Archive for May 14, 2026

Ransomware playbook: “Special price” offers included in 45% of negotiations

Posted in Commentary with tags on May 14, 2026 by itnerd

The latest findings from NordStellar, a threat exposure management platform, reveal that the number of ransomware attacks in Q1 2026 remained high, with 2,283 recorded incidents. An analysis of leaked ransomware negotiation conversations uncovers tactics and tendencies used by ransomware actors. Key findings include:

  • In 76.8% of the conversations ransomware groups threatened to publish or leak the data.
  • They often use upselling practices, including special price offers (45.5%) and offers to purchase other services, like “security audits.
  • The median discount in ransomware payments is 57%, with the highest recorded discount reaching as high as 96.2%.

The full report for the analysis of leaked ransomware negotiation conversations can be found here: Ransomware negotiations report

Leave a comment »

Exclaimer adds UKG Ready integration

Posted in Commentary with tags on May 14, 2026 by itnerd

Exclaime today announced the launch of its UKG Ready integration, expanding the company’s growing HRIS integration capabilities as organizations increasingly shift employee data ownership from IT-managed directories to HR systems of record.

According to SHRM’s 2025 State of the Workplace Report, fewer than half of HR professionals, just 43%, rate their organization’s HR technology as effective, with fragmented, poorly integrated systems cited as a leading barrier. Separate research from HR.com found that 81% of organizations experiencing poor HR system integration say it actively prevents them from achieving key HR goals. As a result, organizations are actively restructuring how employee data flows across their technology stacks, and HR systems are increasingly becoming the system of record.

As platforms like Workday and UKG Ready become the authoritative home for employee identity data, most communication tools, including email signature platforms, continue to rely on legacy Active Directory or Google Directory structures that HR teams do not own or control. This creates a persistent gap between where employee data lives and where it is applied.

Exclaimer is among the only email signature platforms building a dedicated, multi-system HRIS integration suite, and the only platform to offer UKG Ready connectivity alongside Workday. With the addition of UKG Ready, Exclaimer continues to expand one of the industry’s most comprehensive HR-focused integration strategies for email signature management, helping organizations automatically synchronize HR-managed employee data into email signatures and meeting themes.

Closing the gap between HR systems and employee communications

For many IT teams, keeping employee directories aligned with constantly changing HR data has become an ongoing operational burden. New hires, promotions, departmental changes, and employee departures often require manual updates across multiple systems to ensure communications remain accurate and compliant.

Exclaimer’s UKG Ready integration helps eliminate that gap by allowing organizations to automatically pull employee attributes from UKG Ready into Exclaimer through BindBee, its third-party data aggregation partner. When employee records are updated in UKG Ready, those changes automatically flow into email signatures and meeting themes (video call backgrounds and branding) without requiring manual intervention from IT teams or employees. Organizations retain control over which data fields are shared, with Exclaimer operating on a read-only basis to ensure data integrity and adherence to compliance requirements.

Reducing manual IT administration while improving governance

The integration also supports Exclaimer’s broader focus on centralized communications governance and automation.

Instead of relying on employees or IT administrators to manually manage signatures, organizations can automate signature updates directly from trusted HR systems, helping to reduce inconsistencies and improve operational control across the business.

For organizations using UKG Ready, the integration enables:

  • Automatic synchronization of HR-managed employee data into email signatures and meeting themes
  • Reduced manual administration for IT teams
  • Consistent employee information across outbound communications
  • Faster onboarding for new employees
  • Improved brand consistency and governance

The integration of UKG Ready follows Exclaimer’s recently announced Workday integration and forms part of the company’s continued investment in HR-driven employee data integrations.

Supporting the future of communications governance

As organizations manage increasingly fragmented communication environments, businesses are placing greater emphasis on automation, governance, and consistency across every digital touchpoint. Email remains one of the most business-critical communication channels, particularly for regulated industries where accuracy, auditability, and professionalism are essential.

By connecting trusted HR systems to employee communications, Exclaimer helps organizations maintain centralized control and ensure employee information remains accurate across all outbound interactions.

The UKG Ready integration is available now for Exclaimer Pro customers.

For more information, or to see Exclaimer’s Workday integration in action, visit exclaimer.com and start a free trial. For a full step-by-step walkthrough, visit the Exclaimer knowledge base.

About Exclaimer

Exclaimer is the global leader in email signature management for Microsoft 365 and Google Workspace. Its cloud platform enables organizations to centrally manage and automate email signatures and video meeting branding, ensuring consistent corporate identity, reducing brand and compliance risk, and meeting regulatory requirements across everyday business communications.

Built for IT and valued by Marketing and Compliance teams, Exclaimer eliminates manual updates, enforces brand governance, and gives organizations greater control over their most critical business communication channels.

Exclaimer is trusted by more than 9 million users across 75,000 organizations worldwide, including Sony, Mattel, Bank of America, NBC, the Government of Canada, the BBC, and the Academy Awards

Leave a comment »

AI Scraping puts World Cup, Olympics sports bettors & online sportsbooks at risk

Posted in Commentary with tags on May 14, 2026 by itnerd

Approov’s network monitoring and analysis has found that the World Cup will be the first major proving ground for AI-driven betting fraud, combining record-breaking volumes with high-speed AI tools.

Findings have just been published in “AI Scraping for Manipulation Makes Sports Betting Unfair – The World Cup is the Immediate Test, The LA28 Olympics are a Next Level.”

Indicators of upcoming activity were observed on the Approov Global Attestation Network.  For sportsbooks, this creates two problems that don’t get better with time:

  • Market distortion: Automated actors can move faster than human bettors, particularly in live‑in‑play and micro‑markets (such as first-scorer, goal/point totals, or player-specific props), which are expected to dominate World Cup betting.
  • Perception of unfairness: If regular users believe that bots and AI systems are always one step ahead, the sense of a “level playing field” collapses.

The analysis discusses a new generation of organized, AI-driven bad actors looking to fleece both bettors and betting platforms, with well‑resourced scrapers, arbitrageurs, and betting syndicates treating the World Cup as a high‑margin, high‑velocity data opportunity. It’s also a test lab for exploitation of other high-speed markets, real-time pricing-sensitive transactions, behavioral manipulation, API exploitation and consumer trust engineering.

Why does it all matter? Because when users believe that humans can’t compete, systems collapse.

More details here: https://approov.io/blog/threat-analysis-ai-scraping-for-manipulation-makes-sports-betting-unfair

Leave a comment »

Ericsson elevates Wireless WAN from failover to foundational 

Posted in Commentary with tags on May 14, 2026 by itnerd

As enterprises scale AI and data-driven operations, the financial and operational impact of network downtime has escalated, with costs ranging from thousands to over a million dollars per day. Recent research indicates a major network outage costs upwards of US$500,000, with more than one in three organizations indicating a $1 million price tag, making network resilience a critical, board-level priority. Traditional network strategies that treat cellular as a simple backup link are no longer sufficient for today’s always-on business demands. 

To address these evolving needs, Ericsson is enabling enterprises to shift their Wireless WAN strategy from a passive failover system to an active, operational layer of their network. Today, the company introduced the Ericsson Cradlepoint W2255, a next generation 5G adapter, and advanced Wireless WAN orchestration enabled by Ericsson NetCloud. This solution is designed to elevate cellular, giving organizations the visibility, management and troubleshooting tools to deploy multi-provider Wireless WAN networks at scale. The W2255 delivers 5G performance and flexibility based on 3GPP 5G SA Release 17 technology, with seamless Low Earth Orbit (LEO) satellite integration.  

Designed as a single indoor/outdoor model, its sleek industrial design is suitable for in-office deployments, while its ruggedized, IP67-rated shell can withstand harsh outdoor conditions, giving organizations deployment flexibility for each location. The W2255 offers a range of advanced features for uninterrupted connectivity, including: 

  • 10x Faster Carrier Failover: Using Dual SIM/Dual Standby (DSDS) on a single modem, the W2255 can switch to a standby carrier network up to 10 times faster when the primary link degrades, providing continuity for critical applications.  
  • Multi-WAN Visibility: The solution auto-detects and integrates LEO satellite traffic, providing telemetry for visibility and basic controls directly within NetCloud. This allows businesses to blend cellular and satellite links to provide both link and service provider diversity, while supporting a non-terrestrial connection to provide network resiliency in regions prone to severe weather.
  • 5G SA Multi-Slice Capability: The W2255 is multi-slice capable with support for User Equipment Routing Selection Policy (URSP), enabling predictable performance through prioritized network slices offered by carriers. This allows an enterprise to isolate critical Point-of-Sale (PoS) traffic on a carrier-backed, high-priority slice while routing best-effort guest Wi-Fi on another.  
  • Automated Carrier Selection: With support for eSIM and Carrier Selection Intelligence, the adapter can automatically run speed tests on first boot to identify and select the best-performing carrier at each specific location, eliminating the need for specialized onsite staff and complex manual configuration.  
  • Advanced Multi-WAN Capabilities: When combined with an Ericsson E-series router, organizations can scale up to five cellular connections and four LEO connections. NetCloud SASE’s SD-WAN and Intelligent WAN Bonding can orchestrate these connections to strengthen WAN resiliency, improve application quality of experience, and boost overall WAN performance—all while controlling costs. 

With a unified view of cellular health, LEO health, carrier SIM profiles, applications, security events, and connected cell towers, Ericsson’s solution enables IT teams to manage the full lifecycle of their Wireless WAN with greater efficiency. This centralized orchestration streamlines deployment, simplifies troubleshooting with AI-driven tools, to help branch offices, retail locations, and remote sites remain productive and secure as the organization scales. 

More information about the W2255 can be found here

Leave a comment »

npm Supply Chain Worm Uses Tor C2 to Steal Developer Credentials

Posted in Commentary with tags on May 14, 2026 by itnerd

CloudSEK’s TRIAD team has uncovered a sophisticated npm supply chain attack involving a typosquatted package named crypto-javascri, designed to mimic the widely used crypto-js library.

The package was published on npm on May 11 and carried a Rust-based binary that harvested npm and GitHub credentials from developer machines. Once executed, it used compromised maintainer accounts to silently republish trojanized versions of legitimate packages, turning a single infected developer environment into a wider supply chain risk.

What makes this campaign significant is its use of a weaponized Arti Tor client for command-and-control. This allows the malware to operate through Tor hidden services, making it harder for defenders to block infrastructure using conventional IP, domain, or certificate-based controls.

CloudSEK found that the malware targets Linux developer systems and CI/CD environments, establishes persistence through systemd user services, and includes credential theft, crypto-wallet targeting, cryptomining indicators, and privilege escalation capability.

The broader impact is serious: one compromised developer machine or CI/CD environment could allow attackers to push malicious updates under trusted maintainer identities, exposing downstream users who install what appears to be a routine package update.

The full report is here: https://www.cloudsek.com/blog/inside-a-tor-backed-supply-chain-worm 

Leave a comment »