A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction. The critical-rated…
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as…
Jun 12, 2025Ravie LakshmananVulnerability / Software Security ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due…
Jun 12, 2025Ravie LakshmananEnterprise Security / Active Directory Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active…
Jun 11, 2025Ravie LakshmananRansomware / Cybercrime Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to…
Jun 11, 2025Ravie LakshmananNetwork Security / Threat Intelligence Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login…
Jun 11, 2025Ravie LakshmananCybercrime / Malware INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation…
In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System (DNS). As the…
Jun 11, 2025Ravie LakshmananIoT Security / Vulnerability Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. “Successful…
In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge.…