Author: Andy Stern
-
Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitwarden-introduces-cupid-vault-for-secure-password-sharing/
-
SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management
Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/specterops-launches-bloodhound-scentry
-
MSP Strategic Defense: Where Prevention Meets Compliance
<div cla Imagine a modern office building. Not everyone who works there can go everywhere. Employees can access the building entrance, their own floor, and the meeting rooms they need, but they can’t (and shouldn’t be able to) walk into the server room, access executive offices, or wander freely across every floor. This may seem…
-
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/state-hackers-using-gemini-google-ai/
-
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/state-hackers-using-gemini-google-ai/
-
New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
-
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
Tags: access, attack, authentication, exploit, flaw, rce, remote-code-execution, update, vulnerabilityA critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
-
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/booz-allen-announces-general-availability-vellox-reverser
-
Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents
Tags: scamMen should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/one-in-two-americans-romance-scam-incidents
-
Those ‘Summarize With AI’ Buttons May Lying to You
Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/summarize-ai-buttons-may-be-lying
-
Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack
Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline. The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-six-zero-days-february-2026/
-
CISA will shutter some missions to prioritize others
Tags: cisaThe agency has lost roughly one-third of its workforce since January 2025. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-cybersecurity-division-reorganization/812155/
-
MSP Strategic Defense: Where Prevention Meets Compliance
<div cla Imagine a modern office building. Not everyone who works there can go everywhere. Employees can access the building entrance, their own floor, and the meeting rooms they need, but they can’t (and shouldn’t be able to) walk into the server room, access executive offices, or wander freely across every floor. This may seem…
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
The Agentic Virus: How AI Agents Become Self-Spreading Malware
In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot in enterprise identity. The problem: thousands of MCP deployments running with overly broad tokens, no authentication, and no connection to your identity fabric. The solution: federate everything through the Maverics AI Identity Gateway. That post assumed……
-
Who’s the bossware? Ransomware slingers like employee monitoring tools, too
As if snooping on your workers wasn’t bad enough First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/ransomware_slingers_bossware/
-
Advanced Threat Detection Proactive Cyber Defense Capabilities
In today’s rapidly evolving threat landscape, organizations must maintain continuous visibility, strong detection mechanisms, and rapid response capabilities to defend against increasingly sophisticated cyber adversaries. Our Security Operations framework demonstrates proven effectiveness in identifying, analyzing, and mitigating high-risk network threats in real time. Below are two recent case studies that highlight our proactive detection, investigative…
-
Roses Are Red, AI Is Wild: A Guide to AI Regulation
AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
-
Roses Are Red, AI Is Wild: A Guide to AI Regulation
AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
-
Odido confirms massive breach; 6.2 Million customers impacted
Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of…
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
4 Tools That Help Students Focus
Educators recognize the dual reality of educational technology (EdTech): its potential to sharpen student focus and detract from it. Schools must proactively leverage technology’s advantages while mitigating its risks to student productivity. Read on as we unpack the evolving importance and challenge of supporting student focus. We also detail four categories of classroom focus tools,…
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/hand-over-the-keys-for-shannons-shenanigans/
-
IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
<div cla Digital sovereignty is now a strategic imperative for many European organizations. According to a new IDC Market Note¹, “Sovereignty is not viewed just as a contractual consideration, but as an architectural one, and one of technical feasibility.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/idc-market-note-surging-demand-for-eu-data-sovereignty-drives-new-cybersecurity-cloud-partnership/
-
Hacker linked to Epstein removed from Black Hat cyber conference website
Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/12/hacker-linked-to-epstein-removed-from-black-hat-cyber-conference-website/
-
The Epstein Files Reveal Stunning Operational Security Fails
Plaintext Emails Trigger Police Probes Into Potential Leaks of State Secrets The volume of information contained in the Epstein Files, bizarre pictures they paint and our inability to know what they don’t document complicate attempts to understand what it all means. What is clear is the digital detritus that can be generated by just a…
-
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/romanias-oil-pipeline-operator-conpet-confirms-data-stolen-in-attack/
-
EU Privacy Watchdogs Pan Digital Omnibus
Critics Say Regulation Amendments Would Chip Away at Fundamental Rights. A slew of amendments to European tech regulations touted by the European Commission as necessary for boosting continental competitiveness is receiving pushback from privacy watchdogs unhappy with changes that could water down EU privacy laws. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/eu-privacy-watchdogs-pan-digital-omnibus-a-30744
-
IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
<div cla Digital sovereignty is now a strategic imperative for many European organizations. According to a new IDC Market Note¹, “Sovereignty is not viewed just as a contractual consideration, but as an architectural one, and one of technical feasibility.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/idc-market-note-surging-demand-for-eu-data-sovereignty-drives-new-cybersecurity-cloud-partnership/