Kirsten Doyle

Darktrace has uncovered a coordinated campaign of SaaS account takeovers. Attackers hid behind Virtual Private Servers, slipping into accounts, moving unseen, and wiping away the traces of phishing. The pattern was consistent: suspicious logins from VPS-linked infrastructure, swift creation of inbox rules, and deleted emails, particularly those tied to phishing. What researchers found was a portrait of a campaign built on stealth, persistence, and the calculated use of virtual infrastructure. What is a VPS, and Why Does it Matter? A VPS provides dedicated computing resources on a shared physical server. For businesses and developers, it is a useful, legitimate tool.…

AI Browsers promise a future where an Agentic AI can handle your online life. From shopping to emails, they are designed to act autonomously, to save time, to make life easier. Yet convenience has a price. Recent researach by Guardio reveals a worrying truth: security guardrails are inconsistent, sometimes absent entirely. The AI clicks, pays, and fails, often without human oversight. Welcome to what Guardio call “Scamlexity,” a new era of scam complexity, supercharged by Agentic AI. Familiar tricks hit harder than ever, while new AI-born attack vectors break into reality. “The scam no longer needs to trick you. It…

The FBI and Cisco Talos have issued fresh warnings about a Russian cyber espionage campaign that has quietly compromised network devices around the world. The threat actor, tracked as Static Tundra, is linked to the Federal Security Service’s (FSB) Center 16 unit and has been active for more than a decade. At the heart of its operations is an old weakness. Static Tundra continues to exploit CVE-2018-0171, a seven-year-old vulnerability in Cisco’s Smart Install feature. Cisco patched the flaw in 2018. Yet unpatched and end-of-life devices remain exposed. They are still being targeted. Cisco Talos describes Static Tundra as “a…

It sounds counterintuitive. An adversary exploits a system, gains access, and then patches the very hole they used to break in. Yet that is exactly what Red Canary researchers observed in a recent campaign targeting cloud-based Linux servers. The logic is simple. By fixing the exploited vulnerability, a malefactor can lock out rivals and mask their method of entry. What looks like remediation is, in reality, persistence. The Red Canary Threat Intelligence team tracked a cluster of activity exploiting CVE-2023-46604 in Apache ActiveMQ, a widely deployed open-source message broker. Once inside, the adversary moved quickly. “It’s a great way to…

Britain has abandoned its demand that Apple build a “backdoor” into its encryption systems. The change follows months of quiet talks between London and Washington, Reuters reports. In a statement posted on X, U.S. Director of National Intelligence Tulsi Gabbard, said: “As a result, the UK has agreed to drop its mandate for Apple to provide a ‘backdoor’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.” She added that the U.S. government had been working with Britain “to ensure that Americans’ civil liberties are protected.” The discussions involved President…

Colt Technology Services has been dealing with a cyberattack that has disrupted parts of its business for more than a week. The UK-based telecommunications firm, which operates in 30 countries and runs nearly 50,000 miles of fiber connecting 900 data centers, confirmed that several internal support systems remain offline.   The incident began on 12 August, when Colt detected unusual activity and took systems down as a protective measure. The move cut access to Colt Online, its Voice API platform, and hosting and porting services.  Customers who normally use web portals have been told to rely on phone or email instead,…

Workday, a cloud-based platform used for human capital managment and financial management, has disclosed a data breach after attackers gained access to a third-party CRM platform in a recent social engineering attack.  The company said bad actors contacted employees by text or phone, pretending to be from HR or IT. Their goal was to fool staff members into giving up account access or their personal information. “We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data…

In April 2025, SAP patched a critical vulnerability in NetWeaver AS Java Visual Composer. The flaw, tracked as CVE-2025-31324, allows unauthenticated remote code execution through the Visual Composer “metadata uploader” endpoint. Within weeks, proof-of-concept code appeared in public forums. Now, the exploit is no longer theoretical. Full tooling has been released. Source code is out in the open, easy to download and run. It takes little skill to weaponize. With AI assistance, even non-specialists can cause damage to systems that remain unpatched. Pathlock researchers examined the leaked exploit code. Their analysis confirms that the attack chain is simple. An attacker…

A new survey has revealed the extent to which poor coding practices are leaving UK businesses exposed. Two-thirds of senior technology leaders admitted their organisations suffered at least one breach or serious security incident in the past year. The common cause: insecure code. SecureFlag’s research found that of the 100 executives surveyed, nearly half reported facing more than one incident in twelve months. Despite the scale of the problem, 40 percent of organisations still do not require their developers to undergo regular secure coding training. “This should be a wake-up call for every business that develops software,” said Andrea Scaduto, CEO and…

A threat actor is selling secrets. Big ones. Operating under the alias Chucky_BF, the attacker has surfaced on underground forums with a staggering claim: over 15.8 million PayPal credentials for sale. The haul includes email addresses, plaintext passwords, and direct URLs to PayPal services. It’s being marketed as the “Global PayPal Credential Dump 2025.” Hackread first reported this development. The numbers are staggering. The dataset spans 1.1GB and covers accounts from email providers worldwide. But size isn’t everything here. What makes this leak particularly dangerous is its laser focus on PayPal infrastructure.  These aren’t just random credentials. The records include…