AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can complete cybersecurity tasks autonomously compared to human experts. “In February 2026, we estimated that frontier models’…
Category: AI
AI, Global Security News
Most Organizations Now Use AI Agents for Sensitive Security Tasks
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
What CISOs need to land a board role
Cybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be viewed as too technical to win the support needed. One…
AI, Global Security News
US charges suspected Dream Market admin arrested in Germany
The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. […]
AI, Global Security News
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
AI, Apps, china, Endpoint, Europe, Exploits, Global Security News, malware, Network Security, Russia
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…
AI, Apps, Compliance, Global Security News, Risk Management
HYCU Launches New Capability for Backup Data Use
HYCU, a SaaS data protection company, is launching aiR (AI Resilience), a new capability inside the HYCU R-Cloud platform. The new capability turns backup data into a live intelligence layer for security, compliance, and risk teams. AI Resilience solution leverages backup records to observe AI use It takes the backup records organizations have of who…
AI, Global Security News
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic symbols and printed circuit board footprints. Layout of a printed circuit board made using…
AI, Global Security News
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score:…
AI, APAC, Apps, Endpoint, Global Security News
How Southwest Airlines is putting endpoint operations on autopilot
As digital tools become more central to its operations, Southwest Airlines is increasingly turning to AI and automation to prevent endpoint issues from affecting the sprawling airline. The new tools allow the company’s IT team to take a more strategic, rather than reactive, approach to operations, said Derek Whisenhunt, head of end user computing at…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
Nitrogen Ransomware claims massive data theft from Foxconn
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…
AI, Exploits, Global Security News
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the…
AI, Cybersecurity, Global Security News
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
AI, APAC, Global Security News, Network Security
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases over ordinary HTTPS connections. Data loss prevention products scan documents and network traffic, and…
AI, Global Security News
Closing the AI governance gap in your enterprise
In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI adoption is outpacing governance maturity by a wide margin, creating friction between security teams pushing…
AI, Global Security News, Network Security
Machine identities outnumber humans 109 to 1
Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human identities by 56%, based on data from Palo Alto Networks’…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating and supporting cybersecurity-related matters across the country,…
AI, Global Security News
TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.
AI, Global Security News, Network Security
Reinvent Debuts REVIVE Command Center for Partners
Reinvent Telecom, a technology ecosystem platform provider, has announced the launch of REVIVE, a unified command center for partners to manage their Reinvent-powered technology businesses. Platform centralizes customer accounts, services records, and more REVIVE provides partners with a centralized way to manage customer accounts, access solution information, monitor services, and support ongoing customer needs through…
AI, Apps, Global Security News, Government & Policy, Risk Management
Fired employee sought AI help to hide deletion of hosting firm’s customer data
The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new. But the conviction by a…
AI, Cybersecurity, Data Breaches, Global Security News
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Researchers say AI just broke every benchmark for autonomous cyber capability
Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment…
AI, Compliance, Global Security News, Network Security, privacy, Risk Management
Nearly every enterprise is investing in AI, but only 5% say their data is ready
Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data. According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives,…
AI, Cybersecurity, Global Security News, Government & Policy, Politics, Risk Management
Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks
The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities. Wednesday brought a closed-door briefing for the House Homeland Security Committee…
AI, Global Security News
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. […]
AI, Apps, Compliance, Global Security News, malware, Network Security
Detecting and preventing crypto mining in your AWS environment
This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense strategy that protects your infrastructure costs and security posture. Understanding the crypto mining challenge…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to…
AI, Global Security News
Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak
An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.
AI, Exploits, Global Security News
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. […]
AI, Funding, Global Security News, Government & Policy
DOJ releases legal rationale for nationwide voter data collection
The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is…
AI, Global Security News
Jobs lost to AI could reappear elsewhere — and solidify AI-focused roles
There are conflicting signals about whether AI is creating or destroying jobs, though many companies have blamed the technology for recent cuts. Analysts and industry experts say the reality is more nuanced: jobs being lost now to AI will likely reappear elsewhere, especially for those with hands-on AI experience. In other words, while AI may…
AI, Exploits, Global Security News, Network Security
Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming
Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…
AI, APAC, Cloud Security, Compliance, Europe, Global Security News, Risk Management
Introducing the updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption
The financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers…
AI, Cybersecurity, Data Breaches, Global Security News
OpenLoop Health confirms January 2026 Data breach affecting 716,000
In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The breach was reported to authorities in March, but the full scope was only recently determined. Threat actors exfiltrated…
AI, Apps, Global Security News
CGS Immersive Debuts AI-Powered Cicero Interview Application
CGS Immersive has launched Cicero Interview, an AI-powered hiring application designed to help enterprises assess candidate readiness through scenario-based interviews, explainable scorecards, and anti-fraud controls. Measuring how candidates think and perform According to CGS Immersive, the application is designed to help enterprises quickly identify candidates who are “truly job ready,” while also providing the transparency,…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Weaponized AI: The new frontier of fraud and identity spoofing
Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of…
AI, Apps, Compliance, Global Security News, privacy
PCI PIN and P2PE compliance packages for AWS Payment Cryptography are now available
Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment Cryptography compliance portfolio, with AWS now validated as a component provider for Key Management (KMCP) and…
AI, Global Security News
Webinar tomorrow: Why security alone won’t stop modern attacks
Tomorrow’s webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how organizations combine security, backups, and recovery planning to improve cyber resilience after attacks. […]
AI, Global Security News
The Tech Jobs That Are Safe From AI
Tech industry layoffs keep coming but there’s still a market for higher-grade talent to harness AI agents.
AI, APAC, Cybersecurity, Exploits, Global Security News, Network Security
Cyberattack: First they come for Foxconn, then they come for you
Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information. This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely…
AI, Global Security News
WhatsApp adds Incognito Chat for private Meta AI conversations
The company launched Incognito Chat with Meta AI, a feature that lets users hold AI conversations the platform itself cannot read. The rollout will reach WhatsApp and the standalone Meta AI app over the coming months. How Incognito Chat works Incognito Chat runs on top of Meta’s Private Processing technology, the same infrastructure the company…
AI, Global Security News
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks
Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments. The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…
AI, Cloud Security, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows,…
AI, Global Security News
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different…
AI, Apps, china, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Politics, Risk Management, Venture
What happens when China’s AI catches up to Mythos?
The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations
CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…
AI, Global Security News, Russia
Signal responds to phishing attacks with new in-app security warnings
Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were among the first to identify phishing campaigns targeting Signal users. The scheme centered on…
AI, Data Breaches, Global Security News
Tuskira’s Kairo exposes hidden AI-driven breach paths
Tuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI models to laterally move across an environment, identifying deep hidden kill chains across…
AI, Global Security News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
AI, china, Global Security News, Government & Policy
China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm
The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.
AI, china, Global Security News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244),…
AI, Global Security News
OpenAI DeployCo Expands Enterprise AI Services Push
OpenAI is moving further into the part of AI adoption that tends to be slower, more complicated, and a lot less visible than model launches. The company has launched the OpenAI Deployment Company, or DeployCo, a new unit backed by more than $4 billion from a mix of private equity firms and consulting players, including…
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy
LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back
By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password problem Microsoft just deployed them again. This time in response to a Norwegian researcher…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
Palo Alto bets on identity security for autonomous AI with Idira launch
Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege…
AI, Apps, Global Security News
Pine Services Group Acquires Australian ERP Firm Stratus
Evergreen’s Pine Services Group has acquired Australian ERP consulting and implementation partner Stratus Consulting Group, expanding the company’s presence in the Asia-Pacific market as demand for cloud modernization and enterprise application services continues driving consolidation across the IT services sector. Acquisition expands Pine’s global services footprint With Stratus joining the portfolio, Pine now operates across…
AI, Global Security News
Acronis Launches Cyber Frame IaaS Platform for MSPs
The cyber protection company wants to give MSPs and cloud providers a way to run infrastructure on their own terms, without the vendor lock-in hangover. Acronis on Wednesday unveiled Cyber Frame, a new hyperconverged infrastructure (HCI) and infrastructure-as-a-service (IaaS) platform built specifically for service providers tired of being squeezed by legacy virtualization costs and hyperscaler…
AI, Global Security News
[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware
ClickFix finds a backup plan in PySoxy proxy chains
ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.…
AI, Cybersecurity, Global Security News
Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
AI, Global Security News, privacy, Risk Management
8 critical questions about the Googlebook, Android, and ChromeOS
Well, hell’s bells: It’s finally happening. After years of misguided rumors and off-base expectations — over a decade’s worth, even! — Google is actually now on the brink of combining Android and ChromeOS into a single superpowered platform for laptops and mobile devices alike. The company officially announced the advent of an entirely new type…
AI, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling…
AI, Exploits, Global Security News, Network Security
Microsoft’s agentic security system found four critical Windows RCE flaws
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…
AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy, Risk Management
Instructure settles with hackers following massive student data theft
Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and…
AI, Cybersecurity, Global Security News
UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms
UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry
AI, APAC, Cloud Security, Compliance, Cybersecurity, Endpoint, Global Security News, privacy, Risk Management
2026 CSO Award winners showcase business-enabling cyber innovation
The annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enterprises navigate risks in an increasingly challenging cyber environment. These projects showcase the variety of strategies…
AI, Cybersecurity, Global Security News, malware
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity,…
AI, Exploits, Global Security News, malware
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker haben die Sicherheitsexperten nach eigenen Angaben…
AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management
New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN
Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays: During alert triage, analysts need a quick threat overview to decide on the next steps. Efficient incident response decisions demand clear, actionable context to rely on. Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data. Making ANY.RUN’s Interactive Sandbox a part of your…
AI, Cybersecurity, Global Security News, Risk Management
ESET: AI Adoption Puts MSPs in a Stronger Advisory Role
As AI adoption accelerates across the SMB market, MSPs are being pushed into a more strategic role: helping customers determine not only which AI tools to use but also how to use them safely. In a recent conversation with Channel Insider, ESET executives said AI demand has moved beyond experimentation and into daily business operations,…
AI, Cloud Security, Compliance, Global Security News, Risk Management
Versa CSPM brings continuous visibility to cloud risk and compliance exposure
Versa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud posture risk on a single platform, delivering the visibility security teams need to quantify and reduce enterprise cyber exposure.…
AI, Data Breaches, Global Security News
Who’s the winner in the new Microsoft-OpenAI deal?
It feels like the world’s longest and most public divorce: In late April, Microsoft and OpenAI once again renegotiated the slow-motion breakup that has been playing out between the two over the last several years. At first glance, it looks like a win-win. In the broadest terms, OpenAI gets more freedom to set its own course — it can sell its…
AI, Global Security News, privacy
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature,…
AI, Cybersecurity, Global Security News, Network Security, privacy
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor’s degree in Applied Cybersecurity (BACS) program.] Introduction One day at work, a friend messaged me, “How do you check a website to see if it’s legit?” This friend recently received a phishing text message from a “bank”,…
AI, Cybersecurity, Exploits, Global Security News
Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator
Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.…
AI, Apps, Global Security News, Risk Management
NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities
NetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic external and cloud environments. Organizations are managing an expanding number of potential entry points as new internet-facing resources, including cloud assets, applications, APIs, and AI-centric assets, are introduced. Each deployment can create new risk, making it harder…
AI, Global Security News, Risk Management
The hidden risk of non-human identities in AI adoption
An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate concern in most organizations. Yet non-human identities and AI agents are often granted that same kind of persistent, broadly privileged access. As AI adoption grows, that gap is becoming harder…
AI, Global Security News, Network Security
Researchers open-source a Wi-Fi cyber range for security training
Wireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated to IEEE 802.11 are uncommon, even as Wi-Fi remains the default on-ramp to corporate networks and a recurring entry point for attackers. A new paper from researchers at the Norwegian University…
AI, Global Security News
Android pushes new scam, theft, and AI protections in 2026 update wave
Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership with banks, alongside a wider set of protections covering app behavior, device theft, location data, and on-device AI…
AI, Compliance, Global Security News
AI is ready to take over Python programming, but not much else
Tests of how well 19 large language models (LLMs) complete and perform complicated multi-step tasks has shown that they are both error-prone and, in many cases, unreliable. The findings are contained a preprint paper, LLMs Corrupt Your Documents When You Delegate, written by Microsoft researchers Philippe Laban, Tobias Schnabel and Jennifer Neville based on a…
AI, Global Security News, Network Security
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
.. if “unproxyable” is a word that is .. I had a recent engagement where I had to look at the network traffic generated by a Windows executable. Unfortunately, it was all TLS, and all TLS1.3 to boot. So from a PCAP all I got was a whole lot of “yup, that’s encrypted”, and since…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…
AI, Global Security News
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
AI, Global Security News
Fedora Hummingbird brings the container security model to a Linux host OS
Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fedora Hummingbird, a container-based rolling Linux distribution delivered as an OCI image. “The Linux…
AI, Exploits, Global Security News, malware
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near…
AI, Apps, Exploits, Global Security News, malware, Network Security
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
AWS Security Agent full repository code scanning feature now available in preview
Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…
AI, Global Security News
Embattled Commissioner Makary to Leave FDA
Plus, Sam Altman testifies in Elon Musk’s OpenAI trial, and “Subway Takes” has what it takes.
AI, Global Security News
Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site.
AI, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
Major world economies spell out key elements of AI ‘ingredients list’
A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any…
AI, Apps, Exploits, Global Security News, Risk Management
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security
Hackers accessed BWH Hotels reservation system for months
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…
AI, Global Security News, Network Security
Webinar: Fixing the gaps in network incident response
IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. […]
AI, Global Security News
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. […]
AI, APAC, Apps, Exploits, Global Security News
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…
AI, Global Security News, malware
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…
AI, Global Security News, privacy, Risk Management
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it…