In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!

AI is no longer an experiment in the security stack — it’s becoming the centerpiece. Foundry’s 2025 Security Priorities Study finds that 58% of organizations plan to boost spending on AI-enabled security tools next year, signaling a decisive shift from curiosity to commitment. And it’s not just budgets following the trend. The research finds 93% say they’re already using or are actively researching using AI in their security technologies over the next 12 months. The urgency makes sense. CISOs are watching attackers weaponize generative AI to automate phishing, create deepfakes, and craft more convincing social engineering campaigns. In response, they’re turning to agentic and generative AI to harden defenses, augment analysts, and improve resilience at scale. Foundry At the...

Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking forum, commonly used for the leaking of stolen data, and the sale of hacked credentials.However, observers are warning the takedown - although worthy and laudable - may be more symbolic than final, as a version of BreachForums on the dark web remains active.If you visit breachforums.hn today you will be greeted by an animated seizure announcement, featuring the logos of the United States Department of Justice, FBI, France’s BL2C cybercrime unit, and Paris Prosecutor’s Office.Rather than the usual messageboard where cybercriminals traded their wares, the site not points to a specialist subdomain of the website of the Internet Complaint Center (IC3),...

Oct 11, 2025Ravie LakshmananCloud Security / Network Security Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of the activity is said to have commenced on October 4, 2025, with more than 100 SonicWall SSL VPN accounts across 16 customer accounts having been impacted. In the cases investigated by Huntress, authentications on the SonicWall devices originated from the IP address 202.155.8[.]73. The company noted that in some instances, the...

Business email compromise, commonly known as “BEC” has become a major issue inthe corporate world. Globally, this condition has been a challenge for the legalauthorities as to exactly who is liable for the damages caused by BEC. South Africancompanies are suffering under the weight of BEC crimes as the courts grapple with themultitude of cases coming before them. This form of cyber attack is appearing in SouthAfrica as some of the highest around the world. As legal complications continue, SouthAfrican businesses are now turning their attention to methods they can use to protect theirfinances and reputations.The official definition of BEC is: “a criminal act where criminals illegally access anemail account and communicate as if they are the user”.  In other words, it’s a...

The Digital Personal Data Protection (DPDP) Act 2023 has reshaped the approach that enterprises take towards data protection. Compliance can no longer be a reactive practice; it must be smart, agile, and open. Business organizations must operate consent, facilitate early breach alerts, and keep responsibility in ever-more complicated internet ecosystems. The core of this transformation is technology. AI, blockchain, and automation are the keys to integrating privacy into operations, providing resilience, and transforming compliance into a strategic asset instead of a liability. The Importance of Technology to DPDP Act The DPDP Act lays emphasis on standards like consent, data minimization, purpose limitation, and breach notification. On the one hand, these principles sound simple,...

A Chinese-speaking cybercrime group is hijacking trusted Internet Information Services (IIS) worldwide to run SEO scams that redirect users to shady ads and gambling sites, Cisco Talos has found. The group, tracked as UAT-8099, exploit IIS servers that have a good reputation to manipulate search engine results for financial gain. The compromised IIS servers redirect users to unauthorized advertisements or illegal gambling websites.  The IIS servers affected were identified in India, Thailand, Vietnam, Canada and Brazil, targeting organizations such as universities, tech firms and telecom providers. This was based on Cisco's file census and DNS traffic analysis. The majority of their targets are mobile users, encompassing not only Android devices but also Apple iPhone devices....

You face no shortage of challenges in securing your organization from cyberattacks. The threat landscape continues to evolve, attack surfaces are expanding with the advent of new technologies, new adversary tactics and techniques keep emerging, and there’s more scrutiny than ever about what you’re doing to safeguard your environment. Accurately assessing where you’re vulnerable to threats isn’t easy. Testing your defenses is an effective, proactive way to measure the strength of your security and set a course for lowering your risk before a threat actor strikes. Put your defenses to the test and determine your risk Introducing Sophos Advisory Services – proactive security testing services that provide expert, independent assessment of your cyber defenses and recommendations for...

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Key points of this blogpost: In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste. These discoveries lead us to believe with high confidence that Gamaredon is collaborating with Turla. Turla’s victim count is very low compared to the number of Gamaredon compromises, suggesting that Turla choose the most valuable machines. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. Threat actor profiles Gamaredon Gamaredon has been active since...

The U.S. Marine Corps is celebrated for its precision and ability to adapt on the battlefield. But behind the IT scenes, another battle was taking place against outdated IT systems that made it harder to serve Marines and their families. That’s where Marine Corps Community Services took command. The organization is the department within the USMC responsible for programs that improve Marine quality of life, from child care and family counseling to fitness centers, retail stores, and dining facilities. Yet, MCCS was bogged down by sluggish IT processes. Approvals for new systems—known as authorizations to operate (ATOs)—could take years and cost more than $1 million per system. These roadblocks made it difficult to keep pace with modern needs. “With IT service delivery, there are...

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers. Image: Shutterstock. Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news. ISPs like Stark are called...

Sep 11, 2025Ravie LakshmananArtificial Intelligence / Mobile Security Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media transparency. C2PA's Content Credentials are a tamper-evident, cryptographically signed digital manifest providing verifiable provenance for digital content such as images, videos, or audio files. The metadata type, according to Adobe, serves as a "digital nutrition label," giving information about the creator, how it was made,...

The UN Reveals Widespread Trafficking into Online Scam Operations Every day, thousands of lives are torn apart in the shadows of Southeast Asia. A harrowing UN Human Rights Office (OHCHR) report from 29 August 2023 reveals that hundreds of thousands of individuals have been trafficked and forced into online scam operations, often under brutal and inhumane conditions. Across the region, particularly in Cambodia and Myanmar, victims are coerced into carrying out romance scams, crypto fraud, and illegal gambling from clandestine “scam centres” or compounds. The numbers are staggering: credible estimates suggest at least 120,000 people in Myanmar and around 100,000 in Cambodia are being held and forced into these operations The Human Toll: Victims, Not Perpetrators These trafficked...

Artificial intelligence (AI) redefines the financial landscape as it never happened before, getting approval of credits quicker in an automated fashion, detecting fraud, and increasing access to services. Such transformative power comes with a great responsibility. AI has the potential of democratizing finance, and this will depend on the responsible way it will be embraced and implemented. Financial inclusion once a distant aspiration is now within reach, provided we guide AI with ethical intent and inclusive design. The time for action is now. The Dual Power of AI: Opportunity and Risk AI offers game-changing potential in tackling financial exclusion, especially in regions where traditional banking models fail. Through technologies such as: Machine learning-based credit scoring...

Bridgestone has confirmed it is responding to a cyber incident that has impacted several of its manufacturing sites in North America. The incident impacted the tire manufacturer’s two plants in Aiken County, South Carolina, local TV station WRDW reported on September 1. It is understood that the sites remained operational. However, employees whose jobs were impacted were offered the options to stay at work and do preventive maintenance and receive a full day’s pay or to go home without pay. In the city of Joliette, in the Canadian province of Quebec, a Bridgestone facility employing 1400 has halted operations since August 31, according to several local media outlets. After being told to stay home and fearing the risk of not being paid, the employees of the Joliette plant will...

Sophos Endpoint + Taegis. The best of both worlds. I’m delighted to announce that Sophos Endpoint is now natively integrated and automatically included in all Taegis™ Extended Detection and Response (XDR) and Taegis Managed Detection and Response (MDR) subscriptions. Customers gain immediate access to combined prevention, detection, and response capabilities in a single platform – while lowering costs and simplifying operations. The integration follows Sophos’ acquisition of Secureworks in February 2025 and represents a major milestone in combining the companies’ strengths to help customers defeat cyberattacks with a higher ROI. Endpoint protection remains one of the most critical layers of defense against today’s cyberthreats, delivering both frontline prevention and vital...

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news 28 Aug 2025 As August 2025 comes to a close, ESET Chief Security Evangelist Tony Anscombe reviews a selection of the top cybersecurity stories that moved the needle, raised the alarms or offered vital lessons over the past 30 or so days, as well as offers insights they hold for your own cyber-defenses: Don't forget to check out the July 2025 edition of Tony's monthly security news roundup for more insights. Connect with us on Facebook, X, LinkedIn and Instagram. Source link

“The fundamental issue here is that key pieces of our critical infrastructure, for example network technologies like core routers, remain far too easy to compromise and gain persistence on,” said David Shipley of Beauceron Security. “China’s rampant success is the bill come due for insecurity-by-design.” Critical infrastructure, sensitive comms targeted This week, intelligence agencies in the US, UK, Canada, Australia, New Zealand, Finland, Germany, Italy, Czech Republic, Japan, Poland, Spain, and the Netherlands issued a joint cybersecurity advisory about Salt Typhoon. The group became notorious after having breached major US telecom and internet service providers (ISPs), including AT&T, Verizon, T-Mobile, Lumen Technologies, Charter, Consolidated, and Windstream...

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself as a “soulless project that is made for profit.” A machine-translated version of Gambler Panel’s affiliate website. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular athletes or social media personalities. The ads invariably state that by using a supplied “promo code,” interested players can claim a $2,500 credit on the advertised...

In episode 65 of The AI Fix, a pigeon gives a PowerPoint presentation, Mark plays Graham a song about the Transformer architecture, a robot dog delivers parcels, some robots fall over at the World Humanoid Robot Games, and Graham takes credit for one of computing’s greatest insights. Plus, Graham explains why Microsoft doesn’t want you to use Excel’s new Copilot feature in any spreadsheet calculations that are meant to be useful, accurate, reproducible, or relied on for anything important, and Mark discovers what happened when researchers gave 500 AIs their own social network. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley. Hosts: Graham Cluley:  @grahamcluley.com  @[email protected] Mark...

Aug 24, 2025Ravie Lakshmananmalware / Supply Chain Security Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor," Socket researcher Kirill Boychenko said. The deceptive package, named "golang-random-ip-ssh-bruteforce," has been linked to a GitHub account called IllDieAnyway (G3TT), which is currently no longer accessible. However, it continues to be available on pkg.go[.]dev. It was published on June 24, 2022. The software supply chain security company said the Go module works...