Enterprise Security Tech

A massive trove of stolen login credentials, totaling nearly 150 million unique usernames and passwords, was recently found sitting exposed on the open internet, underscoring just how industrialized and fragile the modern credential theft ecosystem has become. The cache, uncovered by cybersecurity researcher Jeremiah Fowler at ExpressVPN , contained more than 149 million records and roughly 96 gigabytes of raw data. The database was neither encrypted nor protected by a passwo

Browser extensions were once treated as a mild nuisance in the security threat model. That era is over. Over the past few months, browser based attacks have accelerated in scale and ambition, shifting from opportunistic scams to coordinated campaigns that quietly compromise millions of users. In December 2025 , a set of linked extension driven attacks exposed gaps across Chrome, Edge, and Firefox, ultimately impacting nearly nine million users. Weeks later, researchers uncove

A critical security flaw in SmarterTools’ SmarterMail email platform is being actively exploited just days after a fix was released, underscoring how quickly attackers are now able to dissect patches and weaponize them against unprepared organizations. The issue, tracked initially by watchTowr Labs as WT-2026-0001, was disclosed to SmarterTools on January 8 and patched on January 15 with SmarterMail Build 9511. Within 48 hours, evidence emerged that attackers had already begu

Phishing has always borrowed from theater. What is changing now is the stage direction. New research from Okta Threat Intelligence shows that modern phishing kits are no longer static web traps. They are interactive tools designed to work in lockstep with a human voice on the other end of the line. In these hybrid attacks, a caller guides a victim through a login flow in real time while dynamically controlling what the victim sees in their browser. The result is a form of vi

Security teams have long relied on deliberately vulnerable web applications to train defenders and test internal defenses. New research shows those same tools are now being used as a shortcut into real enterprise cloud environments. An investigation by automated penetration testing firm Pentera  found that threat actors are actively exploiting misconfigured security training and testing applications that have been left exposed on the public internet. These include intentiona

For years, public key infrastructure quietly did its job in the background, issuing certificates, encrypting traffic, and validating identities. Now it is becoming a frontline failure point. New research from CyberArk suggests that PKI systems are struggling to keep pace with the explosion of machine and workload identities across cloud native and zero trust environments. As certificates multiply, organizations are discovering that legacy tools and manual processes are no lo