Commonwealth Sentinel Cyber Security

Cybercriminals are using AI to attack the cloud faster - and third-party software is the weak link Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to secure them.

Cybercriminals are using AI to attack the cloud faster - and third-party software is the weak link

Digital Trojan Horse: Why Email is Cyber Attackers' Favorite 94% of all malware is delivered via email. Why is that? What makes email platforms such a popular vector for malware distribution?

Digital Trojan Horse: Why Email is Cyber Attackers' Favorite

FBI investigating breach that reportedly hit wiretapping net Infosec In Brief: PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more

FBI is investigating breach that may have hit its wiretapping tools

We've seen ransomware cost American lives. Here's what it will actually take to stop it. Former FBI and CISA leaders analyze why the new National Cyber Strategy must prioritize critical infrastructure and automate threat sharing to stop the $2.73M-per-incident ransomware epidemic.

We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways.

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses

Massive GitHub malware operation spreads BoryptGrab stealer Experts found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system info, and more

Massive GitHub malware operation spreads BoryptGrab stealer

Can the Industry Do More for Women in Security? While women in security have seen forward progress, the path hasn’t always been linear.

Can the Industry Do More for Women in Security?

Cyber Security Weekly: Top stories from Last Week (March 1– March 7, 2026) » Commonwealth Sentinel The FBI disclosed suspicious cyber activity on an internal network tied to surveillance data, and investigators reportedly suspect China.This stands out because it touches a sensitive U.S. federal…

A healthcare data breach isn't just an IT issue—it's a crisis of patient trust, operations, and reputation. When confidential info leaks, the fallout can be swift. Discover more about last week’s major cybersecurity incident.

Read More: buff.ly/bzq8Erf #CyberSecurity #DataBreach

Cyber Safe Focus: Sheri the Magnificent » Sheri, the magnificent here with Sheri, the magnificent here with Cyber Safe Focus. Inspired by Johnny Carson’s “Carnac the Magnificent,”

Cyber Safe Focus: Sheri the Magnificent »

The biggest AI threats come from within - 12 ways to defend your organization The gravest AI-powered threat to your cybersecurity isn't coming from external hackers. Review these strategic recommendations for handling the risks from within.

The biggest AI threats come from within - 12 ways to defend your organization

Where Multi-Factor Authentication Stops and Credential Abuse Starts Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.

Where Multi-Factor Authentication Stops and Credential Abuse Starts

2026 Browser Data Reveals Major Enterprise Security Blind Spots The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report…

2026 Browser Data Reveals Major Enterprise Security Blind Spots

Cisco reveals 2 max-severity defects in firewall management software The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code.

Cisco reveals 2 max-severity defects in firewall management software

Women’s History Month: Encouraging women in cybersecurity at every career stage | Microsoft Security Blog This Women’s History Month, Microsoft explores ways to support the next generation of female defenders at every career stage.

Women’s History Month: Encouraging women in cybersecurity at every career stage

WordPress membership plugin bug exploited to create admin accounts Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.

WordPress membership plugin bug exploited to create admin accounts

Phobos Ransomware admin faces up to 20 years after guilty plea Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation.

Phobos Ransomware admin faces up to 20 years after guilty plea

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages www.bleepingcomputer.com/news/securit...

Google: Spyware vendors, China-linked spies led 0-day abuse : Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech

Google says spyware makers and China-linked groups dominated zero-day attacks last year

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

FBI investigates breach of surveillance and wiretap systems

James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO Bishop replaces David McKeown, who will take on a role in the private sector after 40 years of government service.

James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

How Port-Out Fraud Created a Catastrophe for AT&T » In early 2024, a group of sophisticated fraudsters hijacked the phone numbers of dozens of AT&T customers and launched a port-out fraud cyber attack.

How Port-Out Fraud Created a Catastrophe for AT&T