Enterprise Security Tech

The University of Phoenix has become the latest high profile casualty in a sweeping ransomware and data extortion campaign that is reshaping how attackers target higher education and enterprise software at scale. In a disclosure that surfaced quietly in early December, the for profit university confirmed that attackers gained unauthorized access to sensitive systems months earlier and ultimately exfiltrated personal and financial data tied to nearly 3.5 million people. The a

Apple has pushed out a rare round of urgent security updates after confirming that two previously unknown flaws were actively exploited in what the company describes as an extremely sophisticated campaign aimed at specific individuals. The vulnerabilities affect WebKit, the browser engine that quietly underpins much of Apple’s software ecosystem, from Safari to in app browsers embedded across iOS. In a security bulletin released this week , Apple said the flaws were used agai

A newly uncovered Android banking trojan is giving security researchers an uncomfortable sense of déjà vu — but with several twists that signal where mobile malware is headed next. The malware, dubbed Sturnus , doesn’t just steal banking credentials. It learns. It adapts. And it leverages the same encrypted-app ecosystem people trust to protect their most sensitive conversations. Researchers at ThreatFabric say Sturnus is still in its early evaluation phase, but its technical

Salesforce has pulled the emergency brake on a swath of Gainsight-published applications after uncovering suspicious activity tied to the integrations — a move that instantly set off alarm bells across the SaaS security world and reignited concerns about the increasingly fragile state of OAuth-based trust models. Shortly after 8:00 p.m. on November 19, Salesforce issued a security advisory confirming that unusual activity linked to Gainsight applications could have enabled un

Ransomware crews didn’t wait for Black Friday to get busy. New data from NCC Group shows global attacks spiked 41% in October, surging to 594 incidents — an abrupt jump that signals cybercriminals are already gearing up for the year’s most profitable stretch. October traditionally marks the beginning of ransomware’s “golden quarter,” when the mix of holiday shopping, frantic IT teams, and supply-chain pressure creates an unusually rich attack surface. This year’s early wave

Anthropic’s revelation that hackers linked to China allegedly used its Claude AI system to automate attacks against roughly 30 organizations has ignited one of cybersecurity’s most polarizing debates yet: can artificial intelligence truly orchestrate espionage on its own—or is this another case of overhyped “AI panic” masking a deeper failure of model governance? The Rise of the AI Operator According to Anthropic, the attackers disguised themselves as cybersecurity researcher