Agentic AI, which can autonomously perform tasks, introduces new security risks. Intent-based permissions offer a more secure alternative by ensuring the AI's actions align with the user's original purpose, thereby reducing the potential for misuse and data breaches by applying the principle of least privilege.
_blickwinkel_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Shadow AI, the unauthorized use of AI tools by employees, creates severe data security, compliance, and intellectual property risks. Mitigation requires clear policies, sanctioned tools, and staff education, rather than outright bans, to balance productivity and security.
Cybersecurity AI (CAI) is a new open-source framework designed to help security teams build and deploy AI-driven tools for offensive and defensive operations. It aims to democratize advanced AI security, making it accessible for researchers, ethical hackers, and organizations to enhance their security posture.
Generative AI (GenAI) and advanced data management are reshaping financial institutions by enabling hyper-personalization at scale, improving operational efficiency, and enhancing security. This technological shift is driving a new era of tailored banking and wealth management, creating deeper customer relationships and significant competitive advantages.
A hacker injected malicious wiping commands into version 1.84.0 of the Amazon Q extension for Visual Studio Code. Amazon removed the vulnerable version and released an update, stating that no customer resources were impacted.
SaaS security adoption is rising as breaches surge. Companies face challenges like security management, access control, and visibility into SaaS applications. SSPM solutions and a focus on identity security are essential to address these risks.
A new vulnerability in Kigen eUICC cards exposes billions of IoT devices to attacks through flaws in eSIM profile management. The vulnerability allows the installation of malicious JavaCard applets, jeopardizing the confidentiality of mobile network operator data and allowing interception of communications. A security patch has been released.
Parrot Security announced the release of Parrot OS 6.4, bringing updates to core security tools, including Metasploit Framework 6.4.71 and Sliver C2 framework. The new release includes Linux kernel 6.12.32 and aims to improve performance and stability for security professionals.
The European Union has launched the EuroQCI initiative to build a pan-European, quantum-secure communication infrastructure. The plan combines terrestrial and satellite networks to protect critical data from future quantum threats, aiming for full implementation by 2030.
Generative AI is being rapidly adopted in workplaces, with many employees using it without formal approval. This swift integration creates significant security risks, as most companies lack formal policies or training to guard against data leaks, intellectual property infringement, and other vulnerabilities, leaving them exposed.
The International Criminal Court (ICC) in The Hague confirmed it sustained a "sophisticated and targeted" cyberattack. The incident, which was detected and contained, marks the second major attack against the court in recent years, raising security concerns amid high-profile investigations.
Two years after its initial discovery, a critical vulnerability in Microsoft's Entra ID, known as nOAuth, continues to expose thousands of SaaS applications to potential account takeovers. New research from Semperis reveals the flaw, which bypasses standard defenses, remains a severe and active threat.
Ongoing phishing campaigns target organizations using Microsoft 365, specifically Office 365 where multi-factor authentication (MFA) is not enforced. The attacks use sophisticated social engineering tactics and convincing phishing pages to harvest user credentials.
