Cyber Security News – Insights and Resources for CISOs

Audience attending Swiss Cyber AI Conference 2026 in Lugano with keynote stage focused on cybersecurity and artificial intelligence

News

Lugano at the Center of Europe’s Cybersecurity & AI Debate: Swiss Cyber AI Conference 2026 Arrives on April 14, 2026

Swiss Cyber AI Conference 2026 lands in Lugano on April 14, 2026. A full-day event focused on cybersecurity in the…

Illustration of Google Chrome zero-day vulnerabilities CVE-2026-3909 and CVE-2026-3910 showing Skia graphics exploit and V8 engine attack used in active browser exploitation campaigns.

News

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Mar 16, 2026 G.C.Moresi

The two Chrome zero-day vulnerabilities highlight how browsers remain a prime attack surface. Memory corruption in Skia and flaws in…

PSD2 EU payment directive illustration showing bank security shield, refund approval after phishing fraud, European Union flag and digital banking protection concept.

News

Phishing Fraud: What the EU Directive Really Says About Bank Liability

Mar 9, 2026 G.C.Moresi

The EU’s PSD2 directive transformed digital payments with stronger security, open banking and clear liability rules. But does it force…

News

Google Patches Actively Exploited Chrome Zero-Day

Feb 23, 2026 G.C.Moresi

Google patched an actively exploited Chrome zero-day (CVE-2026-2441) enabling remote code execution via a CSS use-after-free flaw. CISOs must act…

Cybersecurity illustration showing hacker exploiting vulnerabilities in cloud password managers and breaking encrypted password vault

News

Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims

Feb 17, 2026 G.C.Moresi

ETH Zurich researchers found 25 vulnerabilities in Bitwarden, LastPass, and Dashlane that can undermine “zero-knowledge” protections under a malicious server…

Zero-click remote code execution vulnerability in Claude Desktop Extensions, featuring a malicious Google Calendar event and AI model exploit

News

Exposed: Zero-Click RCE Vulnerability in Claude Desktop Extensions Puts Over 10,000 Users at Risk

Feb 12, 2026 G.C.Moresi

A critical zero-click RCE vulnerability in Claude Desktop Extensions exposes over 10,000 users to remote attacks via a malicious Google…

Illustration showing the Chrysalis backdoor attack chain used by the Lotus Blossom APT, including DLL sideloading, NSIS installer abuse, encrypted C2 communication, and advanced malware tooling.

News

The Chrysalis Backdoor: When Espionage Tooling Evolves in Plain Sight

Feb 3, 2026 G.C.Moresi

Rapid7 uncovered a Lotus Blossom espionage campaign delivering the new “Chrysalis” backdoor via a compromised Notepad++ distribution chain. The tool…

Visualization of a large-scale credential leak showing exposed email addresses and passwords, illustrating infostealer malware, credential reuse, and identity security risks faced by enterprises and CISOs.

News

149 Million Credentials Exposed: Why This Leak Matters More Than the Numbers

Jan 27, 2026 G.C.Moresi

A leaked database with 149 million credentials proves that credential compromise is now a constant risk. For CISOs and CIOs,…

Infographic showing Microsoft BitLocker recovery keys stored in the cloud, FBI law enforcement access, and the contrast with OpenPGP and customer-managed encryption keys

News

Microsoft, BitLocker and Law Enforcement: Why CISOs Should Re-Evaluate Endpoint Encryption Assumptions

Jan 26, 2026 G.C.Moresi

Microsoft’s disclosure of providing BitLocker recovery keys to law enforcement exposes a critical misconception in enterprise security: encryption without exclusive…

Screenshot of Microsoft Teams Admin Center showing the External Domains Anomalies Report with detected spikes, new external domains, and suspicious chat activity alerts.

News

Microsoft Teams adds “External Domains Anomalies” reporting to catch attackers early (Rollout: Feb–Mar 2026)

Jan 22, 2026 G.C.Moresi

Microsoft is rolling out a new Microsoft Teams security feature—the External domains anomalies report—to help organizations detect suspicious external communications…

News

Everest ransomware group claims 861GB data theft from McDonald’s India — what’s known so far

Jan 22, 2026 G.C.Moresi

McDonald’s India has been named in a new ransomware extortion claim after the Everest group alleged it exfiltrated 861GB of…

Cybersecurity News, Threat Intelligence & CISO Best Practices

Latest Post

Lugano at the Center of Europe’s Cybersecurity & AI Debate: Swiss Cyber AI Conference 2026 Arrives on April 14, 2026

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Phishing Fraud: What the EU Directive Really Says About Bank Liability

Google Patches Actively Exploited Chrome Zero-Day

Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims

Exposed: Zero-Click RCE Vulnerability in Claude Desktop Extensions Puts Over 10,000 Users at Risk

The Chrysalis Backdoor: When Espionage Tooling Evolves in Plain Sight

149 Million Credentials Exposed: Why This Leak Matters More Than the Numbers

Microsoft, BitLocker and Law Enforcement: Why CISOs Should Re-Evaluate Endpoint Encryption Assumptions

Microsoft Teams adds “External Domains Anomalies” reporting to catch attackers early (Rollout: Feb–Mar 2026)

Everest ransomware group claims 861GB data theft from McDonald’s India — what’s known so far

You missed

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Phishing Fraud: What the EU Directive Really Says About Bank Liability

Google Patches Actively Exploited Chrome Zero-Day

Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims