Fraud Investigation Techniques
An 18-Year-Old Codebase Left Smart Buildings Wide Open
Researcher Gjoko Krstic’s "Project Brainfog" exposed hundreds of zero-day vulnerabilities in building-automation systems still running ...
US Stands Out in Refusal to Sign UN Cybercrime Treaty
The agreement aims to help law enforcement prosecute cross-border cybercrime, but the final treaty could allow unchecked surveillance a...
Critical Claroty Authentication Bypass Flaw Opened OT to Attack
CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and critical infrastructure, plus...
LotL Attack Hides Malware in Windows Native AI Stack
Security programs trust AI data files, but they shouldn't: they can conceal malware more stealthily than most file types.
Cloud Outages Highlight the Need for Resilient, Secure Infrastructure Recovery
Two massive technical outages over the past year underscore the need for cybersecurity teams to consider how to recover safely from dis...
Data Leak Outs Students of Iran’s MOIS Training Academy
A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.
Data Security Posture Management — What Does ‘Best in Class’ Look Like?
The emergence of Data Security Posture Management (DSPM) in early 2023, followed by major acquisitions by companies like IBM, Thales, a...
Malicious NPM Packages Disguised With ‘Invisible’ Dependencies
In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86...
AI Search Tools Easily Fooled by Fake Content
New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.
Dentsu Subsidiary Breached, Employee Data Stolen
A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.