Author: Staff Writer

Quick Takeaways Recognition and Leadership: Pillar Security has been awarded Frost & Sullivan’s 2025 Competitive Strategy Leadership Award for its innovative approach in AI-driven cybersecurity, emphasizing its ability to enable responsible AI adoption for enterprises. Innovative Platform Design: Unlike competitors using legacy tools, Pillar’s platform is built from scratch with a DevSecOps-for-AI framework, ensuring robust security throughout the AI lifecycle. Key Differentiators: The platform offers unique features such as AI Asset Discovery, Adversarial Red Teaming, and Adaptive Guardrails, providing organizations with enhanced visibility and protection against emerging risks. Enterprise-Ready Solutions: Pillar supports hybrid, cloud, and on-prem environments while ensuring compliance…

Top Highlights SonicWall confirmed a security breach exposing customer firewall configuration files stored in the cloud, affecting less than 5% of its user base. The attack involved brute force tactics targeting stored backup files, which contained encrypted passwords and sensitive network information, increasing risk of exploitation. This incident highlights systemic security weaknesses across SonicWall’s products and infrastructure, raising concerns about trust and comprehensive security standards. SonicWall is cooperating with law enforcement, has disabled affected backup access, and advises impacted customers to reset credentials and monitor for suspicious activity. The Core Issue SonicWall recently confirmed that its MySonicWall.com platform was targeted…

Fast Facts Strategic Partnership: Centroid Systems has teamed up with Stellar Cyber to enhance managed security services on Oracle Cloud Infrastructure, responding to the increasing demand for secure cloud environments. Unified Security Solutions: The collaboration features Stellar Cyber’s Open XDR platform, which integrates advanced security tools for comprehensive visibility and faster threat response across all environments. Key Security Features: The offering includes consolidated security operations, AI-driven threat detection, seamless OCI integration, and automated responses to improve security efficiency. Commitment to Innovation: Both companies leverage their expertise to deliver cutting-edge security solutions, enhancing customer operations and reducing cyber risks in the…

Top Highlights Many devices remain vulnerable to the Pixie Dust Wi-Fi attack, discovered over a decade ago, which exploits predictable WPS PIN generation to gain unauthorized network access within seconds. An analysis of 24 current networking devices revealed only 4 have been patched against Pixie Dust, with many patches coming after 9-10 years, and some affected devices are still supported. The vulnerability persists due to systemic issues in firmware supply chains, including reuse of insecure libraries and lack of transparency, enabling silent exploitation even if WPS appears disabled in UI. This ongoing risk poses significant threats to enterprises and consumers,…

Fast Facts Rapid Recovery Solution: Absolute Security launches Rehydrate, enabling compromised Windows endpoints to be restored remotely and within 30 minutes, minimizing downtime from cyber incidents. Automated Resilience: The technology integrates into over 600 million devices, functioning even when operating systems are compromised, streamlining restoration processes at scale. Seamless Integration: Fully embedded in Absolute Secure Endpoint solutions, Rehydrate allows easy activation and supports diverse connectivity for remote and hybrid workforce scenarios. Strategic Value: With cybercrime costs exceeding $1 trillion annually, Rehydrate empowers organizations to maintain compliance and continuity, crucial for mitigating financial disasters from disruptions. Revolutionizing Endpoint Recovery Absolute Security…

Summary Points Bridgestone Americas restored its network connections after a cyberattack that disrupted production across several facilities in North and Latin America. The company is investigating the incident with third-party experts, working with law enforcement, and has not disclosed specific details such as the attack timeline or data accessed. Production has begun resuming to pre-hack levels, with ongoing monitoring; the financial impact and full recovery schedule remain undisclosed. The attack coincided with a larger industry disruption, including Jaguar Land Rover’s production delays, with the responsible hacker group and breach method still unclear. What’s the Problem? Bridgestone Americas experienced a significant…

Top Highlights Strategic Partnership: 1Password partners with Perplexity to integrate security features into Comet, an AI-driven web browser, enhancing user convenience and protection. Enhanced User Experience: The collaboration allows Comet users to seamlessly manage credentials, autofill logins, and access advanced security controls via a dedicated browser extension. Security and AI Integration: 1Password emphasizes the importance of building trust and usability in AI solutions, ensuring security is a core component from development. Key Features: The 1Password extension offers privacy-first browsing, quick login capabilities, end-to-end protection, strong authentication methods, and cross-device syncing for a secure online experience. Reinventing Security for AI Browsing…

Summary Points Collaboration Against Cybercrime: Microsoft and Cloudflare partnered to dismantle the phishing service "RaccoonO365," targeting a notorious cybercrime operation responsible for stealing Microsoft 365 credentials. Widespread Impact: RaccoonO365’s kits have compromised over 5,000 Microsoft accounts globally, targeting numerous organizations, including more than 20 healthcare entities in the U.S., posing significant public safety risks. Phishing-as-a-Service Model: This service enabled low-skill cybercriminals to conduct automated phishing attacks with ease, mimicking legitimate brands to deceive users into providing sensitive information. Enforcement Actions: Microsoft identified Nigerian mastermind Joshua Ogundipe, who is linked to at least $100,000 in cryptocurrency earnings, and submitted a criminal…

Fast Facts Since July 2024, a platform has stolen over 5,000 Microsoft credentials worldwide, enabling the targeting of up to 9,000 email addresses daily per subscription. The service could bypass multi-factor authentication, allowing persistent access to victims’ systems and generating hundreds of millions of malicious messages annually. Healthcare systems, including at least 20 US healthcare organizations, were heavily targeted, often used as entry points for ransomware that threatens patient safety. Microsoft and healthcare cybersecurity nonprofit Health-ISAC are actively taking legal action against the platform due to the substantial threat posed to medical infrastructure. Problem Explained Since July 2024, a cybercriminal…

Top Highlights Industry-First Certification: Oasis Security launched the Non-Human Identity Management Fundamentals Certification, a vendor-agnostic program designed to enhance skills for managing machine identities in the AI era. Cybersecurity Workforce Crisis: The (ISC) highlights a critical shortage of 4 million cybersecurity professionals, with significant gaps in identity and cloud security increasing risks due to autonomous AI agents. Real-World Training Framework: The certification combines self-paced modules, scenario exercises, and assessments, catering to security leaders and practitioners needing to integrate non-human identity management into enterprise systems. Empowering AI Adoption: Oasis Security aims to help organizations securely adopt agentic AI by providing governance…