Dataproof Communications

Sensor Intel Series: January 2026 CVE Trends - Read more

Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand for their operators.Cisco Talos found clear indications that implants also exist for Windows, with the capability to load...

The manual operations gap can be a business risk Manual threat hunting requires 27 steps that burn analyst time Autonomous Threat Operations can reduce 27 steps to 5 Autonomous operations prove measurable ROI - Read more

Microsoft has released its monthly security update for February 2026, which includes 59 vulnerabilities affecting a range of products, including two that Microsoft marked as “Critical”. CVE-2026-21522 is a critical elevation of privilege vulnerability affecting Microsoft ACI Confidential Containers. Successful exploitation of this vulnerability could enable an authorized attacker to escalate privileges on affected systems. This vulnerability is not listed as publicly disclosed and received a CVSS 3.1 score of 6.7.  CVE-2026-23655 is a critical...

Apple says seven more US states plan to support iPhone driver’s licenses, expanding Apple Wallet digital IDs already live in 13 states. The post Apple Expands iPhone Driver’s Licenses to 7 US States appeared first on TechRepublic. - Read more

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google Calendar events. The post 10K Claude Desktop Users Exposed by Zero-Click Vulnerability appeared first on TechRepublic. - Read more

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore something we need to lock down before it gets out of hand.But as a security...

High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files - Read more

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|<=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, CVE-2025-66603, CVE-2025-66604, CVE-2025-66605, CVE-2025-66606, CVE-2025-66607, CVE-2025-66608) CVSS Vendor Equipment Vulnerabilities v3 8.2 Yokogawa Yokogawa FAST/TOOLS Generation of Error...

CVSSv3 Score: 7.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests.FortiSandbox PaaS versions 4.4.8 and 5.0.5 contains the fix for this vulnerability. Revised on 2026-02-10 00:00:00 - Read more