SC Media
20 articles
How identity became the new security battleground
Exploits happen in minutes in the AI era – so 43 days to fully remediate just doesn’t cut it today.
WantToCry ransomware evades detection through SMB abuse, remote encryption
More than 1.5 million exposed SMB ports may be susceptible to brute force attacks.
APIs under pressure: How AI is rewriting the rules of enterprise security
The rapid growth of AI has created an explosion of APIs that will require new techniques to manage.
1Password and OpenAI collaborate on secure credential access for AI coding agents
The new 1Password Environments MCP Server for Codex establishes a secure runtime environment where secrets are mounted, utilized, and then discarded after us...
Carding forum B1ack's Stash releases millions of stolen credit card records
The released data is unusually comprehensive, including full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses...
DataDome launches priority protect for virtual waiting rooms
The product enhances DataDome's existing bot detection capabilities by classifying every request in real time and applying distinct access policies for diffe...
Terra Security expands platform to include network infrastructure exploitation validation
Terra's platform now allows security teams to validate vulnerabilities across web applications, AI systems, and network infrastructure from a single console.
Trump Mobile phone provider reportedly leaking customer data
A pair of YouTubers say their personal information, including mailing and email addresses, was leaked after they purchased the Trump Mobile T1 phone.
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.
Next-generation enterprise defense: Managing risk in the age of agentic AI
The advent of agentic AI demands re-engineered AI-powered SASE architectures.
Discord implements end-to-end encryption for voice and video calls
The popular platform, which serves an estimated 690 million registered users, extended its open-source DAVE encryption protocol to cover all its clients, inc...
The AiTM problem nobody's architecture actually solves
Accountability becomes the big issue following a breach – does the team know who’s responsible for what?
FBI warns of surge in crypto ATM scam losses, exceeding $388 million
Cybercriminals are reportedly instructing victims to withdraw cash and deposit it into crypto kiosks, which then transfer the funds to attacker-controlled wa...
Max-severity vulnerability in ChromaDB allows unauthenticated remote code execution
The vulnerability affects the Python API server logic within the PyPI package, which sees nearly 14 million monthly downloads.
Drupal releases emergency security update amid exploit concerns
While the specific type of vulnerability has not been disclosed, the urgency of the advisory suggests a serious flaw with a potentially short window between ...
Huawei zero-day flaw reportedly caused Luxembourg telecom outage
The outage was triggered by specially crafted network traffic that exploited a previously unknown vulnerability in Huawei enterprise routers, forcing them in...
Storm-2949 actor targets Microsoft 365 and Azure environments
Storm-2949 initiates attacks by targeting users with privileged roles, such as IT personnel or senior leadership, using social engineering tactics to obtain ...
Microsoft to phase out SMS authentication for account recovery
Microsoft has announced it will begin phasing out SMS-based authentication and account recovery, citing it as a leading source of fraud.
Microsoft disrupts Fox Tempest malware-signing service
Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing.