enterprise

Industrial networks continue to leak onto the internet

automation, CISO, critical infrastructure, cybersecurity, Don't miss, enterprise, Hot stuff, News, Palo Alto Networks, report, Siemens /

Industrial networks continue to leak onto the internet 2026-02-27 at 07:30 By Mirko Zorz Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report […]

Industrial networks continue to leak onto the internet Read More »

Cyber valuations climb as capital concentrates, AI security expands

Artificial Intelligence, cybersecurity, DataTribe, Don't miss, enterprise, investment, News, report, survey /

Cyber valuations climb as capital concentrates, AI security expands 2026-02-25 at 08:59 By Sinisa Markovic Venture funding in cybersecurity continued to concentrate in large private rounds at the end of 2025, driving valuations higher across stages. Data from DataTribe shows total capital invested approached $150 billion for the year, with a disproportionate share flowing into

Cyber valuations climb as capital concentrates, AI security expands Read More »

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

BeyondTrust, Don't miss, enterprise, Hacktron AI, Hot stuff, News, remote access, vulnerability /

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 2026-02-09 at 13:36 By Zeljka Zorz BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) Read More »

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

CISA, Code White, Don't miss, enterprise, Hot stuff, News, Ransomware, SMBs, VulnCheck, WatchTowr /

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) 2026-02-06 at 13:12 By Zeljka Zorz For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) Read More »

Measuring AI use becomes a business requirement

Artificial Intelligence, enterprise, News, report /

Measuring AI use becomes a business requirement 2026-02-05 at 09:11 By Anamarija Pogorelec Enterprise teams already run dozens of AI tools across daily work. Usage stretches from code generation and analytics to customer support drafting and internal research. Oversight remains uneven across roles, functions, and industries. A new Larridin survey of enterprise leaders places measurement

Measuring AI use becomes a business requirement Read More »

AI is driving a new kind of phishing at scale

attacks, Cofense, cybercrime, cybersecurity, email security, enterprise, News, phishing, report, survey, threats /

AI is driving a new kind of phishing at scale 2026-02-05 at 09:11 By Sinisa Markovic Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths.

AI is driving a new kind of phishing at scale Read More »

Sandisk brings SPRandom to open source for large SSD testing

backup, enterprise, hardware, News, Sandisk, SSD, storage /

Sandisk brings SPRandom to open source for large SSD testing 2026-02-03 at 15:15 By Anamarija Pogorelec Enterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. Preconditioning steps now consume days of lab time for a single device, especially in data centers supporting AI

Sandisk brings SPRandom to open source for large SSD testing Read More »

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)

0-day, CISA, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, patch /

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) 2026-01-30 at 05:32 By Zeljka Zorz Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog. Investigating potential

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

antivirus, consumer, Don't miss, enterprise, Hot stuff, Malware, MicroWorld Technologies, Morphisec, News, supply chain compromise /

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

Blackpoint Cyber, Don't miss, enterprise, Hot stuff, Malware, News, PowerShell, Windows, Windows Server /

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco, communication, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) 2026-01-21 at 20:57 By Zeljka Zorz Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) Read More »

Fake browser crash alerts turn Chrome extension into enterprise backdoor

browser, Chrome, Chrome Web Store, Don't miss, enterprise, extension, Hot stuff, Huntress, Microsoft Edge, News, Remote Access Trojan, social engineering, Socket /

Fake browser crash alerts turn Chrome extension into enterprise backdoor 2026-01-19 at 17:21 By Zeljka Zorz Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user

Fake browser crash alerts turn Chrome extension into enterprise backdoor Read More »

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 2026-01-16 at 17:05 By Zeljka Zorz Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) Read More »

The next big IT security battle is all about privileged access

access management, enterprise, identity management, Leostream, News, predictions /

The next big IT security battle is all about privileged access 2025-12-26 at 07:01 By Help Net Security Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in 2026 driven by new realities of cybersecurity, hybridization, AI, and more. Passwordless moves from pilot to production In 2026, passwordless authentication will

The next big IT security battle is all about privileged access Read More »

Microsoft 365 users targeted in device code phishing attacks

Don't miss, enterprise, Microsoft 365, News, phishing, Proofpoint, tips /

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Enterprise password audits made practical for busy security teams

auditing, Don't miss, enterprise, Hot stuff, News, password management, Passwork /

Enterprise password audits made practical for busy security teams 2025-12-01 at 08:36 By Sinisa Markovic Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others

Enterprise password audits made practical for busy security teams Read More »

CISOs are cracking under pressure

burnout, CISO, cybersecurity, Don't miss, enterprise, Nagomi Security, News, report, strategy /

CISOs are cracking under pressure 2025-11-11 at 10:29 By Sinisa Markovic Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out

CISOs are cracking under pressure Read More »

A new way to think about zero trust for workloads

CISO, cybersecurity, Don't miss, enterprise, Features, framework, Hot stuff, News, OpenID, research, SentinelOne, strategy, Zero Networks, zero trust /

A new way to think about zero trust for workloads 2025-11-03 at 09:10 By Mirko Zorz Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for authenticating workloads without long-lived secrets. Instead of relying on

A new way to think about zero trust for workloads Read More »

Passwordless adoption moves from hype to habit

authentication, CISO, cybersecurity, Dashlane, Don't miss, enterprise, News, passwordless, passwords, report, survey /

Passwordless adoption moves from hype to habit 2025-10-31 at 08:00 By Anamarija Pogorelec With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, organizations are changing how users log in, and new data shows the shift is picking

Passwordless adoption moves from hype to habit Read More »

Scroll to Top