Information security

Information security

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("noreply-application-integration@google[.]com") so that they can bypass traditional email security filters and have a better chance of landing in users' inboxes.

The latest set of attacks began with a spear-phishing email containing a ZIP archive with a LNK file disguised as a PDF. Opening the file triggers the execution of a remote HTML Application (HTA) script using "mshta.exe" that decrypts and loads the final RAT payload directly in memory. In tandem, the HTA downloads and opens a decoy PDF document so as not to arouse users' suspicion.

In 2026, the mass personalization of cyberattacks will disrupt the classical kill chain model, which relies on observing and then reacting to stop threats. Attackers will leverage AI to understand business's unique vulnerabilities and craft personalized, novel software for each enterprise. This means every organization will see a massive rise in sophisticated, tailored attacks that are not known to the majority of their current security tools, pitting them in a race against time to spot the attack and respond before sustaining widespread damage.

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, " Is this reducing incidents?" the answer is often unclear. This gap between effort and outcome is the core ROI problem in attack surface management, especially when ROI is measured primarily through asset counts instead of risk reduction.

Think of your network like an apartment building. You've got a locked front door - that's your perimeter. But once someone gets inside, there's no front desk checking IDs, no elevator security and the same outdated lock on every unit. An intruder can roam freely, entering any apartment they choose. Microsegmentation is the internal security system. It's the keycard for the elevator, the camera in the hallway, the unique lock on your door. It's what stops one compromised device from becoming a full-blown breach.

AI-Enhanced Phishing and Deepfakes: No longer are phishing emails riddled with obvious errors. AI tools can instantly craft convincing messages by harvesting content from social media and corporate sites, personalizing scams to increase their effectiveness. Adding to this, deepfake technology enables cybercriminals to mimic voices and even video images of executives to authorize wire transfers or issue fake instructions, making fraud exponentially harder to detect.

Microsoft Defender is the built-in anti-malware package that's included with modern Windows operating systems. It's alternatively known as Windows Security (it shows up under Settings > Privacy & security as Windows Security), Windows Defender, or Microsoft Defender Antivirus, as on this Microsoft Learn page. But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

U.S. and Australian cyber agencies confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday and is impacting data storage systems from the company MongoDB. The issue drew concern on December 25 when a prominent researcher published exploit code for CVE-2025-14847 - a vulnerability MongoDB announced on December 15 and patched on December 19.

Looking ahead to 2026, I don't expect a single "big bang" cyber event so much as a steady escalation in quiet, hard-to-spot campaigns. Instead of smashing through the front door, more attackers will simply walk in using valid credentials, abusing identity systems, single sign-on and trusted AI agents to blend into normal activity. These operations will be longer-running, more tightly linked to geopolitical and ideological tensions, and increasingly aimed at disrupting real-world services, not just stealing data.

The Harvester gathers public data about domains and organizations. It pulls names, email addresses, subdomains, IPs, and URLs from search engines and online services. It supports many sources like Google, Bing, Baidu, Shodan, and public certificate records. This lets investigators build an initial map of the external attack surface quickly. They can run simple commands to collect results into files for later review. The Harvester works well for early reconnaissance in penetration tests and threat assessments.

The foundation of DFARS compliance is NIST SP 800-171, a publication that specifies 110 security controls designed to protect Controlled Unclassified Information (CUI). The first step for any organization is to thoroughly understand these requirements. This isn't just about reading a document; it involves translating technical controls into practical business processes. These controls cover 14 different areas of cybersecurity, including: Access Control: Limiting system access to authorized users.

The US Cyber Trust Mark Program, an Energy Star-style certification for smart home security, could be winding down less than a year after it launched. Safety testing company UL Solutions has announced that it is stepping down as the program's lead administrator, just a few months after the Federal Communications Commission (FCC) began investigating it over ties to China. The Cyber Trust Mark Program hasn't been officially shut down yet, but the loss of its lead administrator leaves it in limbo.

It has been almost 13 years since security support for version 2.0 of the Apache HTTP Server ended. The final release was in July 2013, by which time the team had moved on to bigger and better things. The IFE, however, has not. In fact, version 2.0.42 first appeared in September 2002.

The vulnerability makes it possible to bypass two-factor authentication on VPN connections, despite a patch having been available since 2020. The vulnerability CVE-2020-12812 affects the SSL VPN component of FortiOS, the operating system that runs on Fortinet devices such as firewalls and VPN systems. Attackers can bypass the enabled 2FA for a VPN account by changing the username. The problem occurs when 2FA is enabled in the "user local" setting and a remote authentication method is configured for this user.

It's no secret that digital surveillance and other tech-enabled oppressions are acute dangers for liberation movement workers. The rising tides of tech-fueled authoritarianism and hyper-surveillance are universal themes across the various threat models we consider. EFF's Surveillance Self-Defense project is a vital antidote to these threats, but it's not all we do to help others address these concerns. Our team often receives questions, requests for security trainings, presentations on our research,

At the recent RSA Conference - an annual IT security event, held this year in San Francisco - the expo floor was brimming with security vendors, partners and information security executives looking to advance their security posture and operations. Considering the many different perceived security challenges, solutions, products and services evidences just how dynamic - and perhaps volatile - this industry can really be.

Earlier this year, Amazon Web Services (AWS) announced the availability of the Well‑Architected Data Residency with Hybrid Cloud Services Lens, a new extension of the AWS Well‑Architected Framework aimed at helping organizations design and operate hybrid cloud workloads that must comply with complex data residency and sovereignty requirements. The announcement underscores AWS's growing focus on governance, regulatory compliance, and hybrid operations as enterprises increasingly balance cloud adoption with on‑premises and geopolitical data constraints.

In this case, the victim is one of the digital advertising screens so beloved of public spaces these days. Rather than having a human paste up posters regularly, these things allow seamless content updates to delight passing travelers until, of course, the bork fairy pays a visit. This example of the fairy's evil work can be found at one of the station's entrances and is both an example of an unhappy update and the infamous Progress Bar of Lies.

Notably, for the seven years since her arrest, Ms. Mangi has complied with her conditions of release. She is 70 years old and has lived at the same address for the past 28 years,

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible.

After 33 years, Bernardo Quintero decided it was time to find the person who changed his life the anonymous programmer who created a computer virus that had infected his university decades earlier. The virus, called Virus Malaga, was mostly harmless. But the challenge of defeating it sparked Quintero's passion for cybersecurity, eventually leading him to found VirusTotal, a startup that Google acquired in 2012. That acquisition brought Google's flagship European cybersecurity center to Malaga, transforming the Spanish city into a tech hub.

The Cybersecurity and Infrastructure Security Agency (CISA) published a guide detailing venue security and disruption management. In this guide, venue owners and operators can review fundamental strategies to mitigate repercussions of possible disruptions to the critical lifeline sectors of: Communications Energy Transportation Water and Wastewater Systems While this guide serves as a broad catalog for support, it is not comprehensive. Security leaders in the event security space are encouraged to leverage the provided resources and consider them in the context of their venue's unique needs.

Investors are concerned with future stock performance over the next one, five, or 10 years. While most Wall Street analysts will calculate 12-month forward projections, it is clear that nobody has a consistent crystal ball, and plenty of unforeseen circumstances can render even near-term projections irrelevant. 24/7 Wall St. aims to present some further-looking insights based on CrowdStrike's own numbers, along with business and market development information that may be of help with your own research.