The assembly line behind 1.5 million malicious domains 2026-06-12 at 11:07 By Anamarija Pogorelec Attackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were created by attackers, put to use within weeks, and concentrated among a small set of registrars, […]
The assembly line behind 1.5 million malicious domains Read More »
Threat actors are recruiting the people who hold cloud logins 2026-06-11 at 11:18 By Anamarija Pogorelec Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built
Threat actors are recruiting the people who hold cloud logins Read More »
Prompt injection still drives most agentic AI security failures in production 2026-06-11 at 08:43 By Anamarija Pogorelec A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent
Prompt injection still drives most agentic AI security failures in production Read More »
When attacks spread too far: Lessons from real cyber attack case studies 2026-06-08 at 13:09 By Help Net Security In this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei walks through a collaboration tool scam that copied Microsoft Teams,
When attacks spread too far: Lessons from real cyber attack case studies Read More »
52% of direct-to-IP threats are missing from intelligence feeds 2026-06-08 at 07:00 By Anamarija Pogorelec Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where visibility is limited. According to Palo Alto Networks’ report, this creates a visibility gap
52% of direct-to-IP threats are missing from intelligence feeds Read More »
Thieves can pull off keyless car theft in under a minute and here’s how to stop them 2026-06-05 at 09:24 By Mirko Zorz A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough.
Thieves can pull off keyless car theft in under a minute and here’s how to stop them Read More »
New Android feature promises to spot deepfake scam calls 2026-06-03 at 11:37 By Anamarija Pogorelec Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this
New Android feature promises to spot deepfake scam calls Read More »
7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your
7 hard truths security pros should know: 2026 DevOps Threats Report Read More »
AI shrinks vulnerability exploitation window to hours 2026-05-18 at 09:42 By Anamarija Pogorelec Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI systems that
AI shrinks vulnerability exploitation window to hours Read More »
Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.
Google researchers uncover criminal zero-day exploit likely built with AI Read More »
Security teams are turning to AI to survive alert overload 2026-05-11 at 08:18 By Anamarija Pogorelec The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with
Security teams are turning to AI to survive alert overload Read More »
CallPhantom Android scam reached 7.3 million downloads on Google Play 2026-05-07 at 12:00 By Anamarija Pogorelec Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play
CallPhantom Android scam reached 7.3 million downloads on Google Play Read More »
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »
Agentic attack chains advance as infostealers flood criminal markets 2026-03-12 at 08:35 By Mirko Zorz Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal forums, illicit marketplaces, and underground chat services shows a threat environment where
Agentic attack chains advance as infostealers flood criminal markets Read More »
Researchers uncover AI-powered vishing platform 2026-03-11 at 20:28 By Zeljka Zorz A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage Security researchers claim. How “press 1” vishing scams work For “press 1” scams, fraudsters spoof phone numbers of trusted
Researchers uncover AI-powered vishing platform Read More »
That attractive online ad might be a malware trap 2026-03-05 at 14:46 By Anamarija Pogorelec Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside
That attractive online ad might be a malware trap Read More »
Cloudflare tracked 230 billion daily threats and here is what it found 2026-03-03 at 19:46 By Anamarija Pogorelec Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress.
Cloudflare tracked 230 billion daily threats and here is what it found Read More »
AI risk moves into the security budget spotlight 2026-03-02 at 09:08 By Anamarija Pogorelec Enterprises are pushing AI deeper into workflows that touch sensitive data across cloud platforms and SaaS apps. The 2026 Thales Data Threat Report, based on a survey of 3,120 respondents in 20 countries, places that shift alongside growing pressure on data
AI risk moves into the security budget spotlight Read More »
Airline brands become launchpads for phishing, crypto fraud 2026-02-25 at 08:05 By Sinisa Markovic Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike domains tied to these brands, targeting travelers, employees, and business partners. Recent threat intelligence from BforeAI’s
Airline brands become launchpads for phishing, crypto fraud Read More »
AI is driving a new kind of phishing at scale 2026-02-05 at 09:11 By Sinisa Markovic Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths.
AI is driving a new kind of phishing at scale Read More »