ALL POSTS

Key Findings OpenAI is launching a new $8 per month "ChatGPT Go" subscription tier, aimed at bridging the gap between free users and the $20 "Plus" tier. The most controversial aspect is the introduction of integrated advertising in both the free and Go tiers, a first for OpenAI. OpenAI is defending the ads as necessary to keep ChatGPT affordable and accessible, but privacy and cybersecurity experts are raising concerns. The company promises "answer independence" and user pri

Key Findings A new ransomware family called DeadLock was discovered in July 2025, distinguished by its innovative abuse of Polygon smart contracts to manage its command-and-control (C2) infrastructure. DeadLock embeds the proxy URL directly into the blockchain via a `setProxy` function, creating an immutable and resilient communication channel that is difficult for law enforcement to take down. This "EtherHiding" technique echoes methods previously observed with North Korean

Key Findings GootLoader malware is using a malformed ZIP archive with 500-1,000 concatenated ZIP files to evade detection The malicious ZIP file is designed to trigger parsing errors in many unarchiving tools, but can still be extracted by the default Windows unarchiver GootLoader employs "hashbusting" techniques by randomizing values in non-critical ZIP file fields to generate unique payloads for each victim The attack involves delivering the malicious ZIP as an XOR-encoded

Key Findings Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that impersonate HR and ERP platforms like Workday, NetSuite, and SuccessFactors. The extensions work together to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking. All five extensions have been removed from the Chrome Web Store, but are still available on third-party software download si

Key Findings A China-linked APT group, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least 2025. The threat actor has recently exploited a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS 9.0) to gain initial access to target networks. After obtaining a foothold, UAT-8837 deploys a range of open-source tools to harvest sensitive information, including credentials, security configurations, and Active Director

Key Findings NHIcon 2026 is a virtual conference organized by Aembit examining the technical, operational, and security challenges of agentic artificial intelligence systems in enterprise environments. The event features keynote addresses from industry leaders including Phil Venables, Misam Abbas, and Jason Clinton. The agenda includes over 20 practitioner-led sessions on topics like large language model evaluation, agent behavior, secrets management, and the OWASP Top 10 for

Key Findings AI-enhanced malware is making malware even more difficult to detect AI is used by adversaries to assess, adapt, and move faster than any cyber stack can keep up The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap Enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest Background AppGuard has r

Key Findings BreachLock expands its Adversarial Exposure Validation (AEV) solution to support autonomous red teaming at the web application layer. BreachLock AEV's generative AI-powered engine can now emulate real-world attacker behavior and validate exploitable weaknesses in web applications. AEV goes beyond identifying theoretical risks and validates their real-world exploitability and business impact. The solution provides deep contextual insights to help security teams pr

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network

Key Findings Microsoft, in collaboration with law enforcement authorities, has taken coordinated legal action to disrupt the cybercrime subscription service called RedVDS, which has allegedly fueled millions in fraud losses. RedVDS provided criminals with access to disposable virtual computers running unlicensed software, enabling them to operate anonymously and carry out various illicit activities, including phishing, business email compromise (BEC), and financial fraud. Sin

Key Findings HPE Networking has released critical software patches for vulnerabilities in its Instant On series of access points and routers. The flaws include a high-severity Denial-of-Service (DoS) vulnerability (CVE-2025-37166) that can crash devices, and an information exposure issue (CVE-2025-37165) that could leak network configuration details. The update also addresses legacy kernel-level vulnerabilities (CVE-2023-52340, CVE-2022-48839) that could lead to DoS and memor

Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47

Key Findings GitGuardian, the leading secrets and Non-Human Identity (NHI) security platform, experienced record growth in ARR and customer expansion throughout 2025. 60% of new enterprise customers signed multi-year agreements, demonstrating confidence in GitGuardian's long-term value. GitGuardian's platform now protects more than 115K developers across enterprise customers globally, with over 610K enterprise repositories continuously monitored for exposed secrets. The platf

Key Findings and Insights Preparedness is dangerously low: While 77% of CISOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. Most organizations are blind to vendors: Although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. Shadow AI is creating new attack paths: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI tools embedded in core

Key Findings Microsoft released its first security update for 2026, addressing 114 security flaws 8 vulnerabilities were rated Critical, and 106 were rated Important in severity The update includes 58 privilege escalation, 22 information disclosure, 21 remote code execution, and 5 spoofing flaws The update marks the third-largest January Patch Tuesday after January 2025 and January 2022 2 previously disclosed zero-day vulnerabilities were also addressed Background Microsoft r

Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur

Key Findings Researchers have discovered a malicious Google Chrome extension named "MEXC API Automator" that steals API keys from MEXC cryptocurrency exchange users. The extension masquerades as a tool to simplify the management of MEXC API keys for automated trading. In reality, the extension programmatically creates new API keys, enables withdrawal permissions, hides the withdrawal permission in the UI, and exfiltrates the API keys to a Telegram bot controlled by the threat

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw impacting Gogs, a lightweight, open-source, self-hosted Git service, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110, has a CVSS score of 8.7 and is a path traversal issue in the PutContents API that allows for local execution of code. The flaw is a bypass for a previously patched remote code execution (RCE) vulnerability, CVE-2024-

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Key Findings: Spanish National Police, in cooperation with Europol and Bavarian authorities, arrested 34 alleged members of the Black Axe criminal network, including 10 Nigerian nationals believed to be leaders. The coordinated law enforcement operation took place in Seville, Madrid, Malaga, and Barcelona, significantly disrupting the group's activities. Black Axe is a highly structured, hierarchical criminal organization with origins in Nigeria and a global presence in dozen