General

Will Mythos & Glasswing End the Zero-Day Era as We Knew It?

For decades, cybersecurity strategy has revolved around a shared assumption: zero-day vulnerabilities are rare, expensive to find, and difficult to exploit at scale. That assumption is now breaking down. The emergence of Mythos, the advanced AI system developed by Anthropic, marks a turning point in how vulnerabilities are discovered, weaponized, and defended against—and it forces security leaders to rethink long-held priorities.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Collaboration fueling configuration drift

Collaboration tools have fueled configuration drift facilitating phishing attacks since they became widespread during the COVID pandemic. The core of the problem is, as usual, human failure, or more accurately, human procrastination.

Configuration drift happens when vendors and customers join corporate networks with supposedly temporary credentials. When those credentials are not revoked quickly after the collaboration, system settings gradually, almost imperceptibly, diverge from a secure baseline state.

Collaboration tools, beginning with email in the 1970s, were largely clunky, on premises and limited to technically sophisticated organizations. Through the 20 years following the turn of the century they became more sophisticated and allowed inclusion of users outside the networks, like vendors, consultants, and customers. Approximately 400 to 600 million people in professional contexts today use Microsoft Teams, Slack, Google Workspace, Zoom, and dozens of others collaboration tools. Gartner said 90% of Fortune 500 companies standardize on Teams. Moreover, every team that uses collaboration tools configures every collaboration tool differently with no central enforcement.

“Configuration drift is one of the most under-recognized risks in modern cybersecurity,” said Garrett Hamilton, CEO and founder of Reach Security. “Security tools are constantly changing due to updates, new features, and operational adjustments. Over time, those changes create drift that quietly weakens defenses. Organizations need a continuous way to validate that the controls they depend on are still working as intended.”

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here
Read more...

Agency admits most marketing is misinformation

A public relations firm in the United Kingdom said the quiet part out loud about cybersecurity marketing: that much of it is fiction if not outright fraudulent.

Whiteoaks International surveyed 152 senior marketing, PR and communications professionals in the country, working in cybersecurity. The results found 30% said they helped produce content that was excessive, misleading, or unsubstantiated. More than half (51%) said they had seen this type of messaging in the sector.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Scam Bucket: Legal but “scammy”

Many shady practices on the internet are scams, but some seem "scammy." Cyber Protection Magazine came across one such operation.

While ordering food on Grubhub recently, a pop-up appeared telling us we “earned a reward!” Clicking on the link it offered a $20 rebate on my next purchase. Sounds good, doesn’t it? Not really.

Note: All the companies involved in this transaction will be named in this article. All were contacted for comment. Only Grubhub responded with a request for additional information and then went silent.

Even though the transaction was occurring within the Grubhub mobile app, the pop-up was from an organization called Cashback-Now. The company name is relatively common for several companies, all apparently running the same type of business. In this case the URL is cashback-now.com.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

How Non-Human Users Are Reshaping Business and Cybersecurity

The digital world is changing fast, and now AI agents are appearing as non-human users who act autonomously. They log in to systems, handle transactions, review data, and even negotiate or create things without people having to step in every time. This shift means greater overall demand for software and changes how work is done. However, this should prompt you to consider online trust and security.

Read more...

Is Mythos a sheep in wolf’s clothing?

Anthropic’s announcement of Mythos threw a lot of FUD into the cybersecurity market without significant third-party validation of its abilities. Is that FUD justified, another legal form of extortion designed to get security budget dollars, or just another weird marketing ploy? Maybe more to the point, is it a sheep in wolf’s clothing?

Mythos does not address encryption, identity or social engineering, representing most of the issues of cybersecurity, It just deals with vulnerabilities in code development. That might negatively impact the cloud-native application protection platform (CNAPP) sector but, at the same time, the tool is only being offered to Fortune 100 companies. Meanwhile, there are hundreds of thousands of large, medium and small enterprises that won’t get it, at least anytime soon unless they steal it.

Read more...

From Patch Fatigue to Boardroom Risk: Cybersecurity’s Reckoning Has Begun

In today's organizational cybersecurity initiatives, incremental change is no longer enough. Bad actors are too organized and focused on using sophisticated AI-driven attacks that shred incremental security attempts. These AI hacking tools enable even novice hackers to carry out advanced attacks across the entire network.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...