Enterprise Security Tech

Browser extensions were once treated as a mild nuisance in the security threat model. That era is over. Over the past few months, browser based attacks have accelerated in scale and ambition, shifting from opportunistic scams to coordinated campaigns that quietly compromise millions of users. In December 2025 , a set of linked extension driven attacks exposed gaps across Chrome, Edge, and Firefox, ultimately impacting nearly nine million users. Weeks later, researchers uncove

A critical security flaw in SmarterTools’ SmarterMail email platform is being actively exploited just days after a fix was released, underscoring how quickly attackers are now able to dissect patches and weaponize them against unprepared organizations. The issue, tracked initially by watchTowr Labs as WT-2026-0001, was disclosed to SmarterTools on January 8 and patched on January 15 with SmarterMail Build 9511. Within 48 hours, evidence emerged that attackers had already begu

Phishing has always borrowed from theater. What is changing now is the stage direction. New research from Okta Threat Intelligence shows that modern phishing kits are no longer static web traps. They are interactive tools designed to work in lockstep with a human voice on the other end of the line. In these hybrid attacks, a caller guides a victim through a login flow in real time while dynamically controlling what the victim sees in their browser. The result is a form of vi

Security teams have long relied on deliberately vulnerable web applications to train defenders and test internal defenses. New research shows those same tools are now being used as a shortcut into real enterprise cloud environments. An investigation by automated penetration testing firm Pentera found that threat actors are actively exploiting misconfigured security training and testing applications that have been left exposed on the public internet. These include intentiona

For years, public key infrastructure quietly did its job in the background, issuing certificates, encrypting traffic, and validating identities. Now it is becoming a frontline failure point. New research from CyberArk suggests that PKI systems are struggling to keep pace with the explosion of machine and workload identities across cloud native and zero trust environments. As certificates multiply, organizations are discovering that legacy tools and manual processes are no lo

Cybercriminals are attempting to sell what they claim is a massive cache of internal source code linked to Target, igniting fresh concern over how quietly sensitive development systems can be exposed without triggering alarms. The episode surfaced after a previously unknown threat actor posted on a well known underground forum, advertising what was described as sensitive development files allegedly taken from the US retail giant. To bolster the claim, the actor briefly publi