Browsing: Threats and Vulnerabilities

User Profiling and Data Brokers: The Quiet Machine Behind the Digital Economy

Kirsten DoyleAugust 5, 20254 Mins Read

By 2024, AI had done more than disrupt industries. It had quietly supercharged one: data brokerage. Few consumers ever meet…

Menlo Security Warns of 68% Surge in Shadow AI Use as GenAI Threats Rise

Kirsten DoyleAugust 5, 20254 Mins Read

New research from browser security firm Menlo Security reveals an alarming rise in unsanctioned generative AI (GenAI) use across enterprises,…

What’s Lurking in the Shadows: AI Agents are the New Insider Threat

Art PoghosyanAugust 1, 20256 Mins Read

Accelerated AI adoption is ushering in a new security risk that is quietly taking root in enterprise environments. Shadow AI…

Sploitlight: Spotlight Exploited to Bypass macOS TCC and Steal Apple Intelligence Data

Josh Breaker RolfeAugust 1, 20253 Mins Read

Security researchers at Microsoft have uncovered a critical macOS vulnerability, dubbed Sploitlight, that allows attackers to bypass Apple’s Transparency, Consent,…

Lazarus Group Weaponizes Open Source in Global Espionage Campaign

Kirsten DoyleJuly 31, 20254 Mins Read

An investigation from Sonatype has exposed a cyber-espionage campaign by North Korea’s infamous Lazarus Group, this time targeting the tools…

Addressing control failures in airline and transport cybersecurity

Martin GreenfieldJuly 30, 20255 Mins Read

On June 27th, 2025, the FBI declared that America’s airlines are under attack from digital threats. Over the past year,…

JSCEAL: The Quiet Malware Campaign Draining Crypto Wallets

Kirsten DoyleJuly 30, 20253 Mins Read

It starts with an ad. The branding looks familiar; Coinbase, Binance, OKX. The ad promises fast trading, high returns, or…

New Malware “Auto-Color” Exploited in Live SAP NetWeaver Attack

Kirsten DoyleJuly 30, 20255 Mins Read

A newly documented attack on a US-based chemicals company is raising fresh concerns in the cybersecurity community, after researchers observed…

“Clean to Factory State”: The AI Prompt That Nearly Wiped AWS Accounts

Kirsten DoyleJuly 29, 20255 Mins Read

Amazon has quietly disclosed a near-catastrophic AI security incident that, while not making headlines, should send chills through every cybersecurity…

Code Execution Through Deception: The Gemini AI CLI Hijack That Almost Went Unnoticed

Kirsten DoyleJuly 29, 20253 Mins Read

A newly discovered vulnerability in Google’s Gemini CLI, an AI-powered tool designed to help developers explore and write code from…