Aggregator

Депутаты потеряли доступ к рабочим компьютерам из-за взлома инфраструктуры.

Nisos
AI-Powered Threats Targeting High-Profile Individuals

Artificial intelligence isn't just transforming industries - it's revolutionizing the threat landscape for high-profile individuals across all sectors...

The post AI-Powered Threats Targeting High-Profile Individuals appeared first on Nisos by Nisos

The post AI-Powered Threats Targeting High-Profile Individuals appeared first on Security Boulevard.

本文提出 JsDeObsBench，一个用于评估大语言模型在 JavaScript 反混淆任务中能力的评测基准 （benchmark）。

Angelo Martino is accused of playing both sides — committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer.

The post Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million appeared first on CyberScoop.

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps

 

The post Why Defensive Coverage Doesn’t Equal Detection Effectiveness appeared first on Security Boulevard.

An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on […]

Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package managers extends software supply chains across large collections of external components. ENISA’s Technical Advisory for Secure Use of Package Managers, released in March 2026, examines how this development practice expands exposure across software ecosystems. Package managers retrieve libraries from public repositories and integrate them into applications. Tools such as npm, … More →

The post ENISA advisory examines package manager security risks appeared first on Help Net Security.

Mimecast has announced major platform capabilities designed for a new enterprise reality as AI agents and automated workflows scale across the business and establish the human layer as the new security control plane. According to Mimecast’s The State of Human Risk 2026, 98% of organizations now use AI to defend against threats, yet 80% are concerned about sensitive data exposure through generative AI tools and 60% still lack strategies to address AI-driven threats. At the … More →

The post Mimecast adds AI investigation and adaptive controls to manage human risk appeared first on Help Net Security.

Власти РФ заявили о технической возможности полностью блокировать трафик через VPN.

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how

WhatsApp has introduced parent-managed accounts designed for pre-teens, giving parents and guardians new controls over contacts, group participation, and how the app is used. These accounts are limited to messaging and calling and do not include access to features such as Meta AI, location sharing, or disappearing messages in individual chats. Parents must have the child’s phone and their own device nearby to link the accounts. After setup, the parent or guardian manages the account, … More →

The post WhatsApp is giving parents peace of mind over their kids’ privacy appeared first on Help Net Security.

Socure has announced Socure Launch, providing every organization with immediate access to industry tested, pre-built identity and fraud solutions. This marks a new era for Socure, providing startups an enterprise level of identity verification, fraud detection, and compliance decisioning. With Socure Launch, developers can instantly build on Socure’s RiskOS platform and move from account creation to production-ready identity and risk workflows in minutes, rather than weeks. Early-stage disruptors, especially in fintech, crypto, gaming, marketplaces, and … More →

The post Socure Launch enables startups to deploy identity verification and fraud controls appeared first on Help Net Security.

How to use the open source Assemblyline tool to track browser extension updates and detect malicious code

Startup Platform Targets Autonomous Detection and Exposure Management
Cybersecurity startup Kai emerged from stealth with $125 million in funding led by Evolution Equity to develop an agentic AI platform that automates exposure management, threat intelligence, analysis and detection workflows while helping security teams remediate vulnerabilities faster.

Vendor Combines AI Attack Agents, Human Experts to Simulate Real-World Cyberattacks
Offensive security startup Armadin secured nearly $190 million in funding to expand a platform that uses AI agents to automate red-team operations. The technology enables companies to continuously test defenses and uncover attack paths that traditional consulting engagements often miss.

A security advisory has been issued for a newly discovered vulnerability affecting the Cortex XDR Broker Virtual Machine (VM). This flaw could allow a highly privileged, authenticated attacker to access and alter sensitive system information. Fortunately, the issue was discovered internally, and there are currently no reports of active malicious exploitation in the wild. Paloalto […]

The post Paloalto Cortex XDR Broker Vulnerability Attackers to Obtain and Modify Sensitive Information appeared first on Cyber Security News.

Zscaler has expanded its data sovereignty capabilities globally, powered by the Zscaler Zero Trust Exchange cloud security platform. For global enterprises, the conflict between protecting data and enabling cross-border collaboration is a major compliance and business challenge to growth. Zscaler already operates 160+ data centers and is present in most countries. Its architecture is based on isolated control, data, and logging planes, distinct layers and separation for management, traffic inspection, and record-keeping to ensure sensitive … More →

The post Zscaler enhances data sovereignty controls with regional processing and logging appeared first on Help Net Security.