Business email compromise (BEC) is the digital con dressed to impress. It’s clean, calculated, and ready to fool even the sharpest eyes. These scammers don’t tell on themselves with sloppy hacks. They whisper in familiar voices, posing as your CEO,… Read More "What does business email compromise look like?"
A phishing link delivered via private messages on LinkedIn is exploiting a legitimate, open-source penetration testing tool in what cybersecurity analysts say is a campaign designed to distribute a Remote Access Trojan (RAT) to victims. The campaign has been detailed… Read More "LinkedIn Phishing Campaign Exploits Open-Source Pen Testing Tool"
Business email compromise (BEC) is the cyber equivalent of an expertly forged handwritten note—no malware fireworks, no flashing warnings, just a convincing request that tricks someone into wiring money or handing over sensitive data. Knowing how to prevent BEC should… Read More "How to prevent business email compromise"
Alongside macroeconomic volatility and geopolitical conflict, cyber risk is one of the top threats worrying today’s CEOs as they grow less confident about the short-term growth outlook for their companies. This is according to PwC’s 29th Global CEO Survey which… Read More "Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth"
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has… Read More "RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN"
When systems are attacked, we should respond. But how much better would it be if we could anticipate attacks before they strike and stop them with a proactive defense? Faced with today’s cybersecurity challenges, that is no simple task. “It’s… Read More "Cyber defense: From reactive to proactive"
Three security vulnerabilities in the official Git server for Anthropic’s Model Context Protocol (MCP), mcp-server-git, have been identified by cybersecurity researchers. The flaws can be exploited through prompt injection, allowing attackers to manipulate AI assistants into performing unintended actions without… Read More "Prompt Injection Bugs Found in Official Anthropic Git MCP Server"
A sophisticated phishing campaign impersonating cryptocurrency brokerage Bitpanda has been uncovered by cybersecurity researchers. The operation, detailed in a new advisory by the Cofense Phishing Defense Center, combines credential theft with extensive personal data harvesting, using a near-perfect replica of… Read More "Multifaceted Phishing Scheme Deceives Bitpanda Customers"
Ravie LakshmananFeb 24, 2026Cyber Espionage / Malware A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the… Read More "UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware"
Employee negligence driven by shadow AI cost organizations more than any other type of insider risk last year, accounting for 53% of the $19.5m lost on average per business, according to DTEX. The security vendor’s Cost of Insider Risks 2026… Read More "Cost of Insider Incidents Surges 20% to Nearly $20m"
