Meridiano
The average time for attackers to move laterally within a breached network has accelerated to just 29 minutes, a 65% increase in speed from the previous year. This rapid "breakout" is fueled by the misuse of legitimate credentials, which allows attackers to blend in, and by targeting unmanaged devices that lack security controls. A significant majority (82%) of detected intrusions in 2025 were malware-free, relying on authorized pathways. These factors have drastically reduced the time defenders have to detect and respond to cyber intrusions.
Articles
Showing articles 301 - 315 of 2001 total (matching filters).
-
infosec 5 -
infosec 4The release of Jeffrey Epstein case documents reveals how federal investigations obtain user data from tech companies like Google. The documents show grand jury subpoenas requesting user information and the legal correspondence where Google sometimes pushes back against overbroad requests. They detail the types of data Google can be compelled to provide, from basic subscriber information with a subpoena to more sensitive data, and highlight prosecutors' frequent requests for secrecy, prohibiting Google from notifying users. The main topics covered are the government's data request processes, Google's compliance and pushback, and the legal frameworks like the Stored Communications Act governing these exchanges.
-
infosec 5CISA has added a critical OS command injection vulnerability (CVE-2026-25108) in Soliton Systems' FileZen software to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows authenticated users to execute arbitrary commands and affects specific versions of the file transfer product when its Antivirus Check Option is enabled. The vendor advises updating to version 5.0.11 or later and changing all user passwords, while U.S. federal agencies have a remediation deadline of March 17, 2026. The main topics covered are the vulnerability's technical details, affected versions, exploitation conditions, and recommended mitigation steps.
-
infosec 4SolarWinds has released patches for four critical vulnerabilities in its Serv-U file transfer software, which could allow remote code execution. The flaws, all rated 9.1 in severity, affect Serv-U version 15.5 and have been fixed in version 15.5.4. While exploitation requires administrative privileges, the company notes a medium risk on Windows systems. There is no mention of current active exploitation, though similar past vulnerabilities have been weaponized by threat actors.
-
tech 5Xiaomi is significantly increasing its investment in core technologies, including self-developed chips, operating systems, and artificial intelligence, as part of a broader push for technological self-reliance. The company's founder, Lei Jun, emphasized that private firms must accelerate the commercialization of innovations, leveraging their market proximity to quickly scale new products.
Xiaomi has already invested over 100 billion yuan in R&D over the past five years and plans to spend 200 billion yuan more in the next five. A key near-term goal is to integrate its in-house chip, operating system, and AI model into a single device this year.
The main topics covered are Xiaomi's strategic focus on core technologies (chips, OS, AI), its substantial R&D investments, and the commercial application of innovations, within the context of China's push for technological self-reliance and the industry race in areas like humanoid robotics.
-
infosec 5A major international law enforcement operation called Red Card 2.0 resulted in 651 arrests and the recovery of over $4.3 million from cybercriminal groups across Africa. The operation, involving Interpol, 16 African countries, and private cybersecurity firms, targeted various fraud schemes including investment scams and a syndicate that infiltrated a telecom provider. The article highlights that cybercrime in Africa is increasingly organized and transnational, with criminals using AI to enhance attacks like phishing. It also emphasizes the growing importance of public-private partnerships and regional cooperation to combat these threats despite resource challenges for some local agencies. The main topics covered are the results of Operation Red Card 2.0, the nature of cybercrime in Africa, and the collaborative efforts to fight it.
-
infosec 5An Australian national and former U.S. defense contractor employee, Peter Williams, was sentenced to over seven years in prison for selling eight zero-day cyber exploits to the Russian broker Operation Zero for millions in cryptocurrency. The stolen tools, intended for U.S. government use, could have enabled global cybercrime and espionage, causing significant financial loss to his employer. In response, the U.S. government sanctioned Operation Zero, its director Sergey Zelenyuk, and related entities for acquiring and distributing these tools, which they marketed to non-NATO countries and intelligence agencies. The main topics covered are the criminal conviction and sentencing for trade secret theft, the details of the cyber exploit sale to a Russian entity, and the subsequent U.S. sanctions against the foreign brokers.
-
infosec 3Mexican Army Special Forces killed Nemesio "El Mencho" Oseguera Cervantes, leader of the Jalisco New Generation Cartel (CJNG). His death is expected to cause a major reconfiguration in global drug trafficking and potentially increase violence. The article details the CJNG's origins as a splinter group from the Sinaloa Cartel and its rapid expansion into a global criminal enterprise involved in drug trafficking, extortion, and migrant smuggling. It also highlights the cartel's sophisticated use of technology, including social media for recruitment and AI for financial scams, to build its operational capacity.
-
brasil 7Resumo objetivo:
O artigo critica a cobertura jornalística do caso de Thales Machado, secretário que matou os dois filhos e cometeu suicídio em Itumbiara (GO). A imprensa é acusada de atribuir a tragédia à "traição" da esposa, Sarah Tinoco, em vez de focar no machismo e na violência do autor, reforçando a culpabilização da vítima. Além disso, destaca-se o sensacionalismo e a banalização do crime, como a veiculação na seção de entretenimento do portal Terra.Principais tópicos abordados:
1. Culpabilização da mulher: A mídia atribuiu a motivação do crime à suposta traição da esposa, deslocando o foco do autor (Thales) e de questões como machismo e narcisismo.
2. Sensacionalismo jornalístico: Crítica ao tratamento do caso como entretenimento, com títulos impactantes e enquadramentos que banalizam a violência.
3. Misoginia estrutural: O artigo aponta como a narrativa midiática alimenta e reflete o ódio contra mulheres, inclusive nas redes sociais, perpetuando a violência de gênero.
4. Padrão narrativo transversal: A abordagem culpabilizadora foi identificada em veículos de diferentes linhas editoriais, evidenciando um problema sistêmico no jornalismo. -
tech 6The article details the severe threat that space debris poses to the International Space Station (ISS). Debris constantly strikes the station, and a puncture could cause depressurization, with the size of the hole determining the crew's limited response time.
While a tracking network and avoidance maneuvers are used to dodge larger debris, and shields protect against very small pieces, there is a dangerous gap in defenses for objects between 1 and 10 cubic centimeters. The risk of a catastrophic depressurization event is statistically low but present.
In a worst-case scenario where a leak cannot be sealed, the crew would be forced to evacuate to their crew vehicles and abandon the ISS. Following an evacuation, the international partners would face the complex decision and process of deorbiting the station.
Main Topics: Space debris threat to the ISS, station defenses and their limitations, emergency procedures for depressurization, and the contingency plan for station abandonment and deorbit.
-
infosec 4Manual processes for transferring sensitive data remain prevalent in national security organizations, creating significant security vulnerabilities and operational inefficiencies. These manual methods introduce risks like human error, delays, and exploitable gaps that adversaries can target, compromising mission assurance. Key barriers to automation include legacy systems, complex procurement cycles, cultural trust in manual oversight, and fear of disruption during technology transitions. The article concludes that persisting with manual handling undermines critical principles of speed, accuracy, and trust in contested environments.
-
tech 6Chinese AI models from MiniMax and Moonshot AI have topped a global token usage ranking, ending a year of market dominance by US developers. The ranking, from platform OpenRouter, shows high demand for Chinese open-source models following new releases.
MiniMax's M2.5 model was the most popular by token usage this month, followed by Moonshot's Kimi K2.5. Together with DeepSeek, these Chinese firms accounted for nearly two-thirds of the token usage among the top five ranked models.
The main topics covered are the shift in AI model usage dominance from the US to China, the performance of specific Chinese AI companies and models, and the metrics used to measure this demand.
-
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
infosec 3A new scoring system called the Operational Technology Incident (OTI) Impact Score has been developed to measure the severity of cybersecurity events in industrial control and operational technology environments. Modeled after the Richter Scale, it rates incidents based on their severity, geographic reach, and duration to provide a clear, standardized assessment of business impact. The tool aims to help executives, insurers, and the media better understand and respond to OT cyber incidents, which are often mischaracterized. The score will be determined by vetted industry volunteers through an online portal shortly after an event occurs.
-
tech 6A pending equity sale by US firm General Atlantic values ByteDance at a record $550 billion. This marks a significant increase from a $400 billion valuation in mid-2025.
The proposed sale follows ByteDance's recent deal with the U.S. government to restructure TikTok's operations. General Atlantic is selling part of its stake as some of its investment funds near the end of their life cycle.
The main topics covered are ByteDance's increased valuation, the details of the private equity sale, and the context of ByteDance's recent U.S. operational restructuring.
-
infosec 5Cybersecurity researchers identified four malicious NuGet packages targeting ASP.NET developers to steal sensitive data and create backdoors. The packages, published in August 2024 and downloaded over 4,500 times, exfiltrate ASP.NET Identity data and manipulate authorization rules. The campaign aims to compromise the applications built by developers, allowing threat actors persistent access to production systems. In a related incident, a malicious npm package named 'ambar-src' was also disclosed, having been downloaded over 50,000 times before removal.