#digital-protection-measures
#digital-protection-measures

US news

How AI is getting better at finding security holes

fromFast Company

Artificial intelligence

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Information security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

fromIntelligencer

fromHarvard Business Review

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromwww.npr.org

US news

How AI is getting better at finding security holes

fromFast Company

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

fromIntelligencer

fromHarvard Business Review

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

more#ai

#ai-governance

3 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

3 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

more#ai-governance

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

2 hours ago

UK reliance on US big tech companies is 'national security risk', claims report | Computer Weekly

The UK is at risk due to over-reliance on US tech companies for critical infrastructure, impacting national security.

#cybersecurity

fromWIRED

14 hours ago

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

Information security

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

Cryptocurrency

fromnews.bitcoin.com

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

Silicon Valley

fromWIRED

14 hours ago

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

Cryptocurrency

fromnews.bitcoin.com

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

Cloudflare introduces new features for building and deploying agents

Cloudflare is transforming AI development with Dynamic Workers, Sandboxes, and Artifacts for secure, scalable, and efficient code execution.

Kraken Targeted by Extortion Group Threatening to Leak Internal Support Videos

Kraken will not pay ransom demanded by a criminal group threatening to release internal support videos.

fromBitcoin Magazine

7 hours ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

Cryptocurrency

fromnews.bitcoin.com

8 hours ago

Kraken Targeted by Extortion Group Threatening to Leak Internal Support Videos

Kraken will not pay ransom demanded by a criminal group threatening to release internal support videos.

fromBitcoin Magazine

7 hours ago

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

AI Is Nothing Without Data Fidelity. Here's A Four-Step Approach to Protect It | AdExchanger

Data integrity is crucial for effective AI in advertising, as flawed data leads to poor outcomes.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Marketing tech

fromAdExchanger

13 hours ago

AI Is Nothing Without Data Fidelity. Here's A Four-Step Approach to Protect It | AdExchanger

Data integrity is crucial for effective AI in advertising, as flawed data leads to poor outcomes.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

Europe politics

fromTheregister

15 hours ago

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

more#digital-sovereignty

Digital life

fromwww.dw.com

Does age verification for social media help protect kids?

Governments are implementing age limits on social media to protect minors, but experts question the effectiveness of such measures.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

Apple

fromTheregister

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

more#apple-intelligence

fromRoute Fifty

Getting privacy policy right in a competitive digital economy

State and local leaders aim to balance privacy protection with economic competitiveness, as inconsistent privacy laws can hinder business operations and consumer trust.

#data-breach

fromTNW | Data-Security

17 hours ago

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

10 hours ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

8 hours ago

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

fromTNW | Data-Security

17 hours ago

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

10 hours ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

8 hours ago

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

fromPrivacy International

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

Why Website Cookies Aren't As Sweet As They Sound

Website cookies can raise serious privacy concerns due to their role in tracking user behavior and collecting personal data.

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.

Privacy technologies

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

fromMail Online

9 hours ago

Warning to iPhone users over iCloud storage scam exposing bank details

A new email scam targets iPhone users, posing as iCloud notifications to steal personal and banking information.

15 hours ago

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

DevOps

fromInfoQ

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

15 hours ago

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

fromTheregister

3 hours ago

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

16 hours ago

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

6 hours ago

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

17 hours ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

more#openai

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Commvault launches AI tools for secure agentic AI era

"In agentic environments, agents mutate state across data, systems, and configurations in ways that compound fast and are hard to trace," says Pranay Ahlawat, Chief Technology and AI Officer at Commvault.

Information security

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

2 months ago

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

Mental health

1 month ago

Security Insights Delivered Through Podcasts

Security professionals face significant mental-health risks and team burnout, requiring leaders to integrate empathetic practices and psychological safety into security operations.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

#identity-management

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

fromElectronic Frontier Foundation

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

fromDevOps.com

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action - DevOps.com

Mallory provides an AI-native threat intelligence platform that delivers actionable insights for enterprise security teams, focusing on real threats and vulnerabilities.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

fromEntrepreneur

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Beyond integration theatre: Building stronger cyber platforms | Computer Weekly

Integration layers between security platforms, not the platforms themselves, have become the primary enterprise security risk requiring rigorous governance of delegated trust.

2 months ago

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.