惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

Cybersecurity Dive - Latest News

Dozens of Red Hat npm packages targeted in supply chain attack Turning tension into collaboration: How CIOs and CISOs can lead together Trump signs EO seeking early government access to powerful AI models Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators Without strong governance, companies put credit ratings at risk in AI era CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation How Canva scaled to 260+M users while elevating security and productivity Top 4 data security best practices for the AI-enabled enterprise CISA urges security teams to check for software development compromises How CISOs can manage sovereign-cloud security risks IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities Enterprise data is creeping its way into shadow AI tools Coordinated operation takes down Glassworm botnet Leading AI models are more vulnerable to malicious prompts than vendors claim Iranian government, not hacktivist group, breached LA Metro system, security firm says FBI warns about PhaaS platform used to access Microsoft 365 environments Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages New York regulator calls for additional cyber mitigation amid heightened threat environment CISA asks cybersecurity community to alert it to vulnerability exploitation Grafana Labs links GitHub environment breach to TanStack npm supply chain attack 7-Eleven hit by data breach Microsoft disrupts cybercrime operation that hid behind legitimate software Compromised coding tool helped hackers breach thousands of GitHub repositories Telecom sector launches its own private ISAC Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN Grafana Labs says hacker gained access to codebase through leaked token How a government contest launched a revolution in AI-based bug hunting Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller MSPs need AI to fight AI-fueled cyberthreats: Guardz More money is going to physical security, but it’s often CISOs that oversee it: EY Frontier AI models reap rapid discovery of security vulnerabilities West Pharmaceutical starts restoring operations after ransomware attack Foxconn confirms cyberattack affecting some North American facilities OpenAI launches Daybreak to combat cyber threats Canvas owner reaches ‘agreement’ with threat actors after data breach Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it Identity takes center stage as a leading factor in enterprise cyberattacks AI and an absent government: Takeaways from RSAC 2026 Second Canvas data breach causes major disruptions for schools, colleges AI used to develop working zero-day exploit, researchers warn New cybersecurity industry alliance aims to lead US critical infrastructure protection Identity is the new perimeter as rapid NHI proliferation threatens visibility and control Instructure confirms cybersecurity incident Anthropic’s Claude used in attempted compromise of Mexican water utility Businesses hide vast majority of ransomware attacks, report finds Palo Alto Networks warns state-linked cluster behind zero-day exploitation Businesses eager but unprepared for AI to transform their security strategies Iran-sponsored threat group behind false flag social engineering campaign NIST will test three major tech firms’ frontier AI models for cybersecurity risks Trellix investigating breach of source code repository CISA urges critical infrastructure firms to ‘fortify’ before it’s too late Critical vulnerability in cPanel leads to widespread exploitation New MOVEit vulnerabilities prompt urgent patch warning How OpenClaw’s agent skills become an attack surface White House questions tech industry on defensive AI use, cybersecurity resilience As email phishing evolves, malicious attachments decline and QR codes surge US and allies urge ‘careful adoption’ of AI agents PwC partners with Google Cloud to take on the managed security market US agencies promote zero-trust practices for operational technology networks CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog State CISOs losing confidence in ability to manage cyber risks ‘Fundamental tension’ undermines manufacturers’ cybersecurity North Korea-linked actor targets Web3 execs in social-engineering campaign US, UK authorities warn that Firestarter backdoor malware survives patching Major critical infrastructure supplier reports cyberattack When security becomes the attack surface: Why endpoint protection must evolve Hasbro expects March cyberattack to impact second-quarter revenue AI-written software creates hassles for wary security teams Iran-nexus threat groups refine attacks against critical infrastructure China disguises cyberattacks with ‘covert network’ botnets, US and allies warn Trump’s CISA director pick withdraws after tumultuous nomination Microsoft SharePoint vulnerability widely exposed across multiple countries CISA urges security teams to view environments following axios compromise Big banks seek to ease security worries as AI push accelerates CISA confirms exploitation of 3 more Cisco networking device vulnerabilities Stellantis teams with Microsoft to strengthen digital capabilities Vulnerability exploitation surges often precede disclosure, offering possible early warnings Vercel systems targeted after third-party tool compromised Beyond IT: Cybersecurity is a strategic business risk TP-Link routers face exploitation attempt linked to high-severity flaw US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms CIOs fret over rising security concerns amid AI adoption CISA cancels prestigious summer internships, citing government shutdown NIST limits vulnerability analysis as CVE backlog swells Medium-severity flaw in Microsoft SharePoint exploited FCC exempts Netgear from foreign router ban FCC signals continued commitment to Cyber Trust Mark program Brute-force cyberattacks originating in Middle East surge in Q1 CISOs see gaps in their incident response playbooks US, Indonesia shut down ‘sophisticated’ phishing kit Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign Stryker warns of earnings fallout from March cyberattack NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure Iran-linked hackers target water, energy in US, FBI and CISA warn React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Threat cluster launches extortion campaign using social engineering CISA’s vulnerability scans, field support on chopping block in Trump budget
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
Eric Geller · 2026-04-22 · via Cybersecurity Dive - Latest News

An article from site logo

Dive Brief

Hackers can now spin up fake login pages without writing a single line of code.

Published April 22, 2026

Login information attached to large hook hanging in front of computer keyboard.

Getty Images

Dive Brief:

  • Phishing was the most common way hackers breached their targets in the first quarter of 2026, after nearly a year out of the top spot, Cisco’s Talos threat intelligence team said in a report published on Wednesday.
  • Nearly 20% of Cisco’s incident-response engagements involved the preliminary stages of a ransomware attack, according to the report — significantly lower than in the first two quarters of 2025, when it was 50%.
  • Cisco also said it saw hackers using AI to improve phishing attacks.

Dive Insight:

Cisco described a credential-harvesting scheme in which attackers used the Softr AI platform to build a website that mimicked the Outlook Web Access login page. Cisco said this was “the first time we have documented the use of a specific AI tool by an adversary in a phishing campaign.” The company said it was fairly confident that attackers have been using Softr for credential-harvesting websites since May 2023 “and have done so with increasing frequency to date.”

The hackers could even have connected their fake login page to a third-party service like Google Sheets for automatic collection of stolen credentials, complete with notifications every time someone tried to log in — all without writing a single line of code.

“This incident demonstrates how AI tools can lower the barrier to entry for less sophisticated actors and/or accelerate the speed of phishing and credential-harvesting campaigns,” Cisco researchers wrote.

Government agencies and health-care organizations tied for the most common targets in the first quarter of 2026, according to the report. The government sector first claimed the top spot in Cisco’s data in Q3 2025 and has held it since then. Government agencies, which often are underfunded and full of outdated equipment, “may have access to sensitive data as well as a low downtime tolerance,” Cisco said, “making them attractive to financially motivated and espionage-focused threat groups.”

After the government and health-care sectors, the most common targets were in the professional, scientific and technical-services sector, the report said.

Deficient multifactor authentication was the most common security weakness leading to intrusions in the first quarter, according to Cisco, which said 35% of its engagements involved that problem. Sometimes, MFA wasn’t turned on; other times, it was active but misconfigured.

“Adversaries were able to bypass MFA by registering new devices to previously compromised accounts, and in one instance, by configuring Outlook clients to connect directly to Exchange servers, circumventing MFA requirements,” researchers wrote. “Addressing these weaknesses, especially by restricting self-service MFA enrollment and enforcing strong, centralized authentication policies, is essential to reducing risk and strengthening organizational resilience.”

Other common problems that Cisco saw in Q1 included vulnerable internet-facing infrastructure (25% of engagements) and inadequate logging capabilities (18%).