enterprise

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

BeyondTrust, Don't miss, enterprise, Hacktron AI, Hot stuff, News, remote access, vulnerability /

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 2026-02-09 at 13:36 By Zeljka Zorz BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day […]

React to this headline:

Loading spinner

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) Read More »

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

CISA, Code White, Don't miss, enterprise, Hot stuff, News, Ransomware, SMBs, VulnCheck, WatchTowr /

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) 2026-02-06 at 13:12 By Zeljka Zorz For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January

React to this headline:

Loading spinner

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) Read More »

Measuring AI use becomes a business requirement

Artificial Intelligence, enterprise, News, report /

Measuring AI use becomes a business requirement 2026-02-05 at 09:11 By Anamarija Pogorelec Enterprise teams already run dozens of AI tools across daily work. Usage stretches from code generation and analytics to customer support drafting and internal research. Oversight remains uneven across roles, functions, and industries. A new Larridin survey of enterprise leaders places measurement

React to this headline:

Loading spinner

Measuring AI use becomes a business requirement Read More »

AI is driving a new kind of phishing at scale

attacks, Cofense, cybercrime, cybersecurity, email security, enterprise, News, phishing, report, survey, threats /

AI is driving a new kind of phishing at scale 2026-02-05 at 09:11 By Sinisa Markovic Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths.

React to this headline:

Loading spinner

AI is driving a new kind of phishing at scale Read More »

Sandisk brings SPRandom to open source for large SSD testing

backup, enterprise, hardware, News, Sandisk, SSD, storage /

Sandisk brings SPRandom to open source for large SSD testing 2026-02-03 at 15:15 By Anamarija Pogorelec Enterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. Preconditioning steps now consume days of lab time for a single device, especially in data centers supporting AI

React to this headline:

Loading spinner

Sandisk brings SPRandom to open source for large SSD testing Read More »

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)

0-day, CISA, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, patch /

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) 2026-01-30 at 05:32 By Zeljka Zorz Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog. Investigating potential

React to this headline:

Loading spinner

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

antivirus, consumer, Don't miss, enterprise, Hot stuff, Malware, MicroWorld Technologies, Morphisec, News, supply chain compromise /

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

React to this headline:

Loading spinner

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

Blackpoint Cyber, Don't miss, enterprise, Hot stuff, Malware, News, PowerShell, Windows, Windows Server /

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer

React to this headline:

Loading spinner

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco, communication, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) 2026-01-21 at 20:57 By Zeljka Zorz Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is

React to this headline:

Loading spinner

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) Read More »

Fake browser crash alerts turn Chrome extension into enterprise backdoor

browser, Chrome, Chrome Web Store, Don't miss, enterprise, extension, Hot stuff, Huntress, Microsoft Edge, News, Remote Access Trojan, social engineering, Socket /

Fake browser crash alerts turn Chrome extension into enterprise backdoor 2026-01-19 at 17:21 By Zeljka Zorz Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user

React to this headline:

Loading spinner

Fake browser crash alerts turn Chrome extension into enterprise backdoor Read More »

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 2026-01-16 at 17:05 By Zeljka Zorz Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at

React to this headline:

Loading spinner

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) Read More »

The next big IT security battle is all about privileged access

access management, enterprise, identity management, Leostream, News, predictions /

The next big IT security battle is all about privileged access 2025-12-26 at 07:01 By Help Net Security Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in 2026 driven by new realities of cybersecurity, hybridization, AI, and more. Passwordless moves from pilot to production In 2026, passwordless authentication will

React to this headline:

Loading spinner

The next big IT security battle is all about privileged access Read More »

Microsoft 365 users targeted in device code phishing attacks

Don't miss, enterprise, Microsoft 365, News, phishing, Proofpoint, tips /

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

React to this headline:

Loading spinner

Microsoft 365 users targeted in device code phishing attacks Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

React to this headline:

Loading spinner

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Enterprise password audits made practical for busy security teams

auditing, Don't miss, enterprise, Hot stuff, News, password management, Passwork /

Enterprise password audits made practical for busy security teams 2025-12-01 at 08:36 By Sinisa Markovic Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others

React to this headline:

Loading spinner

Enterprise password audits made practical for busy security teams Read More »

CISOs are cracking under pressure

burnout, CISO, cybersecurity, Don't miss, enterprise, Nagomi Security, News, report, strategy /

CISOs are cracking under pressure 2025-11-11 at 10:29 By Sinisa Markovic Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out

React to this headline:

Loading spinner

CISOs are cracking under pressure Read More »

A new way to think about zero trust for workloads

CISO, cybersecurity, Don't miss, enterprise, Features, framework, Hot stuff, News, OpenID, research, SentinelOne, strategy, Zero Networks, zero trust /

A new way to think about zero trust for workloads 2025-11-03 at 09:10 By Mirko Zorz Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for authenticating workloads without long-lived secrets. Instead of relying on

React to this headline:

Loading spinner

A new way to think about zero trust for workloads Read More »

Passwordless adoption moves from hype to habit

authentication, CISO, cybersecurity, Dashlane, Don't miss, enterprise, News, passwordless, passwords, report, survey /

Passwordless adoption moves from hype to habit 2025-10-31 at 08:00 By Anamarija Pogorelec With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, organizations are changing how users log in, and new data shows the shift is picking

React to this headline:

Loading spinner

Passwordless adoption moves from hype to habit Read More »

AI agents can leak company data through simple web searches

agentic AI, Artificial Intelligence, cybersecurity, Data leak, Don't miss, enterprise, Features, Hot stuff, Lasso Security, News, prompt injection, research, threats /

AI agents can leak company data through simple web searches 2025-10-29 at 10:24 By Mirko Zorz When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how that same setup can be used to quietly pull

React to this headline:

Loading spinner

AI agents can leak company data through simple web searches Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

BSI, Don't miss, enterprise, Hawktrace, Hot stuff, Microsoft, NCSC-NL, News, security update, SMBs, vulnerability, Windows Server /

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

React to this headline:

Loading spinner

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

Scroll to Top