Enterprise Security Tech

As the Internal Revenue Service moves to fully digital tax operations in 2026, cybersecurity experts warn that the modernization effort is colliding with a surge in AI-driven fraud. The result is a rapidly expanding attack surface for identity theft, refund fraud, and impersonation scams. In 2025, the IRS reported $10.59 billion in financial crime losses , with $4.5 billion tied directly to tax-related fraud. While the agency continues to strengthen its cybersecurity defenses

A newly disclosed bug in Microsoft 365 Copilot is forcing enterprises to confront an uncomfortable reality about AI integration inside productivity suites. Since late January, the AI assistant has been summarizing confidential emails in ways that bypass established data loss prevention policies, according to a service advisory. The issue, tracked internally as CW1226324 and first identified on January 21, affects the Copilot “work tab” chat experience within Microsoft 365. I

Within a single workday, a routine npm install turned into a supply chain incident that is now reverberating across the open source and AI security communities, according to an analysis from Michael Bargury, CTO of Zenity . The maintainers of Cline disclosed that version 2.3.0 of the Cline CLI was published to npm with unauthorized modifications. For roughly eight hours, developers who installed the package also pulled code associated with the OpenClaw ecosystem due to a mali

A ransomware attack on ApolloMD  has exposed the personal and medical data of more than 626,000 individuals, according to a newly published federal disclosure, underscoring the persistent cybersecurity risks facing healthcare organizations and their third-party partners. The US Department of Health and Human Services breach portal now lists 626,540 individuals as affected by the May 2025 incident, which targeted the Atlanta-based physician and practice management services pr

We sat down with Jon David of NR Labs  to challenge one of security’s most entrenched assumptions: that passing a pentest means you’re safer. Drawing on years of frontline breach response, David explains why traditional, vulnerability-centric testing no longer reflects how modern attackers actually operate, and why resilience today depends on understanding attack paths, identity abuse, and architectural weak points. David explores how organizations can move beyond compliance

The most interesting security tools do not always come from venture backed startups or vendor roadmaps. Sometimes they emerge from frustration. This week, the organization behind the RSA Conference released an open source project called Quantickle, a browser based graphing toolkit designed for analysts who spend their days untangling messy relationships between infrastructure, malware, and campaigns. It is not an enterprise platform and it is not trying to be one. Instead, i