Latest Intelligence
Cognida.ai Launches Codien: An AI Agent to Modernize Legacy Test Automation and Fast-Track Test Creation
Cognida.ai has launched Codien, an AI agent designed to modernize legacy test automation and accelerate the process of test creation. This innovation aims to improve efficiency and effectiveness in software testing. Read Original »
Fully Patched SonicWall Gear Under Likely Zero-Day Attack
A threat actor, likely associated with the Abyss ransomware group, is exploiting a zero-day vulnerability to install the 'Overstep' backdoor on SonicWall devices that are fully patched. This indicates a significant security risk despite the devices being up-to-date. Read Original »
Securing the Budget: Demonstrating Cybersecurity's Return
The article emphasizes the importance of tying cybersecurity investments to measurable outcomes to effectively communicate their value. By demonstrating reduced breach likelihood and financial impact, CISOs can better align with stakeholders and justify their budgets based on tangible risks. Read Original »
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit
A threat group known as UNC6148 has been targeting fully-patched SonicWall SMA 100 series devices with a backdoor named OVERSTEP. This malicious activity has been ongoing since at least October 2024, highlighting the vulnerabilities in end-of-life appliances. Read Original »
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
Researchers have identified a critical design flaw in delegated Managed Service Accounts (dMSAs) in Windows Server 2025, which could lead to severe security breaches. This vulnerability allows for cross-domain lateral movement and provides persistent access to managed service accounts and their resources within Active Directory. Read Original »
AI Agents Act Like Employees With Root Access—Here's How to Regain Control
The article highlights the risks associated with deploying AI systems without proper security measures, likening them to junior employees with root access. It emphasizes the need for identity-first security to prevent unauthorized access and control issues as enterprises increasingly adopt generative AI technologies. Read Original »
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google has released a critical update for Chrome to address six security issues, including a high-severity vulnerability, CVE-2025-6558, which is actively being exploited. This vulnerability involves incorrect validation of untrusted input in the browser's ANGLE and GPU components. Read Original »
Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time
Social engineering attacks have evolved significantly, utilizing generative AI and deepfake technology to create highly convincing impersonations of executives and organizations. These sophisticated tactics go beyond simple phishing, posing serious threats to cybersecurity. Read Original »
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
A new variant of the Konfety malware has been identified, which uses the evil twin technique to facilitate ad fraud. This method involves creating a malicious app that shares the same package name as a legitimate app found on the Google Play Store. Read Original »
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google's AI framework, Big Sleep, identified a critical memory corruption vulnerability in the SQLite database engine before it could be exploited by attackers. The flaw, tracked as CVE-2025-6965, affects all versions of SQLite prior to 3.50.2. Read Original »
Altered Telegram App Steals Chinese Users' Android Data
Attackers are using over 600 domains to lure Chinese-speaking victims into downloading a compromised version of the Telegram app, which is particularly difficult to detect on older Android devices. This poses a significant risk to the personal data of users who install the vulnerable app. Read Original »
Lessons Learned From McDonald's Big AI Flub
McDonald's hiring platform faced a significant cybersecurity issue by using default credentials, which led to the exposure of sensitive information belonging to potentially millions of job applicants. This incident highlights the importance of securing access credentials to protect personal data. Read Original »
AI Is Reshaping How Attorneys Practice Law
The article discusses the growing influence of AI in the legal field, emphasizing the need for attorneys to enhance their AI literacy and understand the ethical implications of AI usage. It also highlights the importance of implementing verification protocols to ensure credibility in courtrooms affected by AI technologies. Read Original »
AsyncRAT Spawns Concerning Labyrinth of Forks
AsyncRAT, which emerged on GitHub in 2019, exemplifies the rise of open source malware that has made cybercrime more accessible. Its numerous variants create a complex landscape for cybersecurity efforts. Read Original »
Attackers Abuse AWS Cloud to Target Southeast Asian Governments
A cyber campaign targeting Southeast Asian governments has been identified, utilizing a new backdoor named HazyBeacon. This campaign leverages legitimate cloud communication channels for command-and-control and data exfiltration, obscuring its malicious activities. Read Original »