CyberSecurity Updates

Autonomous Offensive Security Firm XBOW Raises $35 Million

Autonomous offensive security firm XBOW on Wednesday announced raising $35 million in an extension of the Series C funding round announced earlier this year. The initial Series C, in which it raised $120 million, increased the company’s valuation to more than $1 billion. The latest investment brings the total raised by XBOW to more than $270 million. The new funding came from Accenture Ventures, DNX Ventures, Liberty Global Tech Ventures, NVentures, Samsung Ventures, and SentinelOne…

Read More

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company’s firewall models. Tracked as CVE-2026-0300, the vulnerability has been described as a buffer overflow affecting the User-ID Authentication Portal (Captive Portal) service of PAN-OS software.  The zero-day affects PA and VM series firewalls, allowing an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets.  “Limited exploitation has been observed…

Read More

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco on Monday announced its intent to acquire Astrix Security, a startup focused on securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens increasingly used by applications and AI agents. In a blog post, Cisco said the acquisition is aimed at extending zero trust principles to the emerging “agentic workforce,” where AI agents and machine identities are rapidly expanding the enterprise attack surface. Astrix’s technology is designed to help organizations discover, govern, and…

Read More

Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week

Credit: SBA Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to drive U.S. innovation and global competitiveness, and the small business community is central to this mission. In this year’s blog, we shine a spotlight on some new and upcoming NIST resources that…

Read More

US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems

The Pentagon said Friday that it has reached deals with seven tech companies to use their artificial intelligence in its classified computer networks, allowing the military to tap into AI-powered capabilities to help it fight wars. Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide their resources to help “augment warfighter decision-making in complex operational environments,” the Defense Department said. Notably absent from the list is AI company Anthropic, after its public…

Read More

New Bluekit Phishing Kit Features AI Assistant

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports. Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms,…

Read More

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability 

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: OFAC hits Iranian central bank crypto reserves OFAC designated two cryptocurrency…

Read More

This month in security with Tony Anscombe – April 2026 edition

Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 – here’s some of what made the headlines this month 30 Apr 2026 With April coming to a close, it’s time for ESET Chief Security Evangelist Tony Anscombe to look back at some of the top cybersecurity stories that made the news this month. Tony also offers insights that the they may hold for…

Read More

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Mythos in the hands of attackers threatens a storm beyond the power of security teams to weather. Claude Security is designed to counter this. Anthropic’s Mythos AI model will not be the only frontier model able to compress the time-to-exploit to a meaningless number of minutes. Other foundation model developers will produce their own models with comparable capabilities – and these models will find their way into the hands of criminals and nation state adversaries.…

Read More

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image. An Archer AX21 router from TP-Link. Image: tp-link.com. For the…

Read More