Tag: defense
-
Heisenberg: How We Learned to Stop Worrying and Love the SBOM
Turn SBOMs into supply chain defense with Heisenberg, an open source tool developed by Max Feldman and Yevhen Grinman. It stops risky pull requests (PRs) before they merge. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/heisenberg-how-we-learned-to-stop-worrying-and-love-the-sbom/
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
Lazarus group targets European drone makers in new espionage campaign
Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
-
The Enterprise Edge is Under Siege
Not too long ago, the shimmering perimeter of enterprise networks was seen as an impregnable citadel, manned by fortresses of firewalls, bastions of secure gateways, and sentinels of intrusion prevention. Yet, in the cruel irony of our digital age, these sentinels themselves are now being subverted. When Defenses Become the Weapon Since the beginning of……
-
The Enterprise Edge is Under Siege
Not too long ago, the shimmering perimeter of enterprise networks was seen as an impregnable citadel, manned by fortresses of firewalls, bastions of secure gateways, and sentinels of intrusion prevention. Yet, in the cruel irony of our digital age, these sentinels themselves are now being subverted. When Defenses Become the Weapon Since the beginning of……
-
The Enterprise Edge is Under Siege
Not too long ago, the shimmering perimeter of enterprise networks was seen as an impregnable citadel, manned by fortresses of firewalls, bastions of secure gateways, and sentinels of intrusion prevention. Yet, in the cruel irony of our digital age, these sentinels themselves are now being subverted. When Defenses Become the Weapon Since the beginning of……
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
Phishing Campaign Uses Unique UUIDs to Evade Secure Email Gateways
A sophisticated new phishing attack discovered in early February 2025 is successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses through an ingenious combination of random domain selection, dynamic UUID generation, and browser session manipulation. The attack leverages a highly specialized JavaScript embedded in malicious attachments and spoofed cloud collaboration platforms, making it exceptionally…
-
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-ai-cyber-attacks-report/
-
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-ai-cyber-attacks-report/
-
Capable Defenses Against Advanced Threats
How Can Organizations Fortify Their Cybersecurity with Non-Human Identities? Where automation is ubiquitous, how can organizations ensure their systems remain secure against sophisticated threats? The answer lies in managing Non-Human Identities (NHIs) effectively. While digital ecosystems expand, the security of machine identities becomes a critical consideration for cybersecurity professionals, especially for organizations with robust cloud……
-
6 Takeaways from “The Rise of AI Fraud” Webinar: How AI Agents Are Rewriting Fraud Defense in 2025
Learn how AI agents are redefining online fraud in 2025. Explore the 6 key takeaways from the Loyalty Security Alliance’s “Rise of AI Fraud” webinar. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/6-takeaways-from-the-rise-of-ai-fraud-webinar-how-ai-agents-are-rewriting-fraud-defense-in-2025/
-
Lazarus targets European defense firms in UAV-themed Operation DreamJob
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…
-
Why Cybersecurity Needs Continuous Exposure Management
Alan sits down with Himanshu Kathpal to discuss how modern cybersecurity teams are evolving from reactive defense to proactive exposure management. They explore why traditional approaches to risk reduction”, built around scanning, alerting, and periodic assessment”, are no longer enough in a world of continuous change and automated threats. Kathpal explains that the attack surface…
-
Strings in the maze: Finding hidden strengths and gaps in your team
In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/strings-in-the-maze/
-
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.”Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked…
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
-
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/