Infosec stories

Barracuda links surge in device code phishing attacks to EvilTokens kit as criminals exploit Microsoft 365 logins and bypass multifactor checks.

Unpatched VPN gateways are leaving organisations open to ransomware and outages, as modern Zero Trust access cuts off the exposed front door.

CrowdStrike unveils AI security coalition with Accenture, EY, IBM Cybersecurity Services, Kroll and OpenAI to spot and fix code flaws faster.

DTEX warns that AI agents controlled via Telegram and WhatsApp can quietly access files, expose credentials and exfiltrate data from endpoints.

Coro elevates Benjamin Morrell to Vice President of Security Strategy as it ties product design more closely to internal operations and AI-led protection.

Apricorn broadens its Aegis Padlock DT FIPS line with a 32TB hardware-encrypted desktop drive for offline backups and sensitive data.

Thrive widens post-Abacode push with managed compliance service for firms facing tougher rules and cyber risk.

Anthropic and OpenAI take rival paths on AI cyber tools, as one keeps access tightly restricted while the other widens vetted user access.

Everywhen warns businesses and consumers to check web addresses, padlocks and browser alerts as fake sites fuel rising cyber fraud risk.

Lineaje survey flags a widening governance gap as most firms use AI-generated code, yet few can fully see or track it.

Proofpoint warns that 36% of FIFA World Cup 2026 commercial partners still lack the strongest DMARC settings, leaving fans exposed to spoofed emails.

Check Point says Anthropic's Claude Code can quietly stash credentials in .claude/settings.local.json, which may be published in public npm packages.

Check Point and Google Cloud add governance and live monitoring to enterprise AI agents as firms race to secure autonomous workflows.

LevelBlue says unsanctioned AI agents are slipping into enterprise systems, creating a hidden governance and security blind spot for businesses.

Rubrik adds Google Cloud controls for AI agents and Cloud SQL backups as enterprises race to govern autonomous systems and protect data.

Check Point claims fourth straight win in Miercom hybrid mesh security test, scoring 99.8% and beating rivals on phishing and malware blocking.

Zscaler joins Anthropic's Project Glasswing to test Claude Mythos Preview in software scans, as the firm pushes zero trust against AI-driven attacks.

ServiceNow bolsters cyber security push with Armis buyout, adding real-time asset visibility and deepening its platform after Veza.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

CIS, Astrix and Cequence publish AI security guides for large language models, autonomous agents and MCP environments.