US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…
Tag: given
AI, Cybersecurity, Exploits, Global Security News
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. […]
AI, Exploits, Global Security News, Government & Policy
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. […]
Global Security News
Deepfake detection is losing ground to generative models
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of them post strong accuracy numbers on standard benchmarks. In deployment, performance drops sharply on…
AI, Exploits, Global Security News, Government & Policy
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. […]
AI, Apps, china, Cybersecurity, Global Security News, Government & Policy, Network Security, Russia
Commerce setting up new AI export regime to push adoption of ‘American AI’ abroad
The Department of Commerce is putting together a catalog of AI tools that will be given special export status by the federal government to be sold abroad. The department issued a call for proposals to participating companies in the Federal Register, looking to create a “menu of priority AI export packages that the U.S. Government…
Endpoint, Global Security News, Risk Management
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has barely moved in a year, even as organizations continue to add security tools and increase…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
An AI-powered phishing campaign has compromised hundreds of organizations
A phishing campaign tied to AI cloud-hosting service Railway has given hackers access to the Microsoft cloud accounts for hundreds of businesses, according to researchers at Huntress. Rich Mozeleski, product manager for Huntress’ identity team, told CyberScoop the campaign is currently tied to a smaller actor and approximately a dozen IP addresses, but has managed…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Attackers are exploiting AI faster than defenders can keep up, new report warns
Cybersecurity is entering “a new phase” as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyberattacks and other threats, according to a new report released Monday. The report, authored by federal contractor Booz Allen Hamilton, concludes that threat actors have adopted AI more quickly than governments and private…
AI, APAC, Apps, Endpoint, Global Security News, Network Security, privacy
What is digital employee experience — and why is it more important than ever?
On any given day, an organization’s employees might be using smartphones, laptops, desktop computers, tablets, a variety of cloud and networking services, a host of enterprise applications and mobile apps, and other digital tools. Many of them might be working remotely, and nearly all of them will be operating with tight security and data privacy…
AI, Compliance, Cybersecurity, Endpoint, Endpoint Protection, Network Security, Security, Exploits, Global Security News, malware, Network Security, Risk Management
CISA gives federal agencies 18 months to purge unsupported edge devices
The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit network infrastructure rather than endpoints. The binding operational directive, BOD 26-02, requires Federal Civilian Executive…