Category: ThreatIntelligence-IncidentResponse

Screenshot of plain language instructions to an AI agent in the Red Canary Portal
09
Mar
2026

The key of AI: How Agentic Tuning can make your detection strategy sing

Stop me if you’ve heard this one before: security alerts can be noisy. Mostly, these noisy alerts are communicating information…

Share: X : The key of AI: How Agentic Tuning can make your detection strategy singFacebook : The key of AI: How Agentic Tuning can make your detection strategy singLinkedin : The key of AI: How Agentic Tuning can make your detection strategy singReddit : The key of AI: How Agentic Tuning can make your detection strategy singTelegram : The key of AI: How Agentic Tuning can make your detection strategy singWhatsApp : The key of AI: How Agentic Tuning can make your detection strategy singEmail : The key of AI: How Agentic Tuning can make your detection strategy sing
copy icon
09
Mar
2026

ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions

{ “TenantId”: “52672484-b4e1-402d-934c-a8e2fd9b05d1”, “SourceSystem”: “Azure AD”, “TimeGenerated”: “2025-12-02T20:22:16.1185371Z”, “ResourceId”: “/tenants/747930ee-9a33-43c0-9d5d-470b3fb855e7/providers/Microsoft.aadiam”, “OperationName”: “Add service principal”, “OperationVersion”: “1.0”, “Category”: “ApplicationManagement”, “ResultType”: “”,…

Share: X : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsFacebook : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsLinkedin : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsReddit : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsTelegram : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsWhatsApp : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissionsEmail : ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions
How Hacked Construction Apps Are Bringing Down Jobsite Security
09
Mar
2026

How Hacked Construction Apps Are Bringing Down Jobsite Security

One of the first steps in basic IT and security hygiene is maintaining an accurate inventory of all assets, including…

Share: X : How Hacked Construction Apps Are Bringing Down Jobsite SecurityFacebook : How Hacked Construction Apps Are Bringing Down Jobsite SecurityLinkedin : How Hacked Construction Apps Are Bringing Down Jobsite SecurityReddit : How Hacked Construction Apps Are Bringing Down Jobsite SecurityTelegram : How Hacked Construction Apps Are Bringing Down Jobsite SecurityWhatsApp : How Hacked Construction Apps Are Bringing Down Jobsite SecurityEmail : How Hacked Construction Apps Are Bringing Down Jobsite Security
09
Mar
2026

Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV

Introduction On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV)…

Share: X : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVFacebook : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVLinkedin : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVReddit : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVTelegram : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVWhatsApp : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEVEmail : Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV
Huntress Catches SmarterMail Account Takeover Leading to RCE
09
Mar
2026

Huntress Catches SmarterMail Account Takeover Leading to RCE

Background / Summary  The Huntress DE&TH (Detection Engineering and Threat Hunting) Team has observed in-the-wild exploitation of a privileged account…

Share: X : Huntress Catches SmarterMail Account Takeover Leading to RCEFacebook : Huntress Catches SmarterMail Account Takeover Leading to RCELinkedin : Huntress Catches SmarterMail Account Takeover Leading to RCEReddit : Huntress Catches SmarterMail Account Takeover Leading to RCETelegram : Huntress Catches SmarterMail Account Takeover Leading to RCEWhatsApp : Huntress Catches SmarterMail Account Takeover Leading to RCEEmail : Huntress Catches SmarterMail Account Takeover Leading to RCE
How Huntress Managed ITDR's New Incident Report Timeline Changes Response
09
Mar
2026

How Huntress Managed ITDR’s New Incident Report Timeline Changes Response

Data exfiltration has quietly become one of the fastest-moving—and most damaging—outcomes of modern cyberattacks. Today’s attackers aren’t breaking in and…

Share: X : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseFacebook : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseLinkedin : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseReddit : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseTelegram : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseWhatsApp : How Huntress Managed ITDR’s New Incident Report Timeline Changes ResponseEmail : How Huntress Managed ITDR’s New Incident Report Timeline Changes Response
Navigating Through The Fog - The DFIR Report
09
Mar
2026

Navigating Through The Fog – The DFIR Report

Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in…

Share: X : Navigating Through The Fog – The DFIR ReportFacebook : Navigating Through The Fog – The DFIR ReportLinkedin : Navigating Through The Fog – The DFIR ReportReddit : Navigating Through The Fog – The DFIR ReportTelegram : Navigating Through The Fog – The DFIR ReportWhatsApp : Navigating Through The Fog – The DFIR ReportEmail : Navigating Through The Fog – The DFIR Report
The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your Logs
09
Mar
2026

The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your Logs

The story so far In Part 1, we learned that Impacket’s LDAP reconnaissance tools use OID-based filters that get transformed…

Share: X : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsFacebook : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsLinkedin : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsReddit : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsTelegram : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsWhatsApp : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your LogsEmail : The (!FALSE) Pattern: How SOAPHound Queries Disappear Before They Hit Your Logs
Screenshot of Moltbook front page, A Social Network for AI Agents
09
Mar
2026

I pretended to be an AI agent on Moltbook so you don’t have to

I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found…

Share: X : I pretended to be an AI agent on Moltbook so you don’t have toFacebook : I pretended to be an AI agent on Moltbook so you don’t have toLinkedin : I pretended to be an AI agent on Moltbook so you don’t have toReddit : I pretended to be an AI agent on Moltbook so you don’t have toTelegram : I pretended to be an AI agent on Moltbook so you don’t have toWhatsApp : I pretended to be an AI agent on Moltbook so you don’t have toEmail : I pretended to be an AI agent on Moltbook so you don’t have to
Why strong auth could fail at SaaS session integrity
09
Mar
2026

Why strong auth could fail at SaaS session integrity

As security professionals, we have spent the better part of a decade building the ultimate digital fortress. We deployed FIDO2,…

Share: X : Why strong auth could fail at SaaS session integrityFacebook : Why strong auth could fail at SaaS session integrityLinkedin : Why strong auth could fail at SaaS session integrityReddit : Why strong auth could fail at SaaS session integrityTelegram : Why strong auth could fail at SaaS session integrityWhatsApp : Why strong auth could fail at SaaS session integrityEmail : Why strong auth could fail at SaaS session integrity
A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in February 2026.
08
Mar
2026

February 2026 Microsoft Patch Tuesday

2Critical 51Important 1Moderate 0Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that…

Share: X : February 2026 Microsoft Patch TuesdayFacebook : February 2026 Microsoft Patch TuesdayLinkedin : February 2026 Microsoft Patch TuesdayReddit : February 2026 Microsoft Patch TuesdayTelegram : February 2026 Microsoft Patch TuesdayWhatsApp : February 2026 Microsoft Patch TuesdayEmail : February 2026 Microsoft Patch Tuesday
Tenable Cloud Risk Report 2026 chart showing orgs with overprivileged IAM roles in AWS
08
Mar
2026

2026 Cloud security and AI security risk report

AI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities…

Share: X : 2026 Cloud security and AI security risk reportFacebook : 2026 Cloud security and AI security risk reportLinkedin : 2026 Cloud security and AI security risk reportReddit : 2026 Cloud security and AI security risk reportTelegram : 2026 Cloud security and AI security risk reportWhatsApp : 2026 Cloud security and AI security risk reportEmail : 2026 Cloud security and AI security risk report