X-Industry

Attached is a Cybersecurity Matrix that maps 28 key cybersecurity domains into a single view.
This is a useful reference for security professionals, leaders, auditors, students and anyone looking to understand how cybersecurity fits together as a complete ecosystem.

This matrix was provided by Izzmier Izzuddin Zulkepli, through his recent LinkedIn post.    Many Thanks.
https://my.linkedin.com/in/izzmier?trk=public_post_feed-actor-name

This article is shared at no charge for educational and informat

Microsoft has issued a warning about an active cryptojacking campaign that uses AI chatbot interactions to impersonate legitimate systems and direct users to malicious download sites.  Once victims click the links, threat actors establish persistent remote access to compromised computers, potentially enabling further activities such as data theft or ransomware deployment.  The campaign, detailed in a report from Microsoft Defender Experts and the Microsoft Defender Security Research Team, repres

The Artificial Intelligence (AI) data center insurance market is expanding rapidly due to the increasing adoption of AI technologies, rising cyber threats, and heightened demand for comprehensive risk management solutions.  For decades, insurance has relied on historical averages and pooled risk.  That model is breaking down; over the past several years, insured losses from natural catastrophes have exceeded US$100 billion each year.  In Canada, they were the costliest ever.  The country’s wildf

As AI adoption continues to grow, threat actors have wasted no time exploiting the trend. FortiGuard Labs recently observed a campaign delivering malicious files disguised as AI-related documents, with titles such as "AI-Ready PostgreSQL 18: Building Intelligent Data Systems" and " A Guide for Thinking Marketers in the Age of AI."

These lures

The zLabs research team at mobile security firm Zimperium has identified a new Android banking trojan named Rokarolla.  This highly invasive malware is named after its command-and-control infrastructure (the server network that threat actors use to send instructions to infected phones).  According to zLabs researchers, this trojan is unusual in that it combines financial fraud with total device surveillance and can target 217 different cryptocurrency and banking programs.[1]

Attack chain explain

Last March 2026, FortiGuard Labs discovered a new Gafgyt botnet variant, C0XMO, that spreads by exploiting CVE-2021-27137. Our analysis revealed that, unlike earlier versions, this malware separates its lateral movement into a standalone Python script.  This approach helps the attacker target various system architectures and device types more efficiently.  Below is a detailed technical overview of its structure, propagation methods, and attack features.[1]

Link to full report:  IR-26-165-001_X p

The Australian federal government has announced new regulations for telecommunications companies following a massive Optus data breach, which resulted in millions of customers' personal information being accessed.  Under the new regulations, Communications Minister Michelle Rowland said information from affected companies could be shared with financial institutions when required to prevent or respond to cyber security incidents and must then be destroyed.[1]

Here's what we know so far, and what

Ubiquiti is a networking and infrastructure company, whose products have become popular with small to medium sized businesses like schools, retail organizations, or even tech enthusiasts.

Ubiquiti’s products are built around the idea of centralized management for things like networking and wireless infrastructure, surveillance, and physical security.  The UniFi product line is representative of this goal and contains items like wireless access points, switches, security gateways, routers, survei

Starting 11 June, the FIFA World Cup 2026 will unite fans, teams, sponsors, broadcasters, hospitality providers, and businesses in one of the world’s largest sporting events.  It also presents a significant opportunity for cybercriminals.

Major international sporting events create great anticipation, attract high search volume, evoke strong emotions, and drive large volumes of digital transactions.  Fans are searching for tickets, travel offers, merchandise, live streams, betting sites, job open

Law Enforcement in Philadelphia, PA are looking for the person who they said took thousands of bottles of bourbon from a warehouse in what was called a “coordinated cargo theft operation carried out in broad daylight.”

Police said a driver of a tractor-trailer drove up to the warehouse, showed identification, and loaded 18 pallets of Noble Oak bourbon before driving off, The New York Times reported.[1]

Noble Oak Double Oak Bourbon is a 90-proof bourbon finished with sherry oak, giving it a golde

Cybersecurity researchers at Palo Alto Networks’ research division, Unit 42, have reported a large-scale malvertising scam running since late 2025.  In this scam, called Operation FlutterBridge, cybercriminals are using fake Google search ads to lure Mac owners into downloading malware.  According to Unit 42’s investigation, hackers first set up fake companies to buy verified Google ads and use them to evade safety checks. When users search for tools, these ads pop up and download apps that look

The US Federal Bureau of Investigation (FBI) has issued a public service announcement warning organizations and individuals about Kali365, a Phishing-as-a-Service (PhaaS) platform first observed in April 2026.  The service is distributed primarily through Telegram and enables even less-technical attackers to hijack Microsoft 365 accounts by stealing OAuth access and refresh tokens, bypassing the need for passwords or multi-factor authentication (MFA).  This gives almost anyone the means to carry

Telecom Italia warned ransomware attacks surged in 2025 as cybercriminals used AI and automation to scale campaigns, cautioning that rapidly evolving technology and geopolitical tensions are reshaping digital risk.  In the second edition of its Cyber Security Report produced alongside Italy-based non-profit Cyber Security Foundation, TIM said ransomware claims topped 7,400 globally in 2025, up 42% compared to 2024.[1]

The report pointed to malware campaigns affecting entities in around 200 count

A China-linked cybercrime syndicate tracked as TA4922 is actively expanding its phishing campaigns to target organizations across multiple regions. New research finds that the financially-motivated group, historically focused on East Asian networks, has now hit entities in Germany, Italy, South Africa, and the UK.

TA4922 is known to share overlapping tradecraft with the Silver Fox espionage group but primarily pursues financial objectives, including massive data theft, corporate fraud, and persi

For years, cybersecurity professionals have treated vulnerability management as an insular IT operational metric, measured by patch cycles, ticket queues, and scan counts.  But a new, data-driven report from Moody's Ratings elevates software vulnerabilities to where they ultimately belong: a material factor in enterprise creditworthiness and organizational resilience.[1]

The report, titled "Risks posed by unpatched software flaws vary by industry and region," analyzes two years of telemetry acro

Using FreeWave Zentry Solution and REDXRAY together can help organizations significantly strengthen cyber resilience by improving visibility, reducing operational risk, and accelerating response to emerging threats.

FreeWave Zentry is an engineered, prevention-first Zero Trust network overlay purpose-built for critical infrastructure and OT/IIoT environments that makes assets functionally invisible to unauthorized users and automated threats through a resilient cryptographic fabric, while REDXRA

The researchers developed the AllFaith Benchmark, one of the first multi-faith test sets that examines how AI systems engage with a range of religions. They tested 14 different AI models, including flagship models from Anthropic, Google, xAI, and OpenAI.

The results are telling.  A survey of 1,125 Americans found that most people expect religious perspectives when asking ethics questions, but nearly every model failed to include any. More surprisingly, the models showed clear conversion bias, su

In the corporate world, substantial budgets, resources, and technical ingenuity are routinely dedicated to securing networks, hardening firewalls, fine-tuning endpoint detection, and monitoring cloud configurations.  A new report from ScamZero forces a look at an equally devastating and rapidly evolving theater of conflict: the consumer and workforce fraud ecosystem.

The 2025-2026 Scam Report from ScamZero highlights a massive, sophisticated market that has evolved into a fully professionalized

Researchers at Barracuda have identified CypherLoc, a clever web-based scam that locks internet browsers and then tricks people into calling fraudulent technical support lines.  Since the beginning of 2026 the kit has been used in around 2.8 million attacks worldwide.  The deception represents a new evolution in so-called scareware, moving away from installing obvious harmful software and instead operating entirely inside the victim's web browser.  It relies on fear and confusion rather than tra

For years, the United States federal government's Known Exploited Vulnerabilities (KEV) Catalog has served as an essential operational anchor for vulnerability management.  Despite its authority, the cybersecurity community has wrestled with a frustrating structural bottleneck: the catalog has traditionally operated as a trailing indicator.  US, DHS CISA had to privately validate in-the-wild exploitation before publishing, occasionally warning network defenders’ days or weeks after threat actors