top of page


Enterprise Security Tech
A cybersecurity resource for CxOs
Search


Russian Hackers Bypass Signal and WhatsApp Encryption by Targeting Backup Keys
Russian military-linked hackers are intensifying phishing campaigns against Signal and WhatsApp users, not by breaking encryption, but by convincing targets to hand over account recovery details that can unlock private messages and group chats. A new alert from the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warns that Russian intelligence services are posing as automated support bots for commercial messaging apps. The campaigns are aimed at high-value t
Jun 29


OpenAI Expands GPT-5.5-Cyber as AI Pushes Vulnerability Patching Into a New Era
OpenAI is expanding access to an improved version of GPT-5.5-Cyber, giving trusted defenders a more powerful AI model for finding, validating, and helping patch software vulnerabilities. The release is part of OpenAI’s Daybreak initiative and comes as AI is rapidly changing vulnerability research. The company says GPT-5.5-Cyber can analyze large codebases, identify security issues, validate findings in controlled environments, and generate patches for human review. OpenAI is
Jun 24


NCC Group Warns Ransomware, State Hackers, and AI Fraud Tools Are Colliding
Ransomware activity in May 2026 remained stuck at historically high levels, even as attacks dipped slightly month over month, according to a new cyber threat intelligence report from NCC Group and Fox-IT. The report recorded 749 ransomware victim listings in May, a 4 percent decline from the previous month but still part of an elevated 2026 baseline. Industrial organizations were hit hardest, accounting for 29 percent of ransomware attacks. Qilin remained the most active rans
Jun 24


Klue Breach Exposes Salesforce Data Across Cybersecurity Vendors as Icarus Claims Attack
A breach at Klue has turned a market intelligence platform into the latest pressure point in a widening wave of SaaS supply chain attacks, after hackers used a compromised legacy credential to access customer-connected cloud environments and steal data from some of the cybersecurity industry’s most recognizable names. The Vancouver-based company, which provides competitive intelligence and market research tools, disclosed that attackers accessed its systems in June and obtain
Jun 24


Critical Shynet Flaw Let Attackers Turn Web Analytics Scripts Into a Sitewide Keylogger
A pair of security flaws in Shynet, the self-hosted web analytics platform used by developers and privacy-conscious website owners, shows how even lightweight tracking software can become a powerful attack surface when it sits inside the browser flow of multiple sites. Security researchers at Bishop Fox disclosed two vulnerabilities in Shynet version 0.13.1 that could allow unauthenticated attackers to compromise tracked websites or hijack user accounts. The most serious issu
Jun 24


Malicious AI Coding Plugins Hit JetBrains Marketplace, Stealing API Keys From Developers
A coordinated malware campaign on the JetBrains Marketplace is turning trusted developer tools into a credential theft pipeline, according to new research from Aikido Security. Researchers identified 15 malicious JetBrains plugins posing as AI coding assistants for DeepSeek and other large language models. The plugins advertise common developer features such as chat, code review, commit message generation, bug detection, and unit test creation. The catch: when users enter an
Jun 17
bottom of page