Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to researchers at Varonis. “For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publication on the Chrome Web Store,” Varonis says.

Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages. “Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.

A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, Infosecurity Magazine reports. Additionally, 71% of business leaders believe at least one of their employees would fall for a convincing phishing attack, and fewer than half (45%) of organizations have ensured that all of their employees have received basic cyber awareness training.

A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool. “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says.

One of my first intentional “to-dos” this year has been spending time with the World Economic Forum’s Global Cybersecurity Outlook 2026, a report I was privileged to actively contribute to over the past year. For KnowBe4 customers, this report offers more than trend analysis. It provides a baseline of where organizations stand today, what separates resilient organizations from less resilient ones, and why the human factor is now central to cyber resilience.

With organizations collecting and storing massive amounts of personal data these days, much of which people share freely, we need to become better at protecting data on both the storing and sharing side of things. Organizations must have strong data protection measures in place and everyone should start being more digitally mindful when sharing their own personal data. Ultimately, being careful of what we put out there is the best way to reduce cyberattacks and data breaches.

Forty percent of employees have never received cybersecurity training, according to a new report from Yubico. That number rises to nearly sixty percent for employees working for small businesses. The report surveyed 18,000 employed adults from the US, the UK, Australia, India, Japan, France, Germany, Singapore, and Sweden. “Our research finds that 4 in 10 (40%) employees have never received training on cybersecurity in any form,” Yubico says.

Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports. QR code phishing (quishing) is already more difficult to detect, since these codes deliver links without a visible URL. Attackers are now using QR codes with colors, shapes, and logos woven into the code’s pattern. “Fancy QR codes further complicate detection,” Help Net Security says. “Their layouts no longer resemble the familiar black and white grid.

For those of you who are like me, when I first heard about the new EU AI Act, I had flashbacks to the implementation of the General Data Protection Act (GDPR) back in 2018. There are certainly a lot of similarities with the EU leading the way in consumer protections that will likely lead to more, similar legislation across the globe. I’m also reminded of the iPhone when it was introduced in the consumer market and bled into the workplace (I for one held onto my Blackberry for as long as I could).