Blog – Page 4 – Cyber Mike

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.

“This was an accidental discovery, it took a total of 4 hours to find this,” the researcher said in a post on Blogger. “If you ever attempted to use Windows Defender Offline Scan, you’re

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis).

According to a detailed report

Authorities dismantle ‘AudiA6’ ransomware crypto-laundering service

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. […]

Why AI-driven threats are exposing the limits of MSP security stacks

AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. […]

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks.

The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek.

Alert Fatigue Is Becoming a Security Threat of Its Own

As alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise.

The post Alert Fatigue Is Becoming a Security Threat of Its Own appeared first on SecurityWeek.

Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

Most good security work is invisible by design. Today is the exception.

The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories.

The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.

The bigger problem is how polished this all looks now. Mule networks run like SaaS.

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.

The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques.

The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on SecurityWeek.

Cyber News