CyberSecurity Updates

25 Feb

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Attacks, Insights, Malware

The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies…

Read More
24 Feb

Faking it on the phone: How to tell if a voice call is AI or not

Information

Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers. Phil Muncaster 23 Feb 2026  •  , 4 min. read There was a time when we could believe everything we saw and heard. Unfortunately, those days are probably long gone. Generative AI (GenAI) has democratized the creation of deepfake audio and video, to the point where generating a fabricated clip is as…

Read More
24 Feb

Celebrating Two Years of CSF 2.0!

Insights

Mr. Stephen Quinn joined the National Institute of Standards and Technology (NIST) in 2004 and serves as a senior computer scientist in the Information Technology Laboratory (ITL). Mr. Quinn is the lead author for Integrating NIST risk management project work within the paradigm of Enterprise Risk Management (ERM). He is also program manager for the National Checklist Program and the National Online Informative Reference (OLIR) programs at NIST.  He is a co-originator of the NIST…

Read More
20 Feb

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Information, Insights

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the target and the legitimate site — forwarding the victim’s username, password and multi-factor…

Read More
20 Feb

Is Poshmark safe? How to buy and sell without getting scammed

Information

Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Phil Muncaster 19 Feb 2026  •  , 5 min. read Social commerce has gone mainstream. According to one estimate, the industry was on track to be worth over $1.1 trillion globally in 2025, with over half of young people buying on social media sites. But…

Read More
20 Feb

PromptSpy ushers in the era of Android threats using GenAI

Information

ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom, which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner. Because the attackers…

Read More
18 Feb

Is it OK to let your children post selfies online?

Information

Kids Online When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech. Phil Muncaster 17 Feb 2026  •  , 4 min. read The lives our children lead today are very different to our own, 20, 30 or even 40-plus years ago. And the main reason for that difference is technology. For good and bad, the advent of smartphones and social media has…

Read More
17 Feb

VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence

Information, News

Vulnerability intelligence company VulnCheck announced on Tuesday that it has raised $25 million to meet demand for its solutions. The Series B funding round, which brings the total raised by the company to $45 million, was led by Sorenson Capital, with participation from National Grid Partners, Ten Eleven Ventures, and In-Q-Tel. The money will be used to expand product development and scale growth. VulnCheck provides a platform for tracking the lifecycle of vulnerabilities and their…

Read More
14 Feb

Naming and shaming: How ransomware groups tighten the screws on victims

Information

Ransomware When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle 12 Feb 2026  •  , 6 min. read In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone. The playbook of ‘yore’ largely…

Read More
11 Feb

Kimwolf Botnet Swamps Anonymity Network I2P

Information, Insights

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers. Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions…

Read More