enterprise
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender …
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with …
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of …
Shadow AI risks deepen as 31% of users get no employer training
Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at …
Cisco releases open-source toolkit for verifying AI model lineage
Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little …
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
When researchers at Wiz reported an easily exploitable GitHub remote code execution flaw (CVE-2026-3854) on March 4, the company confirmed it within 40 minutes and pushed a …
The metrics killing your SOC, and what to use instead
Security operations centres risk being rendered entirely ineffective if organizations measure them using the wrong performance indicators, according to Dave Chismon, CTO for …
Attackers use MS Teams, fake mailbox repair utility to breach organizations
A threat group has penetrated corporate networks by impersonating IT helpdesk staff on Microsoft Teams, tricking employees into downloading malware and surrendering their …
New Mirai variants target routers and DVRs in parallel campaigns
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, …
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall …
Network segmentation projects fail in predictable patterns
Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed …
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute …