AppOmni has launched Marlin AI, an autonomous investigation tool designed to tackle the growing complexity of securing software-as-a-service applications, where misconfiguration remains the primary security vulnerability. Marlin automatically detects suspicious configuration settings across multiple SaaS apps, investigates their severity by analyzing related activities like unusual downloads or IP addresses, and recommends remediation actions—work that typically requires manual analysis by security teams. While Marlin can autonomously fix issues within AppOmni's platform, it stops short of making automatic changes to customer SaaS applications like Salesforce, as companies remain hesitant to grant third-party admin rights to their data.

Iranian hackers are using a combination of phishing emails and search engine manipulation to deliver two new malware variants called MiniFast and MiniJunk V2. The attackers are leveraging SEO poisoning techniques to boost malicious websites in search results, tricking users into downloading the malware which can steal sensitive information and establish persistent access to compromised systems. Security researchers say this campaign demonstrates how threat actors are increasingly combining multiple attack methods to improve their chances of successfully infiltrating targets.

India's cybersecurity agency CERT-In is now recommending that organizations patch internet-facing vulnerabilities within just 12 hours, a dramatic reduction from previous guidelines. The new urgency stems from the rise of AI-assisted attacks that can discover and exploit security flaws much faster than traditional methods. This marks a significant shift in cybersecurity response times as artificial intelligence continues to accelerate the speed of cyber threats.

MFA prompt bombing, also called "push fatigue," is a cyberattack technique where hackers flood users with repeated multi-factor authentication push notifications until the victim accidentally or deliberately approves one just to stop the alerts. Security experts warn this tactic exploits human psychology and notification fatigue, making even MFA-protected accounts vulnerable when attackers have already stolen passwords through phishing or data breaches. Organizations are now encouraged to move away from simple push-based authentication toward more secure methods like number matching or hardware security keys.

Microsoft has released security patches for CVE-2026-45659, a remote code execution vulnerability affecting multiple versions of SharePoint Server. The critical flaw allows attackers to potentially execute arbitrary code on vulnerable systems, prompting Microsoft to prioritize fixes across its SharePoint server lineup. System administrators are urged to apply the patches immediately to protect their installations from potential exploitation.

A new webinar from The Hacker News is highlighting the emerging threat of AI-powered DDoS attacks that are becoming increasingly sophisticated and harder to defend against. Experts warn that artificial intelligence is fundamentally reshaping the attack landscape, making traditional defense strategies less effective. The session aims to teach security professionals new techniques for combating these smarter, AI-driven distributed denial of service attacks.

Dark Reading is marking its 20th anniversary by honoring the memory of co-founder and former editor-in-chief Tim Wilson, who passed away five years ago this November after a brief battle with cancer. Wilson was instrumental in establishing Dark Reading's reputation for smart security journalism and created pioneering initiatives like the INsecurity conference for security professionals, setting a standard of innovation and dedication to the cybersecurity community that continues to shape the publication today. As the editorial team has nearly doubled in size since his passing, current editor Kelly Jackson Higgins says continuing Wilson's mission of serving industry leaders and professionals remains the best tribute to his legacy.

Security researchers have discovered "Underminr," a new vulnerability affecting approximately 88 million domains that allows attackers to hide malicious connections behind legitimate, trusted domains. This technique is a variant of domain fronting that exploits shared content delivery network infrastructure by presenting one domain's credentials while routing requests to a different, potentially malicious tenant on the same server. Experts warn that as AI-generated malware becomes more sophisticated, Underminr could soon appear in every attack attempting to evade protective DNS systems.

The Cybersecurity and Infrastructure Security Agency has added a SQL injection vulnerability in Drupal Core to its Known Exploited Vulnerabilities catalog, indicating the flaw is being actively exploited in the wild. This addition signals that threat actors are successfully targeting the weakness to compromise Drupal-based websites. Organizations running Drupal are urged to apply security patches immediately to protect their systems from potential attacks.

A critical vulnerability in the LiteSpeed cPanel plugin is being actively exploited, allowing attackers to execute scripts with root-level privileges on affected systems. The flaw, tracked as CVE-2026-48172, poses a serious security risk as root access grants complete control over a server. System administrators running LiteSpeed with cPanel are urged to update immediately to prevent potential compromises.