Cloud security, container security, network security
This article highlights a severe physical security lapse where a server room's lock was easily bypassed, demonstrating how weak physical security can undermine even robust digital defenses. The author uses this incident as an example of a "pwned" situation, emphasizing that cybersecurity is only as strong as its weakest link, including physical access.
A recent Qualys report indicates that a significant percentage of businesses experienced cloud-related breaches in the past year, with misconfigured services being a primary concern. The study also found that a large proportion of virtual machines across AWS, GCP, and Azure exhibit misconfigured resources.
A critical vulnerability in Nginx UI, specifically affecting its Model Context Protocol (MCP) support, is actively being exploited in the wild. Attackers can leverage this flaw to gain full server control without needing any authentication.
A critical vulnerability in the nginx-ui component allows attackers to abuse a near-maximum severity flaw. This flaw enables attackers to restart, create, modify, and delete NGINX configuration files, posing a significant risk to web server security.
Asia's digital supply chain faces unique security risks due to varying regulatory landscapes, highly interconnected digital ecosystems, and the increasing adoption of AI. These factors create a complex environment that organizations in the region must navigate to ensure security.
Two critical vulnerabilities have been discovered in Fortinet's sandbox solutions that could allow unauthenticated attackers to bypass login mechanisms and execute commands over HTTP. While there are no reports of active exploitation yet, these flaws present a significant risk to organizations using the affected Fortinet products.
Sweden's minister for civil defense has publicly attributed a cyberattack that occurred last year to a pro-Russian group. The attack specifically targeted a heating plant located in western Sweden, marking the first official acknowledgment of the incident.
Modern trucks are increasingly complex, resembling 'rolling networks' due to their extensive sensors and connectivity. This technological evolution introduces significant cybersecurity risks to the transportation sector. Industry leaders are convening at NMFTA's Cybersecurity Conference to address these emerging threats.
Microsoft has released a fix for a bug that caused unintended automatic upgrades from Windows Server 2019 and 2022 to Windows Server 2025. This issue could have disrupted operations and caused compatibility problems for organizations.
A new report by the Open Rights Group indicates that the UK's extensive reliance on Big Tech companies, primarily US-based, has created a significant national security risk. Years of integrating these services into the public sector have left the nation exposed.
Eight major industrial automation companies, including Siemens, Schneider Electric, and Mitsubishi Electric, have released new security advisories as part of ICS Patch Tuesday. These advisories address vulnerabilities within their operational technology (OT) products.
Managed Detection and Response (MDR) is presented as a practical solution for security teams struggling with alert fatigue and limited resources. The article outlines four key questions organizations should consider when evaluating MDR services to ensure they effectively enhance cyber resilience through 24/7 threat detection and the ability to distinguish real threats from noise.
Education company McGraw-Hill has confirmed a data breach resulting from hackers exploiting a misconfiguration in Salesforce. The attackers gained access to internal data and subsequently issued an extortion threat.
Organizations are rapidly adopting AI agents, creating significant security blind spots as traditional identity and access management (IAM) frameworks are inadequate for managing these autonomous systems. These agents can gain system-level access and operate at high speeds, posing risks of breaches and compliance failures. Addressing this requires treating AI agents as a distinct identity class with policy-as-code, dynamic authorization, and full observability.
Stolen credentials are a primary cause of data breaches and privilege escalation. The article explains how a Zero Trust security model, by focusing on identity, can mitigate these risks. It highlights Zero Trust's ability to restrict access, verify device trust, and prevent attackers from moving laterally within a network.
China-linked APT41 (Winnti) group is using a Linux-based backdoor to steal cloud credentials from major cloud providers like AWS, GCP, Azure, and Alibaba Cloud. The malware employs SMTP port 25 for covert command and control and uses typosquatted domains for exfiltration.
Hybrid attacks targeting critical infrastructure in Germany and deployed Bundeswehr troops abroad have significantly increased since 2022, according to Vizeadmiral Thomas Daum, Inspector of Cyber and Information Space of the German Armed Forces. These attacks, attributed to state-sponsored actors from Russia, China, Iran, and North Korea, include cyber intrusions, disinformation campaigns, and physical sabotage attempts, as observed during the NATO cyber defense exercise 'Locked Shields'.
Organizations must rigorously test their distributed denial-of-service (DDoS) defenses under realistic, high-demand conditions, such as during peak operational periods like tax filing deadlines. This proactive approach is crucial for ensuring network resilience and maintaining service availability when it matters most.
The China-linked APT41 threat group has been observed deploying a new backdoor designed to evade detection, specifically targeting cloud environments like AWS, Google Cloud, Azure, and Alibaba Cloud. This backdoor aims to harvest cloud credentials, and the group is employing typosquatting techniques to mask its command and control (C2) communications.
Security researchers have identified seven vulnerabilities in IBM WebSphere Liberty, a Java application server, which can be chained together to achieve full server compromise. The chain begins with a pre-authentication flaw (CVE-2026-1561) in the SAML Web SSO component, allowing attackers to execute arbitrary code remotely before authentication.
Federated Identity Management (FIM) is an Identity & Access Management (IAM) approach that allows users to authenticate once and access multiple services using a single digital identity. This optimizes user experience and can enhance security and resilience by reducing the need for multiple credentials, though it introduces architectural complexity.
France is initiating a move away from Windows in favor of Linux for its public administration. This shift aims to enhance security and reduce reliance on foreign software. Meanwhile, OpenAI was affected by an Axios attack, Rockstar Games experienced another hack, and the UK is proposing jail time for tech executives who fail to prevent data breaches.
Google has expanded end-to-end encryption for Gmail to Android and iOS devices for enterprise users, a move praised for offering verifiable customer-managed keys. This feature, available for specific Google Workspace editions, aims to enhance data security and regulatory compliance for organizations, particularly in regulated industries.
Iranian-linked cyber attackers are targeting thousands of U.S. industrial devices, specifically Rockwell Automation PLCs, potentially exposing critical infrastructure to attacks. The identified devices are connected to the internet, increasing their vulnerability.
The US government has issued a warning that programmable logic controllers (PLCs) are increasingly becoming targets in cyber conflicts. New research has identified 179 vulnerable operational technology (OT) devices, highlighting ongoing risks in industrial control systems.
The US government has issued a warning that hackers linked to Iran are targeting industrial control systems (ICS), specifically manipulating Programmable Logic Controllers (PLCs) and SCADA systems. The intention behind these attacks is to cause disruptions within critical infrastructure.
Multiple vulnerabilities have been discovered in the Orthanc DICOM server, a popular medical imaging software. These flaws could allow attackers to cause denial-of-service, disclose sensitive information, or even achieve remote code execution.
While many organizations invest heavily in identity and access controls for zero-trust architectures, most implementations fail at the traffic layer. Gaps often exist in how traffic enters and moves through the environment, stemming from inconsistent ownership between teams and overlooked areas like ingress paths, load balancers, and service-to-service communication.
CMMC 2.0 requires federal contractors to actively demonstrate their ability to protect sensitive government data, moving beyond self-attestation to a more risk-based approach. A key challenge for organizations is gaining a complete understanding of the scope of systems and data that fall under CMMC 2.0 controls, which often reveals a larger footprint than initially anticipated.
Google has made Device Bound Session Credentials (DBSC) generally available in Chrome 146 for Windows users. This feature aims to prevent session theft by tying web session credentials to the device, making it harder for attackers to steal and reuse them. Expansion to macOS is planned for a future release.
Chevin Fleet Solutions has taken parts of its FleetWave software offline due to a cybersecurity incident, affecting UK and US customers. This has resulted in a major outage for the fleet management SaaS platform, leaving customers unable to access their systems.
Sophos researchers tested OpenClaw, an open-source tool designed to find common network misconfigurations, on an internal network. The tool identified several security gaps, including exposed management interfaces and weak authentication, highlighting the need for regular security audits.
A critical vulnerability (CVE-2025-13926) has been identified in Contemporary Controls BASC 20T devices, specifically version BASControl20 3.1. Successful exploitation could allow an attacker to gain control over the PLC's functionality, including reconfiguring, renaming, deleting, file transfers, and making remote procedure calls.
A vulnerability in GPL Odorizers GPL750 devices allows low-privileged remote attackers to manipulate register values, potentially causing incorrect odorant injection into gas lines. Successful exploitation could lead to a critical infrastructure disruption.
Federal cybersecurity evaluators found Microsoft's cloud offerings to have a "lack of proper detailed security documentation," leading to a "lack of confidence in assessing the system's overall security posture." Reviewers struggled to understand how sensitive information is protected across servers, preventing them from vouching for the technology's security.
The article discusses how cybersecurity risk is managed in silos across different industries and regulatory bodies, leading to overlooked exposures at the seams between these systems. As digital transformation increases interconnectedness, these seams represent a growing risk surface, despite increasing security spending.
Iran-linked hackers have targeted and disrupted operations at multiple US critical infrastructure sites amidst escalating conflict. These attacks appear to be in response to the ongoing war between the US and Israel. The exact nature and impact of the disruptions are still being assessed.
The FCC has expanded its "Covered List" to ban the sale of new routers manufactured in foreign countries, citing security vulnerabilities exploited by nation-state actors. This broad ban aims to prevent domestic routers from being used in cyberattacks but is criticized for being too sweeping and potentially neglecting other vulnerable devices like IoT and smart home gadgets.
Arelion, a global IP fiber backbone operator, is enhancing its DDoS protection by employing NETSCOUT Arbor DDoS protection products. The company sought to gain a clearer understanding of its current DDoS infrastructure's efficiency and value, leading to a deeper collaboration with NETSCOUT. This partnership aims to improve DDoS protection for both Arelion's internal systems and its customer base through enhanced threat intelligence and mitigation capabilities.
NETSCOUT's Arbor Threat Mitigation System (TMS) and Arbor Sightline have received multiple 'Leader' badges on G2 for Winter 2026, specifically in DDoS protection and web security categories. These accolades are based on positive user reviews and NETSCOUT's market presence, highlighting the effectiveness of their AI/ML-powered solutions.
A new variant of the Chaos malware is now targeting misconfigured cloud deployments, expanding its reach beyond traditional routers and edge devices. This variant introduces a SOCKS proxy, allowing attackers to pivot and move laterally within compromised networks.
A critical remote code execution (RCE) vulnerability has been found in Apache ActiveMQ Classic, which has remained undetected for 13 years. Attackers can exploit this flaw to execute arbitrary commands on affected systems.
Iranian threat actors have successfully compromised internet-facing Operational Technology (OT) devices in US critical infrastructure, leading to file and display manipulation, operational disruptions, and financial losses. The attacks targeted Programmable Logic Controllers (PLCs) that were exposed to the internet.
Modern enterprise Identity and Access Management (IAM) is becoming unmanageable due to fragmentation across applications, teams, and machine identities. This leads to 'Identity Dark Matter,' where activity falls outside centralized visibility. Identity Visibility and Intelligence Platforms (IVIPs) are emerging as a solution to address this growing complexity and improve security.
Two practice web addresses linked to NHS Scotland have been compromised and are now serving links to adult content and illegal sports streams. A researcher discovered the hijacking, which affects domains used by healthcare providers.
Microsoft is reconsidering its datacenter designs, particularly for regions prone to conflict, following Iran's targeting of datacenters in the Middle East. President Brad Smith indicated that the company is exploring new designs to enhance the resilience and security of its facilities in war zones. This strategic shift aims to protect critical infrastructure from state-sponsored attacks.
Iranian-affiliated hackers are targeting internet-exposed Programmable Logic Controllers (PLCs) in U.S. critical infrastructure. These attacks have caused functional disruptions, data manipulation, and operational outages.
Federal agencies have issued a warning regarding Iran-linked hackers who are actively disrupting critical infrastructure in the United States. The attackers are reportedly manipulating Programmable Logic Controllers (PLCs) and SCADA systems, leading to operational disruptions across various sectors and raising significant concerns about the targeting of Operational Technology (OT).
Iranian-affiliated cyber actors have been escalating intrusions targeting critical US water and energy facilities, with some operations being disrupted. The FBI and other US cyber defense agencies have issued a warning about these activities.
Attack surface management (ASM) is crucial for enhancing cyber resilience by continuously identifying and prioritizing an organization's exposure to potential attackers. The article outlines five practical steps for strengthening attack resilience, emphasizing the need for comprehensive visibility across all attack surface categories. It highlights that attackers exploit gaps in visibility, making continuous discovery fundamental.
