Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. […]
Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses
We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound.
The post Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses appeared first on SecurityWeek.
Researchers Trap Scattered Lapsus$ Hunters in Honeypot
Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers.
The post Researchers Trap Scattered Lapsus$ Hunters in Honeypot appeared first on SecurityWeek.
Critical Dolby Vulnerability Patched in Android
The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers.
The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek.
Sophisticated ClickFix Campaign Targeting Hospitality Sector
Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections.
The post Sophisticated ClickFix Campaign Targeting Hospitality Sector appeared first on SecurityWeek.
Dozens of Major Data Breaches Linked to Single Threat Actor
The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations.
The post Dozens of Major Data Breaches Linked to Single Threat Actor appeared first on SecurityWeek.
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
Source: Securonix
Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector.
The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.
Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector.
The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.
What is Identity Dark Matter?
The Invisible Half of the Identity Universe
Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal.
Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows.
Traditional IAM and IGA tools govern only the nearly
Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal.
Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows.
Traditional IAM and IGA tools govern only the nearly
NordVPN Denies Breach After Hacker Leaks Data
The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems.
The post NordVPN Denies Breach After Hacker Leaks Data appeared first on SecurityWeek.
Are Copilot prompt injection flaws vulnerabilities or AI limits?
Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. […]