This Halloween, a cheap LED party mask could do more than make you glow — it might let a stranger a few yards away swap your grin for a fox, a pumpkin, or whatever image they please. Security researchers at Bishop Fox have turned a seasonal gadget into a case study in how anecdotally safe — but technically sloppy — consumer electronics can become a live demo of insecure-by-design Internet-of-Things. Their work shows that numerous Bluetooth Low Energy (BLE) LED masks, many of which are...| Enterprise Security Tech
When Microsoft disclosed a critical flaw in its Windows Server Update Services (WSUS) platform earlier this month, few expected the exploit to escalate this quickly—or this creatively. Just days after the company’s out-of-band fix was released on October 23, attackers began weaponizing the vulnerability, designated CVE-2025-59287 , to infiltrate enterprise environments and hijack the very infrastructure meant to distribute trusted software updates. The Darktrace Threat Research team, wh...| Enterprise Security Tech
In the evolving theatre of cyber-conflict, large-scale breaches are no longer just the result of a single dramatic failure—now they are nearly always the result of many smaller failures colliding. According to recent analysis by Panaseer —a specialist in continuous controls monitoring—the statistic that sets the alarm bells ringing is stark: 70 % of major breaches stem from “toxic combinations” of overlapping cybersecurity risks. Understanding the domino effect The term toxic comb...| Enterprise Security Tech
When high-profile campaigns by groups like LAPSUS$ and Scattered Spider make headlines, they often leave the strong impression of technical wizardry: zero-days, clever malware, intricate breaches. But according to research from Flashpoint , that narrative misses the more profound evolution underway. Gone are the days when data extortion simply meant bulk-stealing databases: the playbook has matured to target the single most vulnerable link in modern enterprise security— human identity and...| Enterprise Security Tech
