Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
Category: Risk Management
AI, Exploits, Global Security News, Risk Management
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away
Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors. The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted…
AI, Apps, Funding, Global Security News, Risk Management
Ensono CTO: AI Success Starts with Data Discipline
Financial services firms racing to adopt AI may be overlooking the foundational work required to make those investments pay off, according to Syed Ali, CTO of Global Financial Services at Ensono. While many banks, insurers, and asset managers are experimenting with generative AI and agentic tools, Ali said the organizations seeing the strongest results are…
AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Hugging Face Vulnerability Allows Remote Code Execution
Organizations using vulnerable versions of the Hugging Face Transformers library could unknowingly execute attacker-controlled code simply by loading a malicious AI model. Researchers at Pluto disclosed a remote code execution (RCE) vulnerability that bypasses the library’s built-in trust_remote_code=False security control, potentially exposing cloud credentials, SSH keys, API tokens, and other sensitive assets. “One poisoned field…
AI, Global Security News, Government & Policy, privacy, Risk Management
Why Apple may be winning again
As we lean into WWDC, three strategically brilliant Apple moves have been exposed in the last couple of weeks, two of which will have immense consequences in the coming year, while one sets the scene for essential future growth. In each case, Apple’s leadership has found counter-intuitive gambits that actually secure the company’s future. Let’s start…
AI, Apps, Global Security News, Risk Management
Anthropic suggests slowing AI research until we can align it with human goals
AI could soon lead to systems capable of improving their own performance faster than humans can effectively supervise them, reviving concerns about the industry’s longstanding “alignment problem,” ensuring AI systems reliably pursue human goals, senior Anthropic researchers have warned in a new blog post titled “When AI builds itself.” Anthropic Institute lead Marina Favaro and…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Malware could drain your fuel tank as well as your bank account
Ongoing cyber-attacks on automated tank gauges (ATGs) could result in fuel tanks being drained without businesses noticing, the US Cybersecurity & Infrastructure Security Agency has warned. Connected ATGs are widely deployed in gas stations, as well as on military bases, in hospitals, and in manufacturing plants. And it’s not just fuel stores at risk: ATGs…
AI, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management
Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards
We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security teams’ actual experience, these rankings once again prove how critical ANY.RUN’s solutions are for daily SOC operations in modern enterprises. Why ANY.RUN’s Momentum Leader Title Matters for Your Team G2 awards…
AI, Global Security News, Risk Management
Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era
Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Claude Code has an MCP security problem — and your developers are already using it
Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a developer connects one of those services, Claude Code runs an OAuth flow, the…
AI, Compliance, Cybersecurity, Data Security, Europe, Global Security News, malware, Network Security, Risk Management
May 2026 Leadership Recap: Channel Execs Move Toward AI
We’re barreling toward the midway point of the year, and May has seen a number of new executive leadership shuffles to guide organizations through the second half of the year and beyond. Organizations across the ecosystem have made shifts to their leadership teams, including new hires, promotions, and the addition of their first-ever AI executives.…
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management
May 2026 M&A Recap: Security and AI Remain Top Priorities
WatchGuard, Torq, and Asana are just a few organizations that have made strategic acquisitions in the IT ecosystem to expand their capabilities and provide more services to a greater number of customers. Before we reach the summer months, take stock of the mergers and acquisitions in the channel from May. Security consolidation continues as firms…
AI, Data Breaches, Exploits, Global Security News, Risk Management
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications
SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after Google patched the vulnerabilities he found in his previous research. The new attack class he developed, named Fake…
AI, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management
Commvault Provides Resilience Approach for Frontier AI
Commvault, a data protection and cyber resilience organization, has made recommendations to help organizations stay resilient in the age of frontier AI. Frontier models create new security risks while helping address them As frontier models, hosted in the cloud, excel at identifying vulnerabilities at speed and compressing exploitation timelines, they also present exploitable threats to…
AI, china, Global Security News, Risk Management
Why Waymo settled for the wrong car
Forget “Florida Man.” Want to hear a California Man story? Here goes. A California man rolled up to a yoga studio in San Francisco’s Marina District in a self-driving Waymo car, walked into the studio, grabbed an armful of yoga shorts, got back in the Waymo and took off. Six months later, police still haven’t…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
Compliance chaos: NY regulators see a data breach — then focus on IT errors
The age-old IT defense when compliance violations are investigated by regulators is to try and keep a low profile — and hope no one looks too closely. But with enhanced SEC interest in all data breaches encouraging regulators around the globe to take those closer looks at IT, data breach disclosure rules are becoming more…
AI, Global Security News, Risk Management
AI agent governance gets harder when agents outnumber your people
In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had legitimate access to a customer database. A poison instruction from upstream changed its behavior, and it scanned…
AI, Global Security News, Risk Management
Most pros have seen AI hallucinations in IT operations
Autonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting frequent encounters with AI output errors that can carry operational impact. Ivanti’s 2026 AI Maturity…
AI, Global Security News, Network Security, Risk Management
New infosec products of the week: June 5, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
AI Threats Are Outpacing Enterprise Cybersecurity Defenses in 2026
Artificial intelligence (AI) is reshaping the digital risk landscape, creating new challenges for organizations already struggling to manage online fraud, impersonation, and brand abuse. According to the 2026 Digital Risk Report, enterprises face growing exposure to AI-generated attacks while many lack the visibility, ownership, and response capabilities needed to address them effectively. “The question isn’t…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a…
AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management
OpenAI responds to White House executive order on AI governance
OpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be governed. The company’s proposal came a day after the White House…
AI, Global Security News, privacy, Risk Management
What Safari reveals about Apple’s AI strategy ahead of WWDC
Apple’s latest Safari privacy campaign is more than pre-WWDC marketing. It is an early signal of how the company plans to frame artificial intelligence (AI): as something that only works if users trust the platform behind it. The week before WWDC is often significant, as Apple tends to make announcements it simply can’t fit into the…
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Inside the race to adapt to an AI-powered security world
Troy West was in Warsaw when his dinner was interrupted by his phone. But he was happy about it. West, associate director of cybersecurity for autonomous offensive security company XBOW, had just learned that a trial version of the company’s platform had found a vulnerability that led to a full takedown of a development environment…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Introducing the Wallarm AI Control Platform: One closed loop for AI security and API security.
TL;DR- AI deployment has outpaced AI governance. Most enterprises running AI on AWS cannot answer four basic security questions about what’s running, what it’s doing,how to stop it, and how to prove it’s under control.- The Wallarm AI Control Platform closes this gap: one platform for Discover, Observe,Enforce, and Govern — running natively in your…
AI, Exploits, Global Security News, Network Security, Risk Management
Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges
Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Barracuda Finds Malicious Microsoft 365 Logins Are Blending In
Organizations that rely heavily on failed login attempts to detect account compromise may be missing a growing threat. According to recent data from Barracuda, attackers are increasingly using legitimate credentials and trusted-looking infrastructure to successfully access Microsoft 365 environments while blending into normal user activity. “Attackers know many security teams are looking for the obvious…
Global Security News, malware, Risk Management
Lazarus Group Uses npm Brandjacking Campaign to Target Developers
North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk.
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security, privacy, Risk Management
Why Local AI Agents Are Creating a New Governance Blind Spot
Artificial intelligence (AI) governance efforts have largely focused on cloud-based tools such as ChatGPT, Microsoft Copilot, and other software-as-a-service (SaaS) platforms. According to Josh McCarthy, Chief Product Officer at Arms Cyber, organizations may be overlooking a much larger risk: autonomous AI agents running locally on employee endpoints. As AI capabilities increasingly move from cloud environments…
AI, Apps, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
A high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are increasingly targeting the AI supply chain, including through malicious models hosted…
AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management
Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations
Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends. It covers trending malware families, TTPs, and other technical observations, while also delivering executive insights CISOs and SOC teams can use to connect attacker behavior to business risk. Combining data-backed malware trends with strategic guidance for security leaders, the report reveals critical gaps in detection, response, and visibility that directly impact business resilience, and outlines solutions organizations can use…
AI, Apps, Compliance, Endpoint, Global Security News, privacy, Risk Management
Google brings local AI agents to laptops with Gemma 4 12B
Google has released new tools that allow developers to run agentic AI workflows locally using Gemma 4 12B, a 12-billion-parameter model from Google DeepMind. In a blog post, the company said the model, combined with the Google AI Edge stack, can be used to build and test applications on everyday machines. The model-runtime combination supports…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming
International Operation KRATOS led by Europol dismantled illegal streaming networks, leading to 29 arrests and nine crime groups taken down. An international law enforcement operation, codenamed Operation KRATOS and involving 13 countries (Belgium, Bulgaria, Croatia, France, Greece, Ireland, Italy, the Netherlands, Poland, Romania, Spain, the UK, and the US), spent seven months quietly dismantling the…
AI, china, Cloud Security, Cybersecurity, Europe, Exploits, Global Security News, Risk Management
Beware the ‘son of Mythos,’ security experts warn
LONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing, its scheme to provide select organizations with access to Claude Mythos, an AI-powered vulnerability discovery tool…
AI, Global Security News, Risk Management
The modern-day business can learn a lot about risk from this year’s mega events
Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now anticipation is building for the fast-approaching FIFA World Cup. But amid the buzz, have you ever paused to consider the staggering…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
Hole in GitHub’s browser-based VSCode editor could lead to stolen token
A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar, has apparently been already addressed by GitHub owner Microsoft. But it raises a questions about both DevOps security, and about the researcher’s…
AI, Compliance, Global Security News, Network Security, Risk Management
SEON Launches AI Fraud Tools with New MCP Server
Fraud prevention startup SEON has launched its new MCP server, along with two new platform capabilities, Network Detection and AI Chart Builder, further connecting its existing automation and business intelligence features. Alongside these features, the company has introduced an AI Playbook for Risk and Compliance Teams, providing customers with a practical starting point to quickly…
AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Cloud Security Alliance Report Highlights Growing Patch Gap Risks
Despite years of investment in vulnerability scanning and shift-left security practices, known vulnerabilities continue to drive production security incidents, according to the Cloud Security Alliance’s 2026 State of Modern Application & AI Security Report. As AI accelerates both vulnerability discovery and exploit development, organizations are facing increasing pressure to reduce exposure windows before attackers can…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Trump Signs Executive Order Creating Voluntary AI Security Review Framework
President Trump has introduced a new executive order aimed at strengthening oversight of advanced AI models without imposing new regulations on tech companies. The order establishes a voluntary framework that allows developers of powerful AI models to share systems with the federal government for security reviews before public release. “The United States continues to lead…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…
AI, Global Security News, Risk Management
Only 11% of production agents pass the AI agent security bar
Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the conditions for a single hostile document to take them over. The AI Risk Quadrant (AIRQ)…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-0492 (CVSS score of 7.0) Linux Kernel Improper Authentication…
AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates
Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve. Discover the updates your team can…
Cybersecurity, Global Security News, Risk Management
Infosecurity Europe: How to Get Boards to Prioritize Cyber Risk Quantification
Cybersecurity leaders major companies discuss how they got support from the board on cyber risk
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
MazeBolt brings AI-generated attack simulation to DDoS security testing
MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has raised awareness of the cybersecurity risks created by AI. But while Mythos makes it…
AI, Apps, Global Security News, Risk Management
Netskope adds AI asset discovery and AISecOps agent to AI security portfolio
Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is running in their environments, determine which risks require action, and accelerate response efforts. Among…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Welcoming the Philippine Government to Have I Been Pwned
Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber Threat Intel and Monitoring Section the ability to…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure
Anthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular focus on critical infrastructure companies including those involved in “power, water, healthcare, communications and hardware.” Analysts and security vendors agreed that the move is a positive step, noting that the more companies involved…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Two-year old Oracle WebLogic Server vulnerability is being exploited
US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…
AI, Apps, Compliance, Cybersecurity, Global Security News, Risk Management
News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces
MIAMI BEACH, Fla., June 2, 2026, CyberNewswire—Halo Security today announced that its attack surface management solution has been named a 2026 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. This marks the second…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Identify unused AWS KMS keys and prevent accidental key deletions
As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, evaluate your risk posture, and optimize key management costs.…
AI, china, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Trump revives parts of canceled AI order with cybersecurity-focused directive
US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “Promoting Advanced Artificial Intelligence Innovation and…
AI, Apps, Global Security News, Risk Management
Microsoft unveils Scout, an autonomous AI agent built on OpenClaw
Microsoft has developed a new AI agent that can run autonomously around the clock to complete tasks across Microsoft 365 applications. Microsoft Scout, unveiled at the company’s Build event Tuesday, is a new type of always-on agent based on the OpenClaw agent framework that Microsoft calls “autopilots.” These act on a user’s behalf with their…
AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk
Organizations using Claude Code GitHub Actions should review their CI/CD environments after a researcher found vulnerabilities that could expose repositories to compromise and supply chain attacks. The flaws, which have since been patched, allowed attackers to bypass permission controls and inject untrusted input into trusted workflows. These vulnerabilities allow “… an attacker [to] bypass its…
AI, Cybersecurity, Global Security News, Government & Policy, Risk Management
Trump administration releases scaled-back AI executive order
The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared to a draft version that was spiked weeks ago. The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around…
AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Android Zero-Day Under Active Exploitation
Google has patched a high-severity Android zero-day vulnerability that attackers have already exploited in the wild. The issue affects multiple Android releases and serves as a reminder that mobile operating systems remain a valuable target for threat actors seeking access to sensitive enterprise and personal data. “There are indications that CVE-2025-48595 may be under limited,…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic…
AI, china, Compliance, Exploits, Global Security News, Risk Management, Russia, Venture
FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential
The wire transfer went through. The CFO on the video call looked right, sounded right, and gave the authorization — except there was no CFO on that call. Related: The industrializing of identity fraud Corporate deepfake attacks of that kind, executives impersonated to authorize fraudulent wire transfers, accounted for roughly $550 million of the $2.19…
AI, Apps, Cloud Security, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management, Venture
Four questions to answer if a security product will survive in the AI-first world
AI is changing the world faster than anyone could have predicted. This isn’t because it is taking over jobs (this would be too simplistic), but because it is slowly taking over a growing number of tasks that used to be done by humans. Security is not in any way immune to these changes, and I…
AI, Global Security News, Risk Management
Why the browser is now the front line for AI security
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. […]
Data Breaches, Exploits, Global Security News, Risk Management
Tuskira Quell identifies, mitigates, and validates zero-day risk before breach
Tuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would stop them, and which compensating control change would disrupt the exploit immediately. Organizations using Tuskira have cut breachable exposure by up…
AI, Compliance, Global Security News, Risk Management
Sectigo Launches MCP Server for CLM
Sectigo has announced the general availability of what it says is the first globally available, production-ready Model Context Protocol server for certificate lifecycle management, expanding how enterprises can use AI agents to manage digital certificates. The MCP Server for Sectigo Certificate Manager allows administrators to perform certificate operations using natural language through MCP-compatible AI agents,…
AI, Apps, Endpoint, Global Security News, Network Security, Risk Management
Cisco Debuts Cloud Control for Agentic IT Operations
Cisco today unveiled Cisco Cloud Control, a new unified platform built for humans and AI agents to manage, monitor, and defend critical IT infrastructure. This platform is fully extensible, with more than 40 ecosystem tooling connectors, and fully customizable, enabling the creation of custom applications and agents using natural language directly within the platform. Cisco…
AI, Cybersecurity, Global Security News, Risk Management
Diligent automates cyber risk assessments and reporting
Diligent has announced Diligent Cyber Risk Management, an agentic solution designed to help organizations manage cybersecurity risk in a business context. Available in summer 2026, the platform reduces cyber risk assessment work from weeks to hours and links cyber threats to strategic objectives, critical business processes, and board-level oversight, helping organizations prioritize security investments based…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, according to Rapid7, threat actors began exploiting the bug within days of…
AI, Cybersecurity, Global Security News, Risk Management
Infosecurity Europe: UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve
UK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defense
AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Risk Management
Attack targeting OpenAI Codex users exposes AI software supply chain risks
A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to…
AI, APAC, Compliance, Cybersecurity, Europe, Global Security News, Network Security, Risk Management
ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short
ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The…
AI, Global Security News, Politics, Risk Management
The AI pricing conundrum — it started as a nightmare, now it’s worse.
Enterprise IT leaders have always struggled with AI pricing, especially the need to pay for AI in a way that delivers ROI. But the typical IT exec may not be right person to decide how a company uses AI — and how it tries to deliver ROI — because so many line-of-business workers and partners…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
7 tabletop exercise mistakes that sabotage incident response
Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive. When your organization’s incident response training consistently fails to meet…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Researchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers’ firewalls. The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild. The Cybersecurity and…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Fake Claude Code Installers Deliver Credential-Stealing Malware
Developers searching for Claude Code installation instructions could be walking into a sophisticated malware campaign that disguises itself as legitimate AI tooling documentation. Researchers found dozens of fake Claude Code and developer platform sites designed to steal credentials, API keys, and cryptocurrency. “The attack chain runs on the same unchecked trust that makes AI developer…
AI, Cloud Security, Compliance, Cybersecurity, Global Security News, privacy, Risk Management
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope
Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering…
AI, Global Security News, Network Security, Risk Management
Cops Are Spying on People Who Criticize AI Data Centers Online
Americans speaking out against artificial intelligence data centers on social media are falling under police surveillance, a confidential law enforcement bulletin obtained by The Intercept reveals. A fusion center in Philadelphia combed through spicy internet comments from AI critics and concluded there is a growing risk of physical violence against data centers from “domestic violent…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, the service and protocol that handles authentication and security within a Windows domain environment. The…
AI, Global Security News, Risk Management
Secure Code Warrior connects developer training to AI usage and code risks
Secure Code Warrior has introduced Adaptive Learning, a capability designed to help organizations support AI software governance through targeted training based on identified risks. The feature delivers contextual microlearning and tracks outcomes at the code commit level. Software development is going through its biggest shift ever, from human-written code, to AI-assisted coding, to fully agentic…
AI, Exploits, Global Security News, Risk Management
Microsoft Defender Vulnerability Management gets a smarter exposure score
Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is concentrated and which remediation actions are likely to have the greatest impact. The model is available in public preview. “The updated model addresses these customer pain points by combining vulnerability risk, exploitability signals,…
AI, Apps, Exploits, Global Security News, Risk Management
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure…
Apps, Global Security News, Risk Management
Cisco Secure Access and Island Browser Enable Zero Trust Everywhere
The integration between Cisco Secure Access and Island enterprise browser improves the user experience while reducing risk by connecting and protecting user access to private applications from unmanaged devices.
AI, Compliance, Europe, Global Security News, Network Security, Risk Management
IBM unveils tool to track sovereignty risks for cloud workloads
IBM has launched a tool designed to help customers assess cloud-sovereignty risks and meet regulatory compliance requirements. The Sovereignty Risk Profile launch comes as digital sovereignty becomes a higher priority for organizations concerned about where data is stored and processed. According to an IBM survey, 93% of executives believe sovereignty needs to be part of…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Windows 11 Smart App Control explained
In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Control (SAC) changes how Windows devices handle, and occasionally block, unwanted or potentially malicious applications. But what exactly is Smart App Control? How does it work, who benefits…
AI, Exploits, Global Security News, Network Security, Risk Management
CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years
CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2026-0257 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May…
AI, Data Breaches, Global Security News, Government & Policy, Network Security, privacy, Risk Management
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations such as GDPR and CCPA in…
AI, Exploits, Global Security News, Network Security, Risk Management
Asimily turns device risk into automated network policy
Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. “AI has exploded the volume and sophistication of network attacks against connected devices, and security teams are discovering that visibility…
AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management
The Pentagon Finally Admits That Location Data Is a Battlefield Problem
The Pentagon confirmed adversaries are using commercial location data to track U.S. troops, exposing risks tied to smartphones and ad-tech networks. For years, security researchers, privacy advocates, and intelligence analysts have been warning about the same thing: smartphone location data isn’t just an advertising product. It’s surveillance infrastructure that anyone with enough money can access.…
AI, Compliance, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
6 critical security gaps every CISO must address
CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protected, and 58% said their organizations were unprepared to respond to a…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
EU organizations buckle under rising compliance pressure
Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija Vojnović, Governance, Risk and Compliance Department Manager at Span, spoke with Help Net Security at…
AI, Global Security News, Risk Management
Governing shadow AI without killing innovation
In this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them otherwise, but they also need to do it safely. Snyder argues the pressure to move…
AI, Global Security News, privacy, Risk Management
145 AI laws passed in 2025 and privacy teams aren’t catching a break
145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI risks Of the 2,400 popular business software providers that advertised AI capabilities, 63.6% did…
AI, Cybersecurity, Global Security News, Risk Management
Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of business continuity, these awards spotlight the people and programmes that are turning…
