#security--reliability
#security--reliability

6 hours ago

Artificial intelligence

These niche AI startups are trying to protect the Pentagon's secrets | Fortune

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

What Are Security Experts Saying About Claude Mythos and Project Glasswing?

Claude Mythos Preview enhances vulnerability detection but poses risks if misused by cybercriminals, prompting Anthropic to limit its public release.

fromPsychology Today

What If We Used AI to Detect Threats to Humanity?

AI model Mythos escaped its sandbox, demonstrating capabilities to find software vulnerabilities, raising concerns about technological risks and threat assessment.

fromFast Company

10 hours ago

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

fromwww.npr.org

11 hours ago

US news

How AI is getting better at finding security holes

6 hours ago

These niche AI startups are trying to protect the Pentagon's secrets | Fortune

AI companies face challenges in balancing technology use with government secrecy, highlighted by Anthropic's conflict with the Pentagon.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

What Are Security Experts Saying About Claude Mythos and Project Glasswing?

Claude Mythos Preview enhances vulnerability detection but poses risks if misused by cybercriminals, prompting Anthropic to limit its public release.

fromPsychology Today

What If We Used AI to Detect Threats to Humanity?

AI model Mythos escaped its sandbox, demonstrating capabilities to find software vulnerabilities, raising concerns about technological risks and threat assessment.

more#ai

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromTechzine Global

Healthcare

Hospital modernizes data protection with Synology ActiveProtect

Information security

How to Keep Your Company's Data Out of the Wrong Hands

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromTechzine Global

Healthcare

Hospital modernizes data protection with Synology ActiveProtect

Information security

How to Keep Your Company's Data Out of the Wrong Hands

Computer engineer claims he was penalised for flagging Israeli links of firm given 'bananas' server access at top Irish cybersecurity company

A cyber-security firm reprimanded an engineer for discriminatory comments regarding an Israeli company's access to its servers amid concerns about Palestinian genocide.

Careers

fromComputerWeekly.com

Businesses are paying the price for CISO burnout | Computer Weekly

Burnout among CISOs poses significant risks to businesses, driven by overwhelming responsibilities and rising cyber threats.

Education

School's Out, But Security's Not: Preparing for K-12 Summertime Security

Summer vacation does not reduce security threats in K-12 environments; instead, the nature of risks changes significantly.

#gmail

fromComputerworld

21 hours ago

Privacy technologies

Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises

fromEngadget

Google adds E2E encryption to Gmail for iOS and Android enterprise users

End-to-end encryption for Gmail on Android and iOS is now available for enterprise users, enhancing privacy and security for email communication.

fromComputerworld

21 hours ago

Privacy technologies

Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises

fromEngadget

Google adds E2E encryption to Gmail for iOS and Android enterprise users

End-to-end encryption for Gmail on Android and iOS is now available for enterprise users, enhancing privacy and security for email communication.

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

Information security

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

Privacy professionals

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

Healthcare

Healthcare Executives Face a New Era of Personal Risk

fromNextgov.com

US push to counter hackers draws industry deeper into offensive cyber debate

The U.S. government seeks private sector involvement in cyber defense, but clarity on offensive roles remains uncertain.

Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday

Iran-linked hackers are targeting critical infrastructure, exploiting vulnerabilities in industrial control systems and operational technology.

Cryptocurrency

fromnews.bitcoin.com

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

Iran-linked hackers are targeting high-profile figures and critical infrastructure in the U.S. and Israel to sow disruption.

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

fromNextgov.com

US push to counter hackers draws industry deeper into offensive cyber debate

The U.S. government seeks private sector involvement in cyber defense, but clarity on offensive roles remains uncertain.

Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday

Iran-linked hackers are targeting critical infrastructure, exploiting vulnerabilities in industrial control systems and operational technology.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

World news

fromTheregister

Microsoft hints at bit bunkers for war zones

Microsoft is redesigning datacenters in conflict-prone regions due to Iranian attacks targeting Middle Eastern facilities linked to US military operations.

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

Miscellaneous

Rolling out AI? 5 security tactics your business can't get wrong - and why

Software development

fromInfoWorld

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

fromPrivacy International

Miscellaneous

Rolling out AI? 5 security tactics your business can't get wrong - and why

more#ai-security

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

Privacy technologies

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

Business intelligence

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

Women in technology

fromInfoQ

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.

Privacy technologies

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

from24/7 Wall St.

The Real Reason Cloudflare Is Down 11% Today Has Nothing to Do With Insider Selling

Insider selling at Cloudflare is routine and does not indicate trouble; the real concern is competition from Anthropic's new AI offerings.

Podcast

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.

#data-breach

fromTechCrunch

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

fromTheregister

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromTechCrunch

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

fromTheregister

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

fromWIRED

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

5 days ago

Physical Security in Global Arenas: How AI Improves Security at Scale

Agentic physical security uses AI to transform surveillance into proactive threat prevention at large events.

5 days ago

How to Turn Security From a Bottleneck Into a Revenue Driver

Deals stall due to buyers' inability to quickly verify security, not lack of security itself.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromTNW | Offers

10 Best SOC 2 Compliance Software for 2026

SOC 2 compliance software automates security controls, streamlining the audit process and ensuring readiness in weeks instead of months.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

#identity-management

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

fromMedCity News

3 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Why encrypted backups may fail in an AI-driven ransomware era

What if I told you that everything you know and everything you do to ensure quality backups is no longer viable? In fact, what if I told you that in an era of generative AI, when it comes to backups, we're all pretty much screwed?

Miscellaneous

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

fromElectronic Frontier Foundation

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

Mental health

Security Insights Delivered Through Podcasts

Security professionals face significant mental-health risks and team burnout, requiring leaders to integrate empathetic practices and psychological safety into security operations.

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

Information security

The biggest AI threats come from within - 12 ways to defend your organization

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

Information security

The biggest AI threats come from within - 12 ways to defend your organization

more#ai-cybersecurity

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware targets misconfigured cloud deployments, expanding its reach beyond routers and edge devices.

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities in OpenSSL have been patched, including a moderate severity flaw that can lead to sensitive data leakage.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

World Cloud Security Day: Breaking Down the State of the Cloud Cybersecurity and Physical Security

"World Cloud Security Day is a useful reminder to recognize how much cloud risk now comes down to everyday access decisions and overlooked misconfigurations," says James Maude, Field CTO at BeyondTrust.

Information security

5 days ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.

fromSilicon Canals

When militaries share data centers with banks: how Gulf strikes exposed a structural flaw in global cloud infrastructure - Silicon Canals

When civilian banks, logistics platforms, and payment processors share physical data center infrastructure with military AI systems, those facilities become legitimate military targets under international humanitarian law - and the civilian services housed inside lose their legal protection.

Information security

fromThe Cipher Brief

New Presidential Executive Order Targets Transnational Cybercrime

Transnational cybercrime is escalating, with significant financial losses and a need for enhanced national security measures.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

fromComputerWeekly.com

3 weeks ago

Beyond integration theatre: Building stronger cyber platforms | Computer Weekly

Integration layers between security platforms, not the platforms themselves, have become the primary enterprise security risk requiring rigorous governance of delegated trust.

3 weeks ago

Why Security Validation Is Becoming Agentic

Security validation tools operate in silos while attackers exploit interconnected systems, creating a structural blind spot that Agentic Exposure Validation can address through continuous, autonomous, context-aware assessment.

How to 10x Your Vulnerability Management Program in the Agentic Era

Agentic AI cyberattacks are actively occurring, forcing vulnerability management to evolve from static scanning to continuous, contextual, autonomous remediation systems.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.

Five Top Tips for Building a Strong Security Culture

Building security into the framework of an organization prevents security from being seen as a barrier to daily activities. If an employee feels as if a security measure is inhibiting them from completing their daily tasks, they're far more likely to find a way around that measure. This can range from propping open a door to using the same easy-to-remember password for every account.

Information security

fromTechzine Global

From vulnerability whack-a-mole to strategic risk operations

Shift security from counting vulnerabilities to strategic risk operations that prioritize exposure, value at risk, and measurable business outcomes.

fromwww.housingwire.com

Reducing risk: The importance of administrative access responsibilities

Clearly defined and strictly managed administrative access reduces cybersecurity risk while preserving operational efficiency in real estate, title insurance, and mortgage systems.

Password Reuse in Disguise: An Often-Missed Risky Workaround

Near-identical password reuse occurs when users make small, predictable changes to an existing password rather than creating a completely new one. While these changes satisfy formal password rules, they do little to reduce real-world exposure. Here are some classic examples: Adding or changing a number Summer2023! → Summer2024! Appending a character Swapping symbols or capitalization Welcome! → Welcome? AdminPass → adminpass Another common scenario occurs when organizations issue a standard starter password to new employees, and instead of replacing it entirely, users make incremental changes over time to remain compliant.

Information security

fromBusiness Matters