Kirsten Doyle

AI-powered attacks are the biggest cybersecurity concern among security professionals. Forty-one percent identified AI-powered attacks at scale as their biggest security concern, nearly double the number citing supply chain risk (21%) or unknown threats (21%). AI-driven threats and what security professionals are doing about them is also the top concern for nearly one in three boards (32%). These were some of the findings of new research conducted by Filigran during Infosecurity Europe 2026.  A new phase of threat-informed defence The survey of 168 cybersecurity professionals across various industry sectors, suggest that organisations are entering a new phase of threat-informed defence,…

Oracle has issued a security alert to customers about a critical vulnerability affecting PeopleSoft environments after the notorious threat actor ShinyHunters claimed it used a previously unknown flaw to compromise over 100 entities. The vulnerability CVE-2026-35273 is in Oracle PeopleSoft PeopleTools, and has a CVSS score of 9.8/10. “Oracle PeopleSoft Enterprise Applications customers may also be affected by this vulnerability. This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution,” the alert read. ShinyHunters said they exploited a zero-day vulnerability in Oracle PeopleSoft systems to gain access to customer environments and steal…

AI-supported coding has progressed from experimental to the norm in organizations, yet technical debt, security risks, and costs could be piling up much faster than anyone realizes. This is one of the key takeaways from the Software Improvement Group (SIG) 2026 State of Software report, which analyzed more than 30,000 software systems and more than 400 billion lines of code. In other words, even though artificial intelligence is helping businesses to develop software more rapidly, software governance and quality management processes lag behind. The report revealed that 90% of IT workers currently use AI on their jobs, with AI-produced code…

A rapidly developing software supply chain attack known as Miasma is one of the latest to move from targeting Red Hat npm packages to infecting numerous Microsoft GitHub repositories. Cloudsmith researchers described the Miasma attack, noting it began after the compromise of the GitHub account of a Red Hat employee, which enabled attackers to use the GitHub OIDC token to deploy malicious packages in the @redhat-cloud-services namespace. Over 30 such compromised packages have been published in the npm registry to facilitate credential, identity, and CI/CD secrets theft. The worm has progressed past package poisoning. According to researchers, Miasma can infect…

A collaboration between the Dutch National Police and the National Cyber Security Centre (NCSC), has seen a large botnet being shut down.  In this operation, 200 servers were identified and addressed as well. These servers controlled millions of infected devices, from computers to phones, and were used to carry out cyberattacks. A security researcher first identified the network and notified the NCSC. The NCSC then alerted the police, and together they dug into the matter. It turns out, the botnet had at least 17 million infected devices. To make matters worse, its 200 controlling servers were right in the Netherlands. …

Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect. The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtect portals and gateways. A high CVSS score of 7.8 was assigned for this vulnerability. This issue was first disclosed by the company on 13 May, when it said it had seen limited exploitation attempts against unpatched devices. The impacted environments involve PAN-OS and Prisma Access with specific GlobalProtect authentication override settings configured. Both Panorama and Cloud NGFW products are not impacted. Security researchers…

CrowdStrike has shared details of a coordinated operation used to disable the Glassworm botnet, which targets software developers and leverages open-source ecosystems to deploy malware. The CrowdStrike Counter Adversary Operations team, in partnership with Google and the Shadowserver Foundation, took down all four C2 centers of the Glassworm network on 26 May by disrupting all lines of communication between Glassworm’s controllers and infected systems. This prevented additional malicious payloads from being delivered. CrowdStrike said Glassworm was a worldwide attack against software developers via the open-source software ecosystem. The threat actors employed malicious VSCode plug-ins, poisoned Python and npm packages, and…

Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT assets, tickets, teams, and remote monitoring. As reported by Huntress, the campaign is using Tiflux RMM as part of phishing attacks that deploy fake documents followed by remote access tools like Splashtop, UltraVNC, and ScreenConnect. In essence, this attack campaign is among many others in which malefactors have turned to legitimate software to avoid detection. Malspam and fake document lures…

Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks.  The new cybersecurity partnership, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), has been launched by eight leading US communications firms, including AT&T, Verizon, T-Mobile, Comcast, Charter Communications, Cox Communications, Lumen Technologies, and Zayo. The telecommunications industry fears that none of the companies have sufficient presence to effectively monitor and respond to increasingly coordinated cyberattacks. According to the founding companies, the increasing involvement of…

For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next level of security, while attackers are focusing on directly targeting our identity infrastructure. Session hijacking, multi-factor fatigue attacks, token thefts, and social engineering attacks have shown that enhanced authentication doesn’t mean enhanced security; it just shifts the risks elsewhere.  In addition, companies need to find ways to make the authentication process easier for users without compromising the system’s credibility. It isn’t simply about verifying…