#CIRCIA
15 stories taggedCIRCIA.

Behavioral AI Pitched as Answer to Identity-Abuse Phishing, But Regulators Still Set the Bar
A vendor webinar makes the case for behavioral detection against BEC and account takeover. The compliance questions sit underneath.

Adobe Ships Emergency Fixes for Seven CVSS 10.0 Bugs in ColdFusion, Campaign Classic
Out-of-band advisories cover arbitrary code execution and privilege escalation paths. Administrators face a short remediation window before public exploit code is likely.

When Legacy Infrastructure Becomes the Soft Underbelly of Your AI Agent Stack
Governance frameworks like NIST AI RMF and the EU AI Act assume the pipes under the model are secure. They often aren't.

Accenture Moves to Acquire Dragos, runZero, and NetRise in $4.1 Billion OT Security Consolidation
The deal values Dragos alone at $3.25 billion. runZero and NetRise would fold under the Dragos umbrella post-close.

Tailscale and OpenSSH Became a Junior Operator's Back Door After His Havoc C2 Went Dark
An intrusion at a small French auto-sector firm shows how commodity remote-access tooling defeats the assumption that killing the C2 ends the incident.

MFA Alone Won't Save You: What Modern Attackers Know That Defenders Don't
A practitioner-focused webinar examines how threat actors sidestep conventional detection controls and why single-layer authentication assumptions are failing organizations.

MDR's AI Reckoning: When the Old Service Model Stops Keeping Up
Managed detection and response solved a staffing problem. It is not, by itself, an answer to adversaries who automate reconnaissance and intrusion at machine speed.

JDY Botnet's Quiet Comeback: 1,500 SOHO and IoT Nodes Now Mapping the Internet
Researchers tie the reconstituted scanner network to China-nexus operators conducting persistent, large-scale reconnaissance against exposed services.

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds
A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

Anthropic's Mythos Shows AI Can Find Bugs Faster Than Humans. The Bug Bounty Model May Not Survive It.
Machine-speed vulnerability discovery is no longer theoretical. The question now is whether the bounty ecosystem — and the offensive security teams inside it — are priced and structured for a world where finding flaws is the easy part.

AI-Generated Phishing Is Drowning SOC Queues. The Policy Response Is Lagging.
Tier 1 analysts face a volume problem that existing disclosure and reporting regimes were not built to absorb.

npm Hit by Dual Supply-Chain Campaigns: Rust Stealer With eBPF Rootkit, Self-Spreading Worm
Researchers flagged two parallel intrusions into the npm registry. One delivers a kernel-level credential scraper. The other propagates through more than 50 poisoned packages.

HD Moore's Pitch to Defenders: Stop Racing Patches, Reshape the Network
The Metasploit creator argues blast-radius control, not patch velocity, is what regulators and boards should be measuring.

Microsoft Reasserts Coordinated Disclosure Norms After Researcher Drops Zero-Days
Redmond is invoking CVD principles after a researcher publicly posted unpatched flaws, raising fresh questions about the boundary between disclosure ethics and platform enforcement.

Operators Warn AI-Generated Traffic Is Outpacing Static DDoS Defences as Regulators Eye Disclosure Rules
Machine-learning-driven flood attacks are reshaping volumetric thresholds faster than current incident-reporting frameworks anticipated.