Enterprise Security Tech

A large-scale Linux supply chain attack has hit the Arch User Repository, exposing how quickly community package ecosystems can be turned into malware delivery networks when trust, automation and abandoned projects collide. The campaign, now tracked by researchers as Atomic Arch, began last week and had pushed more than 1,500 malicious packages into AUR by June 11. AUR is the community-maintained software hub used by Arch Linux users to share PKGBUILD scripts for software tha

This guest post was contributed by Amit Shuster, VP Product, Vetric.io Cybercriminals have always targeted senior executives. What's changed is how effectively they can now impersonate them. Deepfake technology has matured to the point where an AI-generated video of a CEO endorsing a fraudulent investment scheme, or an audio clone directing an employee to wire funds, can be nearly indistinguishable from the real thing. Deloitte estimates deepfake-enabled fraud losses could r

The post-compromise technique abuses Windows Recovery Environment to create persistent access to BitLocker-encrypted data, with no patch currently available. According to the Cyderes Howler Cell team, a newly disclosed Windows zero-day called GreatXML can turn Microsoft Defender’s offline scanning process into a pathway for accessing BitLocker-encrypted data without a recovery key or user credentials. The technique targets the interaction between Windows Recovery Environment,

The phishing-as-a-service operation uses Microsoft device codes, stolen authentication tokens and AI-generated business email compromise messages to help attackers bypass traditional account defenses. A newly analyzed phishing platform known as Kali365 is giving cybercriminals an unusually complete toolkit for compromising Microsoft 365 accounts and converting stolen access into financial fraud. Huntress researchers uncovered the operation after detecting a spike in device co

Hackers accessed a significant amount of personal data belonging to University of Nottingham students and alumni, potentially including financial records, National Insurance numbers and protected characteristics. The university detected unauthorized activity in its Campus Solutions student records system on Tuesday and took affected systems offline. It has contacted impacted individuals and reported the incident to Action Fraud, the Information Commissioner’s Office and other

A newly disclosed Windows zero-day dubbed RoguePlanet abuses Microsoft Defender’s own quarantine process to give an ordinary user the highest level of control over a Windows 11 machine. Cyderes researchers said they reproduced the local privilege escalation exploit on a fully patched Windows 11 Pro system. The attack requires no administrator rights, kernel vulnerability or memory corruption. Instead, it chains together legitimate Windows features, including Defender scans, N