Tag: intelligence
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
Max Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
-
US strike plan exposure downplayed by intelligence officials
Tags: intelligenceFirst seen on scworld.com Jump to article: www.scworld.com/brief/us-strike-plan-exposure-downplayed-by-intelligence-officials
-
Dark Web Intelligence: A Critical Layer in Modern Cybersecurity Strategy
First seen on scworld.com Jump to article: www.scworld.com/native/dark-web-intelligence-a-critical-layer-in-modern-cybersecurity-strategy
-
Blacklock Ransomware Infrastructure Breached, Revealing Planned Attacks
Tags: access, attack, breach, cyber, cybersecurity, data, exploit, group, infrastructure, intelligence, leak, ransomware, vulnerabilityResecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak Site (DLS) of Blacklock Ransomware, gaining unprecedented access to the group’s infrastructure. This breach, occurring during the winter of 2024-2025, allowed researchers to collect substantial intelligence about the ransomware group’s activities and planned attacks. Exploitation of Local File Include Vulnerability The…
-
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat.”The threat…
-
Databricks adaptiert Claude-Modelle auf die eigene Data-Intelligence-Plattform
Databricks und Anthropic, ein Unternehmen für KI-Sicherheit und -Forschung, geben eine strategische, fünfjährige Partnerschaft bekannt. Die Modelle und Dienstleistungen von Anthropic werden nativ über die Data-Intelligence-Plattform von Databricks angeboten. In Kombination mit bringt diese Vereinbarung die Claude-Modelle von Anthropic direkt zu über 10.000 Unternehmen, zusammen mit ihren geschäftskritischen, proprietären Daten. So können […] First seen…
-
Threat Actors Use Fake Booking.com Emails to Deceive Hotel Staff and Gain System Access
A sophisticated phishing campaign targeting the hospitality industry has been uncovered, with threat actors impersonating Booking.com to gain access to hotel systems and customer data. Microsoft Threat Intelligence has attributed the ongoing attacks, which began in December 2024 and continued through February 2025, to a group known as Storm-1865. The campaign primarily targets North America,…
-
Reading the Tea Leaves in FDA’s AI-Enabled Device Guidelines
While recent draft guidance from the Food and Drug Administration on artificial intelligence-enabled medical devices is non-binding, the document signals that the agency is intensifying its regulatory scrutiny of these technologies, said Dr. Scott Schell of IT consulting firm Cognizant. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/reading-tea-leaves-in-fdas-ai-enabled-device-guidelines-i-5468
-
Broadcom Extends Scope of VMware vDefend Cybersecurity Platform
Broadcom today updated its VMware vDefend platform to add additional security intelligence capabilities along with a streamlined ability to micro-segment networks using code to programmatically deploy virtual firewalls. Additionally, Broadcom has made it simpler to deploy and scale out the Security Services Platform (SSP) it uses to provide a data lake for collecting telemetry data..…
-
Intelligence chiefs insist Signal chat was a simple mistake
Democrats on the House Intelligence Committee expressed anger over the use of the messaging app to coordinate military strikes on Houthi targets in Yemen. First seen on cyberscoop.com Jump to article: cyberscoop.com/signal-chat-house-intelligence-tulsi-gabbard-chrissy-houlahan/
-
KI-Agenten erobern die Cybersicherheitsbranche
Tags: ai, cloud, cyberattack, cyersecurity, edr, governance, identity, intelligence, mail, microsoft, phishing, soar, soc, strategy, threat, tool, update, vulnerabilityMicrosoft führt KI-Agenten ein, um die Cybersicherheit angesichts zunehmender Bedrohungen zu automatisieren.KI-Agenten, die in der Lage sind, Code auszuführen und Websuchen durchzuführen, gewinnen in der gesamten Tech-Branche an Bedeutung. Ein weiteres Feld, welches immer wichtiger wird, ist automatisierte Sicherheit.Diese Tools sind geeignet für Aufgaben wiePhishing-Erkennung,Datenschutz undIdentitätsmanagement.Hierbei handelt es sich um Bereiche, in denen Angreifer unvermindert…
-
Mit GenAI zum Insider-Threat
Tags: ai, best-practice, ciso, cloud, cyersecurity, data-breach, framework, infrastructure, injection, intelligence, mitre, password, risk, risk-management, technology, threat, toolViele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen.Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum.Zudem nutzen drei von vier Unternehmen Apps mit integrierten…
-
Intel chiefs again say they did not share classified info amid new questions on war chats
President Donald Trump’s intelligence chiefs on Wednesday maintained they did not share classified information about an eminent U.S. military strike on a messaging app, even as more details about the discussion came to light. First seen on therecord.media Jump to article: therecord.media/intel-chiefs-again-say-they-did-not-share-classified-info-house-hearing
-
Military AI caught in tension between speed and control
The use of artificial intelligence in military contexts can unlock a range of benefits for defence organisations, but also highlights a clear tension between speed and control baked into the technology First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366621215/Military-AI-caught-in-tension-between-speed-and-control
-
Beyond STIX: Next-Level Cyber-Threat Intelligence
While industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/beyond-stix-next-level-cyber-threat-intelligence
-
Public Accounts Committee calls out legacy IT
Unsupported and out-of-date software and hardware are hindering the government’s artificial intelligence plans for the public sector First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366621126/Public-Accounts-Committee-calls-out-legacy-IT
-
Vorsicht Vishing: Zahl der VoiceAngriffe explodiert
Der Threat Intelligence Report für das zweite Halbjahr 2024 von Ontinue zeigt, dass die Zahl der Ransomware-Attacken erwartungsgemäß weiter stieg, die Lösegeldzahlungen hingegen sanken. Die Vishing-Angriffe explodierten regelrecht [1]. Das ATO (Advanced Threat Operations)-Team von Ontinue hat seinen Halbjahresbericht vorgelegt, in dem es die aktuellen Trends und Entwicklungen im Cybersecurity-Bereich analysiert. Wie zu erwarten war,……
-
Rising attack exposure, threat sophistication spur interest in detection engineering
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
Understanding RDAP: The Future of Domain Registration Data Access
Tags: access, api, attack, authentication, china, compliance, control, cyber, cybercrime, cybersecurity, data, detection, exploit, framework, fraud, GDPR, incident response, infrastructure, intelligence, Internet, law, malicious, malware, phishing, privacy, regulation, service, threat, tool, vulnerability -
Getting the Most Value Out of the OSCP: The PEN-200 Labs
Tags: access, ai, attack, compliance, container, cyber, cybersecurity, dns, docker, exploit, firewall, guide, hacking, Hardware, infrastructure, intelligence, jobs, kubernetes, microsoft, mitigation, network, open-source, oracle, penetration-testing, powershell, risk, security-incident, service, siem, skills, technology, tool, training, vmware, vulnerability, windowsHow to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been sponsored or incentivized in any way to recommend or oppose any…
-
Senate Democrats dissatisfied with intel officials’ responses about Signal chat
Director of National Intelligence Tulsi Gabbard and other high-ranking officials largely dismissed accusations by Senate Democrats that the exposure of a Signal group chat was a sign of incompetence at the top of U.S. intelligence agencies. First seen on therecord.media Jump to article: therecord.media/gabbard-ratcliffe-signal-atlantic-yemen-operation-senate-hearing
-
Cybercriminals Bypass Security Using Legitimate Tools Browser Extensions to Deliver Malware
In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures and deliver malware, according to Ontinue’s latest Threat Intelligence Report. Threat actors are exploiting built-in Microsoft features like Quick Assist and Windows Hello to establish persistence and evade detection. Quick Assist, a remote access tool,…
-
Senators criticize Trump officials’ discussion of war plans over Signal, but administration answers don’t come easily
An Intelligence Committee hearing focused on the security risks of a cabinet-level group chat that included a reporter from The Atlantic. First seen on cyberscoop.com Jump to article: cyberscoop.com/democratic-senators-question-national-security-officials-over-war-plans-signal-chat/
-
New Benchmarks Challenge Brute Force Approach to AI
ARC-AGI-2 Measures AI’s Ability to Problem Solve With Fewer Resources. A new benchmark to evaluate artificial general intelligence has leading artificial intelligence models stumped. The Arc Prize Foundation’s ARC-AGI-2 test presents puzzle-like challenges that require AI models to analyze visual patterns from multicolored square grids and generate solutions. First seen on govinfosecurity.com Jump to article:…
-
Lasso Adds Automated Red Teaming Capability to Test LLMs
Lasso today added an ability to autonomously simulate real-world cyberattacks against large language models (LLMs) to enable organizations to improve the security of artificial intelligence (AI) applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/lasso-adds-automated-red-teaming-capability-to-test-llms/
-
Microsoft launches AI agents to automate cybersecurity amid rising threats
Tags: ai, cloud, cybersecurity, data, governance, identity, intelligence, microsoft, risk, strategy, threat, tool, vulnerabilityIntegration benefits for customers: Microsoft said the six new Security Copilot agents are designed to help security teams autonomously manage high-volume security and IT tasks while integrating smoothly with the broader Microsoft Security portfolio.According to Grover, the move is likely to benefit organizations already embedded in the Microsoft ecosystem, as the platform-centric approach offers advantages…
-
Tencent Says It Does More in AI With Fewer GPUs
Not Every New Generation of LLM Needs Exponentially More Chips, Says Tencent Exec. Chinese tech giant Tencent reported a slowdown in GPU deployment, attributing it to a prioritization among Sino tech companies of chip efficiency over raw numbers, a strategy made clear internationally by artificial intelligence firm DeepSeek. First seen on govinfosecurity.com Jump to article:…