Enterprise Security Tech

This guest post was contributed by Amit Shuster, VP Product, Vetric.io Cybercriminals have always targeted senior executives. What's changed is how effectively they can now impersonate them. Deepfake technology has matured to the point where an AI-generated video of a CEO endorsing a fraudulent investment scheme, or an audio clone directing an employee to wire funds, can be nearly indistinguishable from the real thing. Deloitte estimates deepfake-enabled fraud losses could r

The post-compromise technique abuses Windows Recovery Environment to create persistent access to BitLocker-encrypted data, with no patch currently available. According to the Cyderes Howler Cell team, a newly disclosed Windows zero-day called GreatXML can turn Microsoft Defender’s offline scanning process into a pathway for accessing BitLocker-encrypted data without a recovery key or user credentials. The technique targets the interaction between Windows Recovery Environment,

The phishing-as-a-service operation uses Microsoft device codes, stolen authentication tokens and AI-generated business email compromise messages to help attackers bypass traditional account defenses. A newly analyzed phishing platform known as Kali365 is giving cybercriminals an unusually complete toolkit for compromising Microsoft 365 accounts and converting stolen access into financial fraud. Huntress researchers uncovered the operation after detecting a spike in device co

Hackers accessed a significant amount of personal data belonging to University of Nottingham students and alumni, potentially including financial records, National Insurance numbers and protected characteristics. The university detected unauthorized activity in its Campus Solutions student records system on Tuesday and took affected systems offline. It has contacted impacted individuals and reported the incident to Action Fraud, the Information Commissioner’s Office and other

A vulnerability in Meta’s AI-assisted account recovery system allowed attackers to hijack 20,225 Instagram accounts by redirecting password reset links to email addresses they controlled. The flaw affected High Touch Support, or HTS, an AI-powered system designed to help locked-out Instagram users recover their accounts. The recovery process failed to properly confirm that a newly submitted email address was already associated with the account being targeted. Attackers could