Enterprise Security Tech

Cybercriminals like to sell the illusion of professionalism. Malware dashboards are slick, subscription plans are clearly tiered, and promises of easy profits are framed with the language of software-as-a-service. But new research from CyberArk Labs shows how thin that polish can be, and how quickly the roles of attacker and victim can blur. The case centers on StealC, an infostealer that has circulated since early 2023 and is sold through a malware-as-a-service model. Buyer

A wave of LinkedIn phishing attacks is exploiting the platform’s own public comment sections, blurring the line between legitimate support messages and outright fraud in a way that security researchers say marks a new phase in social engineering. The campaign surfaced earlier this week when researchers and targeted users began warning that bot-like accounts were replying directly to posts while impersonating LinkedIn itself. The fake comments claim the recipient has violated

The University of Hawaii Cancer Center is facing growing scrutiny after quietly navigating a ransomware attack that compromised decades old cancer research data, then waiting months to inform regulators and affected individuals. According to a report filed with the Hawaii state legislature in December, attackers gained unauthorized access to servers supporting cancer research operations in late August. The intruders encrypted systems, disrupted access to research files, and

As the cybersecurity industry closes the books on 2025, the year is already solidifying around a familiar but unsettling conclusion: attackers didn’t need radically new malware to cause outsized damage. They needed people, timing, and a growing catalog of quietly catastrophic infrastructure flaws. That’s the throughline emerging from a year-end review by incident response specialists at LevelBlue , which absorbed digital forensics heavyweight Stroz Friedberg earlier this year

A new malware campaign dissected by the Securonix  Threat Research team underscores an uncomfortable truth for defenders: some of the most effective modern intrusions still rely on decades-old Windows scripting, dressed up with just enough obfuscation and in-memory trickery to stay ahead of automated detection. Tracked as SHADOW#REACTOR , the operation delivers a familiar end goal—a fully functional Remcos remote access trojan—but the path it takes to get there is anything bu

The University of Phoenix has become the latest high profile casualty in a sweeping ransomware and data extortion campaign that is reshaping how attackers target higher education and enterprise software at scale. In a disclosure that surfaced quietly in early December, the for profit university confirmed that attackers gained unauthorized access to sensitive systems months earlier and ultimately exfiltrated personal and financial data tied to nearly 3.5 million people. The a