Google's report of novel AI-enabled malware in the wild is a game changer if these capabilities are now being picked up by sophisticated attackers. It identifies two specific new malware families, "PROMPTFLUX" and "PROMPTSTEAL," that are the first to incorporate a "just in time" dynamic function creation feature that draws on an LLM.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Nikkei, the world’s largest business news outlet, which owns over 40 affiliates, including The Financial Times, and has more than 3.7 million paid subscribers and over 1.7 million daily readers, has confirmed a data breach that leaked personal information after threat actors compromised its Slack accounts.
Firewalls will always have a role in cybersecurity, but their limitations are growing. Complexity, patch delays, and encrypted blind spots have made them both essential and vulnerable.
The apparently partially politically motivated attacker claimed to have exfiltrated over 1.2 million records of personal information in the data breach, some of which dates back decades and included banking information.
The debut of IVP is more than an addition to a Hype Cycle – it’s a wake-up call. Enterprises can no longer afford to operate on blind faith that their identity tools are functioning as intended. With identities colliding in increasingly complex environments, the stakes are too high for identity security on a prayer.
The Canadian Centre for Cyber Security has warned of hacktivists breaching critical infrastructure via Internet-exposed ICS devices, posing serious safety risks.
Have you ever wondered how exactly threat actors spend their days? A recent Huntress investigation into a machine operated by a threat actor, who had installed a Huntress agent, gave an inside look into just that.
Another security breach involving US telecom companies has come to light, with a third-party contractor that interfaces between some of the industry's big names reporting discovery of unauthorized access to their systems by nation-state hackers that began in late 2024 and continued through much of 2025.
Toys “R” Us Canada, a subsidiary of the American toy giant, has confirmed a data breach after threat actors leaked the stolen customer information on the dark web.
The UN cybercrime treaty is meeting with some pushback from both the tech industry and human rights activists. Privacy and human rights organizations, to include the UN's own High Commissioner for Human Rights, have aired concerns that the treaty's definitions of crimes are too vague and open to potential abuse.










