#onetrust
#onetrust

3 hours ago

Nearly half of cybersecurity pros want to quit - here's why

There's a significant mismatch between demand and rewards in cybersecurity, leading to dissatisfaction among professionals.

Careers

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.

fromWIRED

Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos

Mozilla used Anthropic's Mythos Preview to fix 271 vulnerabilities in Firefox 150, while North Korean hackers exploited AI for cybercrime.

DevOps

The Security Metric That's Failing You

Hybrid clouds have two attack surfaces - so watch both

Hybrid cloud management tools present significant security vulnerabilities that users often overlook.

fromSecurityWeek

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

3 hours ago

Nearly half of cybersecurity pros want to quit - here's why

There's a significant mismatch between demand and rewards in cybersecurity, leading to dissatisfaction among professionals.

Careers

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.

fromWIRED

Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos

Mozilla used Anthropic's Mythos Preview to fix 271 vulnerabilities in Firefox 150, while North Korean hackers exploited AI for cybercrime.

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

Hybrid clouds have two attack surfaces - so watch both

Hybrid cloud management tools present significant security vulnerabilities that users often overlook.

fromSecurityWeek

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

more#cybersecurity

16 hours ago

How to audit what ChatGPT knows about you - and reclaim your data privacy

Re-evaluate personal information shared with ChatGPT to enhance privacy and security.

The Hidden Data Liability Every Leader Needs to Address Now

Data is no longer endlessly renewable; companies face a 'data liability gap' affecting AI systems and data recovery responsibilities.

2 hours ago

Tinder Scanning Users' Eyeballs to Prove They Aren't Creeps

Tinder partners with World project for biometric verification using iris scans to combat scams on dating apps.

Startup companies

Your Former Employer Is Selling Your Slacks and Emails to Train AI

Founders of defunct startups are monetizing their digital remains, such as Slack messages and emails, through a growing ecosystem of buyers and middlemen.

#agentic-ai

Government adoption of AI agents could outpace the private sector

Agentic AI adoption in government is a leadership mandate, with 82% already using it and 71% planning to increase usage by 2026-2027.

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

Government adoption of AI agents could outpace the private sector

Agentic AI adoption in government is a leadership mandate, with 82% already using it and 71% planning to increase usage by 2026-2027.

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

more#agentic-ai

fromTNW | Eu

EU data protection

EU child safety push stalls as ePrivacy derogation expires, age verification app hacked, and CSA Regulation stuck in trilogue

Europe's child protection efforts conflict with privacy laws, complicating the detection of online child exploitation.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

From permission to personalization: Activating first-party data the right way | MarTech

Navigating consumer privacy and personalization demands requires a strategic approach to first-party data activation.

#meta

Parenting

Meta will let parents see their teens' AI queries

Meta's update allows parents to view their teens' AI chatbot queries, providing transparency on topics without specific details.

Meta Accounts Center now includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

'This Makes Me Super Uncomfortable': Meta's Plan to Track Employees' Every Click and Keystroke Sparks Backlash

Meta is installing tracking software on U.S. employees' computers to create AI training data from their work activities.

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

Meta Installing Software on Employee Computers to Track Everything They Do, Feed the Data to AI

Meta is implementing tracking software on employees' computers to gather data for AI training, raising ethical and privacy concerns.

Parenting

Meta will let parents see their teens' AI queries

Meta's update allows parents to view their teens' AI chatbot queries, providing transparency on topics without specific details.

Meta Accounts Center now includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

'This Makes Me Super Uncomfortable': Meta's Plan to Track Employees' Every Click and Keystroke Sparks Backlash

Meta is installing tracking software on U.S. employees' computers to create AI training data from their work activities.

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

Meta Installing Software on Employee Computers to Track Everything They Do, Feed the Data to AI

Meta is implementing tracking software on employees' computers to gather data for AI training, raising ethical and privacy concerns.

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

#palantir

UK politics

Thousands call on UK ministers to cut ties with US tech giant Palantir

Public concern over Palantir's contracts with UK entities has led to petitions urging the government to terminate these agreements.

Palantir employees are talking about company's "descent into fascism"

Palantir employees express deep concerns over the company's role in immigration enforcement and its alignment with the Trump administration.

Palantir is reportedly helping the IRS investigate financial crimes | TechCrunch

Palantir has assisted the IRS in investigating financial crimes, receiving $130 million since 2018 for its data analysis software.

UK politics

Thousands call on UK ministers to cut ties with US tech giant Palantir

Public concern over Palantir's contracts with UK entities has led to petitions urging the government to terminate these agreements.

Palantir employees are talking about company's "descent into fascism"

Palantir employees express deep concerns over the company's role in immigration enforcement and its alignment with the Trump administration.

Palantir is reportedly helping the IRS investigate financial crimes | TechCrunch

Palantir has assisted the IRS in investigating financial crimes, receiving $130 million since 2018 for its data analysis software.

Addressing the challenges of unstructured data governance for AI

Enterprises must enhance data governance for unstructured data as AI transforms data management practices.

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France news

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

France news

fromEngadget

France's national agency for managing IDs and passports suffered a data breach last week

France Titres confirmed a security breach exposing personal data, including names and contact information, with potential for phishing attacks.

France news

France confirms data breach at government agency that manages citizens' IDs | TechCrunch

The French government agency ANTS confirmed a data breach affecting citizens' identity documents, potentially involving millions of personal records.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

more#data-breach

#ai

fromThe Hill

Can AI agents protect our privacy?

AI is transforming the web, increasing privacy risks while offering opportunities to improve data protection.

fromComputerworld

European startups

Germany's sovereign AI hope changes hands

fromMedium

Artificial intelligence

How to mitigate the risk of AI implementation in enterprise environments

Got personal financial, medical data you'd like to keep private? Good luck.Got personal financial, medical data you'd like to keep private? Good luck. - Harvard Gazette

New AI models may increase the risk of cybercriminals breaching secure systems, exposing personal data.

Information security

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromThe Hill

Can AI agents protect our privacy?

AI is transforming the web, increasing privacy risks while offering opportunities to improve data protection.

European startups

fromComputerworld

Germany's sovereign AI hope changes hands

Aleph Alpha is merging with Canada's Cohere to create a powerful AI entity amid Europe's push for technological independence from US vendors.

fromMedium

How to mitigate the risk of AI implementation in enterprise environments

Only about 5% of AI projects deliver measurable business value despite high expectations.

Got personal financial, medical data you'd like to keep private? Good luck.Got personal financial, medical data you'd like to keep private? Good luck. - Harvard Gazette

New AI models may increase the risk of cybercriminals breaching secure systems, exposing personal data.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Implementing a Self-Service Data Platform

Implementing a self-service data platform can empower teams to manage their own data products without constant data engineering support.

How Physical Security Data Is Supporting Public Safety Challenges

Physical security data is primarily used for officer safety, situational awareness, and responding to public safety emergencies.

Proton CEO: Age checks turn internet into ID checkpoint

Age verification risks transforming the internet into a system requiring identification for all users, compromising anonymity and security.

fromThe Hacker News

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

AI agents create a delegation gap in enterprise security that must be addressed before governing their authority.

Software development

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

Marketing tech

fromThedrum

The GumGum Platform Achieves Global SOC 2 Compliance, Setting Standards for Data Security

GumGum achieved SOC 2 compliance, enhancing data security and system reliability for partners and customers globally.

Some Interrail travellers told to cancel passports as hacked data posted online

Holidaymakers in Europe must replace passports after personal data was hacked and sold on the dark web, causing stress and financial burden.

fromNature

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

#privacy

Privacy professionals

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

fromAdExchanger

Privacy professionals

Does The New Federal Data Privacy Bill Have A Snowball's Chance Of Passing? | AdExchanger

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

fromAdExchanger

Does The New Federal Data Privacy Bill Have A Snowball's Chance Of Passing? | AdExchanger

House Republicans introduced the SECURE Data Act to create a national privacy standard that preempts state laws, targeting large data-handling companies.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

European startups

fromPrivacy International

98% of IT leaders want digital sovereignty: Now SUSE is operationalizing it for companies everywhere

SUSE is focusing on digital sovereignty to enhance choice and resilience in enterprise IT globally.

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

fromwww.businessinsider.com

The AI race is quietly rewriting what surveillance looks like at work

Companies are increasingly monitoring employee activities to gather data for training AI agents that can automate tasks and improve decision-making.

#google

Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents

Google is enhancing its data and analytics portfolio to compete with AWS and Microsoft in AI data management.

fromSearch Engine Roundtable

Google Now Won't Use Spam Reports With Personally Identifying Information

Google updated its spam report policy to protect personally identifying information after receiving backlash from users.

Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents

Google is enhancing its data and analytics portfolio to compete with AWS and Microsoft in AI data management.

fromSearch Engine Roundtable

Google Now Won't Use Spam Reports With Personally Identifying Information

Google updated its spam report policy to protect personally identifying information after receiving backlash from users.

more#google

Private health records of half a million Britons offered for sale on Chinese website

The UK Biobank charity informed the government that it had identified their data had been advertised for sale by several sellers on Alibaba's e-commerce platforms in China.

EU data protection

fromComputerworld

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

#ai-governance

Here's how to jump-start your company's responsible AI governance in 90 days

Anthropic's Claude Mythos AI model reveals critical vulnerabilities, emphasizing the urgent need for responsible AI governance to mitigate risks and societal impacts.

fromComputerWeekly.com

3 weeks ago

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

Here's how to jump-start your company's responsible AI governance in 90 days

Anthropic's Claude Mythos AI model reveals critical vulnerabilities, emphasizing the urgent need for responsible AI governance to mitigate risks and societal impacts.

fromComputerWeekly.com

3 weeks ago

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

fromeLearning Industry

fromElectronic Frontier Foundation

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

more#ai-governance

#data-privacy

Privacy technologies

How ICE Got My Data | EFFector 38.8

fromThedrum

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

fromThe Verge

Privacy professionals

A new Republican privacy bill could be 'worse than no standard at all'

Congress is attempting to pass a national data privacy law that may weaken protections in some states while strengthening them in others.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

fromElectronic Frontier Foundation

How ICE Got My Data | EFFector 38.8

Tech companies may compromise user data when pressured by the government, as seen in a case involving Google and ICE.

fromThedrum

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

fromThe Verge

A new Republican privacy bill could be 'worse than no standard at all'

Congress is attempting to pass a national data privacy law that may weaken protections in some states while strengthening them in others.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

more#data-privacy

Scaling agentic AI demands a strong data foundation - 4 steps to take first

Trusted quality data is essential for scaling agentic AI adoption in organizations.

New EU rules stall due to lack of data center data

Europe's data center sustainability regulations reveal significant gaps in data quality and reporting, hindering accurate assessments of energy consumption and environmental impact.

OpenAI now lets you screenshot your privacy in the foot

OpenAI's Chronicle captures user screens to enhance Codex's contextual understanding, raising privacy concerns similar to Microsoft's Recall.

fromInfoQ

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Centralized governance and remote infrastructure are essential for secure Model Context Protocol deployments, addressing risks like prompt injection and supply chain attacks.

fromwww.bankingdive.com

How proactive DEX strengthens IT compliance in financial services

Proactive DEX management helps financial services organizations address compliance challenges by continuously monitoring and improving the digital workplace.

fromThe Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Moltbook's database exposure revealed significant security risks, including unencrypted credentials and API tokens, due to poor oversight of AI agent integrations.

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

fromThe Verge

Now Meta will track what employees do on their computers to train its AI agents

Meta is using employee activity data to train AI agents for better task automation.

Security Leaders Discuss the Claude Mythos Breach

Security leaders emphasize the urgent need for AI-enabled cybersecurity measures in response to the Claude Mythos breach.

Meta tracking employee keystrokes to train AI is probably legal. Experts say that doesn't make it ethical

Meta Platforms is implementing software to track employee computer usage to train AI models, raising privacy concerns amid potential layoffs.

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.

fromwww.nytimes.com

Video: What Can A.I. Companies Do to Win Public Trust?

A.I. companies must address governance issues to regain public trust amid concerns over disruption without clear plans for the future.

#data-security

fromwww.bbc.com

Biobank data incident caused by 'a few bad apples', boss says

BBC Datasets containing de-identified volunteer information were found for sale on Alibaba, prompting scrutiny and temporary suspension of access to the research platform.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromwww.bbc.com

Biobank data incident caused by 'a few bad apples', boss says

BBC Datasets containing de-identified volunteer information were found for sale on Alibaba, prompting scrutiny and temporary suspension of access to the research platform.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

fromTechRepublic

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Information security

70 percent of organizations see AI as the biggest data risk

fromFortune

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

fromTechRepublic

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Information security

70 percent of organizations see AI as the biggest data risk

more#ai-security

Another customer of troubled startup Delve suffered a big security incident | TechCrunch

Delve faces multiple allegations and security incidents, leading to loss of customers and damaged reputation.

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

fromNextgov.com

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

Google Cloud and Wiz build multi-cloud platform on top of Security Graph

Wiz is essential for Google Cloud's security strategy in multi-cloud environments post-acquisition.

fromComputerWeekly.com

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

fromTNW | Offers

10 Best SOC 2 Compliance Software for 2026

SOC 2 compliance software automates security controls, streamlining the audit process and ensuring readiness in weeks instead of months.

fromThe Hacker News

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

fromExchangewire

2 months ago

Axeptio Launches Global Privacy Control (GPC) Support to Strengthen Compliance with US Privacy Regulations

Global Privacy Control is a browser-level signal that allows users to express-prior to any interaction with a website-their decision to opt out of the sale or sharing of their personal data. To meet these evolving legal requirements, Axeptio now integrates GPC signal detection and processing through a new feature available for projects using a CCPA banner, a prerequisite for remaining compliant in the United States.

Privacy technologies

2 months ago

Trusted Tech Alliance establishes five principles for secure technology

Sixteen global tech companies formed the Trusted Tech Alliance to embed transparency, security, and data protection across the entire technology stack.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

2 months ago

Zero-trust data governance needed to protect AI models from slop

By 2028, 50% of organizations will adopt a zero-trust data governance posture due to widespread, unverified AI-generated data.

fromBusiness Matters