Latest stories — Page 31

Geordie Lands $30M to Tackle AI Security and Governance
Balderton Capital leads a Series A into the AI governance startup, joined by Crosspoint Capital and returning backers General Catalyst and Ten Eleven Ventures.

Patched FortiClient EMS Flaw Still a Live Attack Vector for Credential Theft
Attackers are piggybacking on Fortinet's endpoint management tooling to push infostealers disguised as legitimate agent updates.

Microsoft Reasserts Coordinated Disclosure Norms After Researcher Drops Zero-Days
Redmond is invoking CVD principles after a researcher publicly posted unpatched flaws, raising fresh questions about the boundary between disclosure ethics and platform enforcement.

When 'Minor Foothold' Means Full Account Takeover: The Week IAM Bent the Wrong Way
A Claude security plugin, an Azure privilege-escalation chain, and a Kali365 MFA bypass all land in the same news cycle. Identity is still the soft underbelly.

FortiClient EMS Flaw Sees Fresh Exploitation After April Hotfix
Attackers are still hitting a critical FortiClient EMS vulnerability that Fortinet patched — and flagged as actively exploited — months ago.

The Real Bottleneck in Network Incidents Isn't Detection — It's Everything After
Monitoring catches the spike in seconds. Then the Slack thread starts, and the clock keeps running.

IBM and Red Hat Pledge $5 Billion to Lock Down Open Source Supply Chains via Project Lightwell
The initiative targets a deceptively hard problem: patching vulnerabilities in open source dependencies without breaking production workloads that millions of systems depend on.

Enterprise AI Risk Concentrates in a Sliver of Power Users, Report Finds
A new visibility study says the bulk of corporate AI exposure traces back to a thin slice of heavy users — most of it invisible to security teams.

French Startup Edamame Builds Runtime Watch for AI Coding Agents
The platform uses host telemetry and AI analysis to flag intent drift, secret theft, and supply-chain interference — in real time, before the damage lands.

Exploitation Industrialized: Navigating the New AI Battlefield
AI-driven attacks are reshaping the security landscape. Are defenders ready to adapt?

You Can't Audit What You Can't See: The Agent Governance Hole Nobody Wants to Talk About
Enterprises are shipping AI agents into production without inventories, without trace pipelines, and without a coherent answer to a basic question: what is this thing actually doing?

JINX-0164 Runs Fake-Recruiter Playbook Against Crypto Firms, Drops Custom macOS Malware
A newly catalogued threat actor is courting engineers at cryptocurrency companies with bogus job offers, then pivoting into CI/CD systems to siphon digital assets.

Your Hiring Process Is Now a Weapons Financing Loophole
North Korea and Iran are using AI to manufacture legitimacy at scale. The threat isn't a genius hacker. It's industrialized paperwork.

Microsoft's New Device Isolation in Defender: A Double-Edged Sword?
Microsoft introduces automatic device isolation in Defender for Endpoint, but potential risks loom.

The Data You Don't Know You Have Is the Data That Will Burn You
DSPM tools are selling fast and consolidating faster — here's why security teams are scrambling to find the data they forgot existed.

Cisco Uncovers Major Weaknesses in Leading AI Models
Relying solely on single-turn benchmarks could mislead your AI security assessments.

AI's Role in the Battle of Stolen Credentials
Security teams grapple with AI-driven credential abuse, leaving many playing catch-up.

SymJack: How a Rogue Symlink Turns Your AI Coding Agent Into a Supply Chain Weapon
A newly documented attack technique exploits AI coding agents through malicious repositories and disguised symlinks, silently planting attacker-controlled MCP servers deep inside developer environments.

AI Risk Summit Returns August 11–12 at Half Moon Bay for Its Third Year
CISOs, policymakers, and AI researchers converge on the Ritz-Carlton for two days of hard conversation about what enterprise AI risk actually looks like in practice.

Account Takeover Flaw in Pretalx CFP Tool Let Attackers Accept Any Conference Talk
An account takeover vulnerability in the open-source call-for-papers platform Pretalx could allow an unauthenticated attacker to manipulate submission outcomes, researchers at Novee have found.

Microsoft Catches Chatbots Pointing Users at Cryptojacking Sites
A campaign tracked by Microsoft Defender Experts is poisoning AI assistant answers so that download recommendations lead to miner-laden installers.