AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. […]
Category: Risk Management
AI, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management
Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More
May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP interception, and remote access abuse targeting organizations across industries. From fake invitations and banking portals to compromised B2B websites and Word Online lures, the month’s attacks had one thing in common: they were built…
AI, Global Security News, Risk Management
Tamnoon introduces skill-based AI orchestration for autonomous cloud defense
Tamnoon has expanded its AI engine, Tami, into a skill-based orchestrator that generates customer-specific remediation skills tailored to each enterprise environment. Trained on more than 6 million real cloud fixes across 800+ accounts, Tami coordinates specialized AI skills to safely and autonomously address every class of cloud risk. Two new skills are available, Remediation Confidence…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages and injected malware by rewriting more than 700 Git tags tied to historical versions. Laravel-Lang is a community-driven project that provides translation and localization files for Laravel applications. The…
AI, china, Compliance, Global Security News, Network Security, Risk Management
Stop treating AI governance as a review layer. Make it release infrastructure
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove it meets requirements. The compliance layer sits outside the engineering workflow. It reviews what already exists. That model worked when the product stayed static between…
AI, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders have another cause for flaw alarm: Vulnerability exploitation has significantly pulled away from stolen credentials as the most common entry point in security breaches, according…
AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management, Russia
Security experts caution MFA alone can no longer stop threat actors
Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens, which researchers at…
AI, APAC, Cybersecurity, Exploits, Global Security News, Risk Management
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview, in April, stating that its launch partners would use it as part of their defensive security work.…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Welcoming the Bhutanese Government to Have I Been Pwned
Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat intelligence and sharing relevant insights with its constituents, helping…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management
The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows
The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…
AI, Data Breaches, Global Security News, privacy, Risk Management
340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks
A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database containing data of 340 million OnlyFans users, but the available evidence points to something less dramatic than a direct breach. According to HackRead, which reported the…
Global Security News, Risk Management
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. […]
AI, Exploits, Global Security News, Risk Management
Cisco refines its risk-based vulnerability disclosure for the AI era
Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company said it is moving further toward a risk-based disclosure approach, placing greater attention on issues under…
AI, Apps, Endpoint, Global Security News, Risk Management
AI security needs a shift from models to systems, researchers argue
Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly misaligned with how autonomous agents actually operate inside enterprise environments. The paper argues that enterprises should…
AI, china, Compliance, Europe, Global Security News, Network Security, Risk Management
DeepSeek’s steep V4-Pro price cut escalates AI pricing war
Chinese AI startup DeepSeek has announced a steep price cut for its recently launched flagship AI model, V4-Pro. The company has reduced pricing for the model by 75%, just a month after unveiling the V4 generation, which includes V4 Pro and V4 Flash. Earlier, usage costs ranged from $0.0145 for one million tokens (cache hit)…
AI, Apps, Global Security News, Risk Management
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI, a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfile analysis, is positioning itself around a simple idea. Developers should see dependency risks while they are…
Cybersecurity, Global Security News, Government & Policy, Risk Management
US states step up cyber defenses to protect local communities
U.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber corps programs to reduce costs, strengthen the local workforce, and improve cyber resilience. Cyber defense programs in…
AI, Global Security News, Government & Policy, Risk Management
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” said Christy Wyatt, CEO of security…
AI, Global Security News, Risk Management
Boards want cyber risk in dollars, not CVE counts
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks through a three-step financial translation framework. First, identify business exposure…
AI, Global Security News, privacy, Risk Management
Turns out the C-suite loves shadow AI
Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level.…
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
AI, Exploits, Global Security News, Government & Policy, Risk Management
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…
AI, Data Breaches, Endpoint, Global Security News, Risk Management
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…
AI, Compliance, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
Data Sanitization Challenges Are Increasing in the AI Era
Data sanitization has long played an important role in protecting sensitive information, but growing data volumes and stricter compliance requirements are making secure end-of-life data management more critical than ever. The 2026 State of Data Sanitization Report by Blancco highlights growing concerns among organizations regarding data privacy, regulatory pressure, and end-of-life device management. The report…
AI, Global Security News, Risk Management
Meta says goodbye to those who won’t use AI
Meta is the latest company to trim its workforce as a result of the growing use of AI within the industry. The company laid off 8,000 employees earlier this week, while also moving 7,000 more to AI-focused roles. “AI is the most consequential technology of our lifetimes,” Zuckerberg said in a memo that he sent…
AI, china, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management, Russia
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain…
AI, APAC, Apps, Exploits, Global Security News, Network Security, Risk Management
The AI that cracked Apple Silicon is only the beginning
A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI…
AI, Global Security News, Risk Management
Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
Discover how Cisco is evolving its vulnerability disclosure practices. We are leveraging AI to prioritize high-risk security issues, helping customers focus on critical patching and remediation efforts.
AI, APAC, Apps, Global Security News, Risk Management
LG Launches PRO Services to Simplify DVLED Rollouts for Partners
LG Electronics USA’s commercial display division has launched LG PRO Services, a new “manufacturer-backed” installation service for its Direct View LED (DVLED) portfolio. The service covers fixed-price All-in-One DVLED models as well as cabinet-based indoor DVLED solutions, expanding LG’s role beyond hardware to help partners plan, deploy, and scale display projects with greater confidence. Addressing…
AI, Global Security News, Government & Policy, Risk Management
Microsoft, EY to spend $1 billion on helping customers buy agentic AI
Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years. The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said. “We’re…
AI, Global Security News, Risk Management
Workday extends Sana AI to ITSM after HR, finance
Workday conversational AI platform Sana for Workday is now ready to talk about IT Service Management (ITSM) automation as part of the company’s broader effort to help enterprises streamline workflows, especially across HR and finance, with autonomous AI agents. The new Sana for ITSM capabilities are intended to automate workflows for employee on- and offboarding,…
AI, APAC, china, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, privacy, Risk Management, Russia
AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026
Major Threats & Vulnerabilities AI-Powered Cyberattacks and Exploits The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats. Microsoft Defender vulnerabilities are…
AI, Endpoint, Exploits, Global Security News, Risk Management
CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw…
Global Security News, Risk Management
Why Chargebacks are Just One Piece of the Fraud Puzzle
Fraud losses don’t stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. […]
AI, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices
BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-45585 vulnerability, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
Cork CEO Dan Candee on Evolution of Security Services & AI
Cork is pushing MSPs to rethink cybersecurity delivery as AI accelerates both business technology adoption and the sophistication of attackers. In an interview with Channel Insider, CEO Dan Candee said the company has moved beyond compliance reporting and intelligence into active security remediation tooling. As AI and other forces seem to push tighter deadlines for…
AI, Apps, Global Security News, Risk Management
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is simple: delete the key. But Aikido…
AI, Data Breaches, Global Security News, Risk Management
Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at this scale. The DBIR records this as “an increase of 40% in…
AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management
Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines
I spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to the inside of a cabinet because the Velcro had…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 Langflow Origin Validation Error Vulnerability…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Identity as the primary attack surface: What modern breaches are really exploiting
The “retro” way “The thing about the old days is… they are the old days” – Slim Charles, The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion detection systems, endpoint security and segmentation controls, all of which were built…
AI, Global Security News, Risk Management
Controlling AI Agents: Why Detection Is Too Late
This is Part 2 of a 2-part series. Read Part 1: Your AI Agent Doesn’t Care About Your Controls If AI agents change how execution happens, they also expose a fundamental limitation in how most security controls operate. Many control models assume there is sufficient time to detect, assess, and respond to events before they result in…
AI, Global Security News, Risk Management
The new economics of fraud: Cheaper, faster, more convincing
Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented ecosystems, and faster attack cycles that use AI to pressure people into authorizing payments themselves.…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in ChromaDB’s API server and was published by researchers at HiddenLayer after reportedly failing to get in contact…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…
AI, Compliance, Global Security News, Network Security, privacy, Risk Management
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers can now use the AWS KY3P assessment to reduce their supplier due diligence burden. KY3P,…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
CISA chief frets about open-source vulnerabilities, delayed security improvements
Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think…
AI, china, Compliance, Europe, Funding, Global Security News, Government & Policy, Risk Management, Venture
EU moves forward on $5.8B scale-up fund to keep startups from leaving
The European Union has stepped up efforts to grow its homegrown tech sector and reduce dependence on US firms, advancing plans this week for a €5 billion ($5.8 billion) fund to help startups scale in Europe rather than seek capital or buyers abroad. Analysts welcomed the initiative, but said its success will depend on whether…
AI, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
7 Best Attack Surface Management Software in 2026
This guide is for IT leaders and security teams looking to improve visibility into organizational risks and reduce their attack surface in 2026. It covers the best attack surface management (ASM) software and the key features businesses should evaluate when selecting the right solution for proactive threat detection and risk mitigation. Key Points on Attack…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
6 Best Vulnerability Management Software & Systems for 2026
This guide is for IT leaders, security teams, and vulnerability management professionals looking to improve security visibility and remediation across their environments in 2026. It covers the best vulnerability management software and systems, along with the key features organizations should evaluate when selecting the right solution for their security operations. Key Takeaways about the Best…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
2026 Verizon DBIR: The New Era of Cyber Threats
The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster, artificial intelligence is accelerating cybercrime, and organizations continue to struggle with foundational security practices. Key Takeaways from the 2026 Verizon DBIR Report Vulnerability exploitation (31%) overtook credential abuse (13%) as the top initial access vector…
AI, Apps, china, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management, Venture
AI, Cybersecurity Education, and the Defense of America’s Digital Border
Artificial intelligence (AI) is reshaping cybersecurity at a pace that is forcing educators, businesses, and governments to rethink workforce development and national defense strategies. During a recent discussion with cybersecurity entrepreneur and ConnectSecure Chairman, Arnie Bellini, key themes emerged around the evolution of cyber threats, the importance of protecting America’s “digital border,” and the urgent…
AI, Endpoint, Exploits, Global Security News, Risk Management
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could…
AI, Cybersecurity, Global Security News, malware, Risk Management
Your AI Agent Doesn’t Care About Your Controls
This is Part 1 of a 2-part series on AI agents and control assurance. Read Part 2: Controlling AI Agents: Why Detection Is Too Late The cybersecurity industry has spent years investing in visibility. Dashboards have improved, detection tooling has matured, and the volume of telemetry available to security teams has increased significantly. Most organisations…
AI, Global Security News, Risk Management
Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Risk Management
SharePoint On-Prem End of Life: 2026 Migration Guide
With Microsoft ending support for SharePoint Server 2016 and 2019 on July 14, 2026, organizations still running on-premises SharePoint face a shrinking window to modernize aging collaboration environments before security updates, bug fixes, and vendor support disappear. SharePoint 2019 On-Prem lives on, but without Microsoft support For over a decade, local SharePoint deployments have served…
AI, Apps, Global Security News, Risk Management
Microsoft releases open-source tools to operationalize AI agent safety
Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. “We built these tools because we believe that AI safety has to become…
AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Risk Management
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well.…
AI, Cybersecurity, Global Security News, Risk Management
Tenable Hexa AI automates remediation across attack surfaces
Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (MCP) support, enabling custom agent building and workflows that accelerate risk reduction at machine…
AI, Global Security News, Risk Management
CTERA brings AI insights and automation for unstructured data
CTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven insights and automation to data operations, expanding traditional data observability capabilities. CTERA InsightAI continuously analyzes enterprise…
AI, Cybersecurity, Global Security News, Risk Management
The world of AI tokens — and why they matter
Google has only one way to measure the phenomenal AI growth it’s seen: in tokens. The company processes 3.2 quadrillion tokens per month, Google CEO Sundar Pichai said during this week’s I/O keynote, adding, “never imagined I’d say quadrillion…, but here we are.” Basically, tokens are a unit of measure used by large language models…
AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
AI becoming an SOC imperative for curtailing emerging cyber threats
The cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “Bot vs Bot: Surviving the Era of Autonomous Cyber Warfare,” highlighted how bringing AI…
AI, Global Security News, Network Security, Risk Management
Why AI changed the threat model for travel technology
In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconnected ecosystem of identity, payments, loyalty programs, and third-party integrations creates compounding risk, and how…
AI, Cybersecurity, Global Security News, Risk Management
Cyber threats push SMBs to spend more on security
Cybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor security. Top business priorities for the year (Source: IDC) 60% of SMBs expect…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…
AI, Compliance, Global Security News, Network Security, Risk Management
Third-Party Risk Management Needs to Evolve
Traditional point-in-time vendor risk assessments are becoming increasingly difficult to maintain in environments where vendors, technologies, and regulatory requirements continuously evolve. During a recent discussion with eSecurity Planet, Auditive Founder and CEO Daniel Faddoul explained why many organizations are struggling to keep pace with modern third-party risk exposure and why continuous monitoring is becoming more…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can hallucinate harmful actions with complete confidence. It’s vulnerable to prompt injection…
AI, Apps, Cybersecurity, Global Security News, malware, Network Security, Risk Management
Browser Threats Are Expanding the SMB Attack Surface
Small and mid-sized businesses (SMBs) are facing a growing wave of cyberattacks, and according to Palo Alto Networks, many of those threats are now originating directly inside the browser. During a recent discussion with eSecurityPlanet, Shivam Srivastava, VP of Product Management for Prisma Browser for Business at Palo Alto Networks, discussed the growing cybersecurity challenges…
AI, Exploits, Global Security News, Risk Management
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…
AI, Data Breaches, Exploits, Global Security News, Risk Management
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems…
AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and malware attacks. The Fox Tempest operation allegedly helped cybercriminals distribute malware disguised as trusted software to evade Windows defenses and fool users. “Fox Tempest doesn’t directly target victims but instead provides supporting services that enable…
AI, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
AWS Security Hub Extended: Why enterprise security products should sell themselves
Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No six-month evaluation. No multi-year commitment up front. Our field teams played a…
AI, Global Security News, Risk Management
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI…
AI, Cybersecurity, Global Security News, Network Security, Risk Management
ISC2 Report: AI Is ‘Double-Edged’ Sword of Cybersecurity
A new study from ISC2 has found that cybersecurity professionals now see AI as both their biggest opportunity and biggest threat. The findings point to a field at an inflection point, with teams moving to adopt AI for defense while preparing for more scalable, convincing AI-enabled attacks. AI ranks as top security opportunity and threat…
AI, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Risk Management
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…
AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Agentic AI Security Risks Increase Governance Demands for MSPs
BYOD was a headache. AI agents are an existential crisis. Advanced AI models pose a massive security and governance challenge for the channel, forcing managed service providers (MSPs) and tech partners to rethink how they protect corporate data. Agentic AI adoption exposes governance gaps The shift from passive, generative AI chatbots to fully autonomous agents…
AI, Apps, Cybersecurity, Global Security News, Risk Management
Google talks ‘singularity’ while scaling up agentic AI for enterprises
Google is recasting its enterprise AI roadmap around autonomous systems and AGI, with DeepMind CEO Demis Hassabis telling I/O attendees the industry now sits at the “foothills of the singularity.” “When we look back at this time, I think we all realise that we were standing in the foothills of the singularity,” Hassabis said in his…
AI, APAC, Compliance, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Risk Management
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage…
AI, Global Security News, Risk Management
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but…
AI, Endpoint, Global Security News, privacy, Risk Management
Jamf Elevates Former CTO Beth Tschida to CEO Role
Jamf has appointed Beth Tschida as chief executive officer, naming its former chief technology officer to lead the Apple device management and security company as it begins its next chapter under private ownership. Tschida’s appointment is effective immediately. She had served as interim CEO since March 2026 and previously spent eight years as Jamf’s CTO,…
AI, Compliance, Global Security News, Risk Management
ArmorCode gives security teams AI workers for exposure and remediation
ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security teams move beyond generic AI assistants by turning unified security and business context into purpose-built AI…
AI, Global Security News, Risk Management
Novata uses AI to map risk across portfolios and supply chains
Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework for comparing risk across entities, normalizing diverse risk signals into a comparable view across portfolios…
AI, Apps, Global Security News, Risk Management
Trust3 AI focuses on AI agent risks with MCP Security layer
Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governance teams with a unified trust layer to seamlessly and safely connect AI agents with vital business…
AI, APAC, Exploits, Global Security News, malware, Network Security, Risk Management
Why some security fixes never reach your vulnerability dashboard
On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install. The attackers reached Bitwarden’s npm publishing path through a compromised GitHub…
AI, Cybersecurity, Global Security News, Risk Management
Communicating cyber risk in dollars boards understand
In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics. He unpacks the gap between security teams and boards, pointing to…
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
EnterpriseClaw wants to bring governance to the OpenClaw era
Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly. Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since. Automation Anywhere Tuesday rolled…
AI, Cloud Security, Compliance, Cybersecurity, Global Security News, Risk Management
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and designs. Understanding these tactics can help inform your architecture decisions, improve your…
AI, Apps, Compliance, Europe, Exploits, Global Security News, Risk Management
News alert: Orchid Security study finds invisible identities now outnumber managed accounts
NEW YORK, May 19, 2026, CyberNewswire—Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access management systems. The report found that invisible identity (“identity dark matter”) now outweighs visible identity across enterprise…
AI, Exploits, Global Security News, Government & Policy, Risk Management
Drupal is rolling out an emergency security update on May 20. You cannot miss it
Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention. The Drupal Security Team has confirmed it will release…
AI, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
CISA GitHub Leak Exposes AWS GovCloud Secrets
A public GitHub repository tied to a CISA contractor reportedly exposed sensitive AWS GovCloud credentials, plaintext passwords, and internal deployment files. Researchers said the exposure may have provided privileged access to multiple internal systems and cloud environments before the repository was removed. “Passwords stored in plain text in a csv, backups in git, explicit commands…
AI, china, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management, Venture
Cybersecurity is really boring
Several weeks ago, I got into a debate with a good friend of mine. He started by saying that security is a very exciting space with so many things changing every day. But the longer we talked, the more we started agreeing that when done well, cybersecurity is incredibly boring. In this piece, I am…
AI, APAC, Compliance, Cybersecurity, Europe, Global Security News, Network Security, Risk Management
Westcon-Comstor Launches White-Label OneSOC Service
Westcon-Comstor has launched OneSOC, a vendor-agnostic, white-label security operations service designed to help channel partners offer SOC capabilities under their own brand without upfront investment. The global technology distributor, which specializes in cybersecurity, networking, and hybrid cloud, announced the service on May 19. OneSOC targets partner barriers to SOC delivery OneSOC is available across Europe,…
AI, Cybersecurity, Data Breaches, Global Security News, Risk Management
Splunk: Downtime Costs Hit $600B as Shadow AI Grows
The average cost of downtime has reached $600 billion across the Global 2000, a 50% increase in just two years, according to a newly published report from Splunk. Produced in partnership with Oxford Economics, Splunk’s “The Hidden Costs of Downtime” report highlights the rising financial impact of cyber incidents, outages, and breaches, including a growing…
AI, Apps, Compliance, Global Security News, Network Security, Risk Management
Governing infrastructure as code using pattern-based policy as code
Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow broader access than intended. Required tags might be missing. Encryption might be assumed…
AI, Global Security News, Risk Management
Coming Bright Up: Apple’s AI moment looms
Apple has confirmed this year’s Worldwide Developers Conference (WWDC) will take place June 8-12. The show begins with a keynote speech likely to be Tim Cook’s final public appearance as Apple’s CEO. His successor, John Ternus, will also be in the spotlight, but perhaps not quite as much as Apple’s promised smart Siri successor. Getting AI right is incredibly…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
GitHub scales back bug bounties, reminds users security is their responsibility too
Faced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The cloud-based code repository platform has seen a sharp increase…
AI, Data Security, Endpoint, Global Security News, Network Security, Risk Management
Cato Networks Adds Cyera DSPM Integration to XOps
Cato Networks has integrated Cyera’s Data Security Posture Management capabilities into Cato XOps, giving enterprise security teams more context around sensitive data when detecting, investigating, and responding to threats. The integration, announced May 19, embeds Cyera’s data intelligence into Cato XOps, Cato’s combined XDR and AIOps solution. The companies said the goal is to help…
AI, Global Security News, Network Security, Risk Management
GoTo Launches Connect CX Complete and LogMeIn AI Updates
Cloud communications and IT organization GoTo has announced two new products: the launch of a new AI-powered offering called GoTo Connect CX Complete and a series of new features for its LogMeIn Resolve and LogMeIn Rescue solutions. These announcements coincide with the company’s publication of its latest industry research on the IT workplace amid the…
