Windows CE, a decades-old operating system originally designed for embedded systems, remains a crucial component of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments. However, despite its widespread use in human-machine interfaces (HMI), kiosks, and even…
Category: Information Security Buzz
Misconfigured Access Systems Expose Hundreds of Thousands of Employees and Organizations
Vast numbers of misconfigured Access Management Systems (AMS) across the globe are exposed to the public Internet, researchers from Internet Index Search Solution provider Modat have revealed. The vulnerabilities, which span a wide range of industries—including critical sectors like construction,…
‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics to Evade Detection
Researchers at Palo Alto Networks have identified a new Linux malware strain dubbed Auto-Color, which uses cunning, advanced stealth techniques to slip through the security nets and maintain persistence on compromised systems. The malware, first detected in early November last…
Expert Feature: Securing Passwords and Endpoints in the Age of AI
At a time when artificial intelligence (AI) is reshaping cybersecurity, conventional approaches to passwords and endpoint management are increasingly vulnerable. AI-powered threats are rapidly evolving, leveraging automation and deep learning to crack passwords, slip past authentication measures, and exploit weaknesses…
Trump’s Reckless NIST Purge Puts US Semiconductors, AI Safety at Risk
The Trump administration is set to significantly weaken the CHIPS Act by terminating hundreds of employees at the National Institute of Standards and Technology (NIST), the agency responsible for administering the semiconductor incentive program. President Biden signed the bipartisan CHIPS…
Ghostwriter Campaign Targets Ukrainian Government and Belarusian Opposition
Cybersecurity researchers at SentinelLABS have uncovered a new campaign linked to the long-running Ghostwriter operation, targeting Belarusian opposition activists and Ukrainian military and government entities. The campaign, which entered its active phase in late 2024, is ongoing, with recent malware…
What’s Superalignment and Why Is It Critical to Address with AI Regulation in the U.S.?
AI has become stronger each year as more industries adopt this technology. Superintelligence is on the horizon, so industry professionals must be one step ahead through superalignment. How could U.S. regulations factor into the equation? Here’s what you should know…
CISA, FBI, and MS-ISAC Warn of Ghost Ransomware Threat
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a joint Cybersecurity Advisory on Ghost (Cring) ransomware. The advisory, titled #StopRansomware: Ghost…
Massive Botnet Targets MS 365 Accounts with Password Spraying Attacks
A botnet made up of more than 130,000 compromised devices is conducting large-scale password-spraying attacks against M365 accounts, exploiting non-interactive sign-ins with Basic Authentication. This method lets malicious actors bypass modern login protections, evade multi-factor authentication (MFA) enforcement, and remain…
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
Cisco Talos has been actively tracking reports of extensive intrusion attempts targeting multiple major U.S. telecommunications companies. First identified in late 2024 and subsequently confirmed by the US government, this activity is attributed to a highly advanced threat actor known…