Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several likely linked to broader criminal activity in the region. Nearly all legitimate organizations mimicked by these phishing services were non-Chinese entities, suggesting that activity rarely targets China itself. Researchers noted that Telegram serves as a common channel … More →
The post Chinese phishing gangs grow into a force to be reckoned with appeared first on Help Net Security.
Cybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures.
Key takeawaysFor the cybersecurity leaders and practitioners who attended EXPOSURE 2026 in Boston this week, the event could not have come at a better time.
While momentum for exposure management as a means to proactively reduce cyber risk has been building for more than a year, recent rapid advances in frontier AI models have made it even more critical.
EXPOSURE ‘26 attendees arrived at Boston’s historic Park Plaza Hotel on Monday, May 18, 2026, just six weeks after Anthropic unveiled its groundbreaking frontier model, Claude Mythos Preview. They showed up with pressing questions about securing AI, the impact of frontier AI models on cybersecurity, and how exposure management can address all that and more.
They left with clear answers, following an intensive day of training and two days of thought-provoking mainstage and breakout sessions featuring Anthropic Field CTO (Cyber) Brett Andrews, CISOs from GEICO, Smithfield Foods, Munich Re, and EōS Fitness, and Tenable experts.
EXPOSURE 2026 gave attendees a rare opportunity to catch their breath amid the escalating, machine-speed pace of cybersecurity. It kicked off with an immersive day of training that provided attendees with a blueprint for building a successful exposure management program. And it offered them a chance to compare notes with peers and work collaboratively to develop a game plan for protecting their organizations from AI-powered adversaries with exposure management at its core.
Cybersecurity’s quadruple AI challengeFour challenges that AI creates for cybersecurity underpinned every session at EXPOSURE 2026:
Anthropic’s Andrews discussed the impact of frontier models on cybersecurity, the threat landscape, and how defenders can leverage AI to their advantage.
To illustrate what organizations are up against, several presentations highlighted the sharp contrast between the steady acceleration in vulnerability discovery and exploitation, and the simultaneous deceleration in organizations’ patching and remediation.
Tenable CTO Vlad KorsunskyIn 2021, for example, the median time to exploit was 84 days, according to Zero Day Clock. Today, it’s 1.6 days. Meanwhile, in 2025, it took organizations an average of 43 days to patch critical CVEs, up 34% from 32 days in 2024, according to data that Tenable Research contributed to the 2026 Verizon Data Breach Investigations Report (DBIR), which was released on the first day of EXPOSURE 2026.
Referencing additional data from the DBIR, Tenable Chief Product Officer Eric Doerr noted that 31% of breaches in 2025 began with an unpatched CVE as the initial access vector. This trend will likely intensify, as frontier AI models accelerate vulnerability discovery, unless security teams adapt.
Doerr also spoke to data from Tenable showing that nearly two-thirds of breaches begin with something that isn’t a CVE, such as a misconfiguration, stolen credential, or exposed secret. He used this stat to prove the point that if you’re only concerned about CVEs, you’re leaving two-thirds of your organization’s attack surface exposed. It’s this other attack surface beyond just CVEs that exposure management addresses.
Tenable Chief Product Officer Eric Doerr AI-powered exposure management: the blueprint for preemptive defensePresenters used these and other statistics from the DBIR, Tenable’s own telemetry, and other sources to make the case for cybersecurity transformation focused on a preemptive and much more autonomous defense.
They showed how explosive, enterprisewide adoption of AI combined with AI-enabled threat actors requires that organizations build these exposure management capabilities into their cybersecurity programs:
Tenable CSO Robert Huber shared his experience transforming his vulnerability management program and team into an exposure management program and team, which began two years ago. The impetus was the challenge that Huber and his team faced every quarter when he needed to report on cyber risk to the board of directors: His team had to manually gather, aggregate, harmonize, and analyze data from 50 different security tools that each had their own unique way of reporting on risk. Now, Huber’s team can produce reports in minutes. They’ve also extended their scope of visibility from less than 10,000 assets to more than 100,000 assets and reduced alert to ticket volume by 1,500 to 1, all with the same number of staff.
A live AI vs. AI attack simulation created and led by Tenable Researchers Robert McSulla and Ben Smith demonstrated the capabilities of a fully autonomous, agentic defense against a fully autonomous, agentic adversary.
McSulla and Smith impressed several key points upon their audience, including:
Amid the seriousness of cybersecurity, attendees got to pick out custom Converse sneakers featuring Tenable’s iconic new branding.
The "Sneaker Bar" at EXPOSURE 2026EXPOSURE attendees also had the chance to experience the perfect summer evening at Fenway Park, home of the Boston Red Sox.
An evening at Fenway Park during EXPOSURE 2026 Tenable announcements at EXPOSURE 2026EXPOSURE 2026 was punctuated by a host of significant announcements from Tenable, including:
Detectify has unveiled the Detectify MCP (Model Context Protocol) Server, a new integration layer that brings Detectify’s security testing engines directly into AI-driven development workflows, helping coding agents find and validate exploitable vulnerabilities and interpret attack surface data with greater precision. As organizations increasingly rely on AI agents to write, refactor, and modernize code, software production is accelerating faster than many security teams can realistically review or govern. While AI-assisted development can eliminate common coding … More →
The post Detectify brings AppSec automation to AI agents with MCP Server and continuous testing appeared first on Help Net Security.
Microsoft Defender for Endpoint has introduced automatic device isolation, a proactive containment capability that disconnects compromised workstations from the network the moment a high-confidence attack is detected without waiting for human intervention. Microsoft Defender for Endpoint can now automatically isolate compromised devices as part of its broader Automatic Attack Disruption framework. When the platform identifies […]
The post Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware appeared first on Cyber Security News.
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro noted, and credited the incident response team of its TrendAI enterprise cybersecurity business for reporting it. About Trend Micro Apex One Trend Micro Apex One is a security platform that protects all the devices in an organization … More →
The post Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) appeared first on Help Net Security.