Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Elastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a...
Financial
20 articles
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those ...
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and i...
Treasury asks whether terrorism risk insurance program should bolster cyber coverage
A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program. The post Treasury asks whether terrorism risk insurance...
QualDerm Partners December 2025 data breach impacts over 3 Million people
Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data.
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
3.1 Million Impacted by QualDerm Data Breach
Hackers stole personal, medical, and health insurance information from the company’s internal systems. The post 3.
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activi...
Spotting issues in DeFi with dimensional analysis
Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required,...
The Cryptographic Reset Has Begun
The 200-day TLS certificates signals a structural change in cryptographic trust. Continuous enforcement is key.
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secure...
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024
Why US companies must be ready for quantum by 2030: A practical roadmap
Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curv...
Bringing Continuous Assessment to Harbor: Scan on Push, Stay Secure Over Time
Key Takeaways DevSecOps harmony exists when development and security teams operate on a shared definition of risk using consistent data, identifiers, and pri...
Are nations ready to be the cybersecurity insurers of last resort?
A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organization...
Negotiating with the Board: Translating Active Risk into Financial Exposure
Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions.
Proton Mail Shared User Information with the Police
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment informat...
Financial Brands Targeted in Global Mobile Banking Malware Surge
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct dev...
FCA Updates Cyber Incident and Third-Party Reporting Rules
The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer