Tag: detection
-
How Cortex XDR BIOC Rules Could Become an Attack Surface
A new study focusing on Cortex XDR BIOC rules reveals that encrypted detection logic, designed to remain secure, can be decrypted and examined, creating new risks for organizations relying on endpoint detection technologies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cortex-xdr-bioc-rules-security-risk/
-
ManageEngine expands Endpoint Central with EDR and secure access
ManageEngine has announced the expansion of its unified endpoint management and security (UEMS) platform, Endpoint Central, to include endpoint detection and response (EDR) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/manageengine-endpoint-central-expansion/
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
FIM Test: A Method for Distinguishing True FIM Capabilities in a Crowd of Claims
<div cla In a previous blog, we presented NIST’s benchmark definition of integrity monitoring. The conclusion was clear: Many vendor claims of file integrity monitoring (FIM) capabilities do not match this definition. Change detection across system components, including files, is crucial and implemented in many tools, including EDR/XDR. However, while these systems often claim FIM…
-
Hackers Leverage Safe Links and URL Rewriting to Evade Detection
Threat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains. URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time. These rewritten links route traffic through the provider’s infrastructure so they can analyze the page in real time, block known…
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
CrowdStrike Extends Agentic AI Alliance with NVIDIA
CrowdStrike today revealed it is adding additional artificial intelligence (AI) agents into its managed detection and response (MDR) services using a toolkit provided by NVIDIA. At the same time, CrowdStrike also announced that a Secure-by-Design AI Blueprint built in collaboration with NVIDIA will now be incorporated into NVIDIA OpenShell, an open-source runtime for creating sandboxes..…
-
CrowdStrike Extends Agentic AI Alliance with NVIDIA
CrowdStrike today revealed it is adding additional artificial intelligence (AI) agents into its managed detection and response (MDR) services using a toolkit provided by NVIDIA. At the same time, CrowdStrike also announced that a Secure-by-Design AI Blueprint built in collaboration with NVIDIA will now be incorporated into NVIDIA OpenShell, an open-source runtime for creating sandboxes..…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
RSAC 2026 Innovation Sandbox – Fig Security: Guardian of the Reliability of Security Detection Systems
Company Profile Fig Security is a cybersecurity startup founded in 2025. It is headquartered in Israel with business operations also based in the United States. Despite its short history, the company has quickly gained industry attention through its innovative approach to security operations and has gradually emerged within the global cybersecurity startup ecosystem. The Fig…The…
-
RSAC 2026 Innovation Sandbox – Fig Security: Guardian of the Reliability of Security Detection Systems
Company Profile Fig Security is a cybersecurity startup founded in 2025. It is headquartered in Israel with business operations also based in the United States. Despite its short history, the company has quickly gained industry attention through its innovative approach to security operations and has gradually emerged within the global cybersecurity startup ecosystem. The Fig…The…
-
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
ACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary Payloads
New research reveals that a new ACRStealer variant is now being actively deployed as a final payload by HijackLoader, using low”‘level syscalls, AFD-based networking, TLS C2, and flexible secondary payload delivery to evade detection and maximize data theft. The newly observed samples confirm that HijackLoader is dropping a rebranded ACRStealer variant previously linked to the…
-
VulHunt: Open-source vulnerability detection framework
Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/vulhunt-open-source-vulnerability-detection-framework/
-
D3 Morpheus for Your Microsoft Security Environment
You have Sentinel. You have Defender. Here is what fills the autonomous investigation gap between detection and autonomous resolution. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/d3-morpheus-for-your-microsoft-security-environment/
-
EU Parliament backs extension of CSAM detection rules until 2027
The European Parliament has voted to extend a temporary exemption to EU privacy legislation that allows online platforms to voluntarily detect child sexual abuse material … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/13/eu-parliament-extends-csam-rules/
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack
A ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to evade detection and operate within compromised environments. Investigators later determined that the threat actor…