Collecting Cyber-News from over 60 sources

Tag: framework

(g+) React2Shell: Von der Warnung zum Massenvorfall

Apr 30, 2026 2:40 PM

Tags: framework

Monate nach einer Warnung zeigt sich, wie sie ausgenutzt wird – und warum Framework-Patches genauso kritisch sind wie OS-Patches. First seen on golem.de Jump to article: www.golem.de/news/react2shell-von-der-warnung-zum-massenvorfall-2604-208011.html
Stopping the quiet drift toward excessive agency with re-permissioning

Apr 30, 2026 11:38 AM

Tags: access, ai, api, attack, ciso, control, data, finance, framework, injection, least-privilege, network, risk, risk-management, service, supply-chain, tool, unauthorized, update

Excessive agency directly proportional to over-permissioning: Organizations are worried about the level of autonomy AI introduces into their operational framework. Nearly three-quarters of organizations say agents often receive more access than necessary. It’s this excessive agency that needs to be reined in.In practice, unchecked autonomy within a particular workflow means the agent can access systems…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
KI-Sicherheitslücken bei NVIDIA und Meta gefährden Unternehmen

Apr 30, 2026 8:39 AM

Tags: ai, cyberattack, framework, nvidia, vulnerability

Neue Schwachstellen in KI-Frameworks von NVIDIA und Meta zeigen, wie schnell moderne KI-Infrastrukturen zum Einfallstor für Cyberangriffe werden können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ki-sicherheitslucken-nvidia-und-meta
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Apr 30, 2026 5:39 AM

Tags: access, apt, attack, china, computing, cyber, defense, espionage, exploit, framework, group, iran, leak, malicious, malware, network, open-source, programming, service, software, stuxnet, threat, tool, update, windows

fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework

Apr 29, 2026 8:39 PM

Tags: ai, framework, sap, supply-chain, worm

SAP CAP packages compromised via Claude Code in AI-assisted worm attack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/shai-hulud-strikes-sap-supply-chain-worm-weaponized-claude-code-to-compromise-the-cap-framework/
Protective Security in the NCSC CAF: A Practical Guide for UK SMEs

Apr 29, 2026 2:39 PM

Tags: cyber, framework, guide

Protective security is one of those topics that can sound broader and more complex than it needs to be. For UK SMEs, the practical question is simple: what do you need to protect, how much protection is enough, and how do you make it work without creating unnecessary overhead? Within the NCSC Cyber Assessment Framework,……
Protective Security in the NCSC CAF: A Practical Guide for UK SMEs

Apr 29, 2026 2:39 PM

Tags: cyber, framework, guide

Protective security is one of those topics that can sound broader and more complex than it needs to be. For UK SMEs, the practical question is simple: what do you need to protect, how much protection is enough, and how do you make it work without creating unnecessary overhead? Within the NCSC Cyber Assessment Framework,……
Why Sharing a Screenshot Can Get You Jailed in the UAE

Apr 28, 2026 8:39 PM

Tags: framework, iran

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years. First seen on wired.com Jump to article: www.wired.com/story/why-sharing-a-screenshot-can-get-you-jailed-in-the-uae/
How Identity, Geopolitics and Data Integrity Define Cyber Resilience

Apr 28, 2026 6:39 PM

Tags: cyber, data, framework, identity

A good cyber framework is built on the assumption that disruption is inevitable, so it must be capable of anticipating, absorbing, and adapting to it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/how-identity-geopolitics-and-data-integrity-define-cyber-resilience/
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates FireTail Blog

Apr 28, 2026 4:38 PM

Tags: access, ai, api, cloud, compliance, control, data, detection, finance, framework, google, governance, group, infrastructure, injection, LLM, nist, openai, risk, service, software, tool, update

Apr 28, 2026 – Timo Rüppell – Most security teams have accepted a hard truth in recent months. AI has already arrived in your organization. It resides in your codebase, runs in your cloud infrastructure, and is likely open in a nearby browser tab right now.The question is no longer whether to let AI in.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Stopping AiTM attacks: The defenses that actually work after authentication succeeds

Apr 28, 2026 11:39 AM

Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, training

The 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
Trust, Risk, and the CISOs Protecting Michigan’s Financial Institutions

Apr 28, 2026 6:39 AM

Tags: ciso, cybersecurity, finance, framework, group, insurance, risk, service

Financial services cybersecurity in Michigan does not all look the same. The CISOs in this feature are securing a wealth management firm, a specialty insurance group, a farm credit institution, a community bank, a credit union serving a major university’s community, and another credit union with a decade of continuous security leadership. The regulatory frameworks,…The…
20-Year-Old Malware Rewrites History of Cyber Sabotage

Apr 27, 2026 4:39 PM

Tags: cyber, framework, malware, stuxnet

Researchers have uncovered a malware framework dubbed fast16 that predates Stuxnet by 5 years. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/20-year-old-malware-rewrites-history-of-cyber-sabotage
OpenClaw Flaws Expose Systems to Policy Bypass Attacks

Apr 27, 2026 11:38 AM

Tags: ai, api, attack, credentials, cyber, cybersecurity, flaw, framework, open-source, unauthorized, update

OpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthorized local configuration modifications, and critical API credential leaks. IT administrators and cybersecurity professionals are strongly advised to upgrade their…
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities

Apr 27, 2026 8:39 AM

Tags: cyber, framework, malware, service, stuxnet, worm

A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists of two primary components: a Lua-powered service binary called svcmgmt.exe and a kernel driver named…
CyCognito Webinar: Why Data Governance Fails When Systems Don’t Align

Apr 27, 2026 6:38 AM

Tags: compliance, data, framework, governance, risk

For most enterprises, data governance has matured into a well-documented discipline. Policies exist. Frameworks are defined. Compliance requirements are mapped. Yet despite this progress, many security and risk leaders still face a persistent and uncomfortable truth: having a governance model does not mean having governance control. The modern enterprise environment is no longer confined to…The…
IRDAI 2026 Cybersecurity Guidelines for Insurance Companies

Apr 25, 2026 2:40 PM

Tags: compliance, cyber, cybersecurity, framework, governance, india, insurance, monitoring

The Insurance Regulatory and Development Authority of India (IRDAI) has introduced significant amendments to its cybersecurity guidelines in 2026, marking a shift from static compliance to continuous cyber resilience. For insurers, IRDAI compliance is no longer just about implementing baseline controls. The updated framework demands stronger governance, tighter oversight, real-time monitoring, and accountability across business……
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Apr 25, 2026 12:39 PM

Tags: cyber, cybersecurity, framework, iran, malware, software, stuxnet, worm

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges.According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper First seen on thehackernews.com…
New US House privacy bills raise hard questions about enterprise data collection

Apr 24, 2026 10:39 PM

Tags: access, ai, awareness, banking, business, cio, ciso, compliance, credentials, data, finance, framework, governance, group, identity, insurance, Internet, jobs, law, privacy, regulation, risk, service, strategy, supply-chain

Where privacy law overlaps with AI governance: The SECURE Data Act does not contain broad, standalone AI governance rules, but it still touches AI in meaningful ways.The bill includes opt-outs for fully automated profiling used for decisions with legal or similarly significant effects. That language can clearly implicate some uses of AI, particularly in hiring,…
Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products

Apr 24, 2026 1:38 PM

Tags: framework, microsoft, office, risk, sql, update, vulnerability, windows

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by……
Google drafts AI agents to secure systems against AI hackers

Apr 24, 2026 10:38 AM

Tags: ai, cloud, data, defense, detection, framework, fraud, google, governance, hacker, identity, injection, microsoft, risk, saas, tool

Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…
3 practical ways AI threat detection improves enterprise cyber resilience

Apr 23, 2026 11:38 PM

Tags: access, ai, attack, automation, backup, cloud, cyber, data, detection, dns, endpoint, exploit, framework, identity, login, malicious, network, radius, ransomware, resilience, risk, service, threat, tool, update, vpn, vulnerability, vulnerability-management

Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
3 practical ways AI threat detection improves enterprise cyber resilience

Apr 23, 2026 11:38 PM

Tags: access, ai, attack, automation, backup, cloud, cyber, data, detection, dns, endpoint, exploit, framework, identity, login, malicious, network, radius, ransomware, resilience, risk, service, threat, tool, update, vpn, vulnerability, vulnerability-management

Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
Google drafts AI agents secure systems against AI hackers

Apr 23, 2026 11:38 PM

Tags: ai, cloud, data, defense, detection, framework, fraud, google, governance, hacker, identity, injection, microsoft, risk, saas, tool

Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…
Google drafts AI agents secure systems against AI hackers

Apr 23, 2026 11:38 PM

Tags: ai, cloud, data, defense, detection, framework, fraud, google, governance, hacker, identity, injection, microsoft, risk, saas, tool

Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…
Google drafts AI agents secure systems against AI hackers

Apr 23, 2026 11:38 PM

Tags: ai, cloud, data, defense, detection, framework, fraud, google, governance, hacker, identity, injection, microsoft, risk, saas, tool

Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…