Tag: ai
-
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-463/
-
Fake Claude AI Installer Targets Windows Users with PlugX Malware
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
-
UK Government Sound Alarm Over AI Security Risk
This week, UK government leaders and cyber officials are sounding an increasingly urgent alarm over the security risks posed by artificial intelligence, warning that the technology is both amplifying existing cyber threats and reshaping the balance between attackers and defenders. In a joint open letter to business leaders, ministers and the National Cyber Security Centre…
-
What Is AI Risk? A Clear Definition for 2026
What AI risk actually means, where it lives, and why most teams get it wrong. Data-backed insights from the 2026 SaaS + AI Security Report. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-is-ai-risk-a-clear-definition-for-2026/
-
Insurance carriers quietly back away from covering AI outputs
Coverage in flux: Phil Karecki, CTO for the insurance sector at managed services provider Ensono, also sees some carriers backing away from covering AI outputs, although he’s not sure whether it’s a major trend. Insurance carriers continuously experiment with how to provide coverage, he notes.Carriers have tried to separate tightly governed AI deployments from more…
-
The Q1 vulnerability pulse
Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/the-q1-vulnerability-pulse/
-
Fake Claude AI Installer Targets Windows Users with PlugX Malware
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
-
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-expands-gemini-ai-use-to-fight-malicious-ads-on-its-platform/
-
What Is AI Risk? A Clear Definition for 2026
What AI risk actually means, where it lives, and why most teams get it wrong. Data-backed insights from the 2026 SaaS + AI Security Report. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-is-ai-risk-a-clear-definition-for-2026/
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
The n8n n8mare: How threat actors are misusing AI workflow automation
Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/the-n8n-n8mare/
-
AI platform n8n abused for stealthy phishing and malware delivery
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
-
Legacy AppSec Is Out of Step with the Speed of AI
The timing is off, and it seems to be getting worse. Traditional application security pipelines were designed way back in the days when only humans wrote code… two years ago, that is. Way back then, reviews took hours or days, and post-commit scans could reasonably catch what slipped through. Well, AI coding assistants have.. First…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Identitätsmanagement im Spannungsfeld zwischen menschlichen Nutzern, Maschinen, automatisierten Agenten und KI-generierten Personas
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/identitaetsmanagement-spannungsfeld-mensch-maschine-agent-ki-persona
-
Rethinking Cybersecurity for AI Speed in the Mythos Era
Equifax CTO Jamil Farshchi on Cybersecurity’s Response to Flood of Vulnerabilities. Cybersecurity organizations must adapt to machine-speed threats in the age of Anthropic’s Claude Mythos, a new AI model that can uncover vulnerabilities and lead to a flood of repaid exploits. Equifax CTO Jamil Farshchi says security programs must be built for scale, automation and…
-
Most “AI SOCs” Are Just Faster Triage. That’s Not Enough.
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/most-ai-socs-are-just-faster-triage-thats-not-enough/
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
KI in der Fertigung erhöht die Anforderungen an die Datensicherheit
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/ki-fertigung-anforderungen-datensicherheit
-
UK’s Sovereign AI supports supercomputing and drug discovery AI startups
The UK government’s £500m Sovereign AI fund announces first cohort of startups backed to boost economic growth and national security First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641874/UKs-Sovereign-AI-supports-supercomputing-and-drug-discovery-AI-startups
-
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pays-23-million-for-cloud-and-ai-flaws-at-zero-day-quest/
-
AI Security Risks in 2026
Explore the top AI security risks in 2026, from OAuth abuse to shadow AI, and how SaaS access drives modern AI threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-security-risks-in-2026/
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…
-
Januskopf KI: Förderer und Zerstörer der IT-Sicherheit
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/januskopf-ki-foederer-zerstoerer-it-sicherheit
-
UK businesses must face up to AI threat, says government
Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government
-
Hackers Exploit n8n Webhooks to Spread Malware
A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
-
CIOs fret over rising security concerns amid AI adoption
AI is emerging as a critical tool and a growing threat as CIOs struggle to balance innovation with risk, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/AI-security-concerns-CIO-logicalis/817705/
-
The deepfake dilemma: From financial fraud to reputational crisis
Tags: ai, authentication, business, ceo, communications, control, cyber, data-breach, deep-fake, exploit, finance, fraud, malicious, phone, resilience, risk, threat, toolDeepfakes as tools for financial fraud: Deepfakes have quickly become a powerful enabler of financial fraud. This is largely because most business communication channels, like video and voice calls, remain unauthenticated. A single convincing audio or video call, seemingly from a trusted executive, can bypass established controls in minutes. Employees in these scenarios often follow…