Cybersecurity is fundamentally different today from many other industries being disrupted by AI. Defenders are constantly facing active adversaries, and AI has only intensified these threats. Many sectors are focused on AI-driven efficiency and automation, while cybersecurity teams must simultaneously defend against attackers who are rapidly adopting AI-powered tooling. In a conversation with Benjamin Spencer,…
Tag: different
AI, APAC, Apps, Exploits, Global Security News
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…
AI, Global Security News, Risk Management
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code…
Endpoint, Global Security News
Today’s Odd Web Requests, (Wed, Apr 29th)
Today, two different “new” requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information 1 – Broadcom API Gateway GET /bam/restart/if/required Host: [redacted]:8080 Connection: close This request is targeting a Broadcom API Gateway endpoint. As is, the request should…
AI, Exploits, Global Security News
Unpatched ‘PhantomRPC’ Flaw in Windows Enables Privilege Escalation
A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows’ Remote Procedure Call (RPC) mechanism handles connections to unavailable services.
AI, Apps, Global Security News, Government & Policy, Network Security, Politics, privacy, Risk Management
Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining
military contractor Palantir is helping the IRS analyze dozens of different data sets on Americans to investigate a broad range of financial crimes, according to records shared with The Intercept. Since 2018, the Internal Revenue Service’s Criminal Investigation division has used Palantir’s Lead and Case Analytics platform to aggregate and analyze a sprawling list of…
AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management, Venture
The AI era demands a different kind of CISO
Many security leaders are still operating with frameworks built for a different era. For years, success was measured by fixed checkpoints, such as passing audits, closing vulnerabilities, and maintaining compliance. Those markers still have value, but they were designed for a threat landscape that moved in predictable, linear ways. Today, that landscape is shifting in…
Global Security News, malware
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Venture
5 unexpected takeaways and one big prediction from RSAC
This year’s RSAC was different. A big part of that is because for the first time, I showed up not as a product leader or industry insider, but as a founder of a venture-backed cybersecurity startup. From presenting in front of George Kurtz, CJ Moses, Robert Herjavec, and Bartley Richardson as one of just six…
AI, Compliance, Global Security News, Risk Management
Oracle Shifts AI Strategy to Database-Centric Approach
At its latest stop on the Oracle AI World Tour in London, Oracle took a slightly different stance on AI. Instead of leaning into the model race like so many others, the company is making a case for putting the database at the center of how agentic AI actually works in practice. Oracle targets agentic…
AI, Exploits, Global Security News, Network Security
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS “generations” are covered, as are the last two versions of iOS/iPadOS. For tvOS, watchOS, and visionOS, only the current version received patches. This update also includes the…
AI, Exploits, Global Security News
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate…
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
ClickFix attackers using new tactic to evade detection, says Microsoft
Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
ClickFix attackers using new tactic to evade detection, says Microsoft
Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…
Global Security News
MacBook Neo and iPhone 17e First Impressions: The Return of Cheap and Cheerful
Apple is typically known for its pricey, premium products. Its latest releases have a different vibe.
AI, Endpoint, Exploits, Global Security News
Microsoft Patch Tuesday – January 2026, (Tue, Feb 10th)
Today’s patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public. In addition, five critical vulnerabilities are included in this patch Tuesday. Vulnerabilities of Interest: The three already exploited…