Enterprise Security Tech

When dozens of alumni and students at the University of Pennsylvania (Penn) opened their inboxes on Friday, they encountered more than a phishing lure—what appeared was a full-on reputation-assault, wrapped in the university’s own branding. What began as a shocking email blast is now being treated by Penn’s leadership as a serious cybersecurity incident. According to Reuters, the university has engaged the Federal Bureau of Investigation (FBI) and third-party cyber forensics,

This Halloween, a cheap LED party mask could do more than make you glow — it might let a stranger a few yards away swap your grin for a fox, a pumpkin, or whatever image they please. Security researchers at Bishop Fox have turned a seasonal gadget into a case study in how anecdotally safe — but technically sloppy — consumer electronics can become a live demo of insecure-by-design Internet-of-Things. Their work shows that numerous Bluetooth Low Energy (BLE) LED masks, many of

When Microsoft disclosed a critical flaw in its Windows Server Update Services (WSUS) platform earlier this month, few expected the exploit to escalate this quickly—or this creatively. Just days after the company’s out-of-band fix was released on October 23, attackers began weaponizing the vulnerability, designated CVE-2025-59287 , to infiltrate enterprise environments and hijack the very infrastructure meant to distribute trusted software updates. The Darktrace Threat Resea

In the evolving theatre of cyber-conflict, large-scale breaches are no longer just the result of a single dramatic failure—now they are nearly always the result of many  smaller failures colliding. According to recent analysis by Panaseer —a specialist in continuous controls monitoring—the statistic that sets the alarm bells ringing is stark: 70 % of major breaches stem from “toxic combinations” of overlapping cybersecurity risks. Understanding the domino effect The term toxi

When high-profile campaigns by groups like LAPSUS$ and Scattered Spider make headlines, they often leave the strong impression of technical wizardry: zero-days, clever malware, intricate breaches. But according to research from Flashpoint , that narrative misses the more profound evolution underway. Gone are the days when data extortion simply meant bulk-stealing databases: the playbook has matured to target the single most vulnerable link in modern enterprise security— human

A new class of cyber-attack has surfaced in the age of enterprise AI, and it is rewriting the data-governance rulebook. The stealthy exploit, dubbed Shadow Escape , reportedly allows bad actors to exfiltrate sensitive personal and organizational data via standard AI assistant workflows — even when all systems appear to be operating inside trusted boundaries. The vulnerability was uncovered by the security research team at Operant AI, which characterizes the attack as a zero-c