Aggregator

The Gootloader malware campaign has resurfaced with sophisticated evasion techniques that allow it to bypass automated security analysis. This persistent threat has been targeting victims for over five years using legal-themed search engine optimization poisoning tactics. The malware operators deploy thousands of unique keywords across more than 100 compromised websites to lure unsuspecting users into […]

The post Gootloader is Back with New ZIP File Trickery that Decive the Malicious Payload appeared first on Cyber Security News.

A critical vulnerability discovered across numerous HTTP/2 implementations has exposed a dangerous protocol-level vulnerability that enables threat actors to orchestrate potent denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. Tracked as CVE-2025-8671 and colloquially known as “MadeYouReset,” this vulnerability exploits a fundamental mismatch between the HTTP/2 specification and real-world server implementations. Security researchers from Tel Aviv […]

The post HTTP/2 ‘MadeYouReset’ Vulnerability Enable Denial-of-Service (DoS) Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

The emergence of AI-powered browsers represents a significant shift in how artificial intelligence interacts with web content. However, it has also introduced unprecedented challenges for digital publishers and content creators. Last week, OpenAI released Atlas, joining a growing wave of AI browsers including Perplexity’s Comet and Microsoft’s Copilot mode in Edge, that aim to transform […]

The post AI Browsers That Beat Paywalls by Imitating Humans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Let's be frank, for most organizations, patching is a mess. It's the flashpoint where two of the most critical departments in the company, security and IT, seem to be working against each other.

1. The friction between security and IT is not a flaw, but a necessary "checks and balances" system for a secure and stable organization.
    
2. This system breaks when teams rely on broken, manual processes (like spreadsheet hand-offs) or tools that don't respect the different, complementary roles of security and IT.
    
3. The ideal solution provides "collaboration with validation" by giving both teams their own purpose-built tools on an integrated platform. Tenable Patch Management gives security and IT teams the visibility and context they need to work together seamlessly.

The security team, reporting to the CISO, is laser-focused on one thing: risk reduction. Their KPIs often focus on an organization’s remediation SLA compliance and mean time to remediate (MTTR). When they detect a critical vulnerability, their job is to determine its potential impact on their infrastructure and then work with the IT team to eliminate the exposure before the company is the next headline. 

The IT team, reporting to the CIO, has a different, but just as critical, charter: business uptime. Their KPIs are about stability, performance, and keeping the lights on. For them, pushing a patch isn't a single click; it's a process that risks breaking a critical application, taking a revenue-generating system offline, or disrupting the entire business. They are the guardrail.

This is the classic patch management paradox. And this friction? It’s not just normal — it's necessary.

This built-in tension is the "checks and balances" system for a secure and functional environment. You need both perspectives:

• Without security's urgency, critical risks fester for months.
• Without IT's focus on stability, the "fix" ends up causing more damage than the potential vulnerability.

The problem isn't the "friction." The problem is that teams are stuck with tools and processes (hello, spreadsheets!) that turn this healthy "checks and balances" system into a bottleneck of manual work, blame, and frustration.

When security throws a 50,000 CVE CSV file over the wall to IT, they lose all visibility into what happens next. When IT gets that spreadsheet, they have no context, just a mountain of manual correlation to do. This isn't "collaboration." It's a broken process that not only eats up everybody's time, it doesn't actually reduce risk.

Forcing both of these highly specialized teams to use a product not meant for them can be a disaster. Such tools are often barely steps above manual processes and don't respect their different, complementary roles.

1. Security-focused tools like vulnerability scanners are great at finding problems but lack the flexibility and automation IT needs.
2. IT-focused tools endpoint managers can push updates but are "blind" to risk, treating a critical Adobe patch and a minor driver update with the same priority.

This is where the "checks and balances" system breaks down. You don't have validation; you have a stalemate.

This is exactly why we built Tenable Patch Management. We believe security and IT should work together and have the visibility they need to validate each other's activities. They just need a platform that lets them do it.

Our solution is designed to respect this paradigm: it’s an integrated offering that gives both teams their own solution.

1. For security: Your team lives in Tenable One or Tenable Vulnerability Management. This is their command center for identifying risk. Using industry-leading data like the Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR), they do their job: sifting through the noise to pinpoint what is actually critical and needs to be fixed first.
2. For IT: Your team gets Tenable Patch Management. This is their purpose-built solution for remediation. It's not just a feature; it's an enterprise-grade patching tool.

This is where the magic happens.

Because the two are seamlessly integrated, the "checks and balances" become an automated workflow:

• Security validates the risk: They contextualize vulnerabilities in Tenable Vulnerability Management or Tenable One based on real-world threat intelligence and the organization’s unique asset criticality rating.
• The "hand-off" is automatic: Each vulnerability, with the exact patch needed, as well as its risk rating and the CVE(s) it fixes, automatically populates in Tenable Patch Management. The manual spreadsheet work is completely eliminated.
• IT validates the fix: The IT team now has the risk context (the "why") and a powerful tool to manage the "how" and "when." They can use flexible automation, scheduling, and granular controls to deploy the patch safely and efficiently, without breaking the business.
• Closed-loop visibility: When the patch is deployed, security can validate that the risk is remediated on their next scan.

This is how you turn friction into collaboration. You're giving each team a best-in-class solution that speaks the same language. You empower security to be the risk experts and IT to be the system experts.

That's how you finally stop the patching chaos and start building a secure, stable, and collaborative environment.

• Tenable Patch Management is available to users of Tenable One, Tenable Vulnerability Management, Tenable Security Center, and Tenable Enclave Security. Find out how you can unify your security and IT efforts here (link to product page)

Ping Identity announced “Identity for AI,” a new solution designed to secure the world of AI agents. As organizations embrace agentic AI to boost productivity and commerce, Ping Identity is redefining how enterprises enable this new class of autonomous digital identities, delivering visibility, access control, governance, and privilege oversight to build trust into every interaction. Identity for AI will help enterprises engage the agentic commerce channel, secure the autonomous workforce, and protect against adversarial AI … More →

The post Ping Identity offers protection against adversarial AI threats appeared first on Help Net Security.