Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT assets, tickets, teams, and remote monitoring. As reported by Huntress, the campaign is using Tiflux RMM as part of phishing attacks that deploy fake documents followed by remote access tools like Splashtop, UltraVNC, and ScreenConnect. In essence, this attack campaign is among many others in which malefactors have turned to legitimate software to avoid detection. Malspam and fake document lures…
Kirsten Doyle
Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks. The new cybersecurity partnership, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), has been launched by eight leading US communications firms, including AT&T, Verizon, T-Mobile, Comcast, Charter Communications, Cox Communications, Lumen Technologies, and Zayo. The telecommunications industry fears that none of the companies have sufficient presence to effectively monitor and respond to increasingly coordinated cyberattacks. According to the founding companies, the increasing involvement of…
For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next level of security, while attackers are focusing on directly targeting our identity infrastructure. Session hijacking, multi-factor fatigue attacks, token thefts, and social engineering attacks have shown that enhanced authentication doesn’t mean enhanced security; it just shifts the risks elsewhere. In addition, companies need to find ways to make the authentication process easier for users without compromising the system’s credibility. It isn’t simply about verifying…
According to the 2026 Verizon Data Breach Investigations Report, the threat environment is transforming in terms of speed, scale, and interconnected risk. For the first time in its history, vulnerability exploitation was identified as the top initial access vector, representing 31% of attacks, and the report found that ransomware, third-party attacks, and misuse of AI are all on the rise, both for attack purposes and within organizations. Increasing pressure on security teams includes worsening patch cycles, mobile-focused social engineering campaigns, and shadow AI, all of which increase the risk of source code/data leakage. What underlies all of these trends is a move toward targeting the entire software development process…
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the DBIR reveals a changing face to how attackers get in, how fast vulnerabilities are exploited, and the role of AI in both attack and defense. This year’s report makes it clear that vulnerability exploitation has overtaken credential abuse as the top method of initial access to breached networks. Vulnerability exploitation overtakes stolen credentials In past years, compromised credentials were the most common reason…
UK’s National Cyber Security Centre (NCSC) has advised businesses to proceed with caution when considering the implementation of agent-based AI, suggesting that agentic AI represents an entirely different kind of security problem compared to generative AI. According to a recent blog post and global guidance, produced in cooperation with authorities in the US, Australia, Canada, and New Zealand, NCSC advised organisations to “learn to walk before you can run” when using autonomous AI capable of operating without human input. The guidelines show how agentic AI systems increase the attack surface by integrating large language models with external tools, memory, data feeds, and automation processes. As highlighted by the NCSC,…
A security breach notification process has been initiated by 7-Eleven as a result of a security incident where an outside party was able to gain access to their systems containing franchisers’ information. According to a breach notification filed with the state of Maine, the company discovered that threat actors accessed some of its internal systems on 8 April 2026. The company claims that there were just two cases involving individuals in the state of Maine, indicating that perhaps the effects of this breach were not very widespread. The compromised environment allegedly held documents related to franchising applications that contained personally identifiable information, such as applicants’ names and addresses. Additional data elements that may have been exposed…
OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing certificates and require macOS users to update their applications by 12 June. In a security advisory published this week, the company said it found no evidence that customer data, production systems, or intellectual property were accessed or altered during the incident. The compromise is related to a larger campaign known as “Mini Shai-Hulud,” which is an example of a software supply chain attack targeting commonly used packages from npm and PyPI repositories. The TanStack web application development framework, one of the many frameworks impacted by the attack, was exploited…
Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server. Although Microsoft has not issued any patches for this security vulnerability, they suggested two possible mitigations until a solution becomes available. According to Microsoft, one preferred mitigation strategy is to activate the Exchange Emergency Mitigation (EM) Service, which provides protection for all customers whose EM Service remains enabled by default. The announcement was made at a time when Microsoft was releasing its May 2026 Patch Tuesday updates, which fixed more than 120 vulnerabilities across applications such…
West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of its infrastructure to contain the incident. “We continue to make good progress in the restoration of our systems. Our outside counsel promptly engaged Palo Alto Networks Unit 42 to support the Company’s investigation, containment, and recovery efforts, in coordination with other external experts,” the company added.” It said it has restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at…
