News

Where are you? What are you working on? Why are you doing that?

Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.…

Darksword is the second iOS exploit chain in a month

A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…

Interlock's post-exploit toolkit exposed

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…

Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators

Researchers at IBM X‑Force and Flare Research have uncovered data that sheds light on how North Korea's fake IT worker schemes operate and infiltrate companies in order to funnel money back to the regime and steal sensitive information.…

No 1 Space Operations Squadron will get a persistent stare capability

The Ministry of Defence (MoD) plans to spend £17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK's secure communications system Skynet.…

Even without a navy, or air power, 'They'll still have the ability to hack'

Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.…

Big Tech donates $12.5 million to get things rolling

Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports.…

In less polite places, this is called ‘hacking back’ or ‘offensive cyber-ops’

Japan’s government yesterday decided to allow its Self-Defense Force to conduct offensive cyber-operations, starting on October 1st.…

Sell your soul to the orb

Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by – you guessed it – adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.…

State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties

The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.…

Midmarket security leaders aren't as secure as they think, says Intruder's report

Partner Content  The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.…

SCION: Proven in banking and healthcare, slow to spread everywhere else

Feature  BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.…

Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job

Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft’s Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.…

AI helped send weekly threat signal count from 80 million to 400 billion, then helped response time shrink from two days to 30 minutes

Australia’s Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade.…

Operations and hospital networks not affected, we're told

Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.…

Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts'

Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses.…

Interpol says fraud schemes using the tech are 4.5x more profitable

AI is apparently good for the bottom line if your business is crime. Financial fraud schemes carried out with the help of artificial intelligence are 4.5 times more profitable than those that aren't enhanced, according to Interpol's latest estimates.…

Back button blunder in WebFiling service run by Companies House revealed confidential paperwork

Companies House was forced to pull down its record-filing platform for the entire weekend to rectify a "security issue" that exposed the personal details of company directors and other data to any logged in users.…

PLUS: Citrix CISO urges patch blitz; Mandiant founder reveals AI red-teaming tech; Bitter privacy news for Starbucks; And more

Infosec In Brief  Canadian outsourcer Telus Digital has admitted it fell victim to a cyberattack.…

And then they send victims to the legit VPN download to hide their tracks

A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.…