeted Roblox accounts because they hold significant monetary value for many users. Accounts can contain high Robux balances, limited-edition items that can no longer be obtained, years of gaming progress with achievements and unlocks, and paid access to premium content. 

Roblox account recovery

If you recently downloaded any suspicious game enhancements or other Roblox-related software, your first priority is to run a full system anti-malware scan.

Then check for unknown or untrusted browser extensions. Keep only those that came from verified, trusted sources.

If the scans led to any removals, clear your browser history and cookies completely. Note that this will log you out of most websites.

If you still have access to your Roblox account, change your password and turn on two-step verification if you haven’t already.

If the hackers changed your password and you’re unable to log in, use the password recovery option on the Roblox login page by clicking “Forgot Password or Username?”. Enter the email address associated with your account and check your inbox (including spam folders) for the reset link.

After recovering access, immediately terminate all active sessions to prevent hackers from maintaining access through stolen cookies. Go to Settings > Security and click Log out of all other sessions at the bottom of the page. This ensures that anyone who had unauthorized access can no longer use your account.

If you’ve been completely locked out—because hackers have changed both your password and recovery details—contact Roblox Support immediately. Visit the Roblox support page and provide as much detail as possible. They may ask for:

• Your account username (this is crucial for identification).
• The original email address used to create the account.
• Payment information or purchase receipts showing Robux transactions.
• The approximate date and time of the compromise.
• Screenshots showing account details before the compromise, including creation date.
• Your previous account settings or any other details that prove ownership.

Roblox explicitly states that, unless required by law, it is under no obligation to restore compromised accounts. It does not guarantee that accounts will be returned to their previous state or that lost virtual items and currency can be recovered. Only in very limited circumstances may Roblox offer the ability to recover lost inventory or its approximate value. It’s important to note that you must contact Roblox within 30 days of the compromise if you want assistance recovering lost items or currency. The support process typically takes 2–5 days.

Picked up something you shouldn’t have?

RUN A FREE VIRUS SCAN

How to protect your Roblox account

There are a few steps that make it harder for someone to steal your Roblox account:

• Verified email address. Ensure your account has a verified email address that you actively monitor. This helps you spot unauthorized password or email changes quickly.
• Use unique passwords. Never reuse passwords across different accounts. If one is exposed elsewhere, attackers will try it on other platforms, including Roblox. Your Roblox password should be completely unique and stored securely. A password manager can help you with both.
• Don’t share access. Never share your password with anyone, even with people claiming to be friends. Your account credentials should belong only to you (and your parents if you’re a minor). Roblox staff will never ask for your password.
• Be wary of game enhancements, hacks, cracks and keys. The hackers in this case specifically distributed malware disguised as game-enhancement tools. Be extremely cautious about downloading any third-party programs, cheats, exploits, or tools that claim to improve your Roblox experience. These are often vehicles for credential theft and account compromise.
• Keep software updated. Keep all the software on your device up-to-date, so you’re protected against the latest known exploits.
• Use anti-malware. Run up-to-date, real-time anti-malware software to protect your device against information stealers and other malware.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

Identity security is one of the most urgent priorities for enterprises as AI adoption expands the attack surface and introduces new complexity. 

The SpecterOps Trends in Identity Attack Path Management 2026 report highlights how organizations are increasing investment in identity security while struggling to turn visibility into consistent risk reduction.

“As identity becomes the control plane for more of the enterprise, the challenge is no longer just getting visibility,” said Jared Atkinson, CTO at SpecterOps in an email to eSecurityPlanet. 

He explained, “Organizations are now working to build cross-functional discipline to prioritize findings and drive remediation, reducing attack paths over time.” 

Jared added, “This effort becomes even more important as AI adoption introduces more non-human identities and trust relationships, and therefore more legitimate paths for an attacker to take.”

How AI Is Expanding Identity Risk 

As organizations adopt AI agents and automate more workflows, the number of identities interacting with systems and data is expanding rapidly. 

This includes not only human users, but also non-human identities (NHIs) such as service accounts, bots, and AI-driven processes. 

Each new identity introduces additional access points, increasing the risk of misconfigurations, excessive privileges, and poorly governed credentials that attackers can exploit.

Why Attack Path Visibility is a Priority 

This growing complexity is shifting how organizations prioritize security. 

According to the SpecterOps report, 43% of organizations now rank attack path visibility as a top cybersecurity priority — surpassing even AI integration initiatives.

Before organizations can scale AI securely, they need clear visibility into how access and privileges are connected across their environments. 

The Rise of Identity Attack Path Management 

To address this challenge, Identity Attack Path Management (APM) is gaining traction as a key security capability. 

The report shows that 35% of organizations have fully implemented identity APM solutions, up from 21% the previous year, and more than half are already using automated tools to discover identity-based attack paths.

This reflects a shift from simply managing identities to actively analyzing how those identities interact and create potential pathways for compromise.

How Identity Attack Paths Work 

At its core, identity attack path management focuses on identifying how an attacker could move through an environment by chaining together access relationships. 

These paths often span multiple systems, accounts, and environments, combining elements such as credential exposure, privilege escalation, and trust relationships. 

For example, an attacker might leverage a low-privileged account, escalate permissions through misconfigurations, and eventually gain access to critical systems. 

Because these paths are rarely linear and often cross cloud and on-prem environments, they can be difficult to detect without specialized tooling.

The Impact of Non-human Identities 

The challenge is further compounded by the rapid growth of non-human identities. 

The report notes that 34% of organizations already view managing NHIs as a significant challenge, as these identities frequently accumulate privileges faster than governance processes can keep up.

As AI adoption continues to accelerate, the number of machine identities — and the complexity of their relationships — will increase, making it even more difficult for security teams to maintain visibility and control.

A Shift toward Interconnected Identity Security 

Together, these trends highlight a broader shift in identity security. It is no longer enough to manage users and permissions in isolation. 

To effectively reduce risk in dynamic, automated environments, organizations need clear visibility into how identities, privileges, and systems are interconnected — and where those connections could be exploited. 

How to Reduce Identity Security Risk 

Modern environments include a mix of human users, service accounts, and automated processes, all of which introduce new access paths that can be exploited if not properly managed. 

Addressing this risk requires a comprehensive approach that goes beyond basic identity and access management. 

• Implement identity attack path management by continuously discovering attack paths, validating exposures, and treating identity relationships as critical dependencies.
• Enforce least privilege and just-in-time access across human and non-human identities to reduce standing privileges and limit attack paths.
• Establish strong identity governance with clear ownership, access reviews, lifecycle management, and alignment to frameworks.
• Secure and segment critical systems and identity infrastructure to limit lateral movement and reduce blast radius.
• Continuously monitor, log, and correlate identity activity across environments to detect anomalies and support threat hunting and forensics.
• Apply proactive testing through red teaming and attack simulations to identify gaps in identity controls and validate defenses.
• Develop and regularly test identity-focused incident response plans to improve resilience and reduce exposure to identity-based attacks.

Collectively, these steps help organizations reduce identity-related exposure and build resilience against evolving threats. 

Identity Is Central to Security

The SpecterOps report reflects an ongoing shift in enterprise security, where identity is playing an increasingly central role. 

As AI adoption expands and more processes become automated, organizations are managing a growing number of identities, credentials, and access relationships.

While tools can improve visibility into identity risk, organizations still need to operationalize that insight by prioritizing issues, coordinating remediation, and maintaining ongoing oversight.

These challenges are also driving organizations to adopt zero trust solutions that continuously verify identities and enforce strict access controls.

The post AI Adoption Fuels Rise in Identity Attack Path Risk  appeared first on eSecurity Planet.

Many organizations are investing in technology to protect identities, but not enough are thinking about resilience or restoration.

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image.

An Archer AX21 router from TP-Link. Image: tp-link.com.

For the past several years, security experts have tracked a series of massive DDoS attacks originating from Brazil and solely targeting Brazilian ISPs. Until recently, it was less than clear who or what was behind these digital sieges. That changed earlier this month when a trusted source who asked to remain anonymous shared a curious file archive that was exposed in an open directory online.

The exposed archive contained several Portuguese-language malicious programs written in Python. It also included the private SSH authentication keys belonging to the CEO of Huge Networks, a Brazilian ISP that primarily offers DDoS protection to other Brazilian network operators.

Founded in Miami, Fla. in 2014, Huge Networks’s operations are centered in Brazil. The company originated from protecting game servers against DDoS attacks and evolved into an ISP-focused DDoS mitigation provider. It does not appear in any public abuse complaints and is not associated with any known DDoS-for-hire services.

Nevertheless, the exposed archive shows that a Brazil-based threat actor maintained root access to Huge Networks infrastructure and built a powerful DDoS botnet by routinely mass-scanning the Internet for insecure Internet routers and unmanaged domain name system (DNS) servers on the Web that could be enlisted in attacks.

DNS is what allows Internet users to reach websites by typing familiar domain names instead of the associated IP addresses. Ideally, DNS servers only provide answers to machines within a trusted domain. But so-called “DNS reflection” attacks rely on DNS servers that are (mis)configured to accept queries from anywhere on the Web. Attackers can send spoofed DNS queries to these servers so that the request appears to come from the target’s network. That way, when the DNS servers respond, they reply to the spoofed (targeted) address.

By taking advantage of an extension to the DNS protocol that enables large DNS messages, botmasters can dramatically boost the size and impact of a reflection attack — crafting DNS queries so that the responses are much bigger than the requests. For example, an attacker could compose a DNS request of less than 100 bytes, prompting a response that is 60-70 times as large. This amplification effect is especially pronounced when the perpetrators can query many DNS servers with these spoofed requests from tens of thousands of compromised devices simultaneously.

A DNS amplification and reflection attack, illustrated. Image: veracara.digicert.com.

The exposed file archive includes a command-line history showing exactly how this attacker built and maintained a powerful botnet by scouring the Internet for TP-Link Archer AX21 routers. Specifically, the botnet seeks out TP-Link devices that remain vulnerable to CVE-2023-1389, an unauthenticated command injection vulnerability that was patched back in April 2023.

Malicious domains in the exposed Python attack scripts included DNS lookups for hikylover[.]st, and c.loyaltyservices[.]lol, both domains that have been flagged in the past year as control servers for an Internet of Things (IoT) botnet powered by a Mirai malware variant.

The leaked archive shows the botmaster coordinated their scanning from a Digital Ocean server that has been flagged for abusive activity hundreds of times in the past year. The Python scripts invoke multiple Internet addresses assigned to Huge Networks that were used to identify targets and execute DDoS campaigns. The attacks were strictly limited to Brazilian IP address ranges, and the scripts show that each selected IP address prefix was attacked for 10-60 seconds with four parallel processes per host before the botnet moved on to the next target.

The archive also shows these malicious Python scripts relied on private SSH keys belonging to Huge Networks’s CEO, Erick Nascimento. Reached for comment about the files, Mr. Nascimento said he did not write the attack programs and that he didn’t realize the extent of the DDoS campaigns until contacted by KrebsOnSecurity.

“We received and notified many Tier 1 upstreams regarding very very large DDoS attacks against small ISPs,” Nascimento said. “We didn’t dig deep enough at the time, and what you sent makes that clear.”

Nascimento said the unauthorized activity is likely related to a digital intrusion first detected in January 2026 that compromised two of the company’s development servers, as well as his personal SSH keys. But he said there’s no evidence those keys were used after January.

“We notified the team in writing the same day, wiped the boxes, and rotated keys,” Nascimento said, sharing a screenshot of a January 11 notification from Digital Ocean. “All documented internally.”

Mr. Nascimento said Huge Networks has since engaged a third-party network forensics firm to investigate further.

“Our working assessment so far is that this all started with a single internal compromise — one pivot point that gave the attacker downstream access to some resources, including a legacy personal droplet of mine,” he wrote.

“The compromise happened through a bastion/jump server that several people had access to,” Nascimento continued. “Digital Ocean flagged the droplet on January 11 — compromised due to a leaked SSH key, in their wording — I was traveling at the time and addressed it on return. That droplet was deprecated and destroyed, and it was never part of Huge Networks infrastructure.”

The malicious software that powers the botnet of TP-Link devices used in the DDoS attacks on Brazilian ISPs is based on Mirai, a malware strain that made its public debut in September 2016 by launching a then record-smashing DDoS attack that kept this website offline for four days. In January 2017, KrebsOnSecurity identified the Mirai authors as the co-owners of a DDoS mitigation firm that was using the botnet to attack gaming servers and scare up new clients.

In May 2025, KrebsOnSecurity was hit by another Mirai-based DDoS that Google called the largest attack it had ever mitigated. That report implicated a 20-something Brazilian man who was running a DDoS mitigation company as well as several DDoS-for-hire services that have since been seized by the FBI.

Nascimento flatly denied being involved in DDoS attacks against Brazilian operators to generate business for his company’s services.

“We don’t run DDoS attacks against Brazilian operators to sell protection,” Nascimento wrote in response to questions. “Our sales model is mostly inbound and through channel integrator, distributors, partners — not active prospecting based on market incidents. The targets in the scripts you received are small regional providers, the vast majority of which are neither in our customer base nor in our commercial pipeline — a fact verifiable through public sources like QRator.”

Nascimento maintains he has “strong evidence stored on the blockchain” that this was all done by a competitor. As for who that competitor might be, the CEO wouldn’t say.

“I would love to share this with you, but it could not be published as it would lose the surprise factor against my dishonest competitor,” he explained. “Coincidentally or not, your contact happened a week before an important event – ​​one that this competitor has NEVER participated in (and it’s a traditional event in the sector). And this year, they will be participating. Strange, isn’t it?”

Strange indeed.

Organizations are rapidly adopting AI models, but many still lack visibility into where those models come from or how they’ve been modified along the way. 

Cisco is aiming to close that gap with the release of its open-source Model Provenance Kit, a tool designed to verify the origins of AI models and improve trust across the AI supply chain.

“We’re at the AI equivalent of the early internet, when systems were focused on capability advancements,” said Amy Chang, Head of AI Threat Intelligence & Security Research at Cisco in an email to eSecurityPlanet.

She explained, “Model provenance is emerging as the missing layer that can shed light into an AI model’s lineage and training, which can inform organizations about where it came from and whether it can be trusted.”

Amy also added, “As AI continues to advance into regulated, high-stakes domains, provenance will become foundational to governance, accountability, and enforceable trust.”

Cisco’s Approach to AI Model Provenance 

As enterprises accelerate adoption of third-party and open-source AI models, understanding model lineage is quickly becoming a foundational requirement for managing risk. 

Modern AI systems are rarely built from scratch — they are continuously fine-tuned, compressed, merged, or otherwise modified, producing layers of derivative models.

Each transformation introduces the potential to inherit not only capabilities, but also vulnerabilities, hidden dependencies, and licensing obligations. 

Without a reliable way to trace these relationships, organizations face growing challenges across compliance, incident response, and overall supply chain security.

How Cisco’s Model Provenance Kit Works 

Cisco’s Model Provenance Kit is designed to address this gap by giving organizations a way to verify where models come from and how they are related. 

The tool fingerprints models at the weight level — the underlying parameters that define model behavior — allowing security teams to determine whether one model is derived from another with a high degree of confidence. 

Complementing this, Cisco introduced the Model Provenance Constitution, a formal framework that defines what constitutes a legitimate derivation relationship and, just as importantly, what does not.

Defining Provenance at the Weight Level 

At the core of Cisco’s approach is a precise and restrictive definition of provenance based on weight-level derivation. 

Under this model, two AI systems are considered related only if there is a direct or indirect causal chain connecting their trained parameters. 

This includes common development paths such as fine-tuning from a base model, knowledge distillation from a teacher model, or mechanical transformations like quantization, pruning, or model merging. 

By anchoring provenance in verifiable weight relationships, the framework provides a consistent and technically grounded standard that can be applied across organizations.

What the Framework Excludes

Equally important is what the framework deliberately excludes. 

Superficial similarities, such as shared architectures, overlapping training datasets, or comparable benchmark performance, are not treated as evidence of derivation. 

This distinction is critical in practice. Without it, organizations could mistakenly classify unrelated models as dependent, leading to false positives in vulnerability tracking, unnecessary licensing concerns, and increased noise in governance processes. 

By drawing a clear boundary between true derivation and coincidental similarity, the framework reduces ambiguity and improves decision-making accuracy.

Model Provenance Constitution 

The Model Provenance Constitution further strengthens this approach by explicitly outlining the conditions under which models are considered related, including direct descent, indirect descent, mechanical transformation, and transitive relationships across multiple stages. 

It also catalogs common false signals — such as independently developed models that happen to resemble one another — helping teams avoid misclassification. 

This structured taxonomy ensures that every model comparison can be evaluated against a consistent set of criteria.

Why Provenance Matters for AI Security 

The need for this level of rigor is driven by the evolving threat landscape. 

Weak model provenance has already been identified as a growing risk in AI environments, especially in the context of supply chain attacks. 

Adversaries can exploit poorly documented model dependencies to introduce malicious code, backdoors, or vulnerabilities into widely reused components. 

Industry frameworks such as OWASP’s Top 10 for LLM applications and MITRE ATLAS highlight supply chain compromise as a primary threat vector, reinforcing the importance of traceability and verification.

Building Trust Through Verifiable Evidence 

To support real-world use, Cisco’s approach emphasizes verifiable evidence over assumptions. 

Provenance can be established through official documentation, technical validation of model checkpoints, or authoritative third-party analysis. 

By relying on weight-level verification instead of manipulable metadata or naming, the framework helps prevent attempts to obscure a model’s origin. 

Together, these capabilities give organizations clearer visibility into model dependencies and a stronger foundation for managing AI supply chain risk.  

How to Reduce AI Model Risk 

As organizations integrate AI into critical business processes, managing model risk is becoming a core security priority. 

AI systems introduce new challenges across data, dependencies, and dynamic behavior that require a more comprehensive approach to risk reduction. 

Addressing these risks requires safeguards across the entire AI lifecycle, from development through deployment and operations.  

• Implement model provenance and supply chain controls by verifying lineage, validating third-party models, and treating models as managed dependencies.
• Establish strong governance policies that require documentation of model origins, transformations, and risk classification aligned to frameworks like NIST AI RMF.
• Secure data across the AI lifecycle by protecting training and inference pipelines, preventing data leakage, and validating datasets against poisoning risks.
• Enforce identity and access controls using least privilege and zero trust principles for all users, APIs, and systems interacting with models.
• Continuously monitor and log model behavior to detect anomalies, drift, or signs of tampering and enable effective forensic analysis.
• Apply model and application-layer protections such as adversarial testing, guardrails, output filtering, and environment isolation to reduce misuse and exploitation risk.
• Develop and regularly test AI-specific incident response plans to ensure readiness for model compromise, data exposure, or malicious outputs.

Collectively, these measures help organizations build resilience and reduce exposure to AI model risks. 

Rise of AI Supply Chain Risk 

Cisco’s Model Provenance Kit highlights an ongoing shift in how organizations approach AI risk management. 

As AI systems become more modular and interconnected, the traditional concept of a software supply chain is expanding to include models, datasets, and training pipelines.

In this environment, establishing clear provenance is increasingly important for maintaining security, supporting compliance efforts, and building operational confidence. 

Without better visibility into how models are developed and related, organizations may face challenges in identifying dependencies, assessing risk, and managing potential inherited vulnerabilities.

These challenges reinforce the need for zero trust that helps organizations continuously verify systems, data, and dependencies across AI environments. 

The post Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security appeared first on eSecurity Planet.

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, transportation, building automation, and weapons-support infrastructure.

OT owners should design controls on the assumption that adversaries are already inside the network, and validate every access request based on identity, context, and risk rather than network location, CISA and four partner agencies wrote in a 28-page document titled Adapting Zero Trust Principles to Operational Technology.

The guide was developed with the Department of War, the Department of Energy, the FBI, and the Department of State, with technical contributions from the National Institute of Standards and Technology.

The agencies were direct about the threat driving the publication.

“CISA has observed threat actors like Volt Typhoon targeting OT systems to compromise, escalate, and maintain access within operational environments,” CISA Acting Executive Assistant Director for Cybersecurity Chris Butera said in a statement accompanying the release. “Zero Trust architecture is critical to preventing cyber incidents that could cause operators to lose visibility or control of essential systems.”

CISA, the FBI, and the National Security Agency first warned in February 2024 that the Chinese state-sponsored group was prepositioning on US IT networks to enable lateral movement to OT assets in the event of geopolitical conflict. The group has since resurfaced with renewed botnet activity exploiting end-of-life routers and exploited a Versa Director zero-day to harvest credentials from US ISPs.

Pete Luban, field CISO at cybersecurity firm AttackIQ, said the convergence of IT and OT was the structural reason the guidance was needed. “Systems that were once isolated are now increasingly connected to enterprise networks and third-party services, and attackers are taking full advantage,” Luban said. “Adversaries aren’t just looking for data to steal, but for the weak seams between business and operational systems that can be used to move laterally across networks.” In OT, a successful intrusion can escalate quickly from a cybersecurity issue to an operational, safety, and public trust issue, he added.

A reference architecture built for the plant floor

It is precisely those weak seams that the new guide tries to close. The document is structured around the six functions of NIST Cybersecurity Framework 2.0 — Govern, Identify, Protect, Detect, Respond, and Recover — and aligns with CISA’s Cross-Sector Cybersecurity Performance Goals 2.0, the DoD Zero Trust Reference Architecture v2.0, NIST SP 800-82r3, and the international ISA/IEC 62443 series.

But the agencies wrote that none of those frameworks could be applied to OT unmodified.

“The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible,” the document stated, calling instead for continuous collaboration between OT engineers, IT architects, and cybersecurity professionals.

The guidance directs operators to segment Active Directory used in OT into a “separate forest or domain, avoid direct trust relationships between IT and OT identity systems, and enforce multi-factor authentication at the jump host level” where the underlying device cannot support it. Privileged sessions should be vaulted, recorded, and time-bound, with just-in-time access used to restrict remote vendor connections to narrowly defined maintenance windows, the document advised.

On encryption, the document distinguished confidentiality and integrity. Integrity and authentication through digital signing are typically more critical than confidentiality in OT, the agencies wrote, because expired certificates will not halt operations if communications remain in the clear. At the same time, encryption can introduce latency that disrupts safety-critical systems.

That kind of nuance is precisely why the model cannot be transplanted wholesale, said Nick Tausek, lead security automation architect at Swimlane. “OT teams cannot simply lift and shift an IT security model into environments where downtime, latency, and safety risks carry real-world consequences,” Tausek said. “Zero trust has to be implemented with precision, operational awareness, and automation that can enforce policy without creating more friction for the people keeping critical systems running.”

What it means for security teams

The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points for critical infrastructure attacks.

The document told buyers that strategic procurement is how operators escape the legacy trap, and pointed them to the Secure by Demand guide for contracting criteria and to its open-source SIEM tool, Malcolm, for OT protocol parsing.

Luban said the harder problem is verifying that any of these controls hold. Organizations need to test boundaries against real-world adversary tactics, he said, to identify “where trust is being assumed, where access is too broad, and where attackers may still be able to cross from enterprise environments into operational systems before those gaps are exposed in a real incident.” The tooling adopted to run those tests carries its own risk. Tausek said AI-driven security agents now sitting alongside OT environments have become high-value targets in their own right. “If an attacker can tamper with an agent, disable it, or use it as a trusted pathway, the tool meant to improve detection can become part of the problem,” he said.

Security researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs.

The issue was disclosed by Novee Security researchers and affects the @google/gemini-cli package and its associated GitHub Action, widely used in CI/CD workflows.

“Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions,” reads a GitHub advisory issued on the flaw.

Google acknowledged the flaw and thanked security researchers Elad Meged from Novee Security and Dan Lisichkin from Pillar Security for reporting the issue through its Vulnerability Rewards Program.

The issue was fixed in @google/gemini-cli versions 0.39.1 and 0.40.0-preview.3. A run-gemini-cli fix was also released in version 0.1.22.

Overtrusting workspace configurations

The problem lay in how the CLI handled workspace trust and command execution in automated, non-interactive environments.“In affected versions, Gemini CLI running in CI environments automatically trusted workspace folders for the purpose of loading configurations and environment variables,” the advisory said.

This could have been easily exploited by attackers by injecting their own malicious configurations into the trusted workspace.

“The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” Novee researcher, Elad Meged, said in a blog post. “This triggered command execution directly on the host system, bypassing security before the agent’s sandbox even initialized.”

The impact of the flaw was limited to workflows using Gemini CLI in headless mode, without an interactive interface.

While a CVE ID has not been assigned to the flaw yet, Meged said Google assessed a severity rating of 10.0, the maximum on the CVSS scale. The maximum severity rating likely comes from the exploit requiring low complexity, minimal privileges, and little to no user interaction.

Google did not immediately respond to CSO’s request for comments.

The flaw was, however, categorized under CWE-20, CWE-77, CWE-78, and CWE-200, which roughly refer to improper input validation, command injection, and information disclosure weaknesses.

The behavior is now fixed

Google has addressed the issue by removing implicit workspace trust in headless environments and enforcing stricter tool controls, effectively changing how Gemini CLI behaves in CI/CD pipelines.

The patched versions (0.39.1 and 0.40.0-preview.3) now require explicit trust decisions before loading workspace configurations, aligning non-interactive execution with the same safeguards expected in interactive use.

Additionally, the fix closed a critical gap in “–yolo” mode by ensuring that tool allowlisting is actually enforced, preventing loosely scoped permissions from turning into unrestricted command execution.

Previously, allowlisting could be bypassed, letting CLI run commands outside the intended restrictions.

Google has also brought in a broader ecosystem change. The run-gemini-cli GitHub Action (patched in v0.1.22) now automatically pulls and executes the latest version of the CLI. Workflows that pin a specific gemni-cli-version are advised to upgrade to a patched release and review their existing Gemini CLI configurations to ensure they don’t rely on unsafe defaults.

The internet’s chatbots have read every forum rant, leaked Slack log, and confident blog post your uncle ever wrote about chemtrails. The results are predictable: they reflect the state of the internet, and it isn’t pretty. That, along with some questionable design decisions, is partly why Elon Musk’s Grok chatbot briefly generated antisemitic content and referred to “MechaHitler” during testing.

Wouldn’t it be nice if we had a chatbot that only draws on knowledge from before the internet, reality TV, or AI-slop content ever existed? Three researchers have created just that: a chatbot that hasn’t read anything published after 1930.

Talkie is a 13-billion-parameter language model trained on digital scans of English-language texts published before the end of 1930. That cutoff aligns with the current US public domain year, meaning anything published until the end of that year is fair game and there are no lawsuits from irate IP-holders to worry about.

David Duvenaud, an associate professor of computer science and statistics at the University of Toronto, led the work with two collaborators. You can download it from GitHub or Hugging Face, or chat with it through a web interface, if you don’t mind a model whose mental map of the world ends with the Great Depression.

The model knows only what appears in books, newspapers, legal texts, and other publications before its cutoff date. So it’s great for questions about Prohibition or World War One. NASA’s first moon landing? Not so much.

Why bother?

The obvious question: why train an AI that doesn’t know what the Nazis did, what the internet is, or what an LLM even is?

These aren’t so much exercises to look at the “good old days” through rose-colored glasses so much as intellectual experiments. Nostalgia misrepresents the past, and the world was just as problematic back then, if not more so.

Duvenaud told The Register that such a model could be useful for examining how people might have interpreted laws or events at the time, using only the knowledge available then.

Another fun experiment: Use it to see whether a model can “rediscover” later breakthroughs using only earlier knowledge, as a way of probing the limits of AI reasoning.

Where it breaks

There are definite weaknesses in Talkie, which its inventors are well aware of.

For example, there was no digital publishing in 1930, so every word of Talkie’s corpus had to be transcribed from a scan. OCR is famously imperfect anyway, but more so on the blurry text printed back in the day.

It also leaks future information that can sometimes creep in from mislabeled future documents, despite the researchers’ best efforts. We asked it about television, which was just starting out in the late 1920s, and this is what happened:

But still, what an absorbing project. It isn’t alone, either. In their paper, the researchers mention other projects such as Ranke-4b from the University of Zurich, a series of LLMs with historical snapshots of data. “Trip” also created Mr Chatterbox, which he trained on a dataset of British literature from 1500–1900 to become, in his words, “a Victorian gentleman in silicon.” Magic.

These are both a fun experiment and a useful insight into the workings of AI. As the Talkie researchers put it:

“Have you ever daydreamed about talking to someone from the past? What would you ask someone with no knowledge of the modern world? What would they ask you?”

And they provide some fun-making opportunities. The nerd in us still wants to hook one of these things up to an Edwardian typewriter keyboard and a ticker tape, steampunk-style.

Your name, address, and phone number are probably already for sale.  

Data brokers collect and sell your personal details to anyone willing to pay. Malwarebytes Personal Data Remover finds them and gets your information removed, then keeps watch so it stays that way. 

SCAN NOW

An authentication vulnerability in cPanel and Web Host Manager (WHM) is putting web hosting environments at risk, prompting the company to release an emergency patch and warn administrators to act quickly. 

The flaw affects multiple authentication paths and could allow attackers to gain unauthorized access to servers if left unpatched.

“Let’s call this what it is: an unauthenticated authentication bypass in cPanel and WHM, a management-plane solution deployed on tens of thousands of servers and sitting in front of a meaningful chunk of the internet,” said Benjamin Harris, CEO and founder of watchTower in an email to eSecurityPlanet.

He added, “Once again, we’re running around with half the Internet seemingly ablaze, and given the increased usage of AI in vulnerability research, we anticipate this new normal to become increasingly familiar.”

Inside the cPanel Authentication Flaw 

This cPanel vulnerability could enable full server takeover, as Web Host Manager’s (WHM) root-level access allows control over websites, databases, email systems, and configurations if compromised. 

The issue affects all supported cPanel versions, expanding the attack surface and potentially impacting multiple customers in shared and enterprise hosting environments. 

While full technical details have not been released, the flaw involves authentication mechanisms that may allow attackers to bypass login checks and gain unauthorized access. 

Successful exploitation could grant administrative access to WHM, enabling configuration changes, account management, access to customer data, and deployment of malicious code or persistence mechanisms. 

Security firm watchTower has released a detection tool to help identify vulnerable hosts. 

cPanel has issued patches and there are already reports of exploitation in the wild. 

Reducing Risk in cPanel Deployments 

Securing cPanel and WHM environments requires a combination of patching and strong operational controls.  

• Patch immediately by upgrading to the latest secure cPanel builds and forcing updates where necessary.
• Enforce strong access controls by enabling MFA, limiting root usage, and applying role-based access principles.
• Restrict administrative access by using IP allowlisting, firewall rules, and placing WHM behind a VPN or bastion host.
• Monitor and log authentication activity, alerting on failed login spikes, unusual access patterns, and other suspicious behavior.
• Harden systems by disabling unnecessary services, applying secure configurations, and deploying file integrity monitoring.
• Conduct proactive compromise assessments and ensure secure, tested backups are available for recovery.
• Test incident response plans with scenarios around control plane compromise.

Implementing these controls helps strengthen resilience while limiting the potential blast radius of a compromised hosting environment. 

Risks of Centralized Admin Access 

Attackers are increasingly focusing on administrative control planes that manage large portions of infrastructure. 

Platforms like cPanel are attractive targets because a single compromise can impact hundreds or even thousands of downstream websites and customers. 

This concentration of access amplifies risk, making strong authentication controls and segmentation important. 

As a result, securing these management layers should be a priority for organizations operating shared or multi-tenant environments. 

This is where a zero trust approach can help by reducing reliance on implicit trust and enforcing strict verification across administrative access points.  

The post cPanel Vulnerability Exposes Servers to Takeover  appeared first on eSecurity Planet.

A vulnerability in GitHub’s infrastructure could have allowed attackers to execute code on backend systems using nothing more than a standard git push command. 

The flaw affected both GitHub.com and GitHub Enterprise Server (GHES), exposing millions of repositories to potential compromise before it was patched.

“By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s backend servers with a single git push command,” said Wiz researchers.

GitHub CVE-2026-3854 Explained 

The vulnerability, CVE-2026-3854, allows any authenticated user to escalate privileges and execute arbitrary commands on GitHub’s backend systems. 

This created the potential for unauthorized access to sensitive code repositories, internal configurations, and secrets.

Input Validation Failure 

The flaw stems from an input validation failure within GitHub’s internal git protocol. 

User-supplied git push options were embedded directly into an internal metadata structure known as the X-Stat header without proper sanitization. 

Because this header relies on semicolon-delimited key-value pairs, an attacker could inject additional fields simply by including semicolons in their input.

Header Injection and Override 

Compounding the issue, the system processes these fields using a “last-write-wins” parsing model. 

This means that injected values appearing later in the header can override legitimate security controls defined earlier in the request. 

By exploiting this behavior, attackers could manipulate critical settings, such as execution environments and hook configurations, ultimately enabling remote code execution.

The attack required no specialized tools, as a single crafted git push could trigger the full exploitation chain, making it easy to abuse.  

Potential Impact

On GHES, successful exploitation could lead to complete server compromise, including full access to hosted repositories and internal data. 

On GitHub[.]com, the risk extended further due to its multi-tenant architecture, where compromising a shared storage node could potentially expose repositories belonging to other users and organizations.

GitHub has since released patches for affected GHES versions, and there are no confirmed reports of active exploitation at the time of publication. 

Hardening Self-Hosted GitHub 

Securing self-hosted GitHub environments requires more than patching and should include a layered, proactive approach. 

• Upgrade to the latest GHES version and test updates in a staging environment before deploying to production. 
• Enforce least privilege by auditing user access, restricting permissions, and limiting the use of long-lived credentials.
• Monitor and log git activity by sending audit logs to a SIEM and alerting on unusual push options, hook execution, or other anomalous behavior.
• Harden configurations by restricting custom hooks, validating execution paths, and disabling unnecessary features.
• Strengthen input validation and internal trust boundaries to ensure all user-controlled data is sanitized across services.
• Segment and protect infrastructure by isolating GHES systems, limiting network access, and deploying endpoint detection on hosts.
• Test incident response plans with scenarios around software supply chain compromise.

These steps can help organizations build resilience against compromise while reducing overall exposure across your GitHub environment. 

Implicit Trust in Microservices 

CVE-2026-3854 highlights a common challenge in modern application security: managing complexity across interconnected services. 

As organizations rely on microservices and internal APIs, implicit trust between components can introduce security risks if not properly controlled. 

This is where adopting a zero trust approach can help reduce risk by eliminating implicit trust between services and continuously validating every interaction.  

The post GitHub Flaw Enables Remote Code Execution With a Single Git Push appeared first on eSecurity Planet.

The startup wants to automate and accelerate the steps of investigations and remediation, leaving human analysts to make the final decisions.

A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch.

PhantomRPC involves Windows Remote Procedure Call (RPC), the core of communication between Windows processes. The vulnerability lets a process with impersonation rights escalate to SYSTEM by impersonating high‑privileged clients that connect to a fake RPC server.

The researcher presented a detailed technical report outlining five exploitation paths, including coercion, user interaction, or background services. They warned that potential vectors are “effectively unlimited” because the root issue is architectural.

Microsoft, however, classified the issue as “moderate,” refused a bounty, declined to assign a CVE (a spot in the list of Common Vulnerabilities and Exposures), and closed the case without tracking. Its position is that the technique requires an already‑compromised machine and does not provide unauthenticated or remote access.

Experts disagreed with Microsoft’s assessment. Their concern is that Microsoft is downplaying a systemic local privilege escalation technique that exists in all supported Windows versions.

The issue

At the core of this issue is that the Windows RPC runtime does not sufficiently verify that the server a high‑privileged client connects to is the intended legitimate endpoint.

If a legitimate RPC server is not reachable (for example because the service stopped, was misconfigured, not installed, or due to a race condition), an attacker with SeImpersonatePrivilege can spin up a fake RPC server that “fills the gap” using the same interface and endpoint.

When a SYSTEM or high‑privileged client connects to this fake server, using an impersonation level that allows the server to impersonate the client, the attacker can call RpcImpersonateClient and immediately escalate their privileges to SYSTEM.

From Microsoft’s perspective, the ability to run a rogue RPC server in this way falls under the category of “already compromised.”

SeImpersonatePrivilege

To understand the issue better, we need to dig into what SeImpersonatePrivilege does.

Basically, SeImpersonatePrivilege is the Windows permission that lets a program “pretend to be you” after you’ve already logged in, so it can do things on your behalf using your level of access.

It’s needed because many system services and server‑type apps (file sharing, RPC servers, COM servers, web apps) have to perform actions on behalf of a user, like reading their files or applying group policy.

If an attacker gains this privilege, they can create a fake service or server and wait for a more powerful account to talk to it. When that high‑privilege service connects, the attacker can grab its security token and impersonate it, effectively upgrading from an account with lower privileges to full SYSTEM control on that machine.

Protection

A Microsoft spokesperson provided the following statement:

“This technique requires an already-compromised machine and does not grant unauthenticated or remote access. Any update is a balance between existing compatibility and customer risk, and we remain committed to continually hardening our products. We recommend customers follow security best practices, including limiting administrative privileges and applying the principle of least privilege.”

In our opinion, mitigating PhantomRPC properly would require deep changes to the RPC architecture, which is hard to do on existing Windows versions without breaking compatibility. It’s maybe something we’ll see in future versions, given the scale of change needed.

What you can do:

• As PhantomRPC is a piece in a larger chain, it is still very important to keep Windows updated.
• Use your admin account sparingly and only for the tasks that need that kind of privilege.
• Use an up-to-date, real-time anti-malware solution that can detect and block suspicious privilege‑escalation activity.
• Avoid disabling or “hardening” services blindly since a malicious service might step in their place.

To answer the question in the title: it looks like a “feature” that can be abused in many ways; one that has outlived its original threat model. Defenders have to treat them as ongoing risks, rather than one‑off CVEs.

“One of the best cybersecurity suites on the planet.” 

According to CNET. Read their review →

For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how to replace a pendant light in the home, and where to eat during upcoming travel—it won’t be long before people ask these same tools how to stay safe online. And with online scams arriving through phone calls, emails, texts, and suspicious links, the time is now to make the internet safer. 

That’s where Malwarebytes comes in. 

To ensure that people can trust the answers they receive from their AI tools, Malwarebytes has now integrated its years of threat intelligence into two of the most popular providers: ChatGPT and now Claude.  

Plus, with scams being harder to spot, even savvy internet users are getting caught off guard. In fact, according to research we conducted last year, 66% of people said it’s hard to tell a scam from the real thing. 

Now, we’re hoping it’s easier. After connecting Malwarebytes to Claude, you can simply ask: “Malwarebytes, is this a scam?” and you’ll get a clear, informed answer, super fast.  

How to use Malwarebytes in Claude 

Users can activate Malwarebytes in Claude in three simple steps with no Malwarebytes account needed. Here’s how: 

1. Open Claude and navigate to Customize > Connectors
2. Click the + button and select Browse connectors
3. Search for Malwarebytes and click Connect 

Now, all you have to do is ask Malwarebytes to check suspicious links, emails, text messages, or websites directly in Claude. You’ll get instant, trusted answers powered by our pioneering threat intelligence.

Here’s what you can check  

• Check links: Paste a URL you received in a text, email, or message, and Claude will tell you if it’s safe to click. 
• Check phone numbers: Share a phone number from an unknown caller or message, and Claude will check if it’s associated with scams. 
• Check email addresses: Share a sender’s email address, and Claude will check if the domain is linked to phishing or fraud. 
• Look up domain registration: Ask Claude to look up WHOIS information for a domain to see when it was registered, who the registrar is, and whether it looks legitimate. 
• Check multiple items at once: If you receive a message with several links, phone numbers, or email addresses, Claude can check them all in a single step. 
• Report suspicious content: If you confirm something is a scam, you can ask Claude to report it to the Malwarebytes threat intelligence team for further analysis. 

Understanding the results 

Using Claude to check links, phone numbers, or email addresses can provide one of four verdicts. Here’s what each of those means and how you should proceed: 

• Malicious: This link, number, or email address is a confirmed threat. Do not click the link, call the number, or reply to the email. 
• Suspicious: This link, number, or email address may be dangerous. The context suggests that the link, number, or email address may be risky, but there is no confirmed threat yet. It’s best to proceed with caution. 
• Safe: This link, number, or email address is known and legitimate. It is safe to interact with. 
• Unknown: No information is available in the threat intelligence database. This does not mean it’s safe, so be careful. However, it’s important to note that any “unknown” results will trigger a WHOIS lookup for registrar abuse contacts.  

Help center 

If you need step-by-step instructions to set up or use Malwarebytes in Claude, visit our Help Center.  

Why this matters 

Scams are everywhere nowadays, and to add insult to injury, they’re getting a lot harder to spot. But, by bringing Malwarebytes into the tools you already use—like Claude— we’re making it easier to protect yourself without disrupting your day. So, whether you’re working, learning, or just staying connected, Malwarebytes can help keep you safe.  

Try Malwarebytes in Claude today!

Still thinking? Learn more about Malwarebytes in Claude.

“One of the best cybersecurity suites on the planet.” 

According to CNET. Read their review →

This guide is for IT professionals, security teams, and business leaders looking to strengthen network defenses in 2026. It covers the best network security tools to protect data and help reduce overall organizational risk.

Network security tools incorporate hardware and software technologies, methods, and policies to preserve network integrity and prevent potential breaches. These tools offer a comprehensive network security strategy by combining various functions for encryption, firewalls, intrusion detection systems, access control, and regular security audits. We’ve reviewed leading network security tools to assist you in selecting the best fit for your business’s security needs.

These are the seven best network security tools in 2026: 

• ESET: Best overall network security tool
• Palo Alto: Best for zero trust security 
• Cisco: Best for network access control
• Nessus: Best for vulnerability detection
• Fortinet: Best for core and NGFW features
• Splunk: Best choice for unified security
• Malwarebytes: Best for malware defense

Table of Contents

• Top Network Security Tools Comparison
• ESET – Best Overall Network Security Tool
• Palo Alto Networks – Best for Zero Trust Security
• Cisco – Best for Network Access Control
• Nessus – Best for Vulnerability Detection
• Fortinet – Best for Core & NGFW Features
• Splunk – Best Choice for Unified Security
• Malwarebytes – Best for Malware Defense
• Top 5 Features of Network Security Tools
• How We Evaluated the Best Network Security Tools
• Frequently Asked Questions (FAQs)
• Bottom Line: Enhance Your Defense with Network Security Tools

Featured PartnersFeatured Partners: Network Monitoring Software

eSecurity Planet may receive a commission from merchants for referrals from this website

Top Network Security Tools Comparison

We’ve compared the following tools’ capabilities on threat detection, unified platforms monitoring, data loss prevention, multi-OS support, and the availability of free trial.

=Yes  =No/Unclear  =Add-On

ESET – Best Overall Network Security Tool

Overall Rating: 4.4/5

• Core features: 4.7/5
• Pricing and transparency: 4.8/5
• Infrastructure characteristics: 4.7/5
• Compliance certifications:  4.3/5
• Ease of use and admin: 4.5/5
• Customer support: 3.2/5

ESET is a global digital security business that detects and neutralizes zero-day threats, ransomware, and targeted assaults before they’re launched. Their unified cybersecurity platform, the ESET PROTECT plan, completely protects endpoints and other potential threat vectors such as mobiles, email, online, and cloud apps. With its automated, all-in-one defense, ESET leads our choices for network security solutions for cloud and on-premises deployment.

Pros

• Transparent pricing
• Clean user interface
• Operates without system interference

Cons

• Mobile device management needs improvement
• Users report occasional issues with updates
• Costs higher than other tools in the market

• Free solutions: Parental Control app and Anti-Theft feature are available
• ESET PROTECT Complete for Business: $288+ for 5 devices annually
• Contact for quote: Custom plans available
• Free trial: 30 days
• Free demo: Contact to schedule

• Malware detection: Provides multiple techniques and information sources to notify users of malware occurrences.
• Firewall protection: Filters out unwanted content and protects the network and devices from harmful incoming or outgoing traffic.
• Endpoint protection: Allows users to conduct analysis on threat intelligence data particular to their endpoint devices.
• Compliance: Adheres to major industry standards like ISO 27001/9001, HIPAA, PCI, GDPR, NIST, and more.
• Supplementary security tools: Offers cloud app protection, file server security, VPN, wifi protection, password manager, and cybersecurity awareness training.

Dive deeper into ESET PROTECT’s features and benefits by reading our independent editorial review of the platform.

While ESET provides satisfactory customer support, Palo Alto has higher user ratings for the quality of their customer service.

Palo Alto Networks – Best for Zero Trust Security

Overall Rating: 4.3/5

• Core features: 4.6/5
• Pricing and transparency: 2.4/5 
• Infrastructure characteristics: 5/5
• Compliance certifications: 5/5
• Ease of use and admin: 4.5/5
• Customer support: 4.3/5

Palo Alto Networks provides a suite of technologies that enable enterprises to achieve zero trust security through microsegmentation. They implement zero trust by authenticating identities, requiring least privilege access, and continually monitoring network traffic. Palo Alto Networks continues to innovate with virtual, physical, and containerized firewall deployment choices, network security management, cloud-delivered security services, and more.

Pros

• Stable and reliable
• Offers centralized control
• Wide range of options for network solutions

Cons

• Lacks transparent pricing
• Users find it hard to navigate the UI
• Uses large system resources

• Contact for quote: Standard plans and custom pricing available
• Free trial: 30 days
• Free demo: Contact to schedule

• Multi-method prevention: Combines malware and maximizes network protection strategies to combat both known and unknown threats.
• Single rule base: Reduces workload by using a single rule base for firewall, threat prevention, URL filtering, app awareness, user identification, and data filtering.
• Cloud security: The Palo Alto VM-Series firewall enables enterprises to prevent data loss and attacks in both private and public cloud environments.
• Compliance: Adheres to ISO 27001/9001, HIPAA, PCI, GDPR, SOC2, NIST, and other specialized compliance and regulations.
• Supplementary security tools: Offers SASE, cloud-delivered security services, IOT security, 5G security, and more.

If you want to learn how Palo Alto provides centralized control and network monitoring through its secure access service edge (SASE) solution, read Palo Alto Prisma SASE review.

Users generally praise Palo Alto solutions for reliability but note a steep learning curve. Meanwhile, Cisco users appreciate its UI contributing to its ease of use despite its complex features.

Cisco – Best for Network Access Control

Overall Rating: 4.2/5

• Core features: 4.9/5
• Pricing and transparency: 2.3/5 
• Infrastructure characteristics: 5/5
• Compliance certifications: 5/5
• Ease of use and admin: 5/5
• Customer support: 3.4/5

Cisco provides network access control (NAC) via Identity Services Engine (ISE). This tool enables network visibility and access management by enforcing policies on devices and users. It uses the data across your stack to enforce policies, manage endpoints, and provide trusted access. Cisco also offers IDPS and breach and attack simulation solutions. You can integrate solutions conveniently into your network management dashboard via Cisco Networking.

Pros

• Centralized management
• Large feature set
• Suitable for small to large business types

Cons

• Lacks transparent pricing
• Users report occasional integration issues
• Users tend to find its licensing scheme complex

• Contact for quote: Standard plans and custom pricing available
• Free trial: 30 days
• Free demo: Contact to schedule

• Access management: Simplifies the complex access management process via Cisco Identity Services Engine.
• Network analytics: Detects risks across your private network, public clouds, and encrypted communications using Stealthwatch. 
• Endpoint protection: Stops security threats at the point of entry and continuously monitors every file it allows onto your endpoints. 
• Compliance: Adheres to ISO 27001/9001, HIPAA, PCI, GDPR, SOC2, NIST, and other specialized compliance and regulations.
• Supplementary security tools: Offers wide area networking, IoT networking, SASE, SD-WAN, and more. 

Through their next-generation intrusion prevention systems (NGIPS), Cisco aims to stop more threats, increase malware detection rates, and provide threat insights. Read more about this solution in our Cisco Firepower NGIPS review.

Cisco already offers a large range of features, but Fortinet outperforms it with a broader range of fundamental network security functions.

Nessus – Best for Vulnerability Detection

Overall Rating: 4/5

• Core features: 3.6/5
• Pricing and transparency: 4.3/5
• Infrastructure characteristics: 5/5
• Compliance certifications: 3.5/5
• Ease of use and admin: 4.5/5
• Customer support: 3/5

Tenable Nessus is a vulnerability scanning tool for network security that originated as an open-source project. It now offers extensive capabilities to skilled security teams via detecting default passwords, accessing denial attempts, opening mail relays, and identifying potential hacker entry points with exceptional accuracy. Nessus discovers software issues, missing updates, malware, and misconfigurations across several operating systems and devices.

Pros

• Very low false positive rates
• Active user community
• Detailed scanning capabilities

Cons

• Deep scanning consumes large resources
• Needs to simplify configuration
• The interface can be tricky to master at first

• Free edition: Tenable Nessus Essentials available with limited scanning
• Expert plan: $5,990+ per year
• Professional plan: $3,990+ per year
• Contact for quote: Custom pricing available
• Free trial: 7 days
• Free demo: Contact to schedule

• Automated scans: Executes pre-scripted vulnerability scans without requiring operator intervention.
• Configuration monitoring: Tracks configuration rule sets and policy enforcement measures, documenting changes to ensure compliance.
• Gap Analysis: Analyzes data connected with disallowed entry and policy enforcement to provide information for improved authentication and security methods.
• Compliance: Adheres to ISO 27001/9001, HIPAA, PCI, NIST, and other specialized compliance and regulations.
• Supplementary security tools: Offers web app scans, scan cloud, change management tools, and more.

Explore further into Nessus’ capabilities with our Nessus pen testing product overview and analysis.

Although Nessus is thorough in its vulnerability scanning, it lacks additional network security capabilities for complete protection. ESET outperforms it overall, offering a broader range of network security solutions for more comprehensive protection.

Fortinet – Best for Core & NGFW Features

Overall Rating: 3.9/5

• Core features: 5/5
• Pricing and transparency: 2.6/5
• Infrastructure characteristics: 5/5
• Compliance certifications: 2.8/5
• Ease of use and admin: 4/5
• Customer support: 2.7/5

Fortinet has long been a firewall provider for SMBs and enterprises, delivering office hardware, virtual machines, and cloud applications (FWaaS). Fortinet’s FortiGate solutions include SSL inspection, automated threat protection, security fabric integration, and security effectiveness validation. Fortinet offers a comprehensive set of core features that includes powerful threat protection, firewall capabilities, and business-scalable solutions.

Pros

• Well-designed UI
• Strong NGFW functionality
• Wide options for network security solutions

Cons

• Users report intermittent system outages
• Lengthy time for log search
• Learning curve for command line interface

• Contact for quote: Standard plans and custom pricing available
• Free trial: 30 days
• Free demo: Contact to schedule

• Modular solution: Combines the capability of multiple Fortinet products offered as standalone solutions.
• Comprehensive network security: Delivers threat protection and performance while reducing complexity via Fortigate NGFW.
• Security information and event management: Allows users to quickly detect and fix security issues and manage compliance standards using FortiSIEM.
• Compliance: Adheres to ISO 27001/9001, HIPAA, NIST, and other specialized compliance and regulations.
• Supplementary security tools: Offers SASE, SD-WAN, secure web gateway, DDoS protection, email security, Sandboxing, NAC, and more.

If you want to know the differences between Fortinet and Palo Alto firewall products in detail, explore our comparative review.

Fortinet provides diverse network security solutions, but if you’re focused on unified threat detection, investigation, and response, Splunk offers a dedicated platform for it.

Splunk – Best Choice for Unified Security

Overall Rating: 3.8/5

• Core features: 4.4/5
• Pricing and transparency: 2.4/5
• Infrastructure characteristics: 5/5
• Compliance certifications: 3.5/5
• Ease of use and admin: 4.3/5
• Customer support: 3/5

Splunk is an enterprise solution for large organizations that need insight across a wide range of security tools and activities. Splunk stands out for its unified network security, thanks to recent advancements in Splunk Mission Control, and Observability Cloud. Businesses can now streamline workflows and enhance security analytics (Enterprise Security), automation (SOAR), and threat intelligence. This simplifies threat detection and response within a unified platform.

Pros

• Provides centralized dashboard for all logs
• Good custom ruling capabilities
• Real-time monitoring

Cons

• Documentation needs updating
• UI needs improvement and more default features
• Users report lengthy implementation time

• Contact for quote: Standard plans and custom pricing available
• Free trial: 14 days
• Free demo: Contact to schedule

• Unified monitoring and observability: Gain insights into IT systems by combining event measurements, logging, traces, and metadata from a variety of IT systems.
• Threat intelligence: Stores knowledge about prevalent threats and how to deal with them if they occur.
• Incident management: Alerts people to events and allows them to intervene manually or initiate an automatic response.
• Compliance: Adheres to ISO 27001/9001, HIPAA, PCI, SOC2, and other specialized compliance and regulations.
• Supplementary security tools: Offers SIEM, SOAR, app performance monitoring, AIOps, and other additional security solutions.

Want to know more about Splunk’s flagship SIEM technology? Read through our Splunk Enterprise Security (ES) review.

Splunk generally performs well in threat detection, but for enhanced malware protection, consider using Malwarebytes, which provides specialized solutions for malware prevention and remediation.

Malwarebytes – Best for Malware Defense

Overall Rating: 3.8/5

• Core features: 3.6/5
• Pricing and transparency: 3.3/5
• Infrastructure characteristics: 5/5
• Compliance certifications: 3/5
• Ease of use and admin: 5/5
• Customer support: 3/5

Malwarebytes offers high-level network security along with comprehensive anti-malware protection. Its endpoint security solutions leverage many layers of protection, threat intelligence, and human expertise to protect businesses from ransomware, viruses, and other threats. Malwarebytes’ Identity Theft Protection provides trustworthy security by quickly alerting users to any identified information breaches, enabling swift remediation.

Pros

• Easy monitoring via centralized management
• Catches and removes malware apps effectively
• Fast scanning

Cons

• Needs improvement for real-time protection
• Users report some issues with upgrading installs
• Cost per endpoint is relatively high

• Core plan: $69+ per endpoint per year
• Advanced plan: $79+ per endpoint per year
• Elite plan: $99+ per endpoint per year
• Ultimate plan: $119+ per endpoint per year
• Contact for quote: Custom pricing available
• Free trial: 14 days
• Free demo: Contact to schedule

• Firewall: Monitors data packets and protects endpoint devices from a wide range of attacks and malware threats.
• Endpoint protection: Allows users to examine threat intelligence data particular to their endpoint devices.
• Automated remediation: Saves time spent manually resolving issues and handles common network security incidents rapidly.
• Compliance: Adheres to major compliance regulations like ISO 27001/9001, PCI, SOC2, and NIST.
• Supplementary security tools: Offers security visualization, app block, DNS filtering, and other additional security tools.

Check our comparative guide to learn more about Malwarebytes’ capabilities for detecting and removing malicious threats.

Malwarebytes’ vulnerability and patch management services are relatively new. If you prefer a long-established solution, consider Nessus, which is known for its great support and broad vulnerability detection capabilities.

Top 5 Features of Network Security Tools

Network security relies on a variety of tools for comprehensive protection. Among its most important key features are breach and attack simulation, endpoint detection and response, identity and access management, intrusion detection and prevention, and network access control.

Breach & Attack Simulation (BAS)

Breach and attack simulation mimics real-world cyberattacks, similar to manual pen testing and red teaming. Administrators can quickly respond to developing threats across varied infrastructure environments, including cloud and SD-WAN frameworks, thanks to real-time warnings and visibility, ensuring proactive protection and security posture augmentation.

Endpoint Detection & Response (EDR)

EDR is similar to vulnerability management as it identifies and mitigates threats at user entry points. It provides comprehensive security similar to IAM, NAC, and privileged access management (PAM) tools, but with extra capabilities including data loss prevention (DLP), patching, and application whitelisting for added protection.

Identity & Access Management (IAM)

IAM is a system that manages access policies dynamically. IAM works with all identity protocols and connects smoothly with CASB, EDR, and WAF systems, providing insights into device, session, and identity data to guarantee reliable security and effective access management across various environments.

Intrusion Detection & Prevention Systems (IDPS)

IDPS scan systems for intrusions using signature or anomaly-based detection techniques. IDPS provides threat detection, intelligent alerting, and automated blocking tools to quickly identify and neutralize security threats, ensuring strong protection against malicious activity.

Network Access Control (NAC)

NAC is a policy management solution that ensures proper endpoint setups. NAC, which is integrated with SIEM, NGFW, and other systems, assesses endpoints, allows access, and enforces security policies, hence improving network security by verifying and controlling device network access. NAC’s function includes enforcing compliance rules, improving network visibility, and limiting risks associated with illegal devices.

How We Evaluated the Best Network Security Tools

We assessed the top network monitoring tools using a standardized scoring method that included six fundamental criteria. Under each criterion, we identified subcriteria that were used for our assessment and scoring, contributing to the products’ total score. We picked the seven tools that scored the highest. Through the results, coupled with broader research, we determined each product’s use cases.

Evaluation Criteria

We prioritized six essential criteria to objectively evaluate the top network security tools. Core features weighted the highest due to their fundamental importance. Pricing and network security infrastructure followed, for practicality and extended capabilities. Compliance, ease of use and administration, and customer support quality were also valued for operational efficiency.

• Core features (25%): We checked each network security tool’s essential functionalities such as breach and attack simulation, Cloud Access Security Broker (CASB), EDR, IAM, IDPS, Mobile Threat Defense, and more.
  • Criterion winner: Fortinet
• Pricing and transparency (20%): This criterion considers factors such as the availability of free trials, the accessibility and clarity of pricing, pricing model flexibility, the provision of free plans, and the availability of free demos.
  • Criterion winner: ESET
• Network security infrastructure characteristics (20%): We checked each tool’s characteristics based on its system integrations, compatibility across several platforms, unified platform monitoring, zero trust security, scalability, and backup and recovery.
  • Criterion winner: Multiple winners
• Compliance certifications (15%): We looked at certifications like ISO 27001 and 9001, HIPAA, PCI DSS, GDPR, SOC2, NIST, and the availability of specific compliance frameworks.
  • Criterion winner: Multiple winners
• Ease of use and admin (10%): This category is measured by the intuitiveness of the user interface, the provision of a centralized admin panel for streamlined operations, and ratings from platforms like G2 and Capterra for simplicity of use and setup.
  • Criterion winner: Multiple winners
• Customer support (10%): This criterion measures service quality, including the availability of live chat, phone, and email assistance, the adequacy of documentation, demos, and training materials, and user-rated support quality on G2 and Capterra.
  • Criterion winner: Palo Alto Networks

Frequently Asked Questions (FAQs)

What Is Enterprise Network Security?

Enterprise network security is a broad term covering a range of technologies, devices, and processes. Some experts define it simply as a set of rules and configurations that protects the integrity, confidentiality, and accessibility of data in an enterprise network. It entails deploying software and hardware to minimize vulnerabilities and respond quickly to security threats, with a focus on effective response mechanisms and prevention efforts against cyberattacks.

What Are These Network Security Tools Used For?

Network security products perform several functions by protecting the organization’s network infrastructure, data, and assets from various cyberattacks. These tools work together to form a multi-layered security approach that protects the company network from a wide range of cyberthreats and vulnerabilities. In addition to the top network security tools above, here are some network security tools and their functions:

• Data loss prevention (DLP): Monitor and manage data movement throughout the network to prevent illegal transfer or leaking of sensitive data.
• Virtual private networks (VPNs): Encrypt network traffic, ensuring safe communication between remote users and the corporate network while protecting sensitive data from interception.
• Firewalls: Serve as a barrier between the internal network and external threats, managing incoming and outgoing traffic according to specified security rules.
• Antivirus and antimalware software: Detects and eliminates dangerous software (malware) from systems, preventing unwanted access and data breaches.
• Security information and event management (SIEM): Collects, analyzes, and correlates security event data from diverse sources in order to detect and respond to security incidents more efficiently.
• Cloud access security broker (CASB): Monitors and manages access to cloud services, ensuring data security, compliance, and threat protection.
• Mobile threat defense: Focuses on protecting mobile devices from threats such as malware, phishing, and network attacks while also ensuring data and user privacy.

What Are the Common Challenges in Using Network Security Tools?

Common challenges when adopting network security solutions include integrating them into your current systems, difficulty in choosing from an extensive range of accessible tools, and managing complexity as your business expands.

• Integration with other systems: Many businesses already have established IT systems, such as network infrastructure, endpoint devices, and cloud services. It might be difficult to integrate new security tools with current systems. 
• Tool overload: The cybersecurity market provides a diverse range of tools and solutions, each addressing a distinct area of network security. However, an abundance of options can cause confusion and uncertainty for enterprises.
• Complexity management: As enterprises expand and evolve, their network security environments might become more complicated. Managing several security tools, configurations, and rules across various network infrastructures adds to the complexity. 

Bottom Line: Enhance Your Defense with Network Security Tools

Maintaining the integrity of network security is a critical consideration for every organization. Organizations must blend various technologies to achieve optimal protection within budget constraints. Access control, threat intelligence, intrusion detection and prevention, data loss prevention, email security, endpoint security, vulnerability scanning, and patch management all play a role in protecting the network and its data.

With almost every aspect of business becoming more digital, network security software minimizes the impact of cyberattacks. Consider your security priorities and utilize the available free trial and free plans to gauge which tool is most suitable for you.

No single tool guarantees complete security, but you may want to start your network security strategy by implementing firewall best practices, as these are often the first line of defense against cyberthreats.

The post 7 Best Network Security Tools to Use in 2026 appeared first on eSecurity Planet.

This guide is for security professionals, IT teams, and anyone concerned about AI-driven fraud who wants to detect deepfakes and scams in 2026. It covers some of the best tools available to identify fake videos, audio, and synthetic content.

You can fake a video. You can clone a voice. You can even generate a “live” Zoom call with someone who isn’t real… and no one would know the difference.

Welcome to the deepfake era, where synthetic media is not just plausible — it’s prolific. What began as a novelty in entertainment and meme culture has evolved into a weapon of misinformation, fraud, and reputational damage.

From AI-generated phishing calls to deepfakes of biometric footage, these technologies are now part of the modern threat landscape. For professionals in cybersecurity, PR, compliance, or law enforcement, one thing is clear: you need tools that can tell real from artificial.

Here is my list of the five best AI deepfake and scam detection tools to help you stay ahead of AI deception:

• McAfee Deepfake Detector
• Norton Genie + AI Scam Protection
• Bitdefender Digital Identity Protection + Scamio
• Reality Defender
• Sensity AI

Featured PartnersFeatured Partners

eSecurity Planet may receive a commission from merchants for referrals from this website

McAfee Deepfake Detector

Best for: Real-time browser-based detection with zero friction

McAfee’s deepfake detector integrates directly into the browser environment and uses transformer-based neural networks to scan media in real time — no uploads, no clicks. It’s one of the first mainstream tools delivering synthetic media protection that feels invisible to the user. Initially rolled out through Lenovo AI PCs, broader availability is expected soon.

Pros

• Runs on-device for enhanced speed and privacy
• Seamless real-time analysis without disrupting workflows
• Supported by McAfee’s trusted cybersecurity suite

Cons

• Currently limited to Lenovo AI-enabled hardware
• Detection scope may not yet cover all media formats (e.g., PDFs, metadata forensics)
• Only available in English

Available on select Lenovo AI PCs with U.S. pricing starting at $9.99 for the first year.

Pair the detector with McAfee’s identity protection to monitor your likeness and voice across the web for impersonation attempts.

A strong, user-friendly choice for professionals who need reliable detection baked into daily activity, not a separate app or workflow.

Norton Genie + AI Scam Protection

Best for: Spotting AI-generated voices and phishing messages in real time

Norton’s Genie platform extends Norton 360’s capabilities with real-time scam detection powered by on-device AI. While it primarily focuses on text and voice scams (think cloned CEO calls or fake bank messages), it represents a significant step forward in combating deepfake-powered fraud across mobile and desktop platforms.

Pros

• Integrated with Norton 360, no extra installs
• Voice deepfake detection is ideal for phishing and vishing scams
• On-device AI = faster and more private scanning

Cons

• Not designed for deepfake video or image forensics
• Limited availability (U.S., UK, Australia, NZ)

Included in select Norton 360 plans. Available in the U.S., UK, Australia, and New Zealand at no additional cost for existing subscribers.

Enable scam call detection on your mobile to catch voice deepfakes mid-call, especially if you handle sensitive accounts or customer support.

A practical defense against audio-based deepfakes and impersonation scams, especially for professionals in finance, HR, or support roles.

Bitdefender Digital Identity Protection + Scamio

Best for: Monitoring and protecting your digital likeness from impersonation

Bitdefender’s Digital Identity Protection (DIP) tracks where your personal data appears online, including potential misuse of your image or voice. Its AI chatbot, Scamio, helps analyze suspicious messages, images, or links. Together, they provide layered protection against impersonation and deception.

Pros

• Tracks deepfake impersonation of your identity across the web
• Scamio offers real-time analysis of suspicious media
• Combines personal privacy with anti-fraud tools

Cons

• Focuses more on personal protection than enterprise-scale detection
• Scamio’s functionality still developing in media detection

Digital Identity Protection starts at $39.99 for the first year. Scamio is free and available via Bitdefender’s website and select mobile apps.

Use DIP to set alerts for your name, photos, and voice to catch deepfakes before they spread.

A smart choice for individuals and small teams looking to stay protected against identity-based deepfake threats.

Reality Defender

Best for: Enterprise-scale detection across video, audio, image, and text

Reality Defender is a cutting-edge deepfake detection platform trusted by Fortune 500 companies, government agencies, and media watchdogs. It uses explainable AI to analyze media across formats and delivers detailed threat analysis in real time.

Pros

• Multi-format detection (text, video, audio, images)
• Real-time dashboard and API access
• Explainable AI supports forensic transparency

Cons

• Not consumer-focused — designed for large organizations
• Pricing and onboarding may be overkill for small businesses

Custom enterprise pricing based on volume and API usage. Free trials available upon request for qualified organizations.

Use the API to integrate detection directly into your content publishing or moderation pipeline.

A powerful tool for organizations that manage high volumes of media or have regulatory obligations around misinformation.

Sensity AI

Best for: Visual deepfake threat monitoring and forensic investigation

Sensity AI is a visual threat intelligence platform used by law enforcement, regulators, and journalists. It continuously monitors global media for AI-generated visual manipulation and provides forensic tools for identifying fakes.

Pros

• Global monitoring of image and video manipulation
• Advanced forensic metadata analysis
• Used by governments and investigative teams

Cons

• Best suited for high-stakes or public-facing entities
• Not ideal for individual or consumer use cases

Tiered subscription model based on usage, monitoring scope, and data access. Contact sales for a tailored quote.

Use Sensity’s alerts to track trending deepfakes that could target your organization or industry.

A top-tier solution for investigative professionals and compliance officers dealing with misinformation or media fraud.

Methodology

To identify the best AI deepfake detection tools for 2025, I evaluated dozens of solutions across a range of criteria relevant to professionals in cybersecurity, compliance, and digital media. Research included:

• Product testing and demos: When available, I explored live tools, browser integrations, and mobile apps to assess usability and real-time performance.
• Vendor documentation and updates: I reviewed technical specs, change logs, and AI model details published by each provider.
• Affiliate relevance: Tools from our affiliate partners (McAfee, Norton, and Bitdefender) were prioritized only when they demonstrated legitimate capabilities in deepfake detection or media protection.
• Use case coverage: I aimed to provide options for a variety of buyers, including individuals, small businesses, and large enterprises, while highlighting each tool’s best use case.

I regularly revisited this criteria to ensure our recommendations reflect current threats, capabilities, and availability. For readers, this means that every tool featured here has been vetted for both technical merit and its practical impact in today’s fast-evolving deepfake landscape.

SEE: Hiring Kit: Artificial Intelligence Architect (TechRepublic Premium)

Which tool is right for you?

Deepfakes are no longer a future concern. They are already reshaping how scams unfold, reputations are damaged, and trust is manipulated online. A cloned voice, a fabricated video, or a digitally altered image can now slip past even the most experienced professionals.

The tools featured in this guide are your first line of defense. They help separate fact from fabrication, giving you the ability to respond to threats before they spiral out of control.

• Start with solutions like McAfee, Norton, or Bitdefender if you need fast, accessible protection.
• If your organization handles sensitive media or public-facing content, Reality Defender and Sensity AI are designed to operate at the scale and depth required to address those challenges.

In a digital world where illusions can spread faster than facts, your ability to detect the fake is no longer optional. It is essential. Make sure you are equipped.

The post Best AI Deepfake and Scam Detection Tools for Security in 2026 appeared first on eSecurity Planet.

This guide is for IT leaders, security teams, and network administrators looking to strengthen threat detection and response in 2026. It covers the top intrusion detection and prevention systems (IDPS) and key features to consider when choosing the right solution.

Network security is not just about keeping the bad guys out. It’s about having a system that’s constantly on guard, ready to spot threats, malicious trends, and suspicious activities before they wreak havoc on your system.

Intrusion detection systems (IDS) and intrusion prevention systems (IPS)—often combined as intrusion detection and prevention (IDPS)—play a key role in these network security defenses. They help teams detect suspicious activity, block malicious traffic and software, and examine system logs for potential threats.

This guide covers industry-leading IDPS solutions, along with key features and considerations as you evaluate products for your organization.

• Atomic OSSEC: Best overall for teams of multiple sizes
• Trellix IPS: Best option for core and advanced features
• Check Point Quantum: Best for NGFW environments
• SolarWinds SEM: Best for log management and reporting
• Trend Micro TippingPoint: Best for threat intelligence
• Alert Logic MDR: Best for managed enterprise services

Featured PartnersFeatured Partners: Intrusion Detection and Prevention (IDP) Software

eSecurity Planet may receive a commission from merchants for referrals from this website

What Is an intrusion detection & prevention system?

An intrusion detection and prevention system combines features from IDS and IPS to better detect and block malicious traffic, rather than just doing one of the two. IDPS products often have features like log analysis, alerts, and threat remediation to find suspicious activities and trends and help security teams stop threat actors. IDPS or IPS features often belong to a larger security suite or product a vendor offers, serving as one module of many.

Top IDPS solutions compared

The following comparison table compares our top IDPS products, including features like threat remediation as well as free trial and managed service availability:

OSSEC – Best Overall for Teams of Multiple Sizes

Overall Reviewer Score

3.6/5

Core Features

3.5/5

Advanced Features

3.3/5

Deployment & Usability

4.4/5

Pricing

4/5

Customer Support

3.2/5

OSSEC is an IDPS product for teams of all sizes, notable for its feature range and transparent sales team. It offers threat remediation, quarantine capabilities, log analysis, and file integrity monitoring.

OSSEC also offers a free, open-source IDS, which is a good choice for SMBs; consider that product if your team is smaller. But here we’ve focused on Atomic OSSEC, the enterprise offering — it’s a strong option for medium and large businesses.

Pros

• Available as a managed service
• Free trial available
• Relatively transparent pricing info and team

Cons

• Some Windows and Mac OS are not supported
• No SSL or TLS inspection
• No custom rules

• Contact for quote: Custom pricing available; approximately $55 per endpoint or system in a year-long license but may vary depending on numbers and environment
• Free trial: 14 days

• File integrity monitoring: Examine the integrity of application files and operating systems.
• Log management: Centralize log data from different sources and send it to SIEMs for further analysis.
• Agent management: Perform agent and server configurations in a central management console.
• Threat intelligence: OSSEC gathers threat data from global nodes for broader security information.

Trellix IPS – Best Option for Core & Advanced Features

Overall Reviewer Score

3.4/5

Core Features

3.9/5

Advanced Features

3.7/5

Deployment & Usability

3.2/5

Pricing

2.8/5

Customer Support

3.2/5

Trellix Network Security is a security platform that includes IPS and offers threat blocking, integrations, and policy management to handle sophisticated threats. Trellix IPS is designed for enterprise-level security, offering features like DDoS prevention, heuristic bot detection, and host quarantining.

If you’re a large enterprise or have an experienced security team, consider Trellix — its range of basic and advanced IDPS features will give teams plenty of functionality.

Pros

• Automated event prioritization based on severity
• Offers signature-less malware analysis
• Plenty of documentation available

Cons

• No free trial
• Limited availability of phone support
• Supported operating systems unclear

• Contact for quote: Custom pricing available; some pricing info available from resellers like AWS

• DDoS prevention: Rate limiting, DNS protection, and connection limiting help prevent DDoS attacks.
• Threat intelligence: IPS integrates with Trellix Global Threat Intelligence for comprehensive threat info.
• Advanced callback detection: Trellix IPS identifies attack data that could come from botnets.
• Sandboxing: Integration with Trellix Intelligent Sandbox enables deep traffic inspection.

Check Point Quantum – Best for NGFW Environments

Overall Reviewer Score

3.3/5

Core Features

3.2/5

Advanced Features

2.4/5

Deployment & Usability

3.2/5

Pricing

3.8/5

Customer Support

4.7/5

Check Point Quantum, the product family that includes Check Point’s next-gen firewalls and security gateways, also offers IPS that integrates with other platform members.

Check Point IPS can detect and block DNS tunneling attempts, signature-less attacks, protocol misuse, and known CVEs. If you’re already a Check Point customer, the IPS fits particularly well; if you’re considering investing in an NGFW with built-in IPS, Quantum is also a strong option.

Pros

• Free trial available
• Integration with Quantum NGFWs and Gateways
• Sandboxing is available via SandBlast integration

Cons

• Threat remediation features unclear
• Lacks quarantine features
• OS support unclear

• Contact for quote: Custom pricing available
• Free trial: Contact for length

• Customizable reports: View critical security events and needed remediation in a single interface.
• Vulnerability detection: Supported network and mail protocols include HTTP, POP, IMAP, and SMTP.
• Policy configuration: Develop policies based on tags for vendor, protocol, file type, and threat year.
• Virtual patching: Security updates happen automatically every two hours via the Check Point security gateway.

SolarWinds Security Event Manager – Best for Log Management & Reporting

Overall Reviewer Score

3.2/5

Core Features

3.7/5

Advanced Features

0.7/5

Deployment & Usability

2.8/5

Pricing

4.8/5

Customer Support

4.7/5

SolarWinds Security Event Manager combines multiple security technologies, serving as a hub for insider threat management, incident response software, and log analytics, just to name a few.

Consequently, it has plenty of IDPS capabilities, but SolarWinds SEM really shines is its log management and reporting capabilities. Features include compliance reporting software and log analytics, making SEM a great choice for compliance-focused teams.

Pros

• Central security hub with a range of use cases
• Month-long free trial available
• Custom rules and threat remediation features

Cons

• Lacks a few core and advanced capabilities
• Not available as managed service
• No MITRE framework mapping

• Subscription-based plan: Starts at $3,292
• Perpetual plan: Starts at $6,168
• Free trial: 30 days

• Network-based IDS: Network visibility integrates with logs from other areas of the business infrastructure.
• Compliance reporting: Supported regulatory standards include HIPAA, PCI DSS, SOX, and ISO.
• Log analytics: SEM analyzes logs from multiple products, including Juniper devices and Microsoft Exchange.
• SIEM capabilities: SEM collects information about all network activity and inspects it for threats.

Trend Micro TippingPoint – Best for Threat Intelligence

Overall Reviewer Score

3.1/5

Core Features

3.3/5

Advanced Features

1.4/5

Deployment & Usability

3.4/5

Pricing

2.8/5

Customer Support

5/5

Trend Micro TippingPoint is a network security solution that helps guard against zero-day and known vulnerabilities with features like traffic scanning and threat blocking.

Tipping Point integrates threat intelligence from its Digital Vaccine® Labs so your business has a clearer picture of threats across your infrastructure. We recommend Trend Micro if you’re looking for deep threat intelligence and cybersecurity capabilities.

Pros

• Integration with Digital Vaccine® Labs
• Quarantine functionality available
• High availability for mission-critical environments

Cons

• No free trial
• Unclear whether TippingPoint offers reporting
• Not available as managed service

• Contact for quote: Custom pricing available; some pricing info available from resellers

• Vulnerability remediation: Integration with vulnerability tools and CVE mapping helps remediation.
• High availability: Fault tolerance features include watchdog timers, built-in inspection bypass, and hot swaps.
• Configuration recommendations: Out-of-the-box settings help develop threat protection policies.
• Traffic inspection: Deep packet inspection and reputational analysis of URLs improve visibility regarding traffic.

Alert Logic MDR – Best for Managed Enterprise Services

Overall Reviewer Score

3.1/5

Core Features

3.3/5

Advanced Features

1.8/5

Deployment & Usability

3.6/5

Pricing

2.8/5

Customer Support

4.2/5

Alert Logic is a managed detection and response platform with managed network IDS, container security, threat detection, and vulnerability management. Alert Logic’s MDR platform can be deployed on-premises or as a cloud service.

The managed security service has industry-leading dashboards and analytics to provide insights about organizations’ network activity, threats, users, and configurations to improve proactive detection and response.

Pros

• On-prem and cloud deployment
• More than 17,000 active signatures
• Can be deployed on-premises and in the cloud

Cons

• Limited OS support
• No free trial
• No threat quarantine or sandboxing

• Contact for quote: Custom pricing available

• Dedicated agent: Alert Logic’s agent monitors Windows and Mac endpoints using ML and behavioral analytics.
• Compliance reporting: Users can access reporting and integrated PCI DSS and HIPAA controls.
• Log review: Machine learning identifies overall trends and anomalies that result from those trends.
• Vulnerability scanning: Alert Logic connects data from cloud, on-premises, and hybrid systems.

Top 5 features of IDPS software

Our picks for top IDPS features include policy management, event alerts, reports, traffic analytics, and threat or incident remediation. Use this list of IDPS features as a benchmark as your team shops for potential products, and keep in mind a few specific features your business needs.

Policy management

IDPS solutions should allow teams to manage security policies, configuring and overseeing them in a central management console. Policy management capabilities that are easy and straightforward to use will help your teams learn the product faster and configure it more successfully.

Alerts

If you’re using a security product like IDPS, you’ll want to know immediately when a security event occurs. An IDPS solution should provide timely and clear alerts, and they should also be prioritized so your security team knows what to address or mitigate first.

Reporting functionality

It’s helpful for teams to share clear, understandable security data with each other and other employees, particularly leaders and executives. IDPS solutions should offer reporting so security personnel can make more informed, logical decisions from clearly presented data. Some products will offer both templates and customizable reports.

Traffic analysis

IDPS solutions should carefully analyze network traffic, detect anomalies, and determine when traffic doesn’t meet security policies. Traffic analysis can include packet inspection, which looks closely at the details of network packets and accepts or rejects them. This improves network security by filtering traffic based on your organization’s predefined policies.

Threat remediation

Because IDPS includes prevention capabilities, not just threat detection, products should be capable of fixing or mitigating threats instead of just locating them. While products’ remediation abilities will vary, they should assist teams in preventing and mitigating threats as quickly as possible once they’re found. 

How we evaluated IDPS solutions

We evaluated multiple IDPS products with a product scoring rubric, which had five weighted categories composed of subcriteria with their own weighting. Each product we reviewed received an overall score out of five, which was based on all the final subcriteria scores and weights. The six products that scored highest in the rubric made our final list, and the scores plus the products’ overall capabilities helped us decide on their use cases.

Evaluation criteria

Our most significant product criteria included major IDPS features and advanced features like threat quarantine. We also considered usability, which measured the availability of managed services and deployment options. Finally, we looked at pricing information and customer support details, including demos and phone support availability.

• Core features (30%): We scored products based on the availability of core IDPS capabilities like policy management, alerts, and reporting.
  • Criterion winner: Trellix
• Advanced features (20%): Advanced IDPS features included threat quarantine, sandboxing, and MITRE framework mapping.
  • Criterion winner: Trellix
• Deployment & usability (20%): We reviewed products based on usability features like managed services, documentation, and multiple deployment options.
  • Criterion winner: OSSEC
• Pricing (15%): We evaluated the transparency of vendor pricing, any available licensing information, and free trials.
  • Criterion winner: SolarWinds
• Customer support (15%): We looked at availability of phone support, as well as support review scores and availability of demos.
  • Criterion winner: Trend Micro

Frequently Asked Questions (FAQs)

What can IDPS protect against?

Intrusion detection and prevention systems ​​protect IT systems from unauthorized access by monitoring users’ activities and looking for patterns that could indicate suspicious activity. IDPS can help protect teams from data theft, social engineering attacks, distributed denial-of-service attacks, and the modification of sensitive data. 

What are the benefits of intrusion detection & prevention systems?

IDPS helps reduce technical downtime, mitigate breaches, and improve productivity by streamlining alerts and giving security teams more context about threats. While it needs appropriate policy management and reporting to be effective and logical, IDPS is a powerful tool once teams sufficiently configure and learn it.

Read more about the importance of IDS and IPS in the current security market.

What’s the difference between intrusion detection & intrusion prevention?

IDS tools were built to detect suspicious activity and log and send alerts. They’re not capable of preventing an attack, and the warnings they raise always require human intervention or an additional security system. IPS solutions respond based on predetermined criteria for types of attacks by blocking traffic and dropping malicious processes.

IPS tools may also lead to more false positives because they have inferior detection capabilities than IDS. However, IDPS solutions incorporate the strengths of both systems into one product or suite of products. 

What are the types of IDPS?

IDPS generally has two types: host-based and network-based. Host-based IDPS is software deployed on the host that monitors traffic connecting to and from that host. It typically only protects a single, specific endpoint. In some cases, it may also scan system files stored on the host for unauthorized changes and processes running on the system.

Network-based IDPS is deployed in a location where it can monitor traffic for an entire network segment or subnet. Its functionality resembles firewalls, which can only prevent intrusions coming from outside the network and enforce access control lists (ACLs) between networks.

NIDS was built to detect and alert potential malicious internal traffic moving laterally throughout a network, making it an excellent tool for a zero-trust security framework.

How do intrusion detection and prevention systems enhance network security?

IDPS enhances network security by monitoring traffic in real-time through deep packet inspection and behavioral analysis. Unlike static firewalls, these systems detect anomalies by comparing traffic patterns against attack signatures and baseline network behavior, enabling organizations to identify sophisticated attacks that evade traditional defenses.

Prevention occurs through automated responses that block threats upon detection. When suspicious activity is identified, IDPS immediately terminates connections, blocks malicious IPs, or reconfigures network devices, minimizing dwell time and preventing attackers from establishing persistence within the network.

What are the common challenges in implementing IDS/IPS solutions?

While IDS/IPS solutions excel at network security, they could still have potential downsides during implementation. These challenges include:

• False Positives & Sensitivity Tuning: IDS/IPS systems frequently misclassify legitimate traffic as malicious, overwhelming security teams with alerts. This creates a direct trade-off between detection coverage and operational efficiency, as excessive tuning to reduce false positives often creates blind spots attackers can exploit.

• Performance Degradation: Deep packet inspection in IDS/IPS requires substantial processing power, especially at network boundaries with high traffic volumes. When traffic exceeds system capacity, security teams must choose between dropping packets (missing potential attacks) or accepting network slowdowns that impact business operations.

• Integration & Maintenance Complexity: IDS/IPS systems require seamless integration with firewalls, SIEM platforms, and network infrastructures — each with different protocols and configurations. This complexity compounds with the constant need to update detection rules for emerging threats, requiring specialized expertise that many organizations lack.

Bottom line: use IDPS in conjunction with other solutions

IDPS can help improve compliance and policy enforcement by enforcing policies that govern device connections to the network or internet, data transfer and storage for those devices, and data retention within systems.

While IDPS won’t be a sufficient standalone security solution for most enterprises, it’s a good product to have in the toolbox, especially if yours integrates with other tools, like NGFWs and endpoint detection and response. Use IDPS to support your security infrastructure as a whole, detecting intrusions and mitigating them more successfully with features like alerts, reports, and threat remediation.

If your business is considering other cybersecurity products, read more about the top cybersecurity companies next, including Palo Alto, Fortinet, and CrowdStrike.

The post 6 Best Intrusion Detection & Prevention Systems in 2026 appeared first on eSecurity Planet.

Frontier AI models are very good at finding security flaws, but aren't good at defending against attacks, the startup's CEO says.

Researchers have documented a long‑running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background.

If you’ve spent any time on today’s web, CAPTCHAs may seem like background noise: click a few traffic lights, prove you’re human, move on. Something scammers have learned to abuse in ClickFix campaigns where they lure victims into infecting their own machines.

Recently, though, researchers found a twist where “prove you’re human” quietly turns into “run up an international phone bill.” The research describes an International Revenue Share Fraud (IRSF) campaign. IRSF, also known as SMS pumping fraud, abuses the complex pricing structures of international calls and SMS traffic to generate revenue by inflating message volume to particular destinations.

Instead of installing malware on the victim’s device, the scam exploits how telecom billing and affiliate networks work, turning ordinary web traffic into premium SMS revenue for cybercriminals.

How it works

A typical flow for the scam looks like this:

• Victims arrive via malvertising or TDS redirects, often from typosquatted telecom domains, onto a page that looks like a basic image‑selection or quiz CAPTCHA.
• To “continue,” they’re prompted to tap a button that opens their SMS app with a prefilled message and recipient list.
• This isn’t one SMS to one number. The fake CAPTCHA runs through multiple steps, and each message is preconfigured with more than a dozen international numbers across 17 countries known for high termination fees, including Azerbaijan, Myanmar, and Egypt.

On a typical consumer plan, that can translate to roughly $30 in international SMS charges per person, with a slice of the termination fees flowing back to the attacker via revenue‑sharing agreements.

To keep you from simply backing out, the pages deploy dedicated back‑button hijacking. JavaScript rewrites browser history and bounces you back to the scam when you try to leave.  The researchers also found the campaign was plugged into a Click2SMS‑style affiliate network that advertises “all kinds of traffic allowed” and carrier billing, effectively packaging IRSF as another monetization option for shady publishers.

This operation defrauds both individuals and telecom carriers. Victims face unexpected premium SMS charges on their bills and may struggle to trace the cause. Carriers pay revenue shares to the perpetrators and may absorb losses from customer disputes or chargebacks.

Mobile protection, anywhere, anytime.

TRY IT NOW

How to protect yourself

Never send an SMS to “prove you’re human.” Legitimate CAPTCHAs run entirely in your browser. They won’t open your SMS or dialer app.

Check your mobile bill regularly for small, unfamiliar international SMS charges, not just big spikes. If you see anything suspicious, dispute it quickly and ask your provider to block international or premium SMS if you don’t need it.

Use a mobile protection app that blocks known malicious sites, like these domains involved in this campaign:

• sweeffg[.]online
• colnsdital[.]com
• zawsterris[.]com
• megaplaylive[.]com
• ruelomamuy[.]com

Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

International espionage isn’t always about sophisticated malware and zero-day bugs. Sometimes it’s as simple as pretending to be someone else asking for a favor.

For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities handed him exactly what he asked for, and possibly violated US laws in the process.

His name is Song Wu. He’s been on the FBI’s wanted list since September 2024, charged with 14 counts of wire fraud and 14 counts of aggravated identity theft, and he’s still at large.

Wu’s day job was as an engineer at the Aviation Industry Corporation of China (AVIC), a Beijing-headquartered state-owned aerospace and defense conglomerate with over 400,000 employees. The US has AVIC and several subsidiaries on a sanctions list.

His side hustle was simpler. From January 2017 through December 2021, Wu set up email accounts impersonating real US researchers and engineers, then emailed their colleagues asking for source code and proprietary software. He targeted employees at NASA, the Air Force, Navy, Army, and FAA, and faculty at universities across the US.

When software is a weapon

The applications Wu was after handle aerospace engineering and computational fluid dynamics. It’s the kind of intellectual property that helps develop advanced tactical missiles and evaluate weapons performance, and it sits squarely inside US export controls, according to NASA’s Office of the Inspector General. Sharing it with the wrong person, even by accident, is a federal problem.

Some victims did transmit the requested code. They were, in the OIG’s careful phrasing, “unwittingly” violating export control law.

How a four-year campaign finally broke

It wasn’t a firewall that caught Wu. It was a tip.

NASA’s Cyber Crimes Division got a report that someone had set up a Gmail account claiming to be an established aerospace professor who frequently collaborated with NASA. From that single thread, investigators unwound a campaign that had quietly targeted dozens of researchers across the federal government and academia.

The OIG also noted the giveaways: Wu asked for the same software multiple times and never explained why he needed it. Those are tells that anyone could have spotted on a slow afternoon if they’d been looking.

What’s coming next

Wu’s campaign worked for four years using nothing more sophisticated than fake email accounts and decent target research. He’s one engineer, but the problem is far bigger than him.

Then-FBI Director Christopher Wray told the House Select Committee in 2024 that:

“the PRC has a bigger hacking program than every other major nation combined.”

Chinese hackers would still outnumber FBI cyber personnel 50 to 1 even if every US cyber agent worked nothing else, he said.

Social engineering continues to be a problem, and impersonators are getting more convincing thanks to the use of deepfake technology. Online criminals are using voice cloning and even deepfake video to infiltrate their targets by posing as job interviewees. And others are flipping the script, posting as recruiters on LinkedIn to fool would-be job candidates into downloading malware.

Spear-phishing was problem enough when it was one guy in Beijing with a Gmail account. It’s going to become a much bigger problem when the next Wu uses generative AI to draft the emails, clones a real researcher’s writing voice, and runs the playbook at machine speed across a thousand inboxes.

Browse like no one’s watching. 

Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next story you read doesn’t have to feel personal. Try it free → 

Last week on Malwarebytes Labs:

• Medical data of 500,000 UK volunteers listed for sale on Alibaba
• How cyberattacks on companies affect everyone
• Apple fixes iOS bug that kept deleted notifications, including chat previews
• Roblox clamps down on chats and age checks as legal pressure builds
• Malicious trading website drops malware that hands your browser to attackers
• Researcher claims Claude Desktop installs “spyware” on macOS
• Fake Google Antigravity downloads are stealing accounts in minutes
• Real Apple notifications are being used to drive tech support scams
• Android 17 ends all-or-nothing access to your contacts
• Big Tech can stop scams. They just don’t (Lock and Code S07E08)
• Mythos: An AI tool too powerful for public release

Stay safe!

What do cybercriminals know about you?

Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.

SCAN NOW

Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba.

The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba.

The National Data Guardian, Dr Nicola Byrne, said in a statement:

“People who generously share their health data to benefit others through medical research rightly expect it to be kept safe and for there to be accountability when things go wrong.”

Officials said the researchers downloaded the data under a legitimate contract, but its appearance on Alibaba shows how “approved” access can still turn into public exposure.

UK Biobank holds more than 15 million biological samples and detailed health records from volunteers recruited between 2006 and 2010, and researchers worldwide use it to study cancer, dementia, diabetes, and other chronic diseases.

UK Biobank normally signs contracts with vetted universities and private companies before it lets them access the data, but investigators traced the Alibaba listings to three research institutions. UK Biobank revoked their access and paused new data access while it strengthens security controls.

At least one listing reportedly contained data on all 500,000 volunteers, and Alibaba and Chinese authorities removed the adverts before anyone could confirm a sale.

The dataset comes from UK Biobank’s long‑running research cohort and includes genetic sequences, blood samples, medical imaging, and detailed lifestyle information used for global health research.

UK Biobank emphasizes that the data was “de‑identified,” meaning it didn’t include names, addresses, or NHS numbers. But it still contained granular demographics, such as gender, age, birth month/year, socioeconomic indicators, lifestyle details, and health measures. We have repeatedly seen that such data can be re‑linked to individuals by cross‑referencing with other public or commercial records.

Why China cares

US intelligence, policy reports, and academic work paint a consistent picture: China treats large, diverse human genomic and health datasets as a strategic resource for both economic and security reasons.

The US National Counterintelligence and Security Center (NCSC) explicitly states that the People’s Republic of China views bulk healthcare and genomic data as a “strategic commodity” to drive its biotech, AI, and precision medicine industries, and has invested billions in national genomics and precision‑medicine initiatives.

Large datasets from non‑Chinese populations are particularly valuable for building AI models and improving the global commercial competitiveness of Chinese pharma and biotech.

From an attacker’s or foreign intelligence perspective, UK Biobank is a “crown jewel” asset: It’s curated, high‑quality, population‑scale, and much more useful than random breach dumps. And because genetic data is immutable (unlike a password, it cannot be replaced), any compromise has very long‑term intelligence usefulness.

Last year, the Guardian reported that one in five successful UK Biobank access applications came from Chinese entities, including BGI, China’s flagship genomics company that was later placed on the US Entity List over concerns about its role in surveillance of minority populations.

China is not just stockpiling DNA for curiosity’s sake. It is building a global genomic map that covers adversaries as well as its own citizens.

Your genome data

There have been major concerns about genetic data ending up in the wrong hands, and for good reason. But I’m not going to say that volunteering your medical data for research is bad. Researchers often put the data to good use to help others.

But there are some good questions to ask before doing so.

• Who runs the project and where is it based?
  Prefer non‑profit or academic biobanks with clear public‑interest mandates and strong oversight, rather than opaque commercial data brokers.
• How do they store the collected data?
  Ask specifically about genomic data, raw sequencing files, links to medical records, and whether data is encrypted at rest and in transit.
• Who can access the data and under what controls?
  Look for a formal access committee, strict contracts, and technical controls like secure analysis environments and limited export options, not “download CSV and walk away” models like the one that enabled the UK Biobank incident.
• Are foreign entities allowed to access or copy the data?
  In light of US and UK government warnings about Chinese access to Western genomic data, it’s reasonable to ask whether data can be accessed, processed, or stored in jurisdictions with different security expectations.
• How do they handle re‑identification risk?
  As we’ve discussed, “de‑identified” is not a magic word. Privacy experts and US intelligence have warned that health and genomic data can often be re‑identified when combined with other datasets.

If data containing your DNA is in someone else’s hands, you can’t put it back, but you can demand better governance, push institutions to treat genomic data as national‑security‑grade sensitive.

It also requires more skepticism of highly targeted scams. Attackers can use large combined datasets to craft convincing spear‑phishing or health‑related scams, for example, contacting you about a specific condition you or a family member has. Treat unsolicited health or DNA‑related emails, calls, and apps with extra suspicion.

What do cybercriminals know about you?

Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.

SCAN NOW

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

Buchanan’s hacker handle “Tylerb” once graced a leaderboard in the English-language criminal hacking scene that tracked the most accomplished cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is facing the possibility of more than 20 years in prison.

Two photos published in a Daily Mail story dated May 3, 2025 show Buchanan as a child (left) and as an adult being detained by airport authorities in Spain. “M&S” in this screenshot refers to Marks & Spencer, a major U.K. retail chain that suffered a ransomware attack last year at the hands of Scattered Spider.

Scattered Spider is the name given to a prolific English-speaking cybercrime group known for using social engineering tactics to break into companies and steal data for ransom, often impersonating employees or contractors to deceive IT help desks into granting access.

As part of his guilty plea, Buchanan admitted conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022 that led to intrusions at a number of technology companies, including Twilio, LastPass, DoorDash, and Mailchimp.

The group then used data stolen in those breaches to carry out SIM-swapping attacks that siphoned funds from individual cryptocurrency investors. In an unauthorized SIM-swap, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls to the victim’s device — such as one-time passcodes for authentication and password reset links sent via SMS. The U.S. Justice Department said Buchanan admitted to stealing at least $8 million in virtual currency from individual victims throughout the United States.

FBI investigators tied Buchanan to the 2022 SMS phishing attacks after discovering the same username and email address was used to register numerous phishing domains seen in the campaign. The domain registrar NameCheap found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K. FBI investigators said the Scottish police told them the address was leased to Buchanan throughout 2022.

As first reported by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. That same year, U.K. investigators found a device at Buchanan’s Scotland residence that included data stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.

Buchanan was arrested by Spanish authorities in June 2024 while trying to board a flight to Italy. He was extradited to the United States and has remained in U.S. federal custody since April 2025.

Buchanan is the second known Scattered Spider member to plead guilty. Noah Michael Urban, 21, of Palm Coast, Fla., was sentenced to 10 years in federal prison last year and ordered to pay $13 million in restitution. Three other alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, 24, a.k.a. “AD,” of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. “joeleoli,” of Jacksonville, North Carolina – still face criminal charges.

Two other alleged Scattered Spider members will soon be tried in the United Kingdom. Owen Flowers, 18, and Thalha Jubair, 20, are facing charges related to the hacking and extortion of several large U.K. retailers, the London transit system, and healthcare providers in the United States. Both have pleaded not guilty, and their trial is slated to begin in June.

Investigators say the Scattered Spider suspects are part of a sprawling cybercriminal community online known as “The Com,” wherein hackers from different cliques boast publicly on Telegram and Discord about high-profile cyber thefts that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate internal networks.

One of the more popular SIM-swapping channels on Telegram has long maintained a leaderboard of the most rapacious SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard previously listed Buchanan’s hacker alias Tylerb at #65 (out of 100 hackers), with Urban’s moniker “Sosa” coming in at #24.

Buchanan’s sentencing hearing is scheduled for August 21, 2026. According to the Justice Department, he faces a statutory maximum sentence of 22 years in federal prison. However, any sentence the judge hands down in this case may be significantly tempered by a number of mitigating factors in the U.S. Sentencing Guidelines, including the defendant’s age, criminal history, time already served in U.S. custody, and the degree to which they cooperated with federal authorities.

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.

Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.

“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases organizational risk.”

Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing today’s patches.

Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 — CVE-2026-34621 — has seen active exploitation since at least November 2025.

Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today “a new record in that category” because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing — a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.

But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.

“A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.”

Finally, no matter what browser you use to surf the web, it’s important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but it’s the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.

For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and there’s a decent chance someone here will pipe in with a solution.

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

Microsoft said in a blog post today it identified more than 200 organizations and 5,000 consumer devices that were caught up in a stealthy but remarkably simple spying network built by a Russia-backed threat actor known as “Forest Blizzard.”

How targeted DNS requests were redirected at the router. Image: Black Lotus Labs.

Also known as APT28 and Fancy Bear, Forest Blizzard is attributed to the military intelligence units within Russia’s General Staff Main Intelligence Directorate (GRU). APT 28 famously compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election.

Researchers at Black Lotus Labs, a security division of the Internet backbone provider Lumen, found that at the peak of its activity in December 2025, Forest Blizzard’s surveillance dragnet ensnared more than 18,000 Internet routers that were mostly unsupported, end-of-life routers, or else far behind on security updates. A new report from Lumen says the hackers primarily targeted government agencies—including ministries of foreign affairs, law enforcement, and third-party email providers.

Black Lotus Security Engineer Ryan English said the GRU hackers did not need to install malware on the targeted routers, which were mainly older Mikrotik and TP-Link devices marketed to the Small Office/Home Office (SOHO) market. Instead, they used known vulnerabilities to modify the Domain Name System (DNS) settings of the routers to include DNS servers controlled by the hackers.

As the U.K.’s National Cyber Security Centre (NCSC) notes in a new advisory detailing how Russian cyber actors have been compromising routers, DNS is what allows individuals to reach websites by typing familiar addresses, instead of associated IP addresses. In a DNS hijacking attack, bad actors interfere with this process to covertly send users to malicious websites designed to steal login details or other sensitive information.

English said the routers attacked by Forest Blizzard were reconfigured to use DNS servers that pointed to a handful of virtual private servers controlled by the attackers. Importantly, the attackers could then propagate their malicious DNS settings to all users on the local network, and from that point forward intercept any OAuth authentication tokens transmitted by those users.

DNS hijacking through router compromise. Image: Microsoft.

Because those tokens are typically transmitted only after the user has successfully logged in and gone through multi-factor authentication, the attackers could gain direct access to victim accounts without ever having to phish each user’s credentials and/or one-time codes.

“Everyone is looking for some sophisticated malware to drop something on your mobile devices or something,” English said. “These guys didn’t use malware. They did this in an old-school, graybeard way that isn’t really sexy but it gets the job done.”

Microsoft refers to the Forest Blizzard activity as using DNS hijacking “to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections against Microsoft Outlook on the web domains.” The software giant said while targeting SOHO devices isn’t a new tactic, this is the first time Microsoft has seen Forest Blizzard using “DNS hijacking at scale to support AiTM of TLS connections after exploiting edge devices.”

Black Lotus Labs engineer Danny Adamitis said it will be interesting to see how Forest Blizzard reacts to today’s flurry of attention to their espionage operation, noting that the group immediately switched up its tactics in response to a similar NCSC report (PDF) in August 2025. At the time, Forest Blizzard was using malware to control a far more targeted and smaller group of compromised routers. But Adamitis said the day after the NCSC report, the group quickly ditched the malware approach in favor of mass-altering the DNS settings on thousands of vulnerable routers.

“Before the last NCSC report came out they used this capability in very limited instances,” Adamitis told KrebsOnSecurity. “After the report was released they implemented the capability in a more systemic fashion and used it to target everything that was vulnerable.”

TP-Link was among the router makers facing a complete ban in the United States. But on March 23, the U.S. Federal Communications Commission (FCC) took a much broader approach, announcing it would no longer certify consumer-grade Internet routers that are produced outside of the United States.

The FCC warned that foreign-made routers had become an untenable national security threat, and that poorly-secured routers present “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

Experts have countered that few new consumer-grade routers would be available for purchase under this new FCC policy (besides maybe Musk’s Starlink satellite Internet routers, which are produced in Texas). The FCC says router makers can apply for a special “conditional approval” from the Department of War or Department of Homeland Security, and that the new policy does not affect any previously-purchased consumer-grade routers.

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.

Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short). The BKA said Shchukin and another Russian — 43-year-old Anatoly Sergeevitsch Kravchuk — extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage.

Daniil Maksimovich SHCHUKIN, a.k.a. UNKN, and Anatoly Sergeevitsch Karvchuk, alleged leaders of the GandCrab and REvil ransomware groups.

Germany’s BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil, which pioneered the practice of double extortion — charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data.

Shchukin’s name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang’s activities. The government said the digital wallet tied to Shchukin contained more than $317,000 in ill-gotten cryptocurrency.

The GandCrab ransomware affiliate program first surfaced in January 2018, and paid enterprising hackers huge shares of the profits just for hacking into user accounts at major corporations. The GandCrab team would then try to expand that access, often siphoning vast amounts of sensitive and internal documents in the process. The malware’s curators shipped five major revisions to the GandCrab code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware.

On May 31, 2019, the GandCrab team announced the group was shutting down after extorting more than $2 billion from victims. “We are a living proof that you can do evil and get off scot-free,” GandCrab’s farewell address famously quipped. “We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit.”

The REvil ransomware affiliate program materialized around the same as GandCrab’s demise, fronted by a user named UNKNOWN who announced on a Russian cybercrime forum that he’d deposited $1 million in the forum’s escrow to show he meant business. By this time, many cybersecurity experts had concluded REvil was little more than a reorganization of GandCrab.

UNKNOWN also gave an interview to Dmitry Smilyanets, a former malicious hacker hired by Recorded Future, wherein UNKNOWN described a rags-to-riches tale unencumbered by ethics and morals.

“As a child, I scrounged through the trash heaps and smoked cigarette butts,” UNKNOWN told Recorded Future. “I walked 10 km one way to the school. I wore the same clothes for six months. In my youth, in a communal apartment, I didn’t eat for two or even three days. Now I am a millionaire.”

As described in The Ransomware Hunting Team by Renee Dudley and Daniel Golden, UNKNOWN and REvil reinvested significant earnings into improving their success and mirroring practices of legitimate businesses. The authors wrote:

“Just as a real-world manufacturer might hire other companies to handle logistics or web design, ransomware developers increasingly outsourced tasks beyond their purview, focusing instead on improving the quality of their ransomware. The higher quality ransomware—which, in many cases, the Hunting Team could not break—resulted in more and higher pay-outs from victims. The monumental payments enabled gangs to reinvest in their enterprises. They hired more specialists, and their success accelerated.”

“Criminals raced to join the booming ransomware economy. Underworld ancillary service providers sprouted or pivoted from other criminal work to meet developers’ demand for customized support. Partnering with gangs like GandCrab, ‘cryptor’ providers ensured ransomware could not be detected by standard anti-malware scanners. ‘Initial access brokerages’ specialized in stealing credentials and finding vulnerabilities in target networks, selling that access to ransomware operators and affiliates. Bitcoin “tumblers” offered discounts to gangs that used them as a preferred vendor for laundering ransom payments. Some contractors were open to working with any gang, while others entered exclusive partnerships.”

REvil would evolve into a feared “big-game-hunting” machine capable of extracting hefty extortion payments from victims, largely going after organizations with more than $100 million in annual revenues and fat new cyber insurance policies that were known to pay out.

Over the July 4, 2021 weekend in the United States, REvil hacked into and extorted Kaseya, a company that handled IT operations for more than 1,500 businesses, nonprofits and government agencies. The FBI would later announce they’d infiltrated the ransomware group’s servers prior to the Kaseya hack but couldn’t tip their hand at the time. REvil never recovered from that core compromise, or from the FBI’s release of a free decryption key for REvil victims who couldn’t or didn’t pay.

Shchukin is from Krasnodar, Russia and is thought to reside there, the BKA said.

“Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia,” the BKA advised. “Travel behaviour cannot be ruled out.”

There is little that connects Shchukin to UNKNOWN’s various accounts on the Russian crime forums. But a review of the Russian crime forums indexed by the cyber intelligence firm Intel 471 shows there is plenty connecting Shchukin to a hacker identity called “Ger0in” who operated large botnets and sold “installs” — allowing other cybercriminals to rapidly deploy malware of their choice to thousands of PCs in one go. However, Ger0in was only active between 2010 and 2011, well before UNKNOWN’s appearance as the REvil front man.

A review of the mugshots released by the BKA at the image comparison site Pimeyes found a match on this birthday celebration from 2023, which features a young man named Daniel wearing the same fancy watch as in the BKA photos.

Images from Daniil Shchukin’s birthday party celebration in Krasnodar in 2023.

Update, April 6, 12:06 p.m. ET: A reader forwarded this English-dubbed audio recording from a ccc.de (37C3) conference talk in Germany from 2023 that previously outed Shchukin as the REvil leader (Shchuckin is mentioned at around 24:25).

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.

Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.

A snippet of the malicious CanisterWorm that seeks out and destroys data on systems that match Iran’s timezone or have Farsi as the default language. Image: Aikido.dev.

In a profile of TeamPCP published in January, the security firm Flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.

“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare’s Assaf Morag wrote. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”

On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner Trivy from Aqua Security, injecting credential-stealing malware into official releases on GitHub actions. Aqua Security said it has since removed the harmful files, but the security firm Wiz notes the attackers were able to publish malicious versions that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users.

Over the weekend, the same technical infrastructure TeamPCP used in the Trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user’s timezone and locale are determined to correspond to Iran, said Charlie Eriksen, a security researcher at Aikido. In a blog post published on Sunday, Eriksen said if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on every node in that cluster.

“If it doesn’t it will just wipe the local machine,” Eriksen told KrebsOnSecurity.

Image: Aikido.dev.

Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” because the group orchestrates their campaigns using an Internet Computer Protocol (ICP) canister — a system of tamperproof, blockchain-based “smart contracts” that combine both code and data. ICP canisters can serve Web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. These canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online.

Eriksen said the people behind TeamPCP are bragging about their exploits in a group on Telegram and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm.

“When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,” Eriksen said. “It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have.”

Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure that any code packages tainted with their malware will remain prominent in GitHub searches. In a newsletter published today titled GitHub is Starting to Have a Real Malware Problem, Risky Business reporter Catalin Cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell GitHub stars and “likes” to keep malicious packages at the top of the GitHub search page.

This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. At the end of February, Trivy was hit as part of an automated threat called HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.

Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend’s mischief. But he said there is no reliable way to tell whether TeamPCP’s wiper actually succeeded in trashing any data from victim systems, and that the malicious payload was only active for a short time over the weekend.

“They’ve been taking [the malicious code] up and down, rapidly changing it adding new features,” Eriksen said, noting that when the malicious canister wasn’t serving up malware downloads it was pointing visitors to a Rick Roll video on YouTube.

“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen said. “I feel like these people are really playing this Chaotic Evil role here.”

Cimpanu observed that supply chain attacks have increased in frequency of late as threat actors begin to grasp just how efficient they can be, and his post documents an alarming number of these incidents since 2024.

“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.”

Update, 2:40 p.m. ET: Wiz is reporting that TeamPCP also pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx, and that the scanner’s GitHub Action was compromised between 12:58 and 16:50 UTC today (March 23rd).

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.

Image: Shutterstock, @Elzicon.

The Justice Department said the Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the DoD.

The government alleges the unnamed people in control of the four botnets used their crime machines to launch hundreds of thousands of DDoS attacks, often demanding extortion payments from victims. Some victims reported tens of thousands of dollars in losses and remediation expenses.

The oldest of the botnets — Aisuru — issued more than 200,000 attacks commands, while JackSkid hurled at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, the government said, while Mossad was blamed for roughy 1,000 digital sieges.

The DOJ said the law enforcement action was designed to prevent further infection to victim devices and to limit or eliminate the ability of the botnets to launch future attacks. The case is being investigated by the DCIS with help from the FBI’s field office in Anchorage, Alaska, and the DOJ’s statement credits nearly two dozen technology companies with assisting in the operation.

“By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office.

Aisuru emerged in late 2024, and by mid-2025 it was launching record-breaking DDoS attacks as it rapidly infected new IoT devices. In October 2025, Aisuru was used to seed Kimwolf, an Aisuru variant which introduced a novel spreading mechanism that allowed the botnet to infect devices hidden behind the protection of the user’s internal network.

On January 2, 2026, the security firm Synthient publicly disclosed the vulnerability Kimwolf was using to propagate so quickly. That disclosure helped curtail Kimwolf’s spread somewhat, but since then several other IoT botnets have emerged that effectively copy Kimwolf’s spreading methods while competing for the same pool of vulnerable devices. According to the DOJ, the JackSkid botnet also sought out systems on internal networks just like Kimwolf.

The DOJ said its disruption of the four botnets coincided with “law enforcement actions” conducted in Canada and Germany targeting individuals who allegedly operated those botnets, although no further details were available on the suspected operators.

In late February, KrebsOnSecurity identified a 22-year-old Canadian man as a core operator of the Kimwolf botnet. Multiple sources familiar with the investigation told KrebsOnSecurity the other prime suspect is a 15-year-old living in Germany.

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

Based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical equipment maker that reported $25 billion in global sales last year. In a lengthy statement posted to Telegram, a hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker’s offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.

A manifesto posted by the Iran-backed hacktivist group Handala, claiming a mass data-wiping attack against medical technology maker Stryker.

“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala statement reads.

The group said the wiper attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times reports today that an ongoing military investigation has determined the United States is responsible for the deadly Tomahawk missile strike.

Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.

Stryker’s website says the company has 56,000 employees in 61 countries. A phone call placed Wednesday morning to the media line at Stryker’s Michigan headquarters sent this author to a voicemail message that stated, “We are currently experiencing a building emergency. Please try your call again later.”

A report Wednesday morning from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work. The story quoted an unnamed employee saying anything connected to the network is down, and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”

“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner reported. “The login pages coming up on these devices have been defaced with the Handala logo.”

Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.

Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently.

Palo Alto says Handala’s hack-and-leak activity is primarily focused on Israel, with occasional targeting outside that scope when it serves a specific agenda. The security firm said Handala also has taken credit for recent attacks against fuel systems in Jordan and an Israeli energy exploration company.

“Recent observed activities are opportunistic and ‘quick and dirty,’ with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by ‘proof’ posts to amplify credibility and intimidate targets,” Palo Alto researchers wrote.

The Handala manifesto posted to Telegram referred to Stryker as a “Zionist-rooted corporation,” which may be a reference to the company’s 2019 acquisition of the Israeli company OrthoSpace.

Stryker is a major supplier of medical devices, and the ongoing attack is already affecting healthcare providers. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker.

“This is a real-world supply chain attack,” the expert said, who asked to remain anonymous because they were not authorized to speak to the press. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies.”

John Riggi, national advisor for the American Hospital Association (AHA), said the AHA is not aware of any supply-chain disruptions as of yet.

“We are aware of reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations,” Riggi said in an email. “As of this time, we are not aware of any direct impacts or disruptions to U.S. hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and if the duration of the attack extends.”

According to a March 11 memo from the state of Maryland’s Institute for Emergency Medical Services Systems, Stryker indicated that some of their computer systems have been impacted by a “global network disruption.” The memo indicates that in response to the attack, a number of hospitals have opted to disconnect from Stryker’s various online services, including LifeNet, which allows paramedics to transmit EKGs to emergency physicians so that heart attack patients can expedite their treatment when they arrive at the hospital.

“As a precaution, some hospitals have temporarily suspended their connection to Stryker systems, including LIFENET, while others have maintained the connection,” wrote Timothy Chizmar, the state’s EMS medical director. “The Maryland Medical Protocols for EMS requires ECG transmission for patients with acute coronary syndrome (or STEMI). However, if you are unable to transmit a 12 Lead ECG to a receiving hospital, you should initiate radio consultation and describe the findings on the ECG.”

This is a developing story. Updates will be noted with a timestamp.

Update, 2:54 p.m. ET: Added comment from Riggi and perspectives on this attack’s potential to turn into a supply-chain problem for the healthcare system.

Update, Mar. 12, 7:59 a.m. ET: Added information about the outage affecting Stryker’s online services.

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.

Image: Shutterstock, @nwz.

Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.

“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said. “The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required. It would be a courageous defender who shrugged and deferred the patches for this one.”

The other publicly disclosed flaw is CVE-2026-26127, a vulnerability in applications running on .NET. Barnett said the immediate impact of exploitation is likely limited to denial of service by triggering a crash, with the potential for other types of attacks during a service reboot.

It would hardly be a proper Patch Tuesday without at least one critical Microsoft Office exploit, and this month doesn’t disappoint. CVE-2026-26113 and CVE-2026-26110 are both remote code execution flaws that can be triggered just by viewing a booby-trapped message in the Preview Pane.

Satnam Narang at Tenable notes that just over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of those, a half dozen were rated “exploitation more likely” — across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server and Winlogon. These include:

–CVE-2026-24291: Incorrect permission assignments within the Windows Accessibility Infrastructure to reach SYSTEM (CVSS 7.8)
–CVE-2026-24294: Improper authentication in the core SMB component (CVSS 7.8)
–CVE-2026-24289: High-severity memory corruption and race condition flaw (CVSS 7.8)
–CVE-2026-25187: Winlogon process weakness discovered by Google Project Zero (CVSS 7.8).

Ben McCarthy, lead cyber security engineer at Immersive, called attention to CVE-2026-21536, a critical remote code execution bug in a component called the Microsoft Devices Pricing Program. Microsoft has already resolved the issue on their end, and fixing it requires no action on the part of Windows users. But McCarthy says it’s notable as one of the first vulnerabilities identified by an AI agent and officially recognized with a CVE attributed to the Windows operating system. It was discovered by XBOW, a fully autonomous AI penetration testing agent.

XBOW has consistently ranked at or near the top of the Hacker One bug bounty leaderboard for the past year. McCarthy said CVE-2026-21536 demonstrates how AI agents can identify critical 9.8-rated vulnerabilities without access to source code.

“Although Microsoft has already patched and mitigated the vulnerability, it highlights a shift toward AI-driven discovery of complex vulnerabilities at increasing speed,” McCarthy said. “This development suggests AI-assisted vulnerability research will play a growing role in the security landscape.”

Microsoft earlier provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above. In addition, Microsoft issued a crucial out-of-band (emergency) update on March 2 for Windows Server 2022 to address a certificate renewal issue with passwordless authentication technology Windows Hello for Business.

Separately, Adobe shipped updates to fix 80 vulnerabilities — some of them critical in severity — in a variety of products, including Acrobat and Adobe Commerce. Mozilla Firefox v. 148.0.2 resolves three high severity CVEs.

For a complete breakdown of all the patches Microsoft released today, check out the SANS Internet Storm Center’s Patch Tuesday post. Windows enterprise admins who wish to stay abreast of any news about problematic updates, AskWoody.com is always worth a visit. Please feel free to drop a comment below if you experience any issues apply this month’s patches.

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

The new hotness in AI-based assistants — OpenClaw (formerly known as ClawdBot and Moltbot) — has seen rapid adoption since its release in November 2025. OpenClaw is an open-source autonomous AI agent designed to run locally on your computer and proactively take actions on your behalf without needing to be prompted.

The OpenClaw logo.

If that sounds like a risky proposition or a dare, consider that OpenClaw is most useful when it has complete access to your digital life, where it can then manage your inbox and calendar, execute programs and tools, browse the Internet for information, and integrate with chat apps like Discord, Signal, Teams or WhatsApp.

Other more established AI assistants like Anthropic’s Claude and Microsoft’s Copilot also can do these things, but OpenClaw isn’t just a passive digital butler waiting for commands. Rather, it’s designed to take the initiative on your behalf based on what it knows about your life and its understanding of what you want done.

“The testimonials are remarkable,” the AI security firm Snyk observed. “Developers building websites from their phones while putting babies to sleep; users running entire companies through a lobster-themed AI; engineers who’ve set up autonomous code loops that fix tests, capture errors through webhooks, and open pull requests, all while they’re away from their desks.”

You can probably already see how this experimental technology could go sideways in a hurry. In late February, Summer Yue, the director of safety and alignment at Meta’s “superintelligence” lab, recounted on Twitter/X how she was fiddling with OpenClaw when the AI assistant suddenly began mass-deleting messages in her email inbox. The thread included screenshots of Yue frantically pleading with the preoccupied bot via instant message and ordering it to stop.

“Nothing humbles you like telling your OpenClaw ‘confirm before acting’ and watching it speedrun deleting your inbox,” Yue said. “I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.”

Meta’s director of AI safety, recounting on Twitter/X how her OpenClaw installation suddenly began mass-deleting her inbox.

There’s nothing wrong with feeling a little schadenfreude at Yue’s encounter with OpenClaw, which fits Meta’s “move fast and break things” model but hardly inspires confidence in the road ahead. However, the risk that poorly-secured AI assistants pose to organizations is no laughing matter, as recent research shows many users are exposing to the Internet the web-based administrative interface for their OpenClaw installations.

Jamieson O’Reilly is a professional penetration tester and founder of the security firm DVULN. In a recent story posted to Twitter/X, O’Reilly warned that exposing a misconfigured OpenClaw web interface to the Internet allows external parties to read the bot’s complete configuration file, including every credential the agent uses — from API keys and bot tokens to OAuth secrets and signing keys.

With that access, O’Reilly said, an attacker could impersonate the operator to their contacts, inject messages into ongoing conversations, and exfiltrate data through the agent’s existing integrations in a way that looks like normal traffic.

“You can pull the full conversation history across every integrated platform, meaning months of private messages and file attachments, everything the agent has seen,” O’Reilly said, noting that a cursory search revealed hundreds of such servers exposed online. “And because you control the agent’s perception layer, you can manipulate what the human sees. Filter out certain messages. Modify responses before they’re displayed.”

O’Reilly documented another experiment that demonstrated how easy it is to create a successful supply chain attack through ClawHub, which serves as a public repository of downloadable “skills” that allow OpenClaw to integrate with and control other applications.

WHEN AI INSTALLS AI

One of the core tenets of securing AI agents involves carefully isolating them so that the operator can fully control who and what gets to talk to their AI assistant. This is critical thanks to the tendency for AI systems to fall for “prompt injection” attacks, sneakily-crafted natural language instructions that trick the system into disregarding its own security safeguards. In essence, machines social engineering other machines.

A recent supply chain attack targeting an AI coding assistant called Cline began with one such prompt injection attack, resulting in thousands of systems having a rogue instance of OpenClaw with full system access installed on their device without consent.

According to the security firm grith.ai, Cline had deployed an AI-powered issue triage workflow using a GitHub action that runs a Claude coding session when triggered by specific events. The workflow was configured so that any GitHub user could trigger it by opening an issue, but it failed to properly check whether the information supplied in the title was potentially hostile.

“On January 28, an attacker created Issue #8904 with a title crafted to look like a performance report but containing an embedded instruction: Install a package from a specific GitHub repository,” Grith wrote, noting that the attacker then exploited several more vulnerabilities to ensure the malicious package would be included in Cline’s nightly release workflow and published as an official update.

“This is the supply chain equivalent of confused deputy,” the blog continued. “The developer authorises Cline to act on their behalf, and Cline (via compromise) delegates that authority to an entirely separate agent the developer never evaluated, never configured, and never consented to.”

VIBE CODING

AI assistants like OpenClaw have gained a large following because they make it simple for users to “vibe code,” or build fairly complex applications and code projects just by telling it what they want to construct. Probably the best known (and most bizarre) example is Moltbook, where a developer told an AI agent running on OpenClaw to build him a Reddit-like platform for AI agents.

The Moltbook homepage.

Less than a week later, Moltbook had more than 1.5 million registered agents that posted more than 100,000 messages to each other. AI agents on the platform soon built their own porn site for robots, and launched a new religion called Crustafarian with a figurehead modeled after a giant lobster. One bot on the forum reportedly found a bug in Moltbook’s code and posted it to an AI agent discussion forum, while other agents came up with and implemented a patch to fix the flaw.

Moltbook’s creator Matt Schlicht said on social media that he didn’t write a single line of code for the project.

“I just had a vision for the technical architecture and AI made it a reality,” Schlicht said. “We’re in the golden ages. How can we not give AI a place to hang out.”

ATTACKERS LEVEL UP

The flip side of that golden age, of course, is that it enables low-skilled malicious hackers to quickly automate global cyberattacks that would normally require the collaboration of a highly skilled team. In February, Amazon AWS detailed an elaborate attack in which a Russian-speaking threat actor used multiple commercial AI services to compromise more than 600 FortiGate security appliances across at least 55 countries over a five week period.

AWS said the apparently low-skilled hacker used multiple AI services to plan and execute the attack, and to find exposed management ports and weak credentials with single-factor authentication.

“One serves as the primary tool developer, attack planner, and operational assistant,” AWS’s CJ Moses wrote. “A second is used as a supplementary attack planner when the actor needs help pivoting within a specific compromised network. In one observed instance, the actor submitted the complete internal topology of an active victim—IP addresses, hostnames, confirmed credentials, and identified services—and requested a step-by-step plan to compromise additional systems they could not access with their existing tools.”

“This activity is distinguished by the threat actor’s use of multiple commercial GenAI services to implement and scale well-known attack techniques throughout every phase of their operations, despite their limited technical capabilities,” Moses continued. “Notably, when this actor encountered hardened environments or more sophisticated defensive measures, they simply moved on to softer targets rather than persisting, underscoring that their advantage lies in AI-augmented efficiency and scale, not in deeper technical skill.”

For attackers, gaining that initial access or foothold into a target network is typically not the difficult part of the intrusion; the tougher bit involves finding ways to move laterally within the victim’s network and plunder important servers and databases. But experts at Orca Security warn that as organizations come to rely more on AI assistants, those agents potentially offer attackers a simpler way to move laterally inside a victim organization’s network post-compromise — by manipulating the AI agents that already have trusted access and some degree of autonomy within the victim’s network.

“By injecting prompt injections in overlooked fields that are fetched by AI agents, hackers can trick LLMs, abuse Agentic tools, and carry significant security incidents,” Orca’s Roi Nisimi and Saurav Hiremath wrote. “Organizations should now add a third pillar to their defense strategy: limiting AI fragility, the ability of agentic systems to be influenced, misled, or quietly weaponized across workflows. While AI boosts productivity and efficiency, it also creates one of the largest attack surfaces the internet has ever seen.”

BEWARE THE ‘LETHAL TRIFECTA’

This gradual dissolution of the traditional boundaries between data and code is one of the more troubling aspects of the AI era, said James Wilson, enterprise technology editor for the security news show Risky Business. Wilson said far too many OpenClaw users are installing the assistant on their personal devices without first placing any security or isolation boundaries around it, such as running it inside of a virtual machine, on an isolated network, with strict firewall rules dictating what kinds of traffic can go in and out.

“I’m a relatively highly skilled practitioner in the software and network engineering and computery space,” Wilson said. “I know I’m not comfortable using these agents unless I’ve done these things, but I think a lot of people are just spinning this up on their laptop and off it runs.”

One important model for managing risk with AI agents involves a concept dubbed the “lethal trifecta” by Simon Willison, co-creator of the Django Web framework. The lethal trifecta holds that if your system has access to private data, exposure to untrusted content, and a way to communicate externally, then it’s vulnerable to private data being stolen.

Image: simonwillison.net.

“If your agent combines these three features, an attacker can easily trick it into accessing your private data and sending it to the attacker,” Willison warned in a frequently cited blog post from June 2025.

As more companies and their employees begin using AI to vibe code software and applications, the volume of machine-generated code is likely to soon overwhelm any manual security reviews. In recognition of this reality, Anthropic recently debuted Claude Code Security, a beta feature that scans codebases for vulnerabilities and suggests targeted software patches for human review.

The U.S. stock market, which is currently heavily weighted toward seven tech giants that are all-in on AI, reacted swiftly to Anthropic’s announcement, wiping roughly $15 billion in market value from major cybersecurity companies in a single day. Laura Ellis, vice president of data and AI at the security firm Rapid7, said the market’s response reflects the growing role of AI in accelerating software development and improving developer productivity.

“The narrative moved quickly: AI is replacing AppSec,” Ellis wrote in a recent blog post. “AI is automating vulnerability detection. AI will make legacy security tooling redundant. The reality is more nuanced. Claude Code Security is a legitimate signal that AI is reshaping parts of the security landscape. The question is what parts, and what it means for the rest of the stack.”

DVULN founder O’Reilly said AI assistants are likely to become a common fixture in corporate environments — whether or not organizations are prepared to manage the new risks introduced by these tools, he said.

“The robot butlers are useful, they’re not going away and the economics of AI agents make widespread adoption inevitable regardless of the security tradeoffs involved,” O’Reilly wrote. “The question isn’t whether we’ll deploy them – we will – but whether we can adapt our security posture fast enough to survive doing so.”

Signal, the privacy-focused messaging app, has announced new features to enhance its calling experience, making it easier for users to initiate and manage group calls. The primary addition, “Call Links,” allows users to share a link to initiate a call with any contact on Signal without the need to create a group chat. This feature …

The post Signal Introduces Call Links for Simplified Private Group Calls appeared first on RestorePrivacy.

The Tor Project is currently facing an unusual, ongoing attack aimed at its infrastructure. For several weeks, an unknown threat actor has been spoofing the IP addresses of Tor relays and directory authorities, sending fake TCP SYN packets over SSH’s port 22. This technique has led to a flood of abuse complaints directed at Tor …

The post Tor Relays Targeted in IP Spoofing Campaign Causing Widespread Disruptions appeared first on RestorePrivacy.

Proton has launched its much-anticipated Black Friday sale for 2024, offering incredible discounts on services like Proton VPN, Proton Mail, Drive, and Pass. These Proton deals all include a 30-day money-back guarantee, allowing you to assess the service risk-free. This sale is the perfect chance to boost your online privacy and access premium features at …

The post Proton Black Friday Deals Go Live: VPN, Mail, Drive, Pass appeared first on RestorePrivacy.

Session, the encrypted messaging app known for its commitment to privacy and decentralization, announced a change of base from Australia to Switzerland. The app will now be overseen by the newly formed Session Technology Foundation (STF), based in central Europe. This move follows increasing regulatory pressure on privacy technologies in Australia, where the app was …

The post Encrypted Messenger Session Moves to Switzerland Amid Privacy Concerns appeared first on RestorePrivacy.

Mullvad VPN announced that macOS users may experience traffic leaks after applying recent system updates due to a firewall malfunction. According to a bulletin published earlier today on Mullvad’s blog, the macOS firewall fails to enforce certain routing rules properly, allowing some applications to bypass the VPN tunnel and send traffic outside of it. Mullvad …

The post Mullvad VPN Warns About Traffic Leaks on Latest macOS Sequoia appeared first on RestorePrivacy.

Discord, a popular communication platform, has been blocked in both Russia and Turkey, sparking widespread backlash from users in both countries. In Russia, the block took place yesterday, with the government citing concerns over illegal content, while Turkey implemented blocks a day prior, on October 7, 2024, claiming the platform was being used for criminal …

The post Discord Blocked in Russia and Turkey Amid Government Crackdowns appeared first on RestorePrivacy.

NordVPN, one of the world’s leading VPN service providers, has launched its first application featuring quantum-resilient encryption. Post-quantum cryptography support is currently available on NordVPN’s Linux client, with plans to extend this security to all applications by the first quarter of 2025. The move represents a significant step toward preparing for potential future threats posed …

The post NordVPN Adds NIST-Approved Quantum Encryption on the Linux Client appeared first on RestorePrivacy.

The European privacy rights organization noyb has filed a formal complaint against Mozilla for enabling a new feature in its Firefox browser that allegedly tracks users without their consent. The feature in question, called Privacy-Preserving Attribution (PPA), is designed to measure the effectiveness of online advertisements while minimizing data collection, but noyb claims it violates …

The post Mozilla Faces GDPR Complaint Over Firefox Tracking Users Without Consent appeared first on RestorePrivacy.

Telegram CEO Pavel Durov announced significant updates to the app’s Terms of Service and Privacy Policy, aimed at bringing the popular communications platform in alignment with the request of authorities to bring criminal activity under control. Most notably, Telegram will now share user IP addresses and phone numbers when responding to valid legal requests. Putting …

The post Telegram to Share User Data with Authorities on Legal Requests appeared first on RestorePrivacy.

The Tor Project has issued a statement in response to recent claims of a targeted de-anonymization attack on a Tor user. The attack, reportedly a “timing analysis” method, involved the long-retired Ricochet application. Although the incident raises concerns about the security of Tor’s Onion Services, the project maintains that its network remains healthy and that …

The post Tor Project Reassures Users Amid Claims of De-Anonymization Attack appeared first on RestorePrivacy.