Tag: ml
-
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply chain attacks by distributing malicious ML models containing undetectable code. The discoveries underscore a fundamental…
-
Wie Unternehmen sich gegen neue KI-Gefahren wappnen
Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerabilityKI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
-
Wie Unternehmen sich gegen neue KI-Gefahren wappnen
Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerabilityKI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
-
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog
Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerabilityNov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
-
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog
Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerabilityNov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
-
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog
Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerabilityNov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
ClayRat spyware turns phones into distribution hubs via SMS and Telegram
Fighting a self-spreading spyware: Experts say combating ClayRat requires both technical hardening and behavioral hygiene.”Security teams should enforce a layered mobile security posture that reduces installation paths, detects compromise, and limits blast radius,” said Jason Soroko, Senior Fellow at Sectigo. He recommends blocking sideloading through Android Enterprise policy, deploying mobile threat defense integrated with endpoint…
-
Protegrity Developer Edition: Free containerized Python package to secure AI pipelines
Protegrity Developer Edition enables developers, data scientists, ML engineers, and security teams an easy way to add data protection into GenAI and unstructured data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/03/protegrity-developer-edition/
-
Protegrity Developer Edition: Free containerized Python package to secure AI pipelines
Protegrity Developer Edition enables developers, data scientists, ML engineers, and security teams an easy way to add data protection into GenAI and unstructured data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/03/protegrity-developer-edition/
-
KI-Gefahren rücken Integritätsschutz in den Mittelpunkt
Tags: ai, ciso, cloud, compliance, cyberattack, data, data-breach, DSGVO, exploit, governance, injection, LLM, ml, risk, tool, training, updateData Poisoning gefährdet die Integrität von KI-Modellen.Für CISOs reduziert KI selten die Komplexität, sondern füllt vielmehr ihre ohnehin schon volle Agenda. Neben den traditionellen Sicherheitsprioritäten müssen sie sich nun auch mit neuen KI-bedingten Risiken auseinandersetzen, etwa wenn KI-Lösungen unkontrolliert für geschäftliche Zwecke genutzt, Modelle manipuliert und neue Vorschriften nicht eingehalten werden. Eine der drängendsten Herausforderungen…
-
Unveiling LummaStealer’s Technical Details Through ML-Based Detection Approach
In early 2025, LummaStealer was in widespread use by cybercriminals targeting victims throughout the world in multiple industry verticals, including telecom, healthcare, banking, and marketing. A sweeping law enforcement operation in May brought this all to an abrupt halt. After a quiet period, we are now seeing new variants of LummaStealer emerge. In light of…
-
How to de-identify insurance claims and documents with Tonic Textual
Insurance claims and documents contain sensitive PII that block these sources of data for use in AI and ML training initiatives. Tonic Textual can be used to de-identify sensitive entities, while retaining important context. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-to-de-identify-insurance-claims-and-documents-with-tonic-textual-2/
-
2025 CSO Hall of Fame: Laura Deaner on AI, quantum threats, and cyber leadership
Tags: ai, attack, automation, breach, business, ciso, compliance, conference, cyber, cybersecurity, india, ml, ransomware, risk, skills, strategy, tactics, technology, threat, tool, vulnerabilityHow has the CISO role changed during your career, and what do you see as the biggest cybersecurity challenges for the next generation of CISOs?: Laura Deaner: “When the CISO role first emerged, security was treated as an IT compliance checkbox. Over the years, high-profile breaches”, such as the Code Red incident at Microsoft”, forced…
-
OT security: Why it pays to look at open source
Tags: access, ai, attack, compliance, control, data, defense, detection, edr, endpoint, Hardware, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, service, strategy, threat, tool, vulnerabilityOT security at the highest level thanks to open-source alternatives: Commercial OT security solutions such as those from Nozomi Networks, Darktrace, Forescout or Microsoft Defender for IoT promise a wide range of functions, but are often associated with license costs in the mid to high six-figure range per year. Such a high investment is often…
-
Rowhammer attack can backdoor AI models with one devastating bit flip
Servers with DDR3 memory modules (demonstrated on 16GB Samsung DDR3)Workstations with DDR4 memory (demonstrated on 8GB Hynix DDR4)AI inference servers running popular models such as ResNet, VGG, and Vision TransformersEdge computing devices with vulnerable DRAM hosting neural networksCloud platforms using DDR3/DDR4 memory for AI model deploymentResearch computing systems running full-precision (32-bit floating-point) modelsMulti-tenant GPU servers…
-
NIST’s attempts to secure AI yield many questions, no answers
Challenges to consider: The NIST report talked about various categories of AI integration that forced serious cybersecurity considerations, including: using genAI to create new content; fine-tuning predictive AI; using single AI agents as well multiple agents; and security controls for AI developers. The potentially most challenging element of securing AI in enterprises is visibility. But the…
-
Kommentar von Shachar Menashe, JFrog – Wie Shadow-ML die Sicherheit der Software gefährdet
First seen on security-insider.de Jump to article: www.security-insider.de/globaler-wettlauf-ki-sicherheitsbedenken-herausforderungen-a-48d92a7346e8ff306ca882a1ee4357a9/
-
AI adoption is booming but secure scaling not so much
96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/18/ai-readiness-in-organizations/
-
Google rolls out Veo 3 video generator, try it for free using credits
Google is rolling out Veo 3 to everyone using Vertex AI, which is an ML-testing platform provided by Google Cloud. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-rolls-out-veo-3-video-generator-try-it-for-free-using-credits/
-
6 key trends redefining the XDR market
Tags: access, ai, apache, attack, cloud, country, crowdstrike, cybersecurity, data, detection, edr, endpoint, framework, identity, incident response, infrastructure, intelligence, marketplace, microsoft, ml, monitoring, msp, mssp, network, office, open-source, ransomware, service, siem, soc, sophos, threat, toolXDR-as-a-service on the rise: A fully staffed SOC is out of reach for many organizations and that’s why the rise of XDR-as-a-service reflects growing demand for managed, scalable security capabilities.”With stretched teams and expanding attack surfaces, many organizations are turning to trusted providers to deliver round-the-clock detection and response,” says Santiago Pontiroli, lead security researcher…
-
From StackStorm to DeepTempo
And what does it tell us about Cybersecurity? As the founding CEO of StackStorm and now DeepTempo, I’ve seen how the needs of CISOs and SOCs have changed over the last 10+ years. New challenges and a better color scheme! When we started StackStorm, the cybersecurity landscape was different. Our power users rarely asked for more alerts”Š”,…