Many sophisticated cyberattacks target elevated privileges so that the attackers can access to even more sensitive data—creating a compounding effect that organizations must protect against at all costs. It’s no wonder that securing privileged access is a foundational element of cybersecurity. For business users, privileged access typically gives them the ability to read and, if allowed, write to documents and data that are vital to the organization’s operations, strategy, and trade secrets. But the kind…

Al Roker never had a heart attack. He doesn’t have hypertension. But if you watched a recent deepfake video of him that spread across Facebook, you might think otherwise.  In a recent segment on NBC’s TODAY, Roker revealed that a fake AI-generated video was using his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”  “A friend of mine sent me a link and said,…

As AI continues to evolve and mature, organizations are beginning to deploy AI agents, which behave very differently from other forms of AI. Unlike generative or traditional AI, which act in response to a human prompt or request, AI agents independently perform complex tasks that require multi-step strategies. To accomplish their goals, agents must collect data from myriad sources and interact with internal and external systems. Machine identities far outnumber humans in enterprise networks, and…

A new malware variant dubbed RESURGE has been uncovered by the US Cybersecurity and Infrastructure Security Agency (CISA) and is targeting Ivanti Connect Secure appliances through a critical vulnerability. The malware leverages a stack-based buffer overflow flaw,  CVE-2025-0282, to create web shells, manipulate system files and survive system reboots. CISA’s analysis, revealed that RESURGE shares functionality with the prior SPAWNCHIMERA malware but introduces unique commands to enhance its stealth and persistence. RESURGE’s capabilities include embedding web shells for credential harvesting,…

Most people think of the internet as a globally connected resource. However, user experiences are not necessarily as consistent as they believe. Factors such as politics, regulations and censorship have made the internet a fragmented “splinternet” for some users. What are the potential implications for cybersecurity? Changes in Social Media Platforms’ Policies In the early days of the internet, people mostly went directly to website URLs and saw the same content regardless of where they…

A new cyber campaign using fake job interviews to target cryptocurrency professionals has been uncovered by security researchers. The operation, dubbed “ClickFake Interview,” was attributed to the North Korean Lazarus Group and involves social engineering tactics to distribute malicious software. According to a report published by Sekoia today, the attack chain begins with fraudulent job postings on platforms like LinkedIn or X (formerly Twitter). Threat actors posing as recruiters contact professionals in the cryptocurrency sector,…