Tag: ai
-
6 Ways to Contain Enterprise Risk in Model Context Protocol
Understand Agentic AI Risks and Secure All MCP Deployments MCP has rapidly become the connective tissue of the agentic AI era and the standard for connecting AI agents to enterprise systems. But it also introduces new attack vectors, from tool poisoning to prompt injection. Here are six ways to reduce the risk. First seen on…
-
Are Job Search Platforms Putting Your Data at Risk?
A new Incogni study found that many job-search platforms sell candidate data and use AI tools that raise privacy concerns. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/are-job-search-platforms-putting-your-data-at-risk/
-
Hostile states launched nearly 200 attacks on UK infrastructure in 12 months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
JPMorgan Pulls Anthropic Claude Access in Hong Kong
Restrictions Highlight Growing U.S.-China AI Security Tensions. JPMorgan Chase removed Anthropic’s Claude models from its approved AI platform for employees in Hong Kong, following restrictions tied to Greater China access rules and underscoring how U.S. export controls and geopolitical concerns are reshaping enterprise AI adoption in global financial markets. First seen on govinfosecurity.com Jump to…
-
US suspension of Anthropic models prompts AI sovereignty calls
The US government’s control order to suspend access to Anthropic’s Claude Fable 5 and Mythos 5 models raises concerns about the UK’s over-reliance on American tech First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644826/US-suspension-of-Anthropic-models-prompts-AI-sovereignty-calls
-
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
The internet did not break this week. It got used exactly as designed, which is worse.Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells.Add exposed edge gear,…
-
Accenture shells out $4.18B on three companies in big industrial cybersecurity push
The consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify. First seen on cyberscoop.com Jump to article: cyberscoop.com/accenture-industrial-cybersecurity-acquisition-dragos-netrise-runzero/
-
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-clipboard-hijacker-fake/
-
Gulf CIOs shift focus from recovery to cyber resilience as regional threats intensify
Commvault’s Yahya Kassab says organisations across the Gulf are reassessing recovery strategies, AI risks and cloud investments amid growing cyber threats First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644877/Gulf-CIOs-shift-focus-from-recovery-to-cyber-resilience-as-regional-threats-intensify
-
145 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 145 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk.”A single npm account (…
-
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
If an autonomous AI agent interacts with your company’s core intellectual property today, can your security team instantly name the person who authorized it?For most enterprises, the answer is a simple no.The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator…
-
Cybercriminals Are Worried About AI Taking Their Jobs Too
Analysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from them First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-worried-ai-take/
-
Cloudflare adds Design Partner Designation for SASE and AI security
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/brief/cloudflare-adds-design-partner-designation-for-sase-and-ai-security
-
AWS Launches Continuum to Detect and Fix Code Vulnerabilities at Machine Speed
AWS has introduced “Continuum,” a new security capability designed to detect, validate, and remediate code vulnerabilities at machine speed, signaling a shift away from traditional telemetry-heavy security models toward automated, context-driven remediation. Announced on June 17, 2026, in a gated preview, AWS Continuum leverages advanced AI models to address the growing volume of vulnerabilities generated…
-
Google Cloud Vertex AI SDK flaw allowed model hijacking and code execution
First seen on scworld.com Jump to article: www.scworld.com/brief/google-cloud-vertex-ai-sdk-flaw-allowed-model-hijacking-and-code-execution
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, significantly expanding the post-exploitation attack surface. Security researcher Justin Kalnasy of SpecterOps demonstrated that newly introduced AI-focused features, intended to support…
-
AI email attacks are moving fast. Barracuda wants MSPs moving faster
First seen on scworld.com Jump to article: www.scworld.com/news/ai-email-attacks-are-moving-fast-barracuda-wants-msps-moving-faster
-
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution
Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected systems, raising significant concerns for enterprises that rely on Splunk for security analytics and automation. The flaw, tracked as CVE-2026-20266, affects Splunk AI Toolkit versions before 5.7.4 and has been assigned…
-
Malicious JetBrains plugins steal AI API keys from developers
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-jetbrains-plugins-steal-ai-api-keys-from-developers
-
EU Gets a Head Start in Developing 6G Network Security
Shield-6G will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/eu-6g-network-security
-
Schadcode in 144 npm-Paketen von Mastra entdeckt
Ein Angreifer kompromittierte 144 npm-Pakete des KI-Frameworks Mastra. Betroffen ist auch die Kernkomponente mit über 918.000 wöchentlichen Downloads. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/mastra-schadcode-144-npm-paketen
-
AI is speeding up cybersecurity buying. MSSPs could win big
First seen on scworld.com Jump to article: www.scworld.com/news/ai-driven-changes-in-cybersecurity-tech-buying-open-opportunities-for-mssps
-
Netskope Threat Labs Report Europe 2026 – Europas Unternehmen fehlt die Kontrolle über GenAI
First seen on security-insider.de Jump to article: www.security-insider.de/netskope-report-europe-2026-genai-governance-risiken-a-c5185f96070effdf9f585ebb273f70e8/
-
Bösartige Plugins stehlen KISchlüssel von Entwicklern
Mindestens 15 Plugins im JetBrains Marketplace exfiltrieren heimlich API-Schlüssel für KI-Dienste. Rund 70.000 Installationen sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/plugins-stehlen-ki-api-schluessel
-
Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents
Tenet researchers reveal how fake Sentry bug reports can trick AI coding agents into running code, exposing a new Agentjacking risk for developers today. First seen on hackread.com Jump to article: hackread.com/agentjacking-fake-bug-report-hijack-ai-coding-agents/
-
Red Hat Umfrage zur digitalen Souveränität in der EU – Unternehmen fehlt bei KI Strategie und Datensouveränität
First seen on security-insider.de Jump to article: www.security-insider.de/red-hat-umfrage-digitale-souveraenitaet-eu-exit-strategie-a-fac5354ca1511049979abdb00a2a46f5/
-
CrowdStrike stellt Continuous Identity for AI Agents vor
CrowdStrike ersetzt statische Richtlinien und permanente Berechtigungen durch kontinuierliche, risikobewusste Durchsetzung und autorisiert jede Agent-Aktion auf Basis dessen, wem der Agent gehört, wer ihn aufruft und welches Echtzeitrisiko vorliegt. CrowdStrike hat Continuous Identity for AI Agents vorgestellt, eine neue Funktion von CrowdStrike Falcon® Next-Gen Identity Security, die die CrowdStrike Falcon®-Plattform als Kontrollebene für die Identitätssicherheit……
-
Mastra AI Framework Poisoned in npm Supply-Chain Attack
Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security Fixes. The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mastra-ai-framework-poisoned-in-npm-supply-chain-attack-a-32003
-
Omada stellt Agent Governance für KI-Agenten vor
Mit Omada Agent Governance positioniert sich der Anbieter in einem Markt, in dem KI-Sicherheit, Identity Governance und Cloud Security zunehmend zusammenwachsen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/omada-stellt-agent-governance-fuer-ki-agenten-vor/a45524/
-
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-472/