Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims
ETH Zurich researchers found 25 vulnerabilities in Bitwarden, LastPass, and Dashlane that can undermine “zero-knowledge” protections under a malicious server…
Exposed: Zero-Click RCE Vulnerability in Claude Desktop Extensions Puts Over 10,000 Users at Risk
A critical zero-click RCE vulnerability in Claude Desktop Extensions exposes over 10,000 users to remote attacks via a malicious Google…
The Chrysalis Backdoor: When Espionage Tooling Evolves in Plain Sight
Rapid7 uncovered a Lotus Blossom espionage campaign delivering the new “Chrysalis” backdoor via a compromised Notepad++ distribution chain. The tool…
149 Million Credentials Exposed: Why This Leak Matters More Than the Numbers
A leaked database with 149 million credentials proves that credential compromise is now a constant risk. For CISOs and CIOs,…
Microsoft, BitLocker and Law Enforcement: Why CISOs Should Re-Evaluate Endpoint Encryption Assumptions
Microsoft’s disclosure of providing BitLocker recovery keys to law enforcement exposes a critical misconception in enterprise security: encryption without exclusive…
Microsoft Teams adds “External Domains Anomalies” reporting to catch attackers early (Rollout: Feb–Mar 2026)
Microsoft is rolling out a new Microsoft Teams security feature—the External domains anomalies report—to help organizations detect suspicious external communications…
Everest ransomware group claims 861GB data theft from McDonald’s India — what’s known so far
McDonald’s India has been named in a new ransomware extortion claim after the Everest group alleged it exfiltrated 861GB of…
Lugano at the Center of Europe’s Cybersecurity & AI Debate: Swiss Cyber AI Conference 2026 Arrives on April 14, 2026
Swiss Cyber AI Conference 2026 lands in Lugano on April 14, 2026. A full-day event focused on cybersecurity in the…
Open-Source Python with LinkedIn Phishing: Why CISOs Must Treat Social Media as a Tier-1 Attack Surface
Attackers are moving beyond email and into social media private messages—where trust is high and enterprise visibility is low. In…
Browser Extensions: the Quietest (and newest Abused) Execution Environment in Your Enterprise
Browser extensions are a hidden attack surface: auto-updating code with broad permissions. In MS-ATP 71095, a fake “AI Sidebar” triggered…