ALL POSTS

Key Findings: Incident Response Team SA DE CV (ShieldForce), a leading cybersecurity provider in Mexico and Latin America, has partnered with AccuKnox, a Zero Trust CNAPP platform, and DeepRoot Technologies, a global cybersecurity service provider. The partnership aims to accelerate the adoption of Zero Trust strategies and AI Security innovation across the region. ShieldForce's CEO, Francisco Villegas, recently presented on the importance of Zero Trust CNAPP in modern enterp

Key Findings Microsoft has uncovered a novel side-channel attack, dubbed "Whisper Leak", that can identify AI chat topics in encrypted traffic The attack allows an attacker to observe encrypted TLS traffic and use trained classifiers to infer whether the conversation topic matches a sensitive target category This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to the privacy of user and enterprise communications Background

Background Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities. The extension, named "susvsex," was uploaded on November 5, 2025, by a user named "suspublisher18." The extension was designed to automatically activate itself on any event, including installing or when launching VS Code, and invoke a function named "zipUploadAndEncrypt." Extension Functionality The "zipUploadAndEncrypt" function creates a Z

Background Google's Threat Intelligence Group (GTIG) has identified a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real-time, helping it evade detection more effectively. Cybercriminals are increasingly using AI to build malware, plan attacks, and craft phishing lures. Recent research shows AI-driven ransomware like PromptLock can adapt during execution. Malware with Novel AI Capabilities GTIG has identified malware familie

Background In the late 1960s, science fiction author Philip K. Dick explored the traits that distinguish humans from autonomous robots in his novel "Do Androids Dream of Electric Sheep." As advances in generative AI allow us to create autonomous agents that can reason and act on humans' behalf, we must consider the human traits and knowledge we must equip these agentic AI with to enable them to act autonomously, reasonably, and safely. One crucial skill we need to impart on o

Background Nikkei Inc., a major Japanese financial news and media group, including the Financial Times, disclosed a data breach affecting its internal Slack workspace. The breach was first discovered in September 2023 after noticing unusual logins to employee messaging accounts. The incident led to the exposure of sensitive, private information belonging to over 17,000 people, including employees and business partners. Key Findings The Entry Point: A Stolen Slack Account The

Background Gladinet CentreStack and Triofox are enterprise file-sharing and cloud storage solutions designed for businesses. CentreStack provides a secure platform for file sharing, syncing, and collaboration, integrating on-premises storage with cloud access. Triofox offers a hybrid cloud solution that enables secure remote access to existing Windows file shares and SMB/NFS storage. CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External

Background Brinker is a narrative intelligence company dedicated to combating disinformation and influence campaigns. The company was founded by Benny Schnaider, Daniel Ravner, and Oded Breiner. Key Findings Brinker has announced that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board. Flores' appointment strengthens Brinker's mission to transform the fight against disinformation, moving from detection to real-ti