APT28 (Fancy Bear, GRU Unit 26165) has shifted from classic phishing and malware to a hybrid approach that begins on compromised home and SOHO routers and finishes inside Microsoft 365 environments—using DNS hijacking and a cloud-native malware toolkit called “AUTHENTIC ANTICS” to steal OAuth tokens and live cloud content. That contrast—network infrastructure compromise at the […]
GitHub is rolling AI-powered security detections into the same workflow where developers review code, pairing those models with CodeQL static analysis to extend coverage into Shell/Bash, Dockerfiles, Terraform, PHP and other gaps in traditional scanning. The payoff is broader, earlier detection and faster remediation; the trade-off is additional governance and human review to catch AI […]
AI coding assistants are not just speeding up software delivery. They are shifting risk from obvious coding mistakes toward harder-to-find architectural weaknesses, while autonomous AI agents add a second layer of exposure through permissions, data access, and tool use that traditional software controls do not fully cover. What changed in practice Apiiro’s research points to […]
