Cloud & Enterprise
Cloud and enterprise IT covers identity, access, SaaS, hybrid infrastructure and corporate attack surfaces. The analysis helps readers follow risks, incidents and architectural decisions relevant to complex environments.
Shadow AI: First 8-K Filing Signals Shift from Internal Policy to Regulatory Mandate
The first SEC 8-K filing for unauthorized AI use marks a turning point for corporate governance. As Shadow AI evolves into 'vibe-coded…
CVE-2026-0257: Active Exploitation Confirmed for GlobalProtect Authentication Bypass
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257 affecting PAN-OS GlobalProtect. CISA has added the vulnerability…
Carnival Confirms Social Engineering Breach Impacting 6 Million People
Carnival Corporation has confirmed a data breach affecting 5.99 million individuals following a social engineering attack on an employ…
Trojan Detection: 33 Behavioral Signals May Challenge Complex Machine Learning Models
A new framework utilizing 33 refined behavioral features aims to detect Windows Trojans with competitive performance on standard enter…
BTMOB: The Malware-as-a-Service Erasing Technical Barriers to Android Takeover
ESET researchers have detailed BTMOB, an Android RAT sold as a service featuring a no-code builder. For a $5,000 lifetime fee, even lo…
Qumulo NeuralProtect: AI-Driven Ransomware Defense at the Point of Write
Qumulo has announced NeuralProtect, an AI-powered security layer designed to potentially intercept ransomware at the storage level, fe…
Progress Software Patches High-Severity Command Injection in Kemp LoadMaster (ZDI-26-319)
An authenticated command injection vulnerability in the customLocation parameter of Kemp LoadMaster carries a CVSS score of 8.8. While…
YellowKey: Microsoft Issues Emergency Mitigations for BitLocker Bypass
Microsoft issued temporary mitigations on May 20 for CVE-2026-45585, a BitLocker bypass vulnerability exploited through the Windows Re…
Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline
CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…
DocketWise Data Breach: 143,480 Impacted via Third-Party Repository Exposure
Legal-tech platform DocketWise has notified 143,480 individuals of a data breach involving cloned third-party repositories. The incide…
The Oncology Institute Discloses Patient Data Breach Linked to Third-Party Vendor
The Oncology Institute (TOI) confirmed in an SEC filing that unauthorized actors accessed patient data through a third-party software…
CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…