AI-era attacks now move at machine speed, forcing defenders to rethink validation and response.
Tag: defenders
AI, Cybersecurity, Global Security News, Government & Policy
OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms
OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse. The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought…
AI, Apps, Global Security News, malware
FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday. The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims…
AI, Cybersecurity, Exploits, Global Security News
AI might cut false positives, but it won’t stop the slop
As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports. But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI…
AI, Cybersecurity, Global Security News
Security teams are turning to AI to survive alert overload
The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with much of the activity focused on phishing detection, anomaly monitoring, vulnerability management and incident response. “AI…
AI, Endpoint, Global Security News
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
OpenAI’s May 7 release of GPT-5.5 and the limited preview of GPT-5.5-Cyber put frontier AI in verified defenders’ hands. As a member of the Trusted Access for Cyber program, Sophos is using these models to sharpen what we already operate: an agentic SOC that resolves more than half of cases without a human, and an…
Global Security News
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments. The dataset behind these findings includes 10 million monitored
AI, Global Security News, Government & Policy
OpenAI To Extend Cyber Program to Government Agencies
OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels
AI, Global Security News
‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack
The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.
AI, Cybersecurity, Global Security News, malware
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts.
Global Security News
AI-Native Security Is a Must to Counter AI-Based Attacks
Attacks by artificial intelligence agents are a reality. Experts at Nvidia’s GTC conference say defenders need to use the same tools to fight them off.
Global Security News, malware, Network Security
FBI warns of Handala hackers using Telegram in malware attacks
The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. […]
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management
CVE-2026-3910: Chrome V8 Zero-Day Used for In-the-Wild Attacks
Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been released, fixing two more flaws already exploited in the wild, CVE-2026-3910 in Chrome’s V8 JavaScript and WebAssembly engine and CVE-2026-3909, an out-of-bounds write bug…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
How ‘silent probing’ can make your security playbook a liability
For years, cyberattacks followed a familiar pattern: reconnaissance, exploitation, persistence, impact. Defenders built their strategies around that cycle, patching vulnerabilities, monitoring indicators, and working to reduce dwell time. But a quieter shift is underway. Today’s most sophisticated adversaries are using AI to study how organizations defend themselves. They run what we call “silent probing campaigns:”…
Global Security News
RAMP Forum Seizure Fractures Ransomware Ecosystem
Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.
AI, Apps, Blog, CVE, CVEs, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management, sql injection
CVE-2026-21643: Critical FortiClient EMS Vulnerability Enables Unauthenticated Remote Code Execution
Shortly after our recent coverage of high-impact FortiOS SSO zero-day exploitation (CVE-2026-24858), defenders are facing another urgent patching priority in the Fortinet ecosystem. On February 6, Fortinet released a fix for a critical SQL injection flaw that can be triggered remotely and doesn’t require authentication, potentially leading to unauthorized code or command execution. Although there…