Notícias

OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. [...]

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime - and how next year could be even nastier than 2025. Plus, Graham rants about recipe sites that won't shut up, and there's even more love for Lily Allen's album "West End Girl" album. All this and more is discussed in episode 446 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.

For years, the cybersecurity community has fought the scourge of weak, reused passwords. The solution, which was overwhelmingly adopted by both businesses and consumers, was the password manager (PM). These tools moved us from flimsy '123456' credentials to unique, 30-character alphanumeric strings, stored behind a single, powerful master password. But this elegant centralisation creates a […] The post The Vault or the Vulnerability? Why Your Password Manager Might Be the New Cyber Risk appeared first on IT Security Guru.

Bitwarden announced Bitwarden Access Intelligence for Enterprise plans. Access Intelligence provides visibility into weak, reused, or exposed credentials across critical applications, with guided remediation workflows for consistent credential updates at scale. The capability helps IT and security teams prioritize and address credential risks while enabling employees to take action through simple, in-context update prompts, strengthening overall enterprise security practices. Credential compromise remains the leading security risk Credential misuse remains the most common cause of security … More → The post Bitwarden Access Intelligence helps enterprises take action on risky credentials appeared first on Help Net Security.

DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. [...]

Arkanix Stealer is a fast-evolving infostealer spreading through Discord to harvest credentials, wallets, and system data. The post Rapidly Evolving Arkanix Stealer Hits Credentials and Wallets appeared first on eSecurity Planet.

A man who ran fake airport and in-flight Wi-Fi networks to steal traveler credentials has been sentenced to over seven years in prison. The post Man Sentenced After Running Fake Airport and In-Flight Wi-Fi Networks appeared first on eSecurity Planet.

Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others drift into documents, chat threads, or temporary workspaces. An enterprise password audit gives teams a way to understand how messy this landscape has become. It also helps set the stage for better password practices across … More → The post Enterprise password audits made practical for busy security teams appeared first on Help Net Security.

Users of JSONFormatter and CodeBeautify leaked thousands of sensitive secrets, including credentials and private keys, WatchTowr warns. WatchTowr's latest research reveals massive leaks of passwords, secrets, and keys across developer formatting platforms like JSONFormatter and CodeBeautify. Despite past incidents, exposed credentials remain rampant, sometimes even for critical systems. WatchTowr researchers highlight how easily sensitive data […]

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers. Unlike many other APT groups, Librarian Ghouls does not rely […] The post What your firewall sees that your EDR doesn't appeared first on IT Security Guru.