Uncovering agent logging gaps in Copilot Studio
During research, we sometimes encounter scenarios that remind us that it's a good idea to trust but verify. In September 2025, we noticed that...
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. ...
CVE program funding secured, easing fears of repeat crisis
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and...
Outbreak Alert- Annual Report 2025
In 2025, the FortiGuard Labs team processed and blocked 3.8 trillion vulnerability exploitation attempts, preventing 2.71 billion malware deliveries, and blocking 257 million newly...
9th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
AkzoNobel, a Netherlands-based...
UK to launch cyber fraud squad in April
The UK’s new Online Crime Centre, launching next month, will bring together government, police, intelligence agencies, banks, mobile networks and tech firms to take...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2021-22054 Omnissa Workspace ONE Server-Side Request...
5 myths about Elastic Cloud Serverless debunked
Elastic Cloud Serverless APIs have no version numbers and won't break; they're managed like any SaaS service. This post busts five common myths from...
Behind the console: Active phishing campaign targeting AWS console credentials
Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure. - Read...
Latest article
Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware
Microsoft Defender triggered widespread false positive alerts after a faulty security update caused it to flag two legitimate DigiCert root certificates as malicious, potentially...
Microsoft Shell Spoofing Zero-day Vulnerability
What is the Attack? A newly disclosed vulnerability, CVE-2026-32202, has emerged...
AI agents can bypass guardrails and put credentials at risk, Okta study finds
An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent...
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other...
