Hundreds of eCommerce sites, at least one of which is owned by a $40 billion multinational company, were impacted by a supply chain attack, Sansec reported. Cybersecurity observers believe the next major wave of enterprise breaches may not come from direct attacks but rather through trusted dependencies and third parties. The attack came from a sophisticated backdoor embedded within 21 Magento extensions concealed within license verification files. The attackers left the code dormant for six years and only activated it in April, ultimately compromising between 500 and 1,000 eCommerce websites with malicious code capable of stealing payment card information and other sensitive data. The Magento incident serves as a sign of a broader evolution in cyberattacks, from quick heists to long cons. This is espionage at the code level, and the prolonged and covert infiltration of eCommerce providers serves as a reminder of the evolving tactics employed by cybercriminals and the critical importance of proactive cybersecurity measures. A breach in an eCommerce plugin can cascade into enterprise resource planning (ERP) systems, customer relationship management (CRM) platforms and payroll software. A single compromised dependency can compromise thousands of downstream systems. The problem can be exacerbated by visibility gaps. Many enterprises struggle to maintain accurate inventories of their software components. Without knowing what’s under the hood, it’s nearly impossible to detect tampering, let alone respond swiftly when a vulnerability is disclosed. This new landscape may demand a shift in mindset. Trust-based assumptions, which were once the norm in IT supply relationships, are increasingly being replaced with “zero trust” frameworks that continuously verify and monitor every component and user. Software bills of materials (SBOMs), automated code integrity checks and secure-by-design principles are no longer optional but are becoming operational necessities.
Barracuda Networks’s multimodal AI simultaneously correlates and analyzes diverse text and visual data types including URLs, documents, images, QR codes and more to offer more adaptive defense against zero-day attacks
Barracuda Networks unveiled new threat detection capabilities fueled by multimodal AI that deliver context-aware protection against emerging attacks. The new capabilities give Barracuda’s platform the ability to protect against attacks with accuracy and speed by simultaneously correlating and analyzing diverse text and visual data types – including URLs, documents, images, QR codes and more. The new capabilities introduce a new integration with multimodal AI, technology that synthesizes and interprets numerous data streams in various formats, with ML classifiers and a purpose-built sandbox engine. Doing so delivers a faster, smarter and more adaptive defense layer that detects more than three times as many malicious files at eight times the speed of previous models. The capabilities significantly strengthen Barracuda Advanced Threat Protection, which provides layered security across the Barracuda platform. The new capabilities also enhance Barracuda LinkProtect, which inspects URLs for hidden threats, malicious scripts, suspicious redirects and other attacks using a virtual sandbox and secure, isolated browser environment. By incorporating multimodal AI, Barracuda can now detect not only known threat signatures but also subtle anomalies across multiple content formats that may indicate novel or zero-day attacks. The capability is particularly useful at a time when threat actors continue to blend social engineering, image-based lures and malicious links into more convincing and evasive campaigns.
Google Desktop Chrome is using the on-device Gemini Nano model to provide instant insight on risky websites and offer an additional layer of defense even against online scams that haven’t been detected before
Google published a report about how it’s using the latest AI approaches to combat spam across Search, Chrome (with Gemini Nano for Enhanced Protection), and Android. Google Search credits AI-powered scam detection systems as currently helping detect and block “hundreds of millions of scammy results every day.” The company notes how it can now “analyze vast quantities of text and identify subtle linguistic patterns and thematic connections that might indicate coordinated scam campaigns or emerging fraudulent narratives.” In addition to the “Standard Protection” warnings when you come across a nefarious site, Safe Browsing offers an optional “Enhanced Protection” mode against phishing and other scams. Desktop Chrome is now using the on-device Gemini Nano model to “provide Enhanced Protection users with an additional layer of defense against online scams.” The LLM “provides instant insight on risky websites and allows us to offer protection, even against scams that haven’t been seen before.” Google is already using this to “protect users from remote tech support scams,” with plans to cover more types and bringing to the Android browser in the future. Meanwhile, Chrome for Android will use an on-device machine learning model that flags “malicious, spammy or misleading notifications” and labels them as “Possible scam.” Users can “Show notification” or “Unsubscribe.”
Android’s new security feature shows a warning with a button to close if a partner bank’s app is opened while sharing a screen with an unknown number
Google announced new security and privacy features for Android including new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a device is stolen or taken over by an attacker, and enhance device-level security for various attacks. Phone scammers often ask users to take actions like tapping on unsafe links or downloading unknown apps. In order to protect users, Google is blocking some actions and warning users of a potential scam while they are on a call with someone not in their contact list. For Android 16, these actions include side-loading an app for the first time from a web browser, messaging app, or other sources that have not been verified by Google, and granting accessibility permission to an app so that a scammer can take control of the device. The company is also preventing users running Android 6 or later from disabling Google Play Protect, which scans the device for harmful apps while they are on a call. Google is adding screen-sharing protection as well by reminding users to stop sharing the screen after a call ends. The company is also testing a new warning screen with select banks in the U.K. to prevent fraud through screen-sharing. When users on devices running Android 11 or later open a partner bank’s app while sharing a screen with an unknown number, the device will show a warning screen with a button to quickly end the screen-sharing. The company is adding new features to its Google Play Protect live detection program as well, which detect unsafe apps that have hidden or changed icons. The company said it is now applying a new set of on-device rules to catch more categories of malicious apps. The company said it is now applying a new set of on-device rules to catch more categories of malicious apps.
TSB Bank offers access to safeguarding app for users who are fleeing or experiencing abuse- alerts can be sent to chosen emergency contact with a simple tap or shake of the smartphone
TSB will offer customers who are fleeing or experiencing abuse, free access to Hollie Guard Extra for a year1 – simply by downloading the app and using a unique activation code. Those wishing to claim can discuss their situation in branch, over the phone or via video banking. Once installed, Hollie Guard Extra transforms an everyday smart phone into a personal safety device. TSB has added this level of protection to its existing domestic abuse support – which includes its Emergency Flee Fund2 and Safe Spaces3. With a simple tap or shake of the device, the user can send alerts to chosen emergency contacts, including the police, and a 24/7 monitoring centre. The app allows for a user’s location to be shared every five seconds, alongside audio and video recordings, helping to keep people safe in a vulnerable or potentially dangerous situation. The app has already been downloaded by almost 500,000 people in the UK and Hollie Guard Extra is being used by police forces across England and Wales. In addition, it has led to numerous arrests and helped in more than 1,500 threatening and dangerous situations. TSB hopes that Hollie Guard Extra can provide further support to TSB’s Flee Fund – helping connect and protect victim-survivors having fled an abuser.
ClearVector’s platform utilizes identity graph technology that maps and monitors the behaviors of all identities (human, machine, third-party and AI) across production environments to enable real-time threat detection and mitigation
Identity-driven detection and response startup ClearVector aims to shift the cybersecurity paradigm from traditional threat detection to identity activity. The company’s platform emphasizes real-time detection and isolation of threats by monitoring identity behaviors across various environments. The platform seeks to address issues with traditional security approaches that fail despite billions invested in security tools each year. ClearVector argues that enterprises continue to be compromised at an alarming rate and are overwhelmed by excessive alerts from siloed security solutions that lack critical context on how the organization operates. Added to the mix are increasing rates of identity-based attacks that traditional defenses struggle to deal with. ClearVector says it shifts the security paradigm from chasing threats to understanding and controlling identity activity across production environments. ClearVector’s platform utilizes identity graph technology that maps and monitors the behaviors of all identities — human, machine, third-party and artificial intelligence — within an organization’s production environment. Using the platform’s real-time threat detection and mitigation system, security teams can instantly investigate and respond to threats using a “Big Red Button” function that stops attacks with a single click. Combined with identity-aware investigations, defenders can act with speed and precision without the need to sift through vast amounts of log data.
Cato Networks automates and optimizes policy management for all SASE policies through targeted recommendations for reducing exposure, tightening access control and improving network performance
Cloud networking company Cato Networks has launched Cato Autonomous Policies, a new AI capability built into the Cato SASE Cloud Platform that automates and optimizes policy management. Cato claims the Autonomous Policies are the world’s first secure access service edge-native policy analysis engine built to optimize and improve all SASE policies — security, access and networking. With the release, enterprises can experience targeted, AI-driven recommendations for eliminating unnecessary security exposure, tightening access control and proactively improving network performance. The policies reduce risk, eliminate manual upkeep and simplify compliance, paving the way for proactive governance and autonomous SASE. The first use case for Cato Autonomous Policies is firewall-as-a-service to tackle firewall rule bloat. Cato argues that over time, organizations accumulate thousands of policies, many outdated, overly permissive or misconfigured, leading to increased risk, decreased efficiency and compliance challenges. Cato Networks’ FWaaS already simplifies access control with a unified policy set that covers users, devices, locations and cloud environments. With the new addition of Cato Autonomous Policies, the service is enhanced through AI-driven automation and optimization. The new capabilities help eliminate policy drift and misconfigurations by providing continuous, AI-powered insights. The insights provided ensure that policies remain accurate and effective across on-premises, hybrid and multicloud deployments, reducing the risk of human error.
Microsoft Copilot AI for SharePoint can access the contents of encrypted spreadsheet including restricted passwords by circumventing download restrictions and information protection principles
Pen Test Partners, a company that specializes in security consulting, specifically penetration testing took a close look at how Microsoft’s Copilot AI for SharePoint could be exploited. The results were, to say the least, concerning. Not least considering an encrypted spreadsheet that the hackers were, quite rightly, rejected from opening by SharePoint, no matter what method was employed, was broken wide open when they asked the Copilot AI agent to go get it. “The agent then successfully printed the contents,” Jack Barradell-Johns, a red team security consultant with the security company, said, “including the passwords allowing us to access the encrypted spreadsheet.” Barradell-Johns explained that during the engagement, the red teamers encountered a file named passwords.txt, located adjacent to an encrypted spreadsheet containing sensitive information. Naturally, they tried to access the file. Just as naturally, Microsoft SharePoint said nope, no way. “Notably,” Barradell-Johns said, “in this case, all methods of opening the file in the browser had been restricted.” The download restrictions that are part of the restricted view protections were circumvented, and the content of the Copilot chats could be freely copied. “SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”
Keyfactor acquires InfoSec Global and CipherInsights for quantum-safe security expansion
Keyfactor has acquired InfoSec Global and CipherInsights to further expand cryptographic posture management and quantum readiness. The acquisitions enable Keyfactor to deliver deep cryptographic asset discovery, real-time risk monitoring, and seamless transition to quantum-safe standards. With these acquisitions, Keyfactor is addressing the critical gap in cryptographic observability, helping organizations take control of their non-human identities and prepare for the next era of secure infrastructure. Key capabilities include AgileSec Analytics for deep cryptographic visibility, AgileSec Agility for managing and updating cryptography without source code changes, and CipherInsights for real-time passive network monitoring of cryptographic risks. Customers will benefit from enhanced capabilities that will empower security teams to take control of their cryptographic landscape including Comprehensive Visibility; Actionable Intelligence; Risk Remediation.
Keyfactor supports quantum-safe security expansion enabling managing and updating cryptography without source code changes, and also real-time passive network monitoring of cryptographic risks; for
Keyfactor has acquired InfoSec Global and CipherInsights to further expand cryptographic posture management and quantum readiness. The acquisitions enable Keyfactor to deliver deep cryptographic asset discovery, real-time risk monitoring, and seamless transition to quantum-safe standards. With these acquisitions, Keyfactor is addressing the critical gap in cryptographic observability, helping organizations take control of their non-human identities and prepare for the next era of secure infrastructure. Key capabilities include AgileSec Analytics for deep cryptographic visibility, AgileSec Agility for managing and updating cryptography without source code changes, and CipherInsights for real-time passive network monitoring of cryptographic risks. Customers will benefit from enhanced capabilities that will empower security teams to take control of their cryptographic landscape including Comprehensive Visibility; Actionable Intelligence; Risk Remediation.