BISON IT NEWS
Latest IT, Cyber Security & Cloud Updates
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify...
Read full article →Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in...
Read full article →Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like...
Read full article →Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second...
Read full article →The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes....
Read full article →Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian...
Read full article →EU court adviser says banks must immediately refund phishing victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. [...]...
Read full article →Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. [...]...
Read full article →Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...]...
Read full article →Microsoft: Hackers abusing AI at every stage of cyberattacks
Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. [...]...
Read full article →Cognizant TriZetto breach exposes health data of 3.4 million patients
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. [...]...
Read full article →CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]...
Read full article →How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, whil...
Read full article →Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this aut...
Read full article →‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the tar...
Read full article →Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts agai...
Read full article →Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild....
Read full article →Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »...
Read full article →Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line....
Read full article →Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool....
Read full article →Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system....
Read full article →Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group....
Read full article →Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed....
Read full article →Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. ...
Read full article →Cylake Offers AI-Native Security Without Relying on Cloud Services
Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty....
Read full article →North Korean APTs Use AI to Enhance IT Worker Scams
DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails....
Read full article →EU Auto Rules Shift Gears on Cybersecurity Standards
The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry....
Read full article →Iran's Cyber-Kinetic War Doctrine Takes Shape
Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one in the same....
Read full article →Cyberattack on Mexico's Gov't Agencies Highlight AI Threat
Using Anthropic's Claude, OpenAI's ChatGPT, and a detailed playbook prompt, a handful of cyberattackers reportedly gained access to government agencies and its citizens' data....
Read full article →Nation-State Actor Embraces AI Malware Assembly Line
Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses....
Read full article →Ring’s Jamie Siminoff has been trying to calm privacy fears since the Super Bowl, but his answers may not help
The facial recognition question is where things get more tangled....
Read full article →Palmer Luckey’s retro gaming startup ModRetro reportedly seeks funding at $1B valuation
The company launched its first product, a Game Boy-style handheld device called the Chromatic, in 2024....
Read full article →Will the Pentagon’s Anthropic controversy scare startups away from defense work?
On the latest episode of TechCrunch’s Equity podcast, we discussed what the controversy means for other startups seeking to work with the federal government....
Read full article →Owner of ICE detention facility sees big opportunity in AI man camps
AI data center developers are increasingly relying on a style of camp popularized as housing for men working in remote oil fields....
Read full article →TechCrunch Mobility: Rivian’s R2 gambit
Welcome back to TechCrunch Mobility, your hub for all things “future of transportation.” ...
Read full article →A roadmap for AI, if anyone will listen
The Pro-Human Declaration was finalized before last week's Pentagon-Anthropic standoff, but the collision of the two events wasn’t lost on anyone involved....
Read full article →Introducing OpenClaw on Amazon Lightsail to run your autonomous private AI agents
AWS launches OpenClaw on Amazon Lightsail to run OpenClaw instance, pairing your browser, enabling AI capabilities, and optionally connecting messaging channels. Your Lightsail OpenClaw instance is pre-configured with Amazon Bedrock for starting with your AI assistant immediately — no additional configuration required....
Read full article →AWS Weekly Roundup: OpenAI partnership, AWS Elemental Inference, Strands Labs, and more (March 2, 2026)
This past week, I’ve been deep in the trenches helping customers transform their businesses through AI-DLC (AI-Driven Lifecycle) workshops. Throughout 2026, I’ve had the privilege of facilitating these sessions for numerous customers, guiding them through a structured framework that helps organizations identify, prioritize, and implement AI use cases that deliver measurable business value. AI-DLC ...
Read full article →AWS Security Hub Extended offers full-stack enterprise security with curated partner solutions
AWS announces the general availability of AWS Security Hub Extended, a unified, full-stack enterprise security solution. It brings together AWS detection services and curated partner solutions through a single, simplified experience....
Read full article →Transform live video for mobile audiences with AWS Elemental Inference
AWS Elemental Inference is a fully managed AI service that automatically transforms live and on-demand video broadcasts into vertical formats optimized for mobile and social platforms in real time, enabling broadcasters to reach audiences on TikTok, Instagram Reels, and YouTube Shorts without manual editing or AI expertise....
Read full article →AWS Weekly Roundup: Claude Sonnet 4.6 in Amazon Bedrock, Kiro in GovCloud Regions, new Agent Plugins, and more (February 23, 2026)
Last week, my team met many developers at Developer Week in San Jose. My colleague, Vinicius Senger delivered a great keynote about renascent software—a new way of building and evolving applications where humans and AI collaborate as co-developers using Kiro. Other colleagues, Du’An Lightfoot, Elizabeth Fuentes, Laura Salinas, and Sandhya Subramani spoke about building and […]...
Read full article →Amazon EC2 Hpc8a Instances powered by 5th Gen AMD EPYC processors are now available
Amazon EC2 Hpc8a instances, powered by 5th Gen AMD EPYC processors, deliver up to 40% higher performance, increased memory bandwidth, and 300 Gbps Elastic Fabric Adapter networking, helping customers accelerate compute-intensive simulations, engineering workloads, and tightly coupled HPC applications....
Read full article →Top 10 trending phones of week 10
It's been a busy couple of weeks since the last installment of our trending chart. Samsung finally officially unveiled its Galaxy S26 series and unsurprisingly the Ultra is still the most popular device in our database. [#InlinePriceWidget, 14320, 1#] Nothing had its own event this week, which produced the second-placed phone - the Phone (4a) Pro, while the bronze medal came from Infinix and ...
Read full article →We examine the Samsung Galaxy S26 Ultra's Privacy Display
Samsung unveiled the Galaxy S26 series last week, which includes the Galaxy S26, Galaxy S26+, and Galaxy S26 Ultra. The S26 Ultra is the top-end model in the lineup, and one of its headline features is the Privacy Display. The Privacy Display is advertised as a zero-peek feature that makes it hard for others to see the contents on the Galaxy S26 Ultra's display when viewed from an angle. If you ...
Read full article →iPhone 17e, M5 Pro/Max, MacBook Neo, Nothing Phone (4a) Pro debut: Week 10 in review
This was officially Mobile World Congress 2026 week, but Apple decided to unveil some new tech, effectively hijacking some of the spotlight. Starting off with the iPhone 17e, a subtle update over the 16e. The new phone has a binned A19 SoC, starts off at 256GB and lacks a 128GB version, and brings the new C1X modem for better connectivity. Most importantly, the 17e costs the same $599 despite th...
Read full article →Weekly deals: Galaxy S26 series launches, while the iPhone 17e goes on pre-order
It was MWC week, but the newly unveiled devices will not be available for a while – certainly not this weekend, anyway. What is available now is the Galaxy S26 series. Also, Apple launched several new devices this week, which can be pre-ordered now (and will be available from March 11). We published our Samsung Galaxy S26 Ultra review a couple of days ago. While it’s not the most exciting upgrad...
Read full article →Weekly poll: will you buy the Apple iPhone 17e?
Apple can be quite frustrating – at first glance, the iPhone 17e barely seems to upgrade anything at all. But the more you look at its spec sheet, the more you start to think “this might actually be worth it.” Do you agree? First, let’s go over the upgrades – this will be short. The new phone features an Apple A19 chipset, bringing a ton of performance for what is technically a mid-ranger. It al...
Read full article →Infinix Note 60 Ultra in for review
Wow! We had to start this unboxing with an exclamation, because the Infinix Note 60 Ultra truly deserves it. There are so many phones named Ultra on the market nowadays, but very few among them justify the name quite like the Infinix Note 60 Ultra. Pininfarina is a big part of that. The Italian design firm popular for designing cars has been at it for nearly a century now, and it clearly isn't l...
Read full article →