2+ hour, 5+ min ago  (303+ words) Every CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren't there. That tension is especially sharp when it comes to data security posture management (DSPM)....

2+ day, 12+ hour ago  (813+ words) An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn't supposed to do so after a reset. It's no…...

3+ day, 2+ hour ago  (327+ words) Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are…...

4+ day, 2+ hour ago  (280+ words) MFA reduces risk but cannot replace the need for process controls, verification routines and continuous awareness training especially as there are now AITM phishing kits which bypass MFA in the wild. The operational blind spots being exploited sit in business…...

3+ day, 11+ hour ago  (665+ words) The first time I approached an OT environment, I assumed that the strategies effective in IT cybersecurity would be equally applicable. I was wrong. The experience revealed a fundamental difference, highlighting the need for a distinct approach to OT cyber…...

3+ day, 9+ hour ago  (778+ words) CSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017. Until fixes are available for what's been dubbed the Copy Fail logic bug (CVE…...

11+ mon, 5+ day ago  (530+ words) Developers have been increasingly targeted by attackers in recent years with fake software packages on open-source component repositories " a supply chain attack technique that has now expanded to include rogue AI frameworks and poisoned machine learning (ML) models as enterprises rush…...

7+ mon, 3+ week ago  (623+ words) The attack began on September 8, when Aikido's threat intelligence systems detected malicious code being pushed to npm packages, including chalk (299. 99 million weekly downloads), debug (357. 6 million downloads), and ansi-styles (371. 41 million downloads). The compromised packages contained obfuscated code that "silently intercepts crypto…...

3+ day, 11+ hour ago  (324+ words) Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within Java Script and Type Script projects, were hijacked after a maintainer fell victim to a phishing scheme. "The attacker published malicious versions with no corresponding…...

3+ day, 18+ hour ago  (605+ words) In a letter addressed to the country's financial sector this week, the body lays out how the arrival of Claude Mythos has upended decades-long assumptions about the cybersecurity risk associated with regulated financial services. APRA raises multiple concerns. The biggest…...