Posts

The Hacker News - ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account from The Hacker News https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html
Post a Comment
Read more

KnowBe4 - My Favorite 5 KnowBe4 Agents

Image
With over 10 years of experience in implementing AI, KnowBe4 has a ton of agents on its platform which customers can use to significantly lower risk. They help to secure the digital workforce (humans + AI agents). But five of them, all based and driven by risk scoring metrics, have become my favorites: from KnowBe4 Blog https://blog.knowbe4.com/my-favorite-5-knowbe4-agents
Post a Comment
Read more

The Hacker News - New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a from The Hacker News https://thehackernews.com/2026/05/new-ai-usage-report-enterprise-ai-risk.html
Post a Comment
Read more

The Hacker News - JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal, from The Hacker News https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html
Post a Comment
Read more

Black Hills InfoSec - Bad Habits: An ANTISOC Operation

Image
ANTISOC uses a mix of techniques from traditional penetration tests like red teams, cloud, web applications, externals, internals, and, of course, social engineering. We combine this mix of techniques with a wide-open scope, with the goal of going beyond what a typical pentest can discover. The post Bad Habits: An ANTISOC Operation appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/antisoc-operation/
Post a Comment
Read more

KnowBe4 - Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks

Image
Researchers at Push Security have analyzed a phishing platform used by organized criminal threat actors like ShinyHunters and BlackFile, finding more than 400 domains linked to attacks launched by the phishing kit. from KnowBe4 Blog https://blog.knowbe4.com/extortion-groups-automated-phishing-kits-aitm
Post a Comment
Read more

The Hacker News - GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since at least early 2025, GlassWorm operators have systematically targeted software developers, a from The Hacker News https://thehackernews.com/2026/05/glassworm-malware-takedown-disrupts.html
Post a Comment
Read more