On the cybersecurity landscape, exploiting visible networks often falls to the realm of well-resourced, state-sponsored hacking groups. While infiltrating corporate systems may not be particularly challenging for these actors, ensuring the longevity of their access and maintaining undetectable communication channels poses a significant hurdle. A cyber-espionage group known as **Platinum**…
Emerging Threat: Fileless Ransomware “Sorebrect” Targets Enterprises Cybercriminals are evolving, leveraging increasingly sophisticated tactics to execute attacks. A recent report highlights the emergence of a fileless ransomware strain known as “Sorebrect.” Unlike traditional ransomware, which often relies on files to infect systems, Sorebrect injects malicious code directly into legitimate processes,…
Artificial Intelligence & Machine Learning, Governance & Risk Management, IT Risk Management Expert Warning: Power Capacity Expands While 26% of Projects Suffer Delays Jennifer Lawinski • February 24, 2026 The tech industry recorded unprecedented data center capacity growth in 2025, but 26% of projects were delayed. (Image: Shutterstock) The promise…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported a security breach involving a federal agency, attributed to threat actors affiliated with the Iranian government. The attackers exploited the Log4Shell vulnerability found in an unpatched VMware Horizon server, demonstrating a sophisticated exploitation technique. The breach, which occurred between mid-June…
WikiLeaks Reveals CIA’s ELSA Malware for Geo-Location Tracking In a recent disclosure, WikiLeaks has unveiled a new segment of its ongoing Vault 7 leak, showcasing a sophisticated malware tool named ELSA. This spyware is designed specifically for tracking the geo-location of Microsoft Windows-based PCs and laptops. The malware operates by…
Cybersecurity Update: AI-Powered Attack on Fortinet Firewalls and Other Breaches In a recent development in the cybersecurity landscape, a financially motivated threat actor, reportedly Russian-speaking, has leveraged commercial AI toolkits to compromise over 600 Fortinet firewalls. This operation was first identified by the AWS security team, indicating that the activity…
On Tuesday, the U.S. National Security Agency (NSA) issued a warning regarding a cyber threat from a group known as APT5, or Bronze Fleetwood, which has been actively exploiting a zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Gateway systems. This security flaw, cataloged as CVE-2022-27518, represents a critical…
Microsoft has recently escalated the severity rating of a previously patched security vulnerability from September 2022, now classifying it as “Critical.” This update follows findings that the vulnerability poses risks of remote code execution, significantly heightening its threat level. Identified as CVE-2022-37958 with a CVSS score of 8.1, the issue…
Fraud Management & Cybercrime, Governance & Risk Management, Remote Workforce Encouraging Thorough Verification of Candidates’ Identities Greg Sirico • February 20, 2026 An AI-manipulated image showcasing the deceptive capabilities used by certain North Korean workers. (Image: KnowBe4) Remote IT workers from North Korea present an intricate challenge for employers. Known…
