Apple has proposed a significant change to shorten the lifespan of TLS certificates from 398 days to just 45 days by 2027, with plans to put this proposal to a vote among Certification Authority Browser Forum (CA/B Forum) members soon.

The malware employs memory injection techniques to execute malicious payloads without writing files to the disk, evading antivirus software. It includes anti-debugging tools to hinder analysis and injects shellcode into legitimate Windows processes.

Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists.

Identity-related data breaches are more severe and expensive compared to average breaches. According to an RSA study, 40% of respondents experienced an identity-related breach, with 66% calling it severe and 44% estimating higher costs than average.

Whispr ensures safe secret injection with HTTPS, SSL encryption, and CERT validation, enhances local software development with JIT privilege, and custom configurations, eliminating the need for custom scripts.

Sophos research uncovered adversarial tactics including the Cloud Snooper backdoor, Asnarök botnet campaign, UEFI bootkit exploits, and the CVE-2022-1040 zero-day vulnerability, all intercepted before harming targeted organizations.

According to Perception Point researchers, the number of such attacks has increased by 900% since July 2024. The phishing emails are designed to mimic companies like NLB Group, EnergyAustralia, DHL, Qatar Post, etc.

Fortinet has issued critical security updates for FortiManager to address a vulnerability exploited by Chinese threat actors. The company privately informed select customers of the issue and provided temporary mitigation advice.

Data breaches are leading to an increase in cyber insurance claims, with large cyber claims exceeding $1 million on the rise. The frequency of large cyber claims in the first six months of 2024 increased by 14% compared to the previous year.

SOC teams are frustrated with their security tools, feeling that they are losing the battle to detect and prioritize real threats due to too many siloed tools and inaccurate attack signals, according to Vectra AI.