Geek-Guy.com

Tag: Risk

AI, Apps, Global Security News, Risk Management

Netskope adds AI asset discovery and AISecOps agent to AI security portfolio

Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is running in their environments, determine which risks require action, and accelerate response efforts. Among…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Diligent automates cyber risk assessments and reporting

Diligent has announced Diligent Cyber Risk Management, an agentic solution designed to help organizations manage cybersecurity risk in a business context. Available in summer 2026, the platform reduces cyber risk assessment work from weeks to hours and links cyber threats to strategic objectives, critical business processes, and board-level oversight, helping organizations prioritize security investments based…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Asimily turns device risk into automated network policy

Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. “AI has exploded the volume and sophistication of network attacks against connected devices, and security teams are discovering that visibility…

Read more →

AI, Data Breaches, Global Security News, Risk Management

XM Cyber enhances identity risk visibility with continuous exposure management capabilities

XM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing the risks of credential compromise.” Excessive permissions are a leading technique used in breaches and a…

Read more →

AI, Compliance, Global Security News, Network Security, Risk Management

Third-Party Risk Management Needs to Evolve 

Traditional point-in-time vendor risk assessments are becoming increasingly difficult to maintain in environments where vendors, technologies, and regulatory requirements continuously evolve.  During a recent discussion with eSecurity Planet, Auditive Founder and CEO Daniel Faddoul explained why many organizations are struggling to keep pace with modern third-party risk exposure and why continuous monitoring is becoming more…

Read more →

AI, Global Security News, Risk Management

Novata uses AI to map risk across portfolios and supply chains

Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework for comparing risk across entities, normalizing diverse risk signals into a comparable view across portfolios…

Read more →

Global Security News, malware, Risk Management

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Risk Management

FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread

The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it intends to stay in that role. Related: No easy AI security fixes I sat down…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management

Breach Secure Now Helps MSPs Secure SMB AI Use

Breach Secure Now is launching its AI Risk to Adoption Program, a new channel-focused offering designed to help managed service providers guide small and midsize businesses from unmanaged AI use toward secure, structured adoption. Art Gross, founder and CEO of Breach Secure Now (BSN), said MSPs are well-positioned to lead those conversations because AI risk…

Read more →

AI, Global Security News, Risk Management

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the public disclosure of two privilege escalation vulnerabilities affecting the Linux kernel. What prompted the proposal…

Read more →

AI, Global Security News, Risk Management

The questionnaire-based TPRM model is broken, and TrustCloud has a fix

TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation. In the latest TrustLens deployments, a Global 2000 life sciences customer leveraged the TPRM AI agent…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ollama vulnerability highlights danger of AI frameworks with unrestricted access

A critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama is one of the most popular frameworks for running AI models on local hardware. The flaw…

Read more →

AI, Global Security News, Risk Management

ServiceNow strengthens enterprise AI security with Autonomous Security & Risk platform

ServiceNow has launched Autonomous Security & Risk to govern every AI agent, identity, and connected asset. Armis delivers continuous asset intelligence across code, IT, OT, IoT, and connected assets, while Veza provides fine-grained visibility, intelligence, and governance for both human and non-human identities. Security and risk crossed $1 billion in annual contract value (ACV) for…

Read more →

AI, Global Security News, Risk Management

One in four MCP servers opens AI agent security to code execution risk

Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code…

Read more →

AI, Cloud Security, Compliance, Cybersecurity, Global Security News, Risk Management

Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide

AWS Security Assurance Services is announcing the release of our latest compliance guide, ISO 31000:2018 Risk Management on AWS, which provides practical guidance for organizations establishing and operating a risk management program in AWS environments using ISO 31000:2018 principles. The guide explains how organizations can integrate AWS services into their risk management processes to support…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

cPanel Vulnerability Exposes Servers to Takeover 

An authentication vulnerability in cPanel and Web Host Manager (WHM) is putting web hosting environments at risk, prompting the company to release an emergency patch and warn administrators to act quickly.  The flaw affects multiple authentication paths and could allow attackers to gain unauthorized access to servers if left unpatched. “Let’s call this what it…

Read more →

AI, Global Security News, Risk Management

NowSecure MARI gives enterprises evidence-based visibility into third-party mobile app risk

NowSecure has announced Mobile App Risk Intelligence (MARI), new capabilities that give enterprises evidence-based visibility into third-party mobile apps, as hidden AI features, opaque code, and unseen data flows create a growing governance gap. Employees are adopting mobile apps faster than security teams can evaluate them, and many of those apps now include AI components,…

Read more →

AI, Global Security News, Risk Management

The metrics killing your SOC, and what to use instead

Security operations centres risk being rendered entirely ineffective if organizations measure them using the wrong performance indicators, according to Dave Chismon, CTO for Architecture at UK’s National Cyber Security Centre. Ticket-based metrics miss the point Evaluating ones’ SOC using the same ticket-based metrics applied to IT service desks can actively work against its core purpose:…

Read more →

AI, Compliance, Endpoint, Global Security News, Network Security, Risk Management

Protecting your secrets from tomorrow’s quantum risks

As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an important aspect of your side of the PQC shared responsibility model. Timelines to plan and…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Logically CEO on Cyber Risk, AI, and MSP Strategy

How should MSPs talk to the board about cyber risk? In this episode of Channel Insider: Partner POV, Katie Bavoso speaks with Logically CEO Joshua Skeens about cybersecurity as a board-level issue, brand protection, security tool sprawl, best-of-breed vs. consolidation strategies, and why 2026 could be the year of AI disappointment. Timestamps00:00 Intro00:40 Meet Logically…

Read more →

AI, Global Security News, Risk Management

BeyondTrust’s 13th Annual Microsoft Vulnerabilities Report Reveals Drop in Total Volume, But Surge in Critical Risk

GUEST RESEARCH:  Critical vulnerabilities doubled year-over-year, signalling rising risk severity as AI-driven discovery and expanding attack surfaces reshape the Microsoft security landscape Elevation of Privilege vulnerabilities accounted for 40% of all flaws, continuing to dominate threat actor pathways and reinforcing identity as the primary attack vector Azure and Dynamics 365, saw a 9x increase in…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management

Vercel’s security breach started with malware disguised as Roblox cheats

Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday.  The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.  An attacker traversed third-party…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags

For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month brought the shift into focus. Google Quantum AI published research suggesting the computing resources needed to break…

Read more →

AI, Compliance, Global Security News, Risk Management

Diligent automates time-consuming steps in third-party reviews

Diligent launched of Third-Party Risk Intel, an agentic due diligence and intelligence solution that automates the most time-consuming steps of third-party reviews, delivering up to 80% time savings for compliance, legal, and procurement teams. The launch builds on the company’s recent acquisition of 3rdRisk, an AI-native third-party risk management solution that gives organizations a near…

Read more →

AI, Apps, Compliance, Global Security News, Government & Policy, Risk Management

Anthropic wins reprieve against US DoD ban, buying time for contractors to assess AI supply chains

The Pentagon’s attempt to brand Anthropic a supply chain risk was “likely both contrary to law and arbitrary and capricious,” a US federal judge wrote in a ruling halting a ban on use of Anthropic’s products in defense contracts. In granting Anthropic a preliminary injunction against the ban, US District Judge Rita Lin of the…

Read more →

Global Security News, Network Security, Risk Management

LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, t

 LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, the report shows a significant 8% rise in global fraud rates driven by attacks targeting the gaming and gambling and ecommerce sectors, cost of living pressures and new emerging fraud tactics.

Read more →

Global Security News, Network Security, Risk Management

LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, t

 LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, the report shows a significant 8% rise in global fraud rates driven by attacks targeting the gaming and gambling and ecommerce sectors, cost of living pressures and new emerging fraud tactics.

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Politics, Risk Management

Treasury asks whether terrorism risk insurance program should bolster cyber coverage

The Treasury Department is soliciting public feedback on whether it should change a terrorism risk insurance program to address cyber-related losses. In a Federal Register notice set for publication Wednesday, Treasury seeks comment from the public for a mandatory report it must deliver to Congress this summer on the effectiveness of the terrorism risk insurance…

Read more →

AI, Global Security News, Risk Management

SecurityScorecard automates third-party risk management with TITAN AI

SecurityScorecard has introduced TITAN AI to automate third-party risk management, replacing manual processes with continuous, AI-driven intelligence. TITAN AI is built on top of SecurityScorecard’s Ratings and TPRM platform with AI-driven technology and enhanced threat intelligence, delivering a powerful solution built for the demands of today’s risk landscape. With TITAN AI, organizations will be able…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, privacy, Risk Management

Top 10 Governance, Risk & Compliance (GRC) Tools in 2026

This guide is for compliance leaders, risk managers, and IT teams seeking the best governance, risk, and compliance (GRC) tools in 2026, covering top platforms, key features, and selection considerations. These tools simplify the complexity of governance by equipping your team with the resources needed to manage evolving regulations, reduce risk, and control costs more…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Risk Management

When insider risk is a wellbeing issue, not just a disciplinary one

Written by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management

CVE-2026-3910: Chrome V8 Zero-Day Used for In-the-Wild Attacks

Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been released, fixing two more flaws already exploited in the wild, CVE-2026-3910 in Chrome’s V8 JavaScript and WebAssembly engine and CVE-2026-3909, an out-of-bounds write bug…

Read more →

AI, Global Security News, Network Security, Risk Management

Saviynt Taps NEXTGEN, an Exclusive Networks Company, to Accelerate Digital Identity Security in Australia

COMPANY NEWS:    Collaboration strengthens Saviynt’s partner-first strategy as AI-driven identity risk builds across the APJ region Key Highlights: Saviynt will broaden access to AI-ready identity security for organisations navigating growing digital risks NEXTGEN will help scale Saviynt’s partner ecosystem across APJ, enabling faster adoption of identity-centric security in the AI era 

Read more →

AI, Compliance, Data Breaches, Global Security News, Risk Management

Cynomi: Third-Party Risk is Untapped MSP Revenue Opportunity

Cynomi has released its latest industry guide, The Rise of Third-Party Risk Management: Securing the Modern Perimeter, offering a practical roadmap for MSPs to formalize, scale, and monetize third-party risk management (TPRM). Scaling third-party risk management According to the guide, TPRM represents the largest untapped recurring revenue opportunity for managed service providers beyond human cyber…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Why access decisions are becoming the weakest link in identity security

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in. We often obsess over the perimeter and the sophistication of technical exploits, but many of the most damaging security failures I’ve witnessed didn’t involve a zero-day or…

Read more →

Cybersecurity, Global Security News, Risk Management

New cyber module strengthens risk planning for health organizations

The Administration for Strategic Preparedness and Response’s (ASPR) new cybersecurity module in the Risk Identification and Site Criticality (RISC) 2.0 Toolkit helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation to reduce disruptions to patient care and strengthen resilience. Healthcare leaders identified cloud-related threats, quantum computing risks, and attacks on…

Read more →

AI, Global Security News, Risk Management

ProcessUnity Risk Index delivers controls-driven vendor risk scoring for TPRM

ProcessUnity has introduced ProcessUnity Risk Index, a risk rating built specifically for third-party risk management programs, combining proprietary control intelligence with external threat and vulnerability data. ProcessUnity Risk Index rates vendors on a 100-point scale to drive faster, more confident risk prioritization. Built for how TPRM teams actually work, ProcessUnity Risk Index blends inside-out, vendor-attested…

Read more →

AI, APAC, Cloud Security, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management

Innovation without exposure: A CISO’s secure-by-design framework for business outcomes

The brief for security leaders has changed. It used to be enough to reduce risk and keep the lights on. Now you are expected to enable AI adoption, connect more “things” to the network, modernize cloud at pace and still demonstrably reduce exposure, often without the comfort of ever-expanding budgets. In that environment, innovation is…

Read more →

AI, Compliance, Data Breaches, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management

Kiteworks Flags Canada Sovereignty Compliance Gaps

Kiteworks’ newly released “2026 Data Security and Compliance Risk: Data Sovereignty Report” finds that Canadian organisations report the lowest sovereignty incident rate among surveyed regions — yet channel leaders warn that the risk environment is intensifying, not stabilizing. The cross-regional survey of 286 security, compliance, and IT professionals across Canada, Europe, and the Middle East…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn

Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware communications through domains that are often exempt from deeper inspection. The technique, outlined by Check Point Research (CPR), exploits the web-browsing and URL-fetch capabilities…

Read more →

AI, Global Security News, Risk Management

ChatGPT gets new security feature to fight prompt injection attacks

OpenAI has introduced Lockdown Mode and Elevated Risk labels in ChatGPT to help users and organizations reduce the risk of prompt injection attacks and other advanced security threats, particularly when using features that interact with external systems. Limiting tool access to prevent data exfiltration Lockdown Mode in ChatGPT is an optional, advanced security setting for…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Cyber Risk Management as the Backbone of Enterprise Security

In this post, I will talk about cyber risk management as the backbone of enterprise security. Enterprise security has evolved far beyond perimeter defenses and reactive incident response. In an era defined by cloud computing, remote work, interconnected supply chains, and increasingly sophisticated threat actors, organizations face a level of cyber exposure that is both…

Read more →

AI, Apps, Compliance, Data Breaches, Global Security News, privacy, Risk Management, Security

Why identity recovery is now central to cyber resilience

Ransomware has permanently changed how security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and midsize businesses, the problem is big; ransomware was involved in nearly nine out of 10 breaches, compared to it playing a role in 39% of incidents…

Read more →