Enterprise Security Tech

Browser extensions were once treated as a mild nuisance in the security threat model. That era is over. Over the past few months, browser based attacks have accelerated in scale and ambition, shifting from opportunistic scams to coordinated campaigns that quietly compromise millions of users. In December 2025 , a set of linked extension driven attacks exposed gaps across Chrome, Edge, and Firefox, ultimately impacting nearly nine million users. Weeks later, researchers uncove

A critical security flaw in SmarterTools’ SmarterMail email platform is being actively exploited just days after a fix was released, underscoring how quickly attackers are now able to dissect patches and weaponize them against unprepared organizations. The issue, tracked initially by watchTowr Labs as WT-2026-0001, was disclosed to SmarterTools on January 8 and patched on January 15 with SmarterMail Build 9511. Within 48 hours, evidence emerged that attackers had already begu

Phishing has always borrowed from theater. What is changing now is the stage direction. New research from Okta Threat Intelligence shows that modern phishing kits are no longer static web traps. They are interactive tools designed to work in lockstep with a human voice on the other end of the line. In these hybrid attacks, a caller guides a victim through a login flow in real time while dynamically controlling what the victim sees in their browser. The result is a form of vi

Security teams have long relied on deliberately vulnerable web applications to train defenders and test internal defenses. New research shows those same tools are now being used as a shortcut into real enterprise cloud environments. An investigation by automated penetration testing firm Pentera  found that threat actors are actively exploiting misconfigured security training and testing applications that have been left exposed on the public internet. These include intentiona

For years, public key infrastructure quietly did its job in the background, issuing certificates, encrypting traffic, and validating identities. Now it is becoming a frontline failure point. New research from CyberArk suggests that PKI systems are struggling to keep pace with the explosion of machine and workload identities across cloud native and zero trust environments. As certificates multiply, organizations are discovering that legacy tools and manual processes are no lo

For years, enterprises have treated cloud security as a budgeting problem. Spend more, buy more tools, hire more specialists. The assumption was simple: complexity could be contained with enough investment. The latest 2026 Cloud Security Report  from Fortinet  and research partner Cybersecurity Insiders suggests that assumption is breaking down. Based on a global survey of more than 1,100 senior security leaders conducted in late 2025, the report paints a picture of organizat