Collecting Cyber-News from over 60 sources

Tag: control

The Essential Guide to Access Control

Mar 12, 2026 9:11 PM

Tags: access, control, guide

An amazing post First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-essential-guide-to-access-control/
AI Agent Safety Checklist

Mar 12, 2026 8:10 PM

Tags: ai, control, governance

This AI Agent Safety Checklist outlines key security, governance, and oversight controls organizations should review before deploying AI agents. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/ai-agent-safety-checklist/
WhatsApp is giving parents peace of mind over their kids’ privacy

Mar 12, 2026 3:10 PM

Tags: control, group, privacy

WhatsApp has introduced parent-managed accounts designed for pre-teens, giving parents and guardians new controls over contacts, group participation, and how the app is used. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/12/whatsapp-parent-managed-accounts-contacts-controls/
PhantomRaven returns to npm with 88 bad packages

Mar 12, 2026 2:10 PM

Tags: breach, control, credentials, data, malicious, malware, update

Operational patterns challenge “research experiment” claim: Despite the new waves, PhantomRaven’s core functionality has remained largely unchanged, the researchers said. They found that 257 out of 259 lines of the malware payload are identical across all waves, with the only significant modification being the command-and-control domain used to receive stolen data.Instead, the attacker focused on…
DNSSEC Validation for SSL Certificates: CA/B Forum Ballot SC-085 Changes in March 2026

Mar 12, 2026 11:10 AM

Tags: control

Beginning March 2026, Certificate Authorities (CAs) must verify DNSSEC signatures during CAA evaluation and Domain Control Validation (DCV) if DNSSEC has been enabled on the domain. This change has been approved by the CA/Browser Forum through the CA/B Forum Ballot SC-085v2 (TLS) and SMC014 (S/MIME). With this change, DigiCert has started validating DNSSEC during theRead…
Securing Multi-Location Networks with Centralized Identity Controls

Mar 12, 2026 10:09 AM

Tags: access, authentication, control, identity, network

Learn how centralized identity controls help secure multi-location networks by managing user access, authentication, and policies across locations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/securing-multi-location-networks-with-centralized-identity-controls/
RSAC 2026 Innovation Sandbox Glide Identity: Building a Next-Generation AI Passwordless Authentication Platform

Mar 12, 2026 10:09 AM

Tags: access, ai, authentication, conference, control, cyber, identity, intelligence, network, startup, technology

Company Profile With the rapid development of artificial intelligence technology today, identity and access control have leapt from a simple security component to the core control plane of the digital world. Against this backdrop, Glide Identity, a startup shortlisted for the 2026 RSA Conference Innovation Sandbox, stands out. The company is committed to breaking down…The…
65% of Organisations Still Detect Unauthorised Shadow AI Despite Visibility Optimism

Mar 11, 2026 1:49 PM

Tags: ai, control

New research from CultureAI has revealed a growing gap between how AI is used in practice and how organisations believe it’s being controlled. Worryingly, the report revealed that while 72% of organisations believe they have full visibility into AI usage, 65% still report detecting unauthorised shadow AI, revealing a structural gap between perceived control and…
Why zero trust breaks down in IoT and OT environments

Mar 11, 2026 12:49 PM

Tags: access, attack, automation, breach, cloud, control, credentials, cyber, firewall, firmware, group, identity, infrastructure, iot, network, nist, resilience, risk, service, tool, update, zero-trust

The IoT and OT blind spot: IoT and OT environments consistently exhibit three characteristics that create persistent security blind spots.First, visibility is incomplete by design. Devices are frequently deployed by facilities teams, engineering groups, or third-party integrators rather than security organizations. Asset inventories lag reality. Telemetry is sparse, proprietary, or intermittent. Many devices communicate only…
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Mar 11, 2026 12:49 PM

Tags: access, advisory, cisa, control, credentials, data, endpoint, exploit, firewall, flaw, infrastructure, kev, remote-code-execution, software, switch, update, vulnerability

Exposure spans campus to data center switching: The vulnerabilities affect AOS-CX software across four active version branches, spanning entry-level campus switches to data center-class hardware. Versions that reached the end of support before the advisory’s publication are also expected to be vulnerable, the advisory said. Organizations running AOS-CX 10.17.0001 and below, 10.16.1020 and below, 10.13.1160…
A 5-step approach to taming shadow AI

Mar 11, 2026 12:49 PM

Tags: ai, api, business, communications, compliance, control, data, defense, finance, framework, governance, incident response, monitoring, network, nist, risk, risk-assessment, risk-management, service, strategy, technology, tool

thought work happened and how it actually does today.Here’s a five-step approach to put a robust AI-risk management framework in place: Employees often use public model APIs, browser-based prompt tools and unsanctioned or ungoverned internal chatbots to boost productivity without considering the risk of exposing sensitive data.AI usage is not difficult to identify; you just need…
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
Microsoft SQL Server Zero-Day Exposes Privilege Escalation Risk for Users

Mar 11, 2026 6:48 AM

Tags: control, cve, cvss, cyber, flaw, malicious, microsoft, risk, sql, unauthorized, vulnerability, zero-day

Microsoft has disclosed a critical security flaw affecting SQL Server, officially tracked as CVE-2026-21262. Released on March 10, 2026, this elevation of privilege vulnerability exposes organizations to significant risks by allowing malicious actors to gain unauthorized control over enterprise database environments. With a maximum severity rating of >>Important<< and a CVSS 3.1 score of 8.8,…
Data Diodes Have Become Essential to Modern OT Cybersecurity

Mar 10, 2026 8:46 PM

Tags: attack, control, cybersecurity, data, Hardware, infrastructure

Segmentation Mandates Make One-Way Data-Flow Architectures Essential Data diodes are re-emerging as a preferred control as IT-OT convergence expands the industrial attack surface and regulators tighten segmentation mandates. Hardware-enforced, one-way data flow offers provable isolation for critical infrastructure and growing executive accountability. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/data-diodes-have-become-essential-to-modern-ot-cybersecurity-p-4063
Forescout Introduces Automated Security Controls Assessment to Bring Continuous Compliance Visibility

Mar 10, 2026 5:47 PM

Tags: attack, compliance, control

Forescout has introduced Automated Security Controls Assessment, a new capability within the Forescout 4D Platform that is designed to help security and compliance teams continuously evaluate the effectiveness of their security controls across the entire attack surface. The new feature replaces manual, spreadsheet driven audit processes with automated evidence collection and reporting. Instead of relying…
Securing the Browser Session, Not Just the Login Blog – Menlo Security

Mar 10, 2026 3:48 PM

Tags: authentication, control, login

Strong authentication isn’t enough. Learn why attackers target browser sessions after login and how session-level controls close the gap. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/securing-the-browser-session-not-just-the-login-blog-menlo-security/
The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 3:48 PM

Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerability

When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Mar 10, 2026 2:47 PM

Tags: access, api, attack, authentication, breach, business, cloud, control, credentials, data, data-breach, email, exploit, flaw, google, group, guide, hacking, identity, infrastructure, injection, intelligence, jobs, leak, malicious, mitigation, monitoring, network, oracle, password, programming, service, sql, tool, unauthorized, update, vulnerability

Tenable Research revealed “LeakyLooker,” a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets. Google has since remediated all identified issues. We discovered and disclosed nine novel cross-tenant vulnerabilities in Google Looker Studio (formerly Data Studio).…
Das Gros der Tech-Entscheider sieht agentenbasierte KI als Alternative zur traditionellen Softwareentwicklung

Mar 10, 2026 1:47 PM

Tags: ai, control, programming, software, usa

Reply veröffentlicht die Studie ‘From Code to Control: AI’s Takeover of Software Development Lifecycle”, eine von Forrester Consulting durchgeführte Untersuchung. Dafür wurden 536 IT-Führungskräfte in Europa und den USA befragt. Die Ergebnisse zeigen den schrittweisen Übergang von einfachen KI-Coding-Assistenten zu autonomen Agenten, die den gesamten Software-Development-Life-Cycle (SDLC) eigenständig orchestrieren. Die Studie markiert einen Wendepunkt für die…
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Mar 10, 2026 1:47 PM

Tags: attack, control, data-breach, exploit, guide, Internet, Intruder, vulnerability, zero-day

You can’t control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder’s Head of Security digs into why this happens and how teams can manage it deliberately.Time-to-exploit is shrinkingThe larger and…
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Mar 10, 2026 12:47 PM

Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-day

Why everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
OpenClaw Advisory Surge Highlights Blind Spot Between GitHub and CVE Vulnerability Tracking

Mar 10, 2026 12:47 PM

Tags: advisory, control, cve, cyber, data-breach, github, vulnerability

OpenClaw’s rapid rise has accidentally exposed how far GitHub’s advisory ecosystem has drifted from traditional CVE”‘centric vulnerability tracking. Within roughly three weeks, the project published more than 200 GitHub Security Advisories (GHSA), and its advisory page now lists around 255 disclosures covering command execution controls, authorization checks, allowlist logic, and plugin boundaries. Only a subset…
No, it’s not ‘unnecessarily burdensome’ to control your own data

Mar 10, 2026 11:46 AM

Tags: control, data, encryption

The State Department frames data sovereignty and innovation as opposing forces. Modern encryption proves we can have both. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-state-department-data-sovereignty-myth-op-ed/
MIND is the first data security company to achieve ISO 42001 certification

Mar 10, 2026 11:46 AM

Tags: ai, automation, breach, control, data, framework, governance, incident response, international, monitoring, organized, risk, risk-assessment, tool

AI is embedded in security tools across the enterprise. MIND is the first data security company to answer how their AI is governed, audited and held accountable. The AI tools built into your security stack are making decisions at a scale no human team can match. They’re classifying data, scoring risk, triggering enforcement and shaping…
Why access decisions are becoming the weakest link in identity security

Mar 10, 2026 10:47 AM

Tags: access, ai, api, attack, authentication, automation, breach, business, ciso, control, credentials, data, finance, governance, group, iam, identity, least-privilege, login, okta, radius, risk, saas, service, technology, tool

The SSO fallacy: Why authentication is not a guarantee: I’m often asked by business and technology leaders, “If we have SSO enabled, why do we still need to worry about granular access controls?” The underlying assumption is that once a user is authenticated through a central, secure portal, the hard work is done.In practice, SSO…
I replaced manual pen tests with automation. Here’s what I learned.

Mar 10, 2026 9:48 AM

Tags: access, attack, breach, control, cvss, detection, exploit, infrastructure, intelligence, password, penetration-testing, ransomware, RedTeam, resilience, risk, service, siem, soc, tactics, tool, training, update, vulnerability, zero-day

The remediation black hole: Perhaps most frustrating was what happened after we received findings. Our teams would work diligently to implement fixes, but we rarely had the budget or opportunity to bring testers back to validate remediation. We were left with uncertainty. This gap between identification and verification created a dangerous blind spot in our…
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft

Mar 10, 2026 9:48 AM

Tags: access, android, control, credentials, cyber, cybercrime, data, LLM, malware, phishing, ransomware, theft

A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware”‘as”‘a”‘service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable of surveillance, credential theft, remote device control, and ransomware-style device locking. The malware appears…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
WA auditor general flags weak Microsoft 365 security controls across state entities

Mar 10, 2026 8:47 AM

Tags: breach, control, data, government, microsoft, office

Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639954/WA-auditor-flags-weak-Microsoft-365-security-controls-across-state-entities