Kirsten Doyle

Identity failed more organizations this year, and the damage hit harder. The takeaway: without decisive action, leaders will see risks grow sharper, losses deeper, and recovery slower. That’s one of several warnings from the 2026 RSA ID IQ Report, which surveyed more than 2,000 global experts to understand how often identity security failed them, what it cost, and where they see the greatest threats ahead.  The data tells a clear story. The identity gap is widening. Most companies still depend on legacy tools that can’t keep pace with modern attacks. Passwords remain the dominant method of authentication, and the weakest…

In late September 2025, eSentire’s Threat Response Unit (TRU) found something new and dangerous. A Rust-based backdoor inside a financial services client’s network. They called it ChaosBot. ChaosBot uses Discord (the same chat service gamers and teenagers use every day) as its command center. A malefactor calling himself “chaos_00019” controlled it, sending instructions to infected machines through Discord’s normal channels. The malware didn’t target everyone. Its operators seemed to focus on Vietnamese speakers. Not exclusively, but often enough to notice. The Break-In The attack began with stolen credentials. One belonged to a VPN user, another to an over-privileged Active Directory…

The Civil Guard has dismantled one of Spain’s most active phishing networks, arresting a 25-year-old Brazilian developer known online as “GoogleXcoder.” He stands accused of designing and selling phishing kits that allowed other criminals to mimic banks, government agencies, and public institutions. Since 2023, a slew of phishing attacks have swept across Spain. Bad actors posed as trusted entities, fooling victims into revealing personal details. The losses ran into millions. Complaints surged and anxiety grew. The Civil Guard’s Cybercrime Unit began hunting for the scammers, as well as the author behind the code. Their trail led to “GoogleXcoder,” a developer…

Japan’s leading beverage company, Asahi, has suffered a significant disruption to its operations following a cyberattack that began on 29 September 2025. The attack has led to a complete system failure, halting production, order processing, shipping, and customer service activities across the company’s Japanese operations. Asahi said that there has been no confirmed leakage of personal or customer data to external parties. Asahi Group Holdings is known for its diverse portfolio of brands, including Asahi Super Dry beer, Nikka Whisky, and Mitsuya Cider. Established in 1889 and headquartered in Tokyo, the company operates 30 plants in Japan and has a…

Researchers from Palo Alto’s Unit 42 say a suspected group of Chinese actors infiltrated email servers used by foreign ministries. The attackers accessed Microsoft Exchange systems and combed through messages related to diplomatic activities. The threat, dubbed “Phantom Taurus” targets governments and telecoms across Africa, the Middle East, and Asia. Its operations align closely with China’s strategic interests. The group started as a faint pattern in telemetry, labeled CL-STA-0043. By 2024, it became a temporary group, TGR-STA-0043, or Operation Diplomatic Specter. After extended observation, Unit 42 concluded it is a distinct threat actor: Phantom Taurus. Its focus is precise: embassies,…

Noma Labs has uncovered a severe flaw in Salesforce’s Agentforce platform. The chain of vulnerabilities, dubbed ForcedLeak, carried a CVSS score of 9.4 and exposed customer data to theft through indirect prompt injection and a loophole in Salesforce’s Content Security Policy. The weakness lay in how Agentforce (an autonomous AI agent) processed instructions. Unlike conventional chatbots, these agents can act on data without constant oversight – an autonomy that created a wider, more dangerous attack surface. The Mechanics Bad actors slipped malicious instructions into Salesforce’s Web-to-Lead form, hiding payloads in the Description field. When staff later queried those leads through…

Harrods says attackers made contact after a breach compromised data belonging to 430,000 customers. The luxury department store said it will not be engaging with them. The information was taken from a third-party provider. In a statement, Harrods said: “We proactively informed affected e-commerce customers on Friday that the impacted personal data is limited to basic personal identifiers including name and contact details, where this information has been provided. It does not include account passwords or payment details. “Affected customer records may also have labels related to marketing and services delivered by Harrods. “These labels may include tier level or…

Federal civilian agencies must immediately patch critical Cisco firewall vulnerabilities being exploited by an “advanced threat actor.”   The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering immediate action. The vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affect Cisco Adaptive Security Appliances (ASA). One allows remote code execution, the other privilege escalation. Bad actors have been seen chaining the two. The first carries a severity score of 9.9, the second 6.5. Cisco released patches last Thursday. Acting CISA Director Madhu Gottumukkala stressed the urgency. “Threat actors can exploit these vulnerabilities with alarming ease, maintain persistence, and gain access to a network,”…

A phishing lure opened the door.  At first glance it looked ordinary: a ZIP file, a signed PDF reader, a misplaced DLL. The DLL sideloaded itself into a trusted process and set the rest in motion.   According to Huntress, what followed was a deliberate climb from simple Python scripts to a polished, modular remote access trojan called PureRAT. The path matters, but the method matters more. The chain used several steps, each of which removed friction for the attacker and increased resilience for the implant. No single control would have stopped it. The Detail The email held a ZIP and…

Every digital interaction begins with a question: Who are you? The answer may be simple like a name and an email to join a newsletter. Or it may be complex, like a government-issued ID, biometric scan, or third-party verification service. But as the tools of identity verification expand, so too do the risks to privacy. To explore this tension, we spoke with two experts: Ross Moore, Information Security Researcher, and Chloé Messdaghi, Founder & Principal Advisor at Thornbridge Advisory. Their perspectives highlight both the history that brought us here and the future we are building. A future where convenience, trust,…