%term

Anatomy of a Vishing Attack: Technical Indicators IT Managers Need to Track

Jan 21, 2026 By Lookout In Lookout

If your organization hasn’t encountered a vishing attack yet, it’s probably only a matter of time. Vishing, or voice phishing, is a sophisticated type of social engineering that adds a whole new dimension to common scams. Rather than emails or text messages, threat actors employ phone calls or online voice calls to carry out vishing schemes. Particularly savvy attackers can even copy a real person’s voice to deceive, coerce, or manipulate potential victims.

Read Post

Lookout

Read more about Anatomy of a Vishing Attack: Technical Indicators IT Managers Need to Track

8 Ways Organizations Reduce Exposure to Social Engineering Attacks

Jan 19, 2026 By SafeAeon Inc. In SafeAeon

It is not always malware or a sophisticated tool that results in cyber threats. Sometimes, this happens through a convincing email or a request that appears trustworthy. There have been occasions where attackers created a moment of urgency to lead someone into clicking, sharing, or approving without realizing the consequences. This is social engineering. Social engineering threats are becoming more dangerous.

Read Post

SafeAeon

Read more about 8 Ways Organizations Reduce Exposure to Social Engineering Attacks

The Continuing Risk of Remote Code Execution

Jan 16, 2026 By Arctic Wolf In Arctic Wolf

In 2025, there were more than 48,000 vulnerabilities published, amounting to over a 20% increase from 2024. More troubling than the sheer volume of vulnerabilities in 2025 is that more than a third of them were given a rating of “high” or “critical” severity. For security teams already stretched too thin, a proactive vulnerability management plan that patches or otherwise remediates all vulnerabilities is too far out of reach.

Read Post

Arctic Wolf

Read more about The Continuing Risk of Remote Code Execution

RondoDox Botnet: How 90,000+ Servers Were Hijacked Silently

Jan 16, 2026 By Indusface In Indusface

90,000+ servers compromised. No ransomware. No alerts. RondoDox exploited the Next.js React2Shell flaw to silently recruit unpatched apps into a botnet—deploying cryptominers and DDoS payloads. This is how modern botnets grow, and why app-layer bot protection matters.

View Video

Indusface

Read more about RondoDox Botnet: How 90,000+ Servers Were Hijacked Silently

What Hackers Know About Fileless Malware (And You Should Too)

Jan 16, 2026 By SecuritySenses In SecuritySenses

Fileless malware doesn't rely on flashy exploits or obvious downloads, which is exactly why it works so well. Instead, it slips into systems quietly, using tools that already belong there. That makes it harder to notice and easier to underestimate. If you think security threats always arrive as suspicious files, you're already behind. Understanding how fileless attacks operate helps you spot warning signs earlier and adjust defenses before real damage starts.

Read Post

SecuritySenses

Read more about What Hackers Know About Fileless Malware (And You Should Too)

2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks

Jan 14, 2026 By Panorays

Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk as one of the most critical challenges facing security leaders today, driven largely by a lack of visibility. While 60% of CISOs report an increase in third-party security incidents, only 15% say they have full visibility into those risks.

Read Post

Read more about 2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks

Critical servers under attack: Why backup isn't enough in 2026

Jan 13, 2026 By Subramani Rao In Acronis

Do you know what it takes to launch a retail website that neatly organizes products and enables customers to add items to their carts with a single click? Do you know what powers the booking system your clients rely on? What is the hidden engine that manages your clients’ logistics, controls their supply chain, processes invoices and stores data for analytics and compliance? These are the systems MSPs are trusted to keep running every day. Critical servers.

Read Post

Acronis

Read more about Critical servers under attack: Why backup isn't enough in 2026

Why Physical Infrastructure Still Matters in a Cyber World

Jan 13, 2026 By SecuritySenses In SecuritySenses

As organizations accelerate cloud adoption and digital transformation, it's tempting to think physical infrastructure is becoming less important. Software-defined networks, virtual machines, and remote access tools dominate security conversations. Yet the reality is more nuanced. Digital systems still rely on physical foundations, and when those foundations fail, even the most sophisticated cyber defenses can unravel.

Read Post

SecuritySenses

Read more about Why Physical Infrastructure Still Matters in a Cyber World

StrongestLayer Research Finds Trusted Platforms Like DocuSign and Google Calendar Are Now the Primary Email Attack Surface

Jan 12, 2026 By StrongestLayer

77% of attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google-platforms most organizations cannot afford to block.

Read Post

Read more about StrongestLayer Research Finds Trusted Platforms Like DocuSign and Google Calendar Are Now the Primary Email Attack Surface

Automate Security: A Practical Guide for Modern Organizations

Jan 12, 2026 By SafeAeon Inc. In SafeAeon

Many attacks start without drawing attention. Nothing looks obviously wrong at first. It could be through a reused password or an exposed service that allows attackers to gain access to their systems. Sometimes, a well-crafted email is all that's needed. By the time security teams notice something is wrong, attackers have already been inside for days or weeks. This poses a huge challenge for many security teams. They often use multiple tools and conduct manual checks to find signs of intrusion.

Read Post