Category: SecurityNews
-
Why AppSec Can’t Keep Up With AI-Generated Code
StackHawk co-founder and CSO Scott Gerlach has spent most of his career running security teams, and his take on application security is shaped by a simple reality: developers are still too often the last to know when their code ships with risk. Gerlach explains why that gap has widened in the age of modern CI/CD,..…
-
Why AppSec Can’t Keep Up With AI-Generated Code
StackHawk co-founder and CSO Scott Gerlach has spent most of his career running security teams, and his take on application security is shaped by a simple reality: developers are still too often the last to know when their code ships with risk. Gerlach explains why that gap has widened in the age of modern CI/CD,..…
-
FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next FireTail Blog
Tags: ai, api, attack, cloud, cyber, cybercrime, cybersecurity, data, exploit, finance, government, infrastructure, intelligence, Internet, jobs, office, open-source, regulation, russia, startup, strategy, technology, usa, vulnerabilityDec 19, 2025 – Jeremy Snyder – New beginnings, such as new years, provide a nice opportunity to look back at what we have just experienced, as well as look forward to what to expect. 2022 was a year of transition in many ways, and 2023 may well be the same. I wanted to reflect…
-
State-linked and criminal hackers use device code phishing against M365 users
Russia-linked groups have attacked multiple sectors in recent months. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/state-linked-criminal-hackers-device-code-phishing-m365/808396/
-
Sydney Uni data goes walkabout after criminals raid code repo
Tags: dataAttackers helped themselves to historical personal info on 27K people First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/sydney_uni_breach/
-
AI and cybersecurity: Two sides of the same coin
Practical lessons on securing AI and using AI to strengthen defence First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/ai_cybersecurity_two_sides/
-
Waterfox browser goes AI-free, targets the Firefox faithful
Even if Mozilla is going to add an AI kill switch, that may not be enough to reassure many. First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/firefox_no_ai_alternative_waterfox/
-
Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role
Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration. First seen on hackread.com Jump to article: hackread.com/keyboard-lag-amazon-north-korea-impostor-remote-role/
-
OWASP Drops First AI Agent Risk List
These aren’t simple chatbots anymore”, these AI agents access data and tools and carry out tasks, making them infinitely more capable and dangerous. The post OWASP Drops First AI Agent Risk List appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-owasp-ai-agent-risk-list/
-
OpenAI Launches GPT-5.2-Codex for Secure Coding
OpenAI has launched GPT-5.2-Codex, an agentic coding model that boosts real-world software engineering and AI-powered vulnerability research. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openai-launches-gpt-5-2-codex-for-secure-coding/
-
LongNosedGoblin Caught Snooping on Asian Governments
New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/longnosedgoblin-caught-snooping-on-asian-governments
-
Google Shutting Down Dark Web Report Met with Mixed Reactions
Google is shutting down its dark web report tool, which was released in 2023 to alert users when their information was found available on the darknet. However, while the report sent alerts, Google said users found it didn’t give them next steps to take if their data was detected. First seen on securityboulevard.com Jump to…
-
Google Shutting Down Dark Web Report Met with Mixed Reactions
Google is shutting down its dark web report tool, which was released in 2023 to alert users when their information was found available on the darknet. However, while the report sent alerts, Google said users found it didn’t give them next steps to take if their data was detected. First seen on securityboulevard.com Jump to…
-
For $18 an Hour Stanford’s AI Agent Bested Most Human Pen Testers in Study
A Stanford study finds the ARTEMIS AI agent beat most human pen testers in vulnerability discovery”, at a fraction of the cost. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/for-18-an-hour-stanfords-ai-agent-bested-most-human-pen-testers-in-study/
-
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026
As we head into 2026, I am thinking of a Japanese idiom, Koun Ryusui (行雲æµæ°´), to describe how enterprises should behave when facing a cyberattack. Koun Ryusui means “to drift like clouds and flow like water.” It reflects calm movement, adaptability, and resilience. For enterprises, this is an operating requirement. Cyber incidents are no longer isolated disruptions. They are recurring tests……
-
Top lawmaker asks White House to address open-source software risks
The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/open-source-security-tom-cotton-letter-white-house/808379/
-
Smart TV manufacturer ordered to stop collecting viewer data while court case proceeds in Texas
The first-of-its-kind temporary restraining order bars Hisense from using automated content recognition (ACR) technology to collect and use, share or sell Texans’ data. First seen on therecord.media Jump to article: therecord.media/hisense-ordered-to-stop-data-collection-texas-lawsuit
-
Amazon Detects North Korean IT Infiltrator via Latency Clues
Amazon uncovered a North Korean IT infiltrator through keystroke latency, highlighting risks in remote hiring and the need for stronger identity controls. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/amazon-detects-north-korean-it-infiltrator-via-latency-clues/
-
UK Foreign Office Cyber Breach Exposed Diplomatic Secrets
The government stopped short of directly attributing the attack to Chinese operatives or the Chinese state. The post UK Foreign Office Cyber Breach Exposed Diplomatic Secrets appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-uk-foreign-office-cyber-breach/
-
New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock
The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock/
-
Identity Fraud Among Home Care Workers Puts Patients at Risk
Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-fraud-among-home-care-workers-puts-patients-at-risk
-
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader.The campaign “uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families,” Cyderes Howler…
-
Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response
Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks’ Cortex XSOAR. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/criminal-ip-and-palo-alto-networks-cortex-xsoar-integrate-to-bring-ai-driven-exposure-intelligence-to-automated-incident-response/
-
UK politics: ‘Not clear’ who was behind FCDO hack, says minister, amid reports of China link as it happened
Chris Bryant confirms October cyber-attack as the Sun names Storm 1849, a Chinese hacker group, as being responsible The BBC’s editing guidelines do not need to be altered in the wake of controversy surrounding the edit of a <strong>Donald Trump</strong> speech, a review has found.The US president is seeking up to $10bn (£7.5bn) in damages…
-
Notfallmanagement verständlich erklärt – BSI gibt KMU Tipps für das Business Continuity Management
First seen on security-insider.de Jump to article: www.security-insider.de/bsi-unterstuetzt-kmu-beim-aufbau-eines-modernen-notfallmanagements-a-440c88c300688366eb64c479bea010be/
-
(g+) Cloud: Zoff im Datenraum
China baut bis 2028 über 100 Datenräume auf. Europa reagiert darauf mit eigenen Konzepten, die aber werden bislang zu wenig wahrgenommen. First seen on golem.de Jump to article: www.golem.de/news/cloud-zoff-im-datenraum-2512-203364.html
-
CSA Study: Mature AI Governance Translates Into Responsible AI Adoption
New CSA research shows mature AI governance accelerates responsible AI adoption, boosts security confidence, and enables agentic AI at scale. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/csa-study-mature-ai-governance-translates-into-responsible-ai-adoption/
-
Senate confirms new Pentagon CIO
Tags: cioKirsten Davies was confirmed for the role, along with about 100 other nominees across federal agencies, in a 53-43 vote following a Republican-led rules change that lets tranches of senior personnel get approved in a bloc by a single vote. First seen on therecord.media Jump to article: therecord.media/senate-confirms-new-pentagon-cio