The Lock, Not the Alarm: How Palo Alto’s Koi Acquisition Rewrites Endpoint Security
The acquisition of Koi Security isn’t just a product play — it’s a declaration that the agentic era has created an entirely new threat surface, and the vendor who governs it first will own the next decade of enterprise security. The Week That Rewrote the Threat Model One week after ... Read More
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
Jeffrey Burt | | Amazon Web Services (AWS), cryptominers, Expel, G Data, Kaspersky Labs, Kubernetes, MDR (Managed Detection and Response), Monero, React2Shell Vulnerability, Wiz, XMRig minerSecurity researchers last year wrote about a surge in the use by threat actors of the legitimate XMRig cryptominer, and cybersecurity firm Expel is now outlining the widening number of malicious ways they're deploying the open-source tool against corporate IT operations ... Read More
Malware Campaign Abuses Booking.com Against Hospitality Sector
Jeffrey Burt | | Blue Screen of Death, Booking.com, CAPTCHA, clickfix, DCRat, Malware Campaign, Russian Cyber Threat, SecuronixSecuronix is detailing a multi-stage campaign that starts with a bogus Booking.com message that runs through a ClickFix technique and a fake Blue Screen of Death before dropping the DCRat malware that gives the attackers full remote control of the victim's system ... Read More
Google Chrome Extension is Intercepting Millions of Users’ AI Chats
Jeffrey Burt | | AI chatbots, AI data exfiltration, Anthropic, browser extension threats, Data Brokers, Google Chrome, Google Gemini, Koi Security, malicious extensions, Microsoft Copilot, Microsoft Edge, OpenAI ChatGPTA Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security ... Read More
Hackers Steal Personal Data in 700Credit Breach Affecting 5.6 Million
Jeffrey Burt | | 700Credit, class action lawsuits, Data breach, FBI, Federal Trade Commission (FTC), MFA, personal data exposure, phishing threat, supply chain breachA data breach of credit reporting and ID verification services firm 700Credit affected 5.6 million people, allowing hackers to steal personal information of customers of the firm's client companies. 700Credit executives said the breach happened after bad actors compromised the system of a partner company ... Read More
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Jeffrey Burt | | Brickstorm backdoor, China-nexus cyber espionage, cisa, Salt Typhoon, U.S. National Security Agency, Volt TyphoonChinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices ... Read More
Cybersecurity Coalition to Government: Shutdown is Over, Get to Work
Jeffrey Burt | | china espionage, CISA budget cuts, Congress, Cybersecurity Coalition, national cybersecurity, National Security Agency, Trump AdministrationThe Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country's cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks ... Read More
Hack of SitusAMC Puts Data of Financial Services Firms at Risk
Jeffrey Burt | | artificial intelligence in cybersecurity, Data breach, Financial Services Security, Third Party Security IncidentSitusAMC, a services provider with clients like JP MorganChase and Citi, said its systems were hacked and the data of clients and their customers possibly compromised, sending banks and other firms scrambling. The data breach illustrates the growth in the number of such attacks on third-party providers in the financial ... Read More
Google Uses Courts, Congress to Counter Massive Smishing Campaign
Google is suing the Smishing Triad group behind the Lighthouse phishing-as-a-service kit that has been used over the past two years to scam more than 1 million people around the world with fraudulent package delivery or EZ-Pass toll fee messages and stealing millions of credit card numbers. Google also is ... Read More
Intel Sues Ex-Employee It Claims Stole 18,000 Company Files
Intel is suing a former employee who the chipmaker claims downloaded almost 18,000 corporate files days before leaving the company. The software engineer was told he was being let go effective July 31, likely part of Intel's larger effort to shed 15% of its workforce ... Read More
