Researchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitimate infrastructure, they’re much more likely to land in users' inboxes.

Attackers are abusing the storage and sharing features of Kuse, a free AI app, to assist in phishing campaigns, according to researchers at Trend Micro. Kuse is a legitimate agentic AI platform used by employees to streamline workflows. Users can share files with coworkers, which generates a link hosted by Kuse’s domain. In this case, attackers are abusing the share feature to generate legitimate-looking phishing links.

Security leaders know the threat is real. Getting finance to agree is a different problem. Brand protection ROI is calculable, but most teams never build the model, so the budget request dies in review. The core formula is straightforward: add avoided fraud losses, account takeover (ATO) remediation savings, churn prevention value, and analyst time recovered, then subtract software cost and edivide by that cost.

A disaster recovery plan is only useful if it works when you need it most. But many organizations avoid testing because they worry about downtime, data loss, or interrupting employees and customers. That is where disaster recovery testing comes in. With the right approach, you can validate your recovery strategy, check whether your backups are usable, confirm your recovery time objectives, and identify gaps without taking critical systems offline. The goal is not to create risk for the business.

Today, Cato Networks announced an integration of Cato XOps with the Cyera AI-native Data Security Platform Management (DSPM). The integration brings Cyera’s data security telemetry directly into Cato XOps, giving security teams visibility into the sensitivity and exposure of data involved in security events. In today’s distributed environments, data lives across the cloud, SaaS, endpoint, and network.

On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.

When a cyber incident occurs, every second matters. Organizations with an incident response retainer can act immediately, while others are still trying to define their response strategy.