Geek-Guy.com

Category: Risk Management

Master cybersecurity risk management with expert analysis on threat mitigation, compliance, and governance. Geek-Guy tracks the evolving landscape of digital risk.

Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer…

7 tips for accelerating cyber incident recovery

Despite strong and redundant defenses, enterprises remain vulnerable to a wide range of cyberattacks. And because attacks — and cyber incidents — are inevitable, developing an incident response and recovery process that’s quick, comprehensive, and coordinated is essential. Expediting incident recovery time is critical because the longer an outage persists, the more costs, risk, and business…

iProov brings identity verification to video meetings to reduce fraud risks

iProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are increasingly exploiting them through AI-generated deepfake and injection attacks, creating new fraud risks. Verified Meetings…

Shai-Hulud worm copycats emerge after source code leak

Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…

Cybersecurity jobs available right now: May 19, 2026

CISO DataFence | Israel | Hybrid – View job details As a CISO, you will develop security roadmaps, compliance plans, risk registers, policies, and control implementation plans while leading audit and regulatory compliance activities. You will manage client projects from planning through delivery, conduct risk assessments, gap analyses, internal audits, and security maturity reviews, and…

Are Attackers Hiding Inside Your Network Traffic?

I believe one of the important shifts in cybersecurity over the past several years is how attackers are hiding in plain sight.  According to the 2026 IP Intelligence Study released by Spur Intelligence, anonymizing infrastructure, such as virtual private networks (VPNs) and residential proxies, are now involved in nearly every modern cyberattack.  These tools allow…

Microsoft May security patch fails for some due to boot partition size glitch

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space…

Microsoft May security patch fails for some due to boot partition size glitch

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space…

TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)

Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. Bottom line up front Two TeamPCP events broke within 48 hours of each other and doubled attention on the campaign.…

PCI SSC Publishes PCI PTS HSM v5.0

The PCI Security Standards Council (PCI SSC) has published a major revision to the PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements from version 4.0 to version 5.0. This update represents a significant evolution in HSM security, addressing modern cryptographic practices, cloud and multi-tenant deployments, and emerging threats such as post-quantum…

OpenClaw Vulnerabilities Could Enable Full AI Agent Takeover

Researchers at Cyera disclosed four chainable vulnerabilities in OpenClaw, collectively named Claw Chain, that could allow attackers to escape AI agent sandboxes, steal credentials, escalate privileges, and establish persistent access across enterprise environments.  The findings raise broader concerns about the security risks surrounding autonomous AI agent platforms.  “Each step looks like normal agent behavior to…

Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…

Device Code Phishing Targets Microsoft 365 Users  

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts.  According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages.   “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

Dell Unveils Portfolio Advancements to Simplify AI Adoption

During Dell Technologies World 2026, Dell unveiled more than 60 portfolio advancements to simplify AI adoption and modernize the data center. Dell AI innovations to scale new capabilities in data and agent adoption To help address the gap between AI ambition and AI outcomes, Dell has introduced new agentic AI capabilities, AI-ready data, next-generation infrastructure,…

MY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech tack

ORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON, KnowBe4’s annual customer conference at the Marriott World Center here last week. The Clearwater, Fla.-based cybersecurity training vendor used the conference to lay out a…

AI cyberattackers are getting better faster

The ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in recent months, according to new benchmarks published by the UK government’s AI Security Institute (AISI). In November 2025, the difficulty of cyber tasks the best models could complete was doubling…

Secure, Fast, Reliable: The Best Cloud Storage Providers for Businesses in 2026

This guide is for IT leaders, business owners, and operations teams looking to improve data security, collaboration, and file management in 2026. It covers the best cloud storage providers for businesses and the key features to consider when selecting a secure, scalable, and reliable storage solution. Key Points of Our 2026 Cloud Storage Provider Evaluation…

The 6 Best Enterprise Password Managers You’ll Actually Trust in 2026

This guide is for IT leaders, security teams, and business decision-makers looking to improve credential security and reduce password-related risks in 2026. It covers the best enterprise password managers, their standout features, and the key factors to evaluate when choosing the right solution for your organization. Key Points About Enterprise Password Managers in 2026 Enterprise…

New image-based prompt injection attack targets multimodal AI models

Security researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems. In a research paper published this week, researchers from Xidian University described a technique called “CrossMPI,” which uses nearly…

Top 21 MSSP Software to Best Serve Security Clients in 2026

MSSP software is a tool or platform that enables managed security service providers (MSSPs) to deliver outsourced cybersecurity services to organizations. Unlike traditional MSP software, MSSP tools focus specifically on security functions such as threat detection, access control, vulnerability management, and infrastructure protection. MSSPs support organizations ranging from small businesses to enterprises and play a…

ANY.RUN Turns 10: Special Offers for Stronger Security Operations

Ten years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever.  ANY.RUN has grown with those teams.  What started as an interactive sandbox is now a trusted company with threat analysis and intelligence solution used by 15,000+ organizations, 600,000 security professionals, and teams at Fortune…

The Canvas breach proved that prevention is no longer enough

Earlier this month, ShinyHunters breached Instructure’s Canvas platform twice within a single week — stealing 3.65 terabytes of data from approximately 275 million users across more than 8,000 institutions. The group defaced login pages at hundreds of schools during final exam periods, forced Canvas offline, and extracted a ransom payment before Congress opened a formal…

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. ​Experts at cloud security company Wiz and,…

Why the best security investment a board can make in 2026 isn’t another tool

There is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to close the latest gap. The budget gets approved. The tool gets deployed. And…

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the…

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…

Optiv: AI is Reshaping the MDR Security Approach for Partners

Cybersecurity is fundamentally different today from many other industries being disrupted by AI. Defenders are constantly facing active adversaries, and AI has only intensified these threats. Many sectors are focused on AI-driven efficiency and automation, while cybersecurity teams must simultaneously defend against attackers who are rapidly adopting AI-powered tooling. In a conversation with Benjamin Spencer,…

Q&A: AI Ushers in a New Era in MSP Service Efficiency

The managed services industry is under increasing pressure to scale operations, improve response times, and maintain profitability without continuously adding headcount. For many MSPs, the challenge lies in the operational burden that is created by workflows that still depend heavily on human coordination at nearly every stage of the service desk process. According to Mark…

AI shrinks vulnerability exploitation window to hours

Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI systems that act autonomously across systems introduce new risks that require human expertise to identify…

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…

OpenAI hit by supply chain attack linked to malicious TanStack packages

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process…

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux…

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group.…

Here’s how the FTC plans to enforce the Take It Down Act

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute…

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.  The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for…

The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases

TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement to baseline your posture and build a prioritized roadmap. Phase 1 – Foundational (zero to…

CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access

A vulnerability affecting Cisco Catalyst SD-WAN Controller has drawn urgent attention after Cisco, Rapid7, and CISA confirmed active exploitation. CVE-2026-20182 is a critical authentication bypass flaw in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that carries a CVSS 10.0 score and can let an unauthenticated remote attacker gain administrative privileges on an affected…

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…

7AI Uncovers Browser Extension Campaign Evading EDR Defenses

A browser-extension campaign is bypassing traditional EDR defenses by injecting remote JavaScript payloads directly into authenticated browser sessions.   Researchers at 7AI uncovered the operation, dubbed CRXfiltrate, after observing suspicious outbound traffic originating from a seemingly harmless Chrome color-picker extension.  According to the researchers, the campaign remained active across enterprise environments and delivered operator-controlled payloads without…

Cybersecurity Insider Survey: AI Is Fueling a New Generation of Threat Actors

Artificial intelligence continues reshaping the cybersecurity landscape, and many security professionals now believe it is also helping create a more capable generation of cybercriminals.  We recently surveyed thousands of subscribers to the Cybersecurity Insider newsletter and asked a simple but important question: Is AI creating a new generation of skilled threat actors? Key Takeaways of…

Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace

Just as cyber threats have grown more complex and foreboding, the underground phishing marketplace which makes such attacks possible has profoundly evolved.  No longer a Craigslist-styled hodgepodge of products and services, marketplace forums have emerged as complete criminal ecosystems that function as not only distribution points for resources, but as labor exchanges to recruit and…

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred…

EU’s Cyber Resiliency Act will put IT leaders to the test

Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger…

Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall

Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and NVIDIA infrastructure. By the end of the day, researchers demonstrated 24 unique zero-day vulnerabilities…

New infosec products of the week: May 15, 2026

Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every…

AI agent finds 18-year-old remote code execution flaw in Nginx

Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found…

The Massive Canvas Cyberattack That Allegedly Ended in a Secret Deal With Hackers

The cyberattacks targeting Instructure’s Canvas learning management system unfolded as at least two distinct but likely connected operational phases that exposed the fragility of browser-based SaaS trust models inside modern educational infrastructure. What began in late April as a suspected cloud-platform compromise involving large-scale data exfiltration evolved by early May into a far more aggressive…

Pentagon cyber official calls advanced AI ‘revolutionary warfare’

Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.” Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” speaking…

White House cyber official: identity security matters more than ever in the age of AI

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI…

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control…

Linux Kernel bug Fragnesia allows local root access attacks

Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access…

Automating post-quantum cryptography readiness using AWS Config

Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventories your Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway endpoints and continuously monitors their TLS configurations for PQC readiness. The…

Broadcom releases VMware Fusion security update for root access bug

Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to escalate privileges to root on affected systems. The flaw is a time-of-check time-of-use (TOCTOU) vulnerability affecting operations…

HYCU aiR detects insider risk and AI activity from backups

HYCU has announced HYCU aiR (AI Resilience), an AI-native solution that turns backup data across dozens of applications into a live and actionable intelligence for security, compliance, and IT teams. aiR lets organizations search, query, and run purpose-built agents to surface insider risk, sensitive data exposure, identity drift, and AI agent activity, using their backup…

Q&A: How MSP Platform Sprawl Strains Operations and Security

As MSPs across the US work to scale profitably while delivering stronger security outcomes, faster response times, and more consistent customer experiences, many are discovering that operational complexity is a major barrier to sustainable growth. We spoke with James Griffin, CEO of CyberSentriq, about why disconnected environments are creating inefficiencies across the channel, how platform…

Fleet CEO: Faster Remediation Needs IT and Partner Support

Fleet has announced new autonomous endpoint management capabilities designed to help enterprises reduce vulnerability exposure windows from months to days, and in some cases, hours, as security teams face faster exploit development and growing pressure from AI-enabled threats. The San Francisco-based company said its platform now supports continuous patching and vulnerability exposure reporting across major…

LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational arteries of organizations, harvesting credentials that enable deeper compromise, business email compromise (BEC), financial fraud, cloud account takeover, and long-term…

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances…

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate.…

Nitrogen Ransomware claims massive data theft from Foxconn

Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…

Welcoming the Bahamian Government to Have I Been Pwned

Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating and supporting cybersecurity-related matters across the country,…

Fired employee sought AI help to hide deletion of hosting firm’s customer data

The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new. But the conviction by a…

Nearly every enterprise is investing in AI, but only 5% say their data is ready

Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data. According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives,…

Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks

The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities. Wednesday brought a closed-door briefing for the House Homeland Security Committee…

Introducing the updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption

The financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers…

Weaponized AI: The new frontier of fraud and identity spoofing

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of…

NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks

Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments.  The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…

Daybreak is OpenAI’s answer to the AI arms race in cybersecurity

OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows,…

What happens when China’s AI catches up to Mythos?

The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to…

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…

Palo Alto bets on identity security for autonomous AI with Idira launch

Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege…

CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory

The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling…

Instructure settles with hackers following massive student data theft

Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and…

2026 CSO Award winners showcase business-enabling cyber innovation

The annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enterprises navigate risks in an increasingly challenging cyber environment. These projects showcase the variety of strategies…

New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN 

Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays:  During alert triage, analysts need a quick threat overview to decide on the next steps.  Efficient incident response decisions demand clear, actionable context to rely on.  Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data.  Making ANY.RUN’s Interactive Sandbox a part of your…

Versa CSPM brings continuous visibility to cloud risk and compliance exposure

Versa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud posture risk on a single platform, delivering the visibility security teams need to quantify and reduce enterprise cyber exposure.…

NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities

NetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic external and cloud environments. Organizations are managing an expanding number of potential entry points as new internet-facing resources, including cloud assets, applications, APIs, and AI-centric assets, are introduced. Each deployment can create new risk, making it harder…

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…

AWS Security Agent full repository code scanning feature now available in preview

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…