Tag: defense
-
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser.To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of…
-
New BYOVD loader behind DeadLock ransomware attack
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/byovd-loader-deadlock-ransomware/
-
Polish Police arrest 3 Ukrainians for possessing advanced hacking tools
Poland arrested three Ukrainian nationals accused of using hacking devices to target IT systems and obtain sensitive defense-related data. Polish police arrested three Ukrainian nationals for allegedly trying to damage IT systems and obtaining sensitive defense-related data using advanced hacking equipment. The police arrested three Ukrainian men after finding Flipper hacking gear, spy-device detectors, SIM…
-
New BYOVD loader behind DeadLock ransomware attack
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/byovd-loader-deadlock-ransomware/
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
Defense bill addresses secure phones, AI training, cyber troop mental health
The compromise legislation has other cyber provisions besides on commercial spyware, joint NSA-Cyber Command leadership and streamlining regulations. First seen on cyberscoop.com Jump to article: cyberscoop.com/2026-ndaa-cybersecurity-secure-phones-ai-training-cyber-troop-mental-health/
-
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline threats into reliable defense checks without unsafe automation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-agentic-bas-ai-turns-threat-headlines-into-defense-strategies/
-
UK moves to strengthen undersea cable defenses as Russian snooping ramps up
Atlantic Bastion combines AI systems with warships to counter increased surveillance First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/uk_subsea_cables_defense/
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
No Vote, No Leader: CISA Faces 2026 Without a Director
US Cyber Defense Agency Faces Procedural Delays Blocking Director Confirmation. Sean Plankey’s stalled nomination leaves the Cybersecurity and Infrastructure Security Agency without a Senate-confirmed director amid rising state-linked threats, as unrelated congressional holds tied to telecom and contracting fights freeze the process with no resolution in sight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/no-vote-no-leader-cisa-faces-2026-without-director-a-30208
-
Russian Calisto Hackers Target NATO Research with ClickFix Malware
Tags: credentials, cyber, defense, hacker, intelligence, malicious, malware, phishing, russia, service, spear-phishing, threat, ukraineRussian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its spear-phishing campaigns throughout 2025, leveraging the ClickFix malicious code technique to target high-value entities across…
-
An AI for an AI: Anthropic says AI agents require AI defense
Automated software keeps getting better at pilfering cryptocurrency First seen on theregister.com Jump to article: www.theregister.com/2025/12/05/an_ai_for_an_ai/
-
‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
Tags: defenseThe United States Inspector General report reviewing Secretary of Defense Pete Hegseth’s text messaging mess recommends a single change to keep classified material secure. First seen on wired.com Jump to article: www.wired.com/story/signalgate-inspector-general-report-hegseth-change/
-
‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
Tags: defenseThe United States Inspector General report reviewing Secretary of Defense Pete Hegseth’s text messaging mess recommends a single change to keep classified material secure. First seen on wired.com Jump to article: www.wired.com/story/signalgate-inspector-general-report-hegseth-change/
-
UK Government Considers Computer Misuse Act Revision
Security Minister Dan Jarvis Endorses Security Researcher Protections. The U.K. government is considering amending its three-decade-old hacking law to include a statutory defense cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-government-considers-computer-misuse-act-revision-a-30197
-
How Agentic AI Can Boost Cyber Defense
Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/how-agentic-ai-can-boost-cyber-defense
-
Breach Roundup: React Flaw Incites Supply Chain Risk
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for ‘Evil Twin’ Hack. This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth’s Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi evil twin crimes. The US FTC will send $15.3 million to Avast users. A London…
-
Hegseth needs to go to secure messaging school, report says
Tags: defenseHe’s not alone: DoD inspector general says the whole Defense Department has a messaging security problem First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/dod_hegseth_broke_pentagon_policy_signal/
-
US, Allies Warn AI in OT May Undermine System Safety
AI in OT May Trigger Cascading Infrastructure Failures. The U.S. cyber defense agency warned that machine learning and large language model deployments can introduce new attack surfaces across critical infrastructure sectors in a document setting out principles for safely integrating AI into operational technology. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-allies-warn-ai-in-ot-may-undermine-system-safety-a-30193
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
UK’s Cyber Service for Telcos Blocks One Billion Malicious Site Attempts
A new cyber defense service has prevented almost one billion early-stage cyber-attacks in the past year, British Security Minister claims First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-cyber-service-blocks-billion/
-
Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking About
AI browsers introduce reasoning-based risks. Learn how cross-origin AI agents dismantle web security and what defenses are needed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/convenience-or-catastrophe-the-dangers-of-ai-browsers-no-one-is-talking-about/
-
Coach or mentor: What you need depends on where you are as a cyber leader
Tags: access, ai, business, ciso, cloud, compliance, control, cyber, cybersecurity, defense, government, jobs, network, programming, risk, risk-management, skills, technologyA good technical base can last decades: While mentees need the most help with aligning to the business, some argue that a technical baseline is equally as important to the role for managing technical staff and enabling business operations, particularly through innovative technologies like cloud and AI.One of those is Cynthia Madden, founder of Artemis…
-
Closing the Document Security Gap: Why Document Workflows Must Be Part of Cybersecurity
Organizations are spending more than ever on cybersecurity, layering defenses around networks, endpoints, and applications. Yet a company’s documents, one of the most fundamental business assets, remains an overlooked weak spot. Documents flow across every department, cross company boundaries, and often contain the very data that compliance officers and security teams work hardest to protect……
-
Closing the Document Security Gap: Why Document Workflows Must Be Part of Cybersecurity
Organizations are spending more than ever on cybersecurity, layering defenses around networks, endpoints, and applications. Yet a company’s documents, one of the most fundamental business assets, remains an overlooked weak spot. Documents flow across every department, cross company boundaries, and often contain the very data that compliance officers and security teams work hardest to protect……
-
MuddyWater strikes Israel with advanced MuddyViper malware
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…