Ross McKerchar began his Sophos career as the firm’s first security engineer 18 years ago and is now the company’s CISO. We discussed his journey and the role of the CISO. “Like most youngsters, I played video games as a… Read More "CISO Conversations: Ross McKerchar, CISO at Sophos"
A newly uncovered malware campaign is combining ClickFix delivery with AI generated evasion techniques to steal enterprise user accounts and passwords. The attacks are designed to provide intruders with persistent, credential-stealing access to networks, complete with a hidden mechanism which… Read More "DeepLoad Malware Combines ClickFix With AI-Code to Avoid Detection"
Over 20,000 users installed malicious Chrome extensions designed to provide a backdoor, steal information, or inject ads, cybersecurity firm Socket reports. The nefarious extensions have been published using five different accounts, namely GameGen, InterAlt, SideGames, Rodeo Games, and Yana Project,… Read More "100 Chrome Extensions Steal User Data, Create Backdoor"
A signed software operation linked to a company called Dragon Boss Solutions LLC has reportedly been silently disabling antivirus products on more than 23,000 endpoints worldwide According to research published by Huntress on Tuesday, the campaign used a legitimate code-signing certificate… Read More "Signed Adware Operation Disables Antivirus Across 23,000 Hosts"
Model Context Protocol (MCP) has been a boon to agentic AI users and is widely used and trusted locally by companies adopting agentic AI internally. Introduced by Anthropic in November 2024, it provides a standard connector between agents and data.… Read More "‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks"
Ravie LakshmananApr 15, 2026Threat Intelligence / Cloud Security Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure,… Read More "n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails"
OpenAI has launched a new large language model (LLM) focused on use cases for cybersecurity and expanded its Trusted Access for Cyber (TAC) program, as the AI company behind ChatGPT looks to enhance how its models can be deployed for… Read More "OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI"
Sweden said Wednesday that a pro-Russian group with links to Russia’s security and intelligence services was behind a cyberattack on a heating plant last year. The announcement followed warnings from officials in Poland, Norway, Denmark and Latvia that Russia is… Read More "Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure"
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security… Read More "The Architecture Exposure Validation Requires"
ENISA, the EU’s Cybersecurity Agency, is strengthening its ties with the US-funded Common Vulnerabilities and Exposures (CVE) program, a top leader of the agency has announced. Invited to speak at VulnCon26’s opening keynote in Scottsdale, Arizona, on April 14, Nuno Rodrigues… Read More "ENISA Seeks Top-Tier Status in CVE Program"
