Morphisec

CISA's new 72-hour patching mandate is well-intentioned. It's also mathematically guaranteed to fail. AI-powered exploit tools can discover a flaw, build an attack, and launch it in hours. A 3-day window isn't a fast response - it's a slow one dressed up as urgency. Rushing patches through complex government infrastructure without proper testing doesn't make systems more secure. It creates instability - exactly what adversaries are waiting for. The real answer isn't patching faster. It's making vulnerabilities unexploitable before a patch exists. Morphisec CMO Brad LaPorte in SC Media - Link in the comments.

Recovery matters. But recovery is not ransomware prevention.    Too many cybersecurity conversations still frame ransomware resilience around:  🔹Faster rollback  🔹 Immutable backups  🔹 Snapshot recovery  🔹 Restore orchestration    Those capabilities are important. But they all assume the attack already executed.    And in today’s threat landscape - where AI-driven attacks can move laterally in seconds and ransomware operators increasingly prioritize data exfiltration over encryption - that assumption becomes incredibly risky.    In our latest blog, our head of worldwide sales engineering Tommy Perniciaro explores:  ✅Why recovery-first security models are falling behind  ✅The architectural difference between pre-execution and post-execution defense  ✅Why AI-driven ransomware changes the economics of detection and response  ✅How prevention-first cybersecurity helps stop attacks before encryption begins  ✅Why modern CISOs need to rethink where protection activates in the kill chain    One of the most important questions security leaders should ask vendors today: “At what point in the attack lifecycle does your defense actually fire?”    That answer matters more than ever. Read the blog - link in the comments.

Paying the ransom doesn't guarantee recovery - and VECT 2.0 proves it. We recently analyzed this ransomware and found something that should reframe every conversation about ransomware response: the malware's own design breaks files in ways its decryptor can't fix. Three of four encryption keys are never saved. Files get renamed before encryption even starts. A buffer mismatch can corrupt files mid-process. Race conditions between threads leave some files renamed, others partially encrypted, others somewhere in between. The attacker's decryptor assumes everything went cleanly. It rarely did. This isn't a bug they forgot to patch — it's what happens when you build fast and sloppy malware and then promise victims a recovery you can't deliver. The takeaway isn't new, but it's never been more concrete: once ransomware runs, you're gambling. Prevention isn't a preference — it's the only option that actually works. Read our mention in Cybersecuritynews and the full research blog - links in the comments.

A zero day in the very tool you trust to catch zero days just handed attackers SYSTEM access on fully updated Windows. RoguePlanet, now tracked as CVE-2026-50656, is a privilege escalation flaw in Microsoft Defender itself. The public proof of concept reportedly works whether real time protection is on or off. Microsoft has confirmed the flaw and says a patch is still in development. In this blog, Morphisec CMO Brad LaPorte breaks down what RoguePlanet means for the millions of organizations running Defender, and why a flaw inside your detector is a problem that detection can never solve. Read the full blog - link in the comments.

Is your EDR enough to stop today's ransomware? Join us June 24 at 11 AM ET for a live demo and find out exactly where the gaps are - and how to close them. Our security engineers will walk through real-world attack scenarios and show how Morphisec stops them cold, before they execute. Spot is free. Register here: https://t.co/8iAj0wJeZS

BabaDeda is back, and this time it is built to disappear. In April 2026, Morphisec prevented multiple campaigns targeting education and financial organizations using a heavily evolved version of the BabaDeda loader. It enters through a ClickFix prompt, hides its payload inside ordinary looking storage files, and decodes the malicious code only moments before it runs in memory. By the time most tools could react, the chain is already complete. In this blog, Morphisec Threat Labs breaks down how the reborn BabaDeda loader works, why file and signature based detection cannot see it, and why prevention before execution is the only reliable answer. Read the blog for the full breakdown, with the deep technical report and IOCs attached - links in the comments.

For years, cybersecurity has been built around a simple premise: detect threats as quickly as possible.  But what happens when attackers use AI to move faster than security teams can respond?     Generative AI is helping threat actors automate reconnaissance, accelerate exploit development, craft more convincing phishing attacks and scale campaigns like never before. At the same time, organizations are trying to secure a workforce that now includes employees, contractors, cloud applications and even AI agents.  The result? Security leaders are rethinking whether detection alone is enough.  In the latest Gartner Hype Cycle for Workspace Security, one emerging technology gaining attention is Automated Moving Target Defense (AMTD) — a proactive approach that continuously changes runtime environments to make systems harder to exploit and attacks harder to execute.  In our latest blog, we explore:   ✅ Why workspace security is evolving beyond device-centric protection  ✅ How AI is changing the economics of cyberattacks  ✅ The growing challenge of fileless, in-memory and identity-driven threats  ✅ Why prevention is becoming a strategic priority for CISOs  ✅ What AMTD means for the future of cyber resilience   If you're evaluating how to strengthen your security strategy against increasingly evasive and AI-assisted threats, this is a trend worth paying attention to.  📖 Read the blog and download a complimentary copy of the Gartner Hype Cycle for Workspace Security, 2026 - Links in the comments.

The patching window is gone. Not shrinking - gone. In late May, a researcher dropped six weaponized Windows zero-days publicly. No vendor noticed. No disclosure window. Three were actively exploited before Microsoft had even started building a patch. A second dump is coming mid-July. The reactive security model — detect, alert, patch, repeat — was built on the assumption that time exists between discovery and exploitation. That assumption is dead. When zero-day code executes, EDR has an impossible job: match a signature that doesn't exist yet. By the time the alert fires, the damage is done. The only model that works at machine speed is one that doesn't wait for detection at all — stopping exploits at the memory level before they ever run. The question for every security leader right now: "If an unpatched Windows exploit ran in our environment today — would we stop it before execution?" If the answer isn't an unqualified yes, you're on borrowed time. Read our latest article by Brad LaPorte in SecureBlitz - link in the comments.

Law firms are entering a new era of cyber risk. AI-powered legal tools are transforming research, e-discovery, contract analysis, and client service workflows — but they’re also expanding the attack surface in ways many firms aren’t prepared for. At the same time, threat actors are using AI to launch faster, more evasive ransomware and fileless attacks that traditional detection-based security tools struggle to stop. The result? A growing AI security gap inside modern legal environments. In our latest blog, we explore: - Why law firms have become high-value cyber targets - How AI is reshaping legal cybersecurity risk - Why traditional EDR tools are struggling against modern attacks - The growing risk to attorney-client privilege and compliance - Why prevention-first security matters in the AI era If your firm is adopting AI-powered workflows, this is a conversation worth having now… before attackers force it later. Read our blog - link in the comments.

Hot take: Zero Trust doesn’t stop breaches. (Yeah, we said it.) And yes - ✔️It reduces risk. ✔️It limits access. ✔️It verifies identity. But it doesn’t stop what happens after execution begins. And that’s where most security strategies fall apart. So what actually works? Stopping the attack before it executes. That’s the idea behind preemptive cyber defense, and why it’s becoming critical in an AI-driven threat landscape. We broke it down visually in this infographic: ✅Where Zero Trust fits ✅Why detection isn’t enough ✅How preemptive defense changes the outcome Because the goal isn’t just better detection. It’s Zero Breach. Full infographic link in the comments.