Federal prosecutors have charged a Russian national with conspiracy to commit unauthorized computer access in connection with a sprawling cyber-espionage campaign linked to the Russia-aligned threat group Void Blizzard, according to a criminal complaint filed in federal court this week. Denis Nikolayevich Obrezko, a Russian citizen, is accused of breaking into systems owned by companies…
Category: Risk Management
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and…
Global Security News, Risk Management
CISA Orders Agencies to Patch by Risk, Not Severity
New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
Team Cymru Expands APJ Operations With New Sydney Hub
External threat intelligence provider Team Cymru has announced the expansion of its Asia-Pacific and Japan (APJ) operations, with Sydney serving as the company’s regional operational hub. The announcement follows RISEx Sydney, where Team Cymru leadership met with customers, partners, and public-sector stakeholders from across the region. Expansion responds to regional cyber visibility demand According to…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
ServiceNow fixes API issue after reports of suspicious tenant activity
ServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and reports of suspicious activity linked to their environments. According to the company’s advisory, the vulnerability was initially reported through…
Data Breaches, Global Security News, Risk Management
The Hidden Security Risks of Poor Software Testing
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release.
AI, Compliance, Cybersecurity, Global Security News, Risk Management
AI vendor FDEs: Key considerations and concerns
When it comes to AI deployments, IT leaders are often caught in an awkward middle space, trying to reconcile conflicting directives from senior management with constantly changing AI models, capabilities, and costs; data governance and security needs; and the limitations of their own team. “Very few real benefits can be attained by simply purchasing an…
AI, Exploits, Global Security News, malware, Risk Management
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges…
AI, Global Security News, Network Security, Risk Management
What SRE teams need before they trust AI agents
The future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choose to trust them. In high-stakes systems, trust is never granted because a demo looks impressive; it is earned through observability, constraints, accountability and repeated evidence that the system helps…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
China-linked recon botnet outpaces enterprise defenses
A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen’s Black Lotus Labs as JDY, now comprises more than 1,500 compromised small office and home office, or…
AI, APAC, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Politics, Risk Management
Frontier AI models offer sneak peak of seismic cyber shifts ahead
The advent of Claude Mythos combined with the release of OpenAI’s GPT-5.5 have changed the threat model for CISOs. The arrival of those frontier AI models — and the ones soon to follow — makes it much easier to discover and chain vulnerabilities at a speed and scale that will require most cyber departments to…
AI, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score
I’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is that phishing-as-a-service operators are buying aged…
AI, Compliance, Cybersecurity, Europe, Global Security News, malware, Network Security, Risk Management
From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe. Over the past few weeks, the ANY.RUN team joined Infosecurity Europe in London, CONFidence Conference in Kraków, and C1b3rWall Congress in Ávila. While every event had its own focus, the discussions pointed in the same direction: security teams need faster investigations,…
Apps, Global Security News, Risk Management
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods to reach those people. Intel 471 tracked this activity into 2026 and sorted insider risk…
AI, Global Security News, Risk Management
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report. Mobile AI visibility gaps Enterprises lack visibility into a large share of mobile AI activity taking place on both corporate-owned…
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
GitHub finally pulls the plug on automatic install script execution for npm
The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are changing, GitHub said in its changelog, noting, “it…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38%…
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management
News alert: Cloud security report finds fragmented tools widening the cloud complexity gap
WASHINGTON, Jun. 10, 2026, CyberNewswire–The 2026 Cloud Security Report from Cybersecurity Insiders, produced in collaboration with Fortinet, finds that 69% of organizations cite tool sprawl and visibility gaps as the top factor limiting cloud security effectiveness. Based on a survey of 1,163 IT and cybersecurity professionals, the report shows the strain: 66% lack strong confidence…
AI, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
ConnectWise Platform Brings Predictive IT to MSPs
ConnectWise is making a substantial change to the way it wants customers to interact with its software stack. This week, the company unveiled the ConnectWise Platform, a new environment that pulls together PSA, RMM, cybersecurity, automation, orchestration, agentic AI, and third-party integrations. ConnectWise introduces its Predictive IT platform The launch sits within a larger Predictive…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CISA directive orders agencies to prioritize vulnerability patching in a new way
The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control…
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’
June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that need urgent assessment. There’s also one older flaw under exploit, and some patches affecting…
AI, Global Security News, Risk Management
Drata brings visibility, control and auditability to enterprise AI agents
Drata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems. While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is…
AI, Cybersecurity, Endpoint, Europe, Global Security News, malware, Network Security, Risk Management
Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss
Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practice, it often feels reactive. You are chasing whispers of activity through log noise, querying SIEM fields that barely reflect real attacker behavior and writing detections against technique descriptions that…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to…
AI, Apps, Cybersecurity, Global Security News, Risk Management
Autonomous AI agents duped into leaking sensitive data in phishing test
AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacker. Varonis Threat Labs said it built an OpenClaw AI agent called Pinchy to…
Global Security News, Risk Management
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads “stable” as “secure.” It usually isn’t. The work slows down. The risk does not. That gap is…
AI, Global Security News, privacy, Risk Management
Welcome to AI’s creepy era
For the past few days, I’ve been immersed in Google’s latest vision of the future — an AI-infused dashboard that taps into info from all of your Google app activity and then uses that data to cook up a series of daily “stories” designed to “connect you with what matters.” And — believe me, I…
AI, Exploits, Global Security News, Risk Management
Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows
The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with…
AI, Cybersecurity, Global Security News, Risk Management
Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests
Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
AI red teaming comes of age
When Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot catamaran,” he tells CSO. At the time, Microsoft’s approach looked familiar to anyone in cybersecurity:…
Global Security News, Risk Management
SMB cyber-readiness: What makes or breaks it
A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously…
AI, Global Security News, Risk Management
Cyber resilience metrics that drive action
In this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and points out their limits. These methods often rely on opinion, narrow data, or…
AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management
UK move to filter photos and messages triggers encryption worries for CISOs
UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…
AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management
UK move to filter photos and messages triggers encryption worries for CISOs
UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Enterprises know AI-generated code is vulnerable; they’re shipping it anyway
AI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to play at the dawn of the agentic AI era, as…
AI, Compliance, Global Security News, Network Security, Risk Management
Working group formed to develop standard for AI-native docs
LF AI & Data Foundation, a division of the Linux Foundation, launched a working group on Tuesday that will focus on the development of DocLang, a specification intended to support interoperable document processing across AI and agentic workflows. The working group, founded by premier members IBM, Nvidia and Red Hat, is tasked with the creation…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks
Anthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describes Fable 5 as the most capable model it has ever released to the public,…
AI, Endpoint, Exploits, Global Security News, Risk Management
CVE-2026-11645: Chrome Zero-Day Vulnerability Exploited in the Wild
Google has released emergency Chrome updates to address a Chrome zero-day vulnerability, a high-severity out-of-bounds read/write issue in the V8 JavaScript engine. Google says an exploit exists in the wild, and the patched Stable builds are rolling out as 149.0.7827.102.103 for Windows and Mac and 149.0.7827.102 for Linux. Public reporting says the flaw can be…
AI, Exploits, Global Security News, Risk Management
CVE-2026-50751: Check Point VPN Authentication Bypass Exploited in Targeted Attacks
Organizations continue to face elevated risk from edge-device flaws that can hand attackers an initial foothold without valid credentials. CVE-2026-50751 is a critical authentication bypass issue in Check Point VPN Remote Access and Mobile Access that allows a remote, unauthenticated attacker to establish a VPN session without a valid user password. According to public reporting,…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Rubrik Brings Claude-Focused Tooling, Partner Program to Market
Rubrik, a security and AI operations company, has announced a new partner program and enhancements to bolster AI resilience and recovery. Rubrik Agent Cloud for Anthropic’s Claude Code and Claude Cowork will enable organizations to deploy Claude-powered agents at scale with observability, control, and agent rewind. Rubrik’s new cross-platform Rubrik AI automates and accelerates response…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic’s new model is Mythos on a leash
Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly. On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Check Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows attackers to establish VPN sessions without a valid password, potentially giving…
AI, Compliance, Cybersecurity, Data Security, Endpoint, Global Security News, malware, Network Security, Risk Management
Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston
Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique opportunity to get an inside look at how these operations are run at a powerhouse R1 institution, the University of Massachusetts Boston. We sat down with Daniel Mayer, Endpoint…
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
NetRise Builds New Partner Program for MSSPs, VARs, More
Security company NetRise is abandoning the go-it-alone strategy in its war against hidden software vulnerabilities. The Austin, Texas-based software supply chain security specialist announced the rollout of its new Discovery Partner Program today. NetRise bets on the channel to scale software risk management The initiative is a deliberate shift toward a partner-first business model, aiming…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: CVE-2026-42271 (CVSS score…
AI, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Trump’s new AI order — hallucinations aren’t just for LLMs
Years ago, right-wingers coined the phrase “Trump Derangement Syndrome” (TDS) to describe people who hate US President Donald J. Trump. (I think it better describes the president’s outlandish, truth-challenged statements and the followers who think he can do no wrong.) What’s really deranged is his recent AI executive order. First, a little history. As you…
AI, Global Security News, Risk Management
Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200 partners and connectors, and building audit trails for autonomous agents. The conversation covers how AIDA…
AI, china, Global Security News, Government & Policy, Risk Management
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears…
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
OpenAI’s Lockdown Mode is trying to solve the problem that it created
OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of enterprises using multiple AI vendors for their agentic…
Global Security News, Risk Management
U.S. Expands List of Chinese Tech Companies It Says Assist Beijing’s Military
Some well-known companies were added to the annually updated list, which designates them as a U.S. national-security risk.
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Risk Management
Hackers Didn’t Hack Instagram: They Convinced Meta’s AI to Hand Over More Than 20,000 Accounts
Meta’s disclosure that attackers abused an AI-assisted account recovery system to hijack more than 20,000 Instagram accounts is rapidly becoming one of the most consequential security incidents in the emerging era of agentic AI. While early headlines framed the event as hackers “tricking” Meta AI into stealing accounts, the technical reality appears considerably more complex—and…
AI, Apps, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture
ICYMI: May 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read…
AI, Apps, Global Security News, Government & Policy, Risk Management
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…
AI, Global Security News, Government & Policy, Risk Management
Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint
Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint. The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places: the United States government, which formally caught up to the…
AI, Apps, Global Security News, Risk Management, Venture
Minimus Unveils New Supply Chain Protection Proxy and Command-Line Interface for Container Management
Cloud software security firm Minimus today expanded its product portfolio with the general availability of Minimus Supply Chain Protection and minicli. The tools introduce a unified approach to managing third-party software risks and container image configurations. The release of Supply Chain Protection directly targets vulnerabilities found within the application package universe, where interwoven dependencies are…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Operationalizing AWS security: A maturity roadmap
Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for organizations that have already enabled AWS Security Hub and Amazon GuardDuty. These two services form the foundation…
AI, Endpoint, Global Security News, Risk Management
Guardz Launches AI Reporting Tool for MSP Security Teams
Managed service providers may finally have an easier way to explain exactly what their security work is accomplishing. Guardz today unveils a new agentic reporting capability designed to simplify how managed service providers (MSPs) create, customize, and deliver security reports to customers. Security operations get automation boost The launch marks the company’s latest step toward…
AI, Global Security News, Risk Management
Silverfort Securing AI Agents With Copilot Studio Integration
Identity security organization Silverfort has announced it will integrate its Identity Security control for AI agents into Microsoft Copilot Studio. Runtime security addresses Copilot actions before execution The integration will enable Silverfort to deliver inline identity security at runtime, enforcing intelligent access control policies the moment a Copilot agent attempts to act, blocking unauthorized access…
AI, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic Calls for AI Pause as Industry Races Ahead
Anthropic picked an interesting week to warn the world about the dangers of advanced AI. Anthropic warns of self-improving AI risks Just days after filing confidentially for an IPO, the company published a rather lengthy proposal arguing that AI companies may eventually need a way to hit pause. The company worries that AI could reach…
AI, Apps, Exploits, Global Security News, Risk Management
Google Protocol Buffers flaw turns schemas into shells
A widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to remote code execution and other attacks. Researchers at Cyera have disclosed six vulnerabilities affecting “protobuf.js,” all stemming from the library’s handling of schema and metadata. Attackers could exploit an input validation oversight to…
AI, APAC, Europe, Funding, Global Security News, Government & Policy, Risk Management, Venture
EU’s cloud sovereignty push leaves room for US hyperscalers
The European Commission published its tech sovereignty package last week, including the clearest signal yet of its intention to strengthen European cloud sovereignty and reduce its dependence on US hyperscalers. It’s a response to growing concerns among European organizations and regulators about the reliance on US tech firms and legislation such as the US CLOUD…
AI, Exploits, Global Security News, Risk Management
RidgeBot 7.0 automates Active Directory attack simulations for security validation
Ridge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise simulations, helping security teams identify attack paths and prioritize exploitable risks. RidgeBot 7.0 delivers automated Active Directory penetration testing…
Global Security News, Risk Management
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk.
Global Security News, Risk Management
ConnectSecure’s Patch 360 gives MSPs control over patch testing and deployment
ConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing critical issues only after users are impacted. Patch 360 replaces that approach with a rigorous test-and-trust framework that…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
N-able CEO: AI is Becoming an MSP Competitive Risk
As artificial intelligence becomes more deeply embedded in managed services, N-able CEO John Pagliuca says MSPs are entering a new phase of opportunity and risk. Pagliuca told Channel Insider that most MSPs are no longer simply experimenting with AI for personal productivity. Instead, many are beginning to use AI to streamline technician workflows, support customer…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management
The AI security race needs accountability, not overregulation
AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization. Historically, governments have…
AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts
A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was designed to help Instagram users recover locked accounts: you provide an email address, you get a password reset link. The flaw was equally simple: the tool…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
15 tough cybersecurity questions every CISO must answer
As CISOs know, an effective security program cannot be static. Rather, it must adapt to the evolving threat landscape and an ever-changing business environment. To adapt and improve, CISOs must continuously evaluate their existing program. That starts with asking tough questions about their performance, investments, and strategies. Here, security leaders share 15 questions every CISO…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Why most enterprise security teams would fail a military readiness test
Have you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are caught out and panicking, our military actually moves…
AI, Global Security News, Risk Management
OpenAI is locking down parts of ChatGPT to reduce data theft risks
OpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Business accounts. “Lockdown Mode is not intended for everyone. It is designed for people…
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers…
AI, Apps, Data Breaches, Global Security News, Network Security, Risk Management
Automated Reconnaissance Is Reshaping Cyber Risk
A single email address may now be all cybercriminals need to build a surprisingly detailed profile of a target. Flare researchers identified an automated bot that can generate detailed dossiers from a single email address by aggregating data from multiple breached databases. “Tools like this Telegram bot show how little effort it now takes to…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos
Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people…
AI, Global Security News, Risk Management
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go,…
AI, china, Global Security News, Government & Policy, Politics, Risk Management, Venture
Anthropic Says We Must Stop Authoritarian AI. But What About Its Authoritarian Investors?
Anthropic’s high-profile spat with the Pentagon gave it a killer marketing advantage, burnishing its public image as a principled AI company that puts values over profits — unlike more mercenary rivals such as OpenAI or Google. But Anthropic’s double standard on authoritarianism suggests the nearly trillion-dollar firm is as calculating and ethically flexible as any…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Six protobuf.js Vulnerabilities Expose RCE and DoS Risks
Six vulnerabilities discovered in protobuf.js could allow attackers to execute arbitrary code, crash services, and compromise software supply chains across cloud, AI, messaging, and development environments. According to Cyera researchers, the flaws affect the widely used JavaScript implementation of Google’s Protocol Buffers, a data serialization framework that underpins communication across countless distributed systems. The library…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management
AI Threats, Zero-Days, and Data Breaches Define This Week of June 2026 in Cybersecurity
Major Threats & Vulnerabilities Zero-Day Exploits and Critical Vulnerabilities A newly discovered Comodo zero-day vulnerability can crash Windows systems through a malformed IPv6 packet. Researcher Marcus Hutchins identified the flaw, but Comodo has yet to issue a patch. Users are advised to filter suspicious IPv6 headers and test incident response plans. Google patched an Android…
AI, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-20245: Cisco SD-WAN Manager Zero-Day Enables Root Command Execution
Cisco has disclosed a seventh SD-WAN zero-day exploited in 2026, tracked as CVE-2026-20245. The flaw affects the command-line interface of Cisco Catalyst SD-WAN Manager and can allow an authenticated remote attacker with netadmin privileges to execute arbitrary commands as root by uploading a crafted file. Cisco says exploitation has already been observed in limited cases,…
AI, Apps, Global Security News, Risk Management
Understanding LLM Coding Personalities Is Now Key to Developer Improvement
Secure code development goes beyond tools and software – it is a complex activity grounded in risk management and involves an understanding of a developer’s strengths and weaknesses. Recognizing your developers’ level of expertise goes a long way, and helps determine where security issues are most likely to occur, and which developer is best suited…
AI, Exploits, Global Security News, Risk Management
Commvault offers recommendations for resilience in the age of frontier AI
Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
AI, Exploits, Global Security News, Risk Management
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away
Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors. The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted…
AI, Apps, Funding, Global Security News, Risk Management
Ensono CTO: AI Success Starts with Data Discipline
Financial services firms racing to adopt AI may be overlooking the foundational work required to make those investments pay off, according to Syed Ali, CTO of Global Financial Services at Ensono. While many banks, insurers, and asset managers are experimenting with generative AI and agentic tools, Ali said the organizations seeing the strongest results are…
AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Hugging Face Vulnerability Allows Remote Code Execution
Organizations using vulnerable versions of the Hugging Face Transformers library could unknowingly execute attacker-controlled code simply by loading a malicious AI model. Researchers at Pluto disclosed a remote code execution (RCE) vulnerability that bypasses the library’s built-in trust_remote_code=False security control, potentially exposing cloud credentials, SSH keys, API tokens, and other sensitive assets. “One poisoned field…
AI, Global Security News, Government & Policy, privacy, Risk Management
Why Apple may be winning again
As we lean into WWDC, three strategically brilliant Apple moves have been exposed in the last couple of weeks, two of which will have immense consequences in the coming year, while one sets the scene for essential future growth. In each case, Apple’s leadership has found counter-intuitive gambits that actually secure the company’s future. Let’s start…
AI, Apps, Global Security News, Risk Management
Anthropic suggests slowing AI research until we can align it with human goals
AI could soon lead to systems capable of improving their own performance faster than humans can effectively supervise them, reviving concerns about the industry’s longstanding “alignment problem,” ensuring AI systems reliably pursue human goals, senior Anthropic researchers have warned in a new blog post titled “When AI builds itself.” Anthropic Institute lead Marina Favaro and…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Malware could drain your fuel tank as well as your bank account
Ongoing cyber-attacks on automated tank gauges (ATGs) could result in fuel tanks being drained without businesses noticing, the US Cybersecurity & Infrastructure Security Agency has warned. Connected ATGs are widely deployed in gas stations, as well as on military bases, in hospitals, and in manufacturing plants. And it’s not just fuel stores at risk: ATGs…
AI, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Risk Management
Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards
We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security teams’ actual experience, these rankings once again prove how critical ANY.RUN’s solutions are for daily SOC operations in modern enterprises. Why ANY.RUN’s Momentum Leader Title Matters for Your Team G2 awards…
AI, Global Security News, Risk Management
Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era
Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Claude Code has an MCP security problem — and your developers are already using it
Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a developer connects one of those services, Claude Code runs an OAuth flow, the…
AI, Compliance, Cybersecurity, Data Security, Europe, Global Security News, malware, Network Security, Risk Management
May 2026 Leadership Recap: Channel Execs Move Toward AI
We’re barreling toward the midway point of the year, and May has seen a number of new executive leadership shuffles to guide organizations through the second half of the year and beyond. Organizations across the ecosystem have made shifts to their leadership teams, including new hires, promotions, and the addition of their first-ever AI executives.…
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management
May 2026 M&A Recap: Security and AI Remain Top Priorities
WatchGuard, Torq, and Asana are just a few organizations that have made strategic acquisitions in the IT ecosystem to expand their capabilities and provide more services to a greater number of customers. Before we reach the summer months, take stock of the mergers and acquisitions in the channel from May. Security consolidation continues as firms…
AI, Data Breaches, Exploits, Global Security News, Risk Management
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications
SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after Google patched the vulnerabilities he found in his previous research. The new attack class he developed, named Fake…
AI, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management
Commvault Provides Resilience Approach for Frontier AI
Commvault, a data protection and cyber resilience organization, has made recommendations to help organizations stay resilient in the age of frontier AI. Frontier models create new security risks while helping address them As frontier models, hosted in the cloud, excel at identifying vulnerabilities at speed and compressing exploitation timelines, they also present exploitable threats to…
AI, china, Global Security News, Risk Management
Why Waymo settled for the wrong car
Forget “Florida Man.” Want to hear a California Man story? Here goes. A California man rolled up to a yoga studio in San Francisco’s Marina District in a self-driving Waymo car, walked into the studio, grabbed an armful of yoga shorts, got back in the Waymo and took off. Six months later, police still haven’t…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
Compliance chaos: NY regulators see a data breach — then focus on IT errors
The age-old IT defense when compliance violations are investigated by regulators is to try and keep a low profile — and hope no one looks too closely. But with enhanced SEC interest in all data breaches encouraging regulators around the globe to take those closer looks at IT, data breach disclosure rules are becoming more…