Meridiano
The article discusses the growing complexity of authenticating non-human workloads and AI agents in modern IT environments, which often span multiple cloud platforms. It highlights that many organizations currently rely on insecure practices like static credentials and IP addresses, which are difficult to scale and vulnerable to spoofing. The piece previews an upcoming conference session where experts will present more secure authentication methods, such as mutual TLS and workload identity tokens, and advises organizations to inventory their AI agents and adopt zero-trust principles. The main topics covered are workload identity security, the challenges posed by AI agents, and proposed authentication solutions.
Articles infosec
Showing articles 121 - 135 of 172 total (matching filters).
-
infosec 3 -
infosec 6A recent AI-assisted cyber campaign targeting Fortinet FortiGate appliances utilized an open-source tool called CyberStrikeAI, developed by a China-based developer with suspected government ties. The tool, which integrates numerous security tools for vulnerability discovery, was used by a threat actor to compromise over 600 devices across 55 countries. Analysis links the developer, known as Ed1s0nZ, to organizations supporting Chinese state-sponsored cyber operations, including the security firm Knownsec 404. The main topics covered are the cyberattack campaign, the AI-powered tool CyberStrikeAI, and the alleged connections to Chinese state-linked entities.
-
infosec 3The article identifies a critical paradox in Security Operations Centers (SOCs): Tier 1 analysts, who are responsible for the frontline detection and triage of threats, are often the least experienced and most overburdened. They face significant challenges including alert fatigue, cognitive overload, and high turnover, which degrade SOC performance and increase business risk by delaying threat response. The core solution proposed is to empower Tier 1 by integrating actionable, real-time threat intelligence directly into their workflows, providing essential context to transform raw alerts into informed decisions. The main topics covered are the structural vulnerabilities of the Tier 1 SOC role, the business consequences of these weaknesses, and the necessity of threat intelligence for effective security operations.
-
infosec 6Compromised cPanel credentials are being sold at scale in underground markets as a key tool for cybercriminals. These credentials provide attackers with extensive control over legitimate websites, enabling activities like deploying phishing kits, sending spam, and installing malware. The access is commonly gained through stolen credentials, exploitation of web vulnerabilities, or server misconfigurations. This poses a significant threat as it allows attacks to originate from trusted domains, often evading traditional security detection.
-
infosec 5LexisNexis Legal & Professional confirmed a breach where hackers accessed its servers via an unpatched React application vulnerability, exfiltrating data. The company states the compromised data is mostly pre-2020, non-sensitive legacy information, though the threat actor claims to have stolen extensive records, including some related to U.S. government personnel. LexisNexis has contained the intrusion, notified law enforcement and affected customers, and is investigating with external experts. The main topics covered are the data breach confirmation, the method of intrusion, the nature of the stolen data, and the company's response.
-
infosec 3Google Chrome is shifting from a four-week to a two-week release cycle for stable and beta versions across all platforms, starting with Chrome 153 on September 8. This change aims to deliver features, fixes, and improvements more frequently with smaller, less disruptive updates. Enterprise customers can remain on an eight-week cycle via the Extended Stable branch, and weekly security updates will continue separately. The main topics covered are the accelerated release schedule, its goals of reducing disruption and simplifying debugging, and the continuation of existing security update and enterprise support models.
-
infosec 5A new campaign uses fake IT support calls following email spam to trick victims into granting remote access, leading to the deployment of the Havoc C2 framework. The attackers use a fake Microsoft page to harvest credentials and sideload malicious DLLs to execute Havoc payloads, employing advanced evasion techniques. The tactics are consistent with past Black Basta ransomware operations, suggesting either former affiliates or imitators are active. The goal is rapid lateral movement for potential data exfiltration or ransomware deployment. Main topics covered include the social engineering attack chain, the Havoc malware deployment, and the possible connection to known threat actors.
-
infosec 3Gartner's recommendation to ban AI browsers is understandable due to their security risks, but a blanket prohibition is likely to fail as employees are already widely adopting these productivity tools. History shows that bans, like Prohibition, push usage underground, reducing visibility and control while increasing risk. The main topics covered are the cybersecurity risks of AI browsers, the inevitability of employee adoption, the historical parallel to Prohibition, and the argument for regulated enablement over outright bans.
-
infosec 7A highly sophisticated iPhone hacking toolkit, dubbed "Coruna," has been used in multiple campaigns, exploiting numerous iOS vulnerabilities to infect devices via websites. The toolkit appears to have proliferated from a state-sponsored espionage operation—first used by suspected Russian spies against Ukrainians—to a cybercriminal operation targeting Chinese-speaking cryptocurrency users. Evidence suggests the toolkit may have originally been developed by or for the U.S. government before leaking. This uncontrolled spread of advanced hacking techniques highlights the dangerous proliferation of powerful cyber weapons into the hands of various threat actors.
-
infosec 6A high-severity Qualcomm graphics flaw (CVE-2026-21385) is being exploited in limited, targeted attacks against Android devices, with evidence suggesting possible nation-state or commercial spyware involvement. A second critical Android vulnerability (CVE-2026-0047) enables local privilege escalation but has not yet been seen exploited. Patches for both vulnerabilities are available, but their deployment to end-users depends on device manufacturers, creating a lag in consumer protection. The main topics covered are the active exploitation of a Qualcomm zero-day, the disclosure of a critical Android flaw, and the challenges of patching the Android ecosystem.
-
infosec 4Researchers have demonstrated that tire pressure monitoring systems (TPMS) in modern vehicles can be exploited for low-cost, silent tracking. Using receivers costing around $100, they intercepted unencrypted TPMS signals containing unique, unchanging tire identifiers from passing cars. This allows third parties to capture these signals from up to 50 meters away and track specific vehicle movements over time. The main topics covered are a vehicle security vulnerability, the method of data interception, and the privacy implications of unencrypted automotive sensor data.
-
infosec 5Hackers are exploiting the OAuth authorization mechanism to bypass security protections and launch phishing attacks against government and public-sector organizations. They create malicious OAuth applications that force error redirects, sending victims to phishing pages or delivering malware. These attacks can intercept session cookies to bypass multi-factor authentication and ultimately deploy malware through techniques like HTML smuggling and DLL side-loading. The main topics covered are the exploitation of OAuth redirection, the phishing and malware delivery methods, and recommended security mitigations.
-
infosec 6The India-linked APT group "Sloppy Lemming" has increased its activity and sophistication, targeting defense, nuclear-regulatory, and critical infrastructure sectors in South and Southeast Asia. It has evolved to use custom malware written in Rust and a cloud-based command-and-control infrastructure. The group's operations are part of a broader increase in regional cyber-espionage campaigns, which often employ phishing and credential theft. Cybersecurity firms note potential coordination and shared resources among several India-aligned threat clusters.
-
infosec 3Facebook experienced a worldwide outage, preventing users from accessing their accounts and displaying a temporary error message. The outage began in the afternoon ET and was reported to impact accounts globally, though Meta's status page noted disruptions primarily to business tools. The service was resolved a few hours later, but the cause of the outage was not disclosed by Facebook. The main topics are the Facebook service outage, its global impact, and its resolution without a stated cause.
-
infosec 4AkzoNobel confirmed a contained security breach at a U.S. site by the Anubis ransomware gang, which claims to have stolen 170GB of data. The leaked files include confidential client agreements, personal employee information, and internal technical documents. The company states the impact is limited and it is notifying affected parties while cooperating with authorities. The article also notes that Anubis is a relatively new ransomware service that has expanded its capabilities to include data wiping.