Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Archives for Kirsten Doyle - Page 2

Kirsten Doyle

Kirsten Doyle

Information Security Buzz News Editor

Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.

Threat Actors Deploy Tiflux RMM for Persistent Remote Access

Kirsten DoyleMay 29, 20263 Mins Read

Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT assets, tickets, teams, and remote monitoring. As reported by Huntress, the campaign is using Tiflux RMM as part of phishing attacks that deploy fake documents followed by remote access tools like Splashtop, UltraVNC, and ScreenConnect. In essence, this attack campaign is among many others in which malefactors have turned to legitimate software to avoid detection. Malspam and fake document lures…

Read More

Major US telecom providers debut C2 ISAC to counter AI-driven threats

Kirsten DoyleMay 26, 20264 Mins Read

Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks.  The new cybersecurity partnership, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), has been launched by eight leading US communications firms, including AT&T, Verizon, T-Mobile, Comcast, Charter Communications, Cox Communications, Lumen Technologies, and Zayo. The telecommunications industry fears that none of the companies have sufficient presence to effectively monitor and respond to increasingly coordinated cyberattacks. According to the founding companies, the increasing involvement of…

Read More

Passwordless security and the new identity battleground

Kirsten DoyleMay 26, 202614 Mins Read

For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next level of security, while attackers are focusing on directly targeting our identity infrastructure. Session hijacking, multi-factor fatigue attacks, token thefts, and social engineering attacks have shown that enhanced authentication doesn’t mean enhanced security; it just shifts the risks elsewhere.  In addition, companies need to find ways to make the authentication process easier for users without compromising the system’s credibility. It isn’t simply about verifying…

Read More

Verizon DBIR 2026: What the experts are saying 

Kirsten DoyleMay 21, 202614 Mins Read

According to the 2026 Verizon Data Breach Investigations Report, the threat environment is transforming in terms of speed, scale, and interconnected risk. For the first time in its history, vulnerability exploitation was identified as the top initial access vector, representing 31% of attacks, and the report found that ransomware, third-party attacks, and misuse of AI are all on the rise, both for attack purposes and within organizations.   Increasing pressure on security teams includes worsening patch cycles, mobile-focused social engineering campaigns, and shadow AI, all of which increase the risk of source code/data leakage. What underlies all of these trends is a move toward targeting the entire software development process…

Read More

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

Kirsten DoyleMay 20, 20265 Mins Read

The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the DBIR reveals a changing face to how attackers get in, how fast vulnerabilities are exploited, and the role of AI in both attack and defense. This year’s report makes it clear that vulnerability exploitation has overtaken credential abuse as the top method of initial access to breached networks. Vulnerability exploitation overtakes stolen credentials In past years, compromised credentials were the most common reason…

Read More

NCSC warns organisations not to rush into agentic AI

Kirsten DoyleMay 19, 20265 Mins Read

UK’s National Cyber Security Centre (NCSC) has advised businesses to proceed with caution when considering the implementation of agent-based AI, suggesting that agentic AI represents an entirely different kind of security problem compared to generative AI. According to a recent blog post and global guidance, produced in cooperation with authorities in the US, Australia, Canada, and New Zealand, NCSC advised organisations to “learn to walk before you can run” when using autonomous AI capable of operating without human input. The guidelines show how agentic AI systems increase the attack surface by integrating large language models with external tools, memory, data feeds, and automation processes. As highlighted by the NCSC,…

Read More

7-Eleven Notifies Franchise Applicants After Breach Exposes Personal Data

Kirsten DoyleMay 19, 20262 Mins Read

A security breach notification process has been initiated by 7-Eleven as a result of a security incident where an outside party was able to gain access to their systems containing franchisers’ information. According to a breach notification filed with the state of Maine, the company discovered that threat actors accessed some of its internal systems on 8 April 2026. The company claims that there were just two cases involving individuals in the state of Maine, indicating that perhaps the effects of this breach were not very widespread. The compromised environment allegedly held documents related to franchising applications that contained personally identifiable information, such as applicants’ names and addresses. Additional data elements that may have been exposed…

Read More

OpenAI rotates certificates after TanStack supply chain attack hits employee devices

Kirsten DoyleMay 18, 20264 Mins Read

OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing certificates and require macOS users to update their applications by 12 June.   In a security advisory published this week, the company said it found no evidence that customer data, production systems, or intellectual property were accessed or altered during the incident. The compromise is related to a larger campaign known as “Mini Shai-Hulud,” which is an example of a software supply chain attack targeting commonly used packages from npm and PyPI repositories. The TanStack web application development framework, one of the many frameworks impacted by the attack, was exploited…

Read More

Microsoft discloses Exchange zero-day with no patch yet available

Kirsten DoyleMay 18, 20263 Mins Read

Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server. Although Microsoft has not issued any patches for this security vulnerability, they suggested two possible mitigations until a solution becomes available. According to Microsoft, one preferred mitigation strategy is to activate the Exchange Emergency Mitigation (EM) Service, which provides protection for all customers whose EM Service remains enabled by default. The announcement was made at a time when Microsoft was releasing its May 2026 Patch Tuesday updates, which fixed more than 120 vulnerabilities across applications such…

Read More

Cyberattack on West Pharmaceutical halts manufacturing across multiple sites

Kirsten DoyleMay 15, 20265 Mins Read

West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of its infrastructure to contain the incident. “We continue to make good progress in the restoration of our systems. Our outside counsel promptly engaged Palo Alto Networks Unit 42 to support the Company’s investigation, containment, and recovery efforts, in coordination with other external experts,” the company added.” It said it has restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at…

Read More
Previous 1 2 3 4 … 60 Next
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}