Tag: risk
-
KI in der Cybersicherheit: Gekommen, um zu bleiben
Künstliche Intelligenz ist ein Dauerbrenner und verändert die Cybersecurity-Landschaft rasant. Die Experten der Sophos X-Ops skizzieren die wichtigsten Trends und Sicherheitsherausforderungen, mit denen Unternehmen im Jahr 2026 in Sachen KI rechnen müssen und zeigen auf, welche neuen Risiken wie auch Chancen sich daraus für Unternehmen ergeben. KI-gestütztes Programmieren: Der neue blinde Fleck der Sicherheit KI-Programmierplattformen…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
KI wird zur Insiderbedrohung
Künstliche Intelligenz ist ein Dauerbrenner und verändert die Cybersecurity-Landschaft rasant. Die Experten der Sophos-X-Ops skizzieren die wichtigsten Trends und Sicherheitsherausforderungen, mit denen Unternehmen im Jahr 2026 in Sachen KI rechnen müssen und zeigen auf, welche neuen Risiken wie auch Chancen sich daraus für Unternehmen ergeben. KI-gestütztes Programmieren Der neue blinde Fleck der Sicherheit KI-Programmierplattformen […]…
-
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps
A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/why-17-year-old-built-ai-expose-deepfake-maps
-
Security by Design: Why Multi-Factor Authentication Matters More Than Ever
In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational embedded into products and services by design, not bolted on as an afterthought. This principle underpins our commitment… First…
-
Cyberangriffe rund um Weihnachten und den Jahreswechsel
Die Feiertage gelten als Zeit der Ruhe, des Schenkens und der Erholung doch für Cyberkriminelle sind sie eine Gelegenheit, die sie gezielt ausnutzen. Genau dann, wenn viele Mitarbeitende gedanklich bereits im Urlaub sind und Abläufe unter Jahresendstress stehen, versuchen Angreifer, unaufmerksame oder unterbesetzte Teams hinters Licht zu führen. Ob Holiday-Phishing, gefälschte Zahlungsanweisungen oder Risiken […]…
-
Cyberangriffe rund um Weihnachten und den Jahreswechsel
Die Feiertage gelten als Zeit der Ruhe, des Schenkens und der Erholung doch für Cyberkriminelle sind sie eine Gelegenheit, die sie gezielt ausnutzen. Genau dann, wenn viele Mitarbeitende gedanklich bereits im Urlaub sind und Abläufe unter Jahresendstress stehen, versuchen Angreifer, unaufmerksame oder unterbesetzte Teams hinters Licht zu führen. Ob Holiday-Phishing, gefälschte Zahlungsanweisungen oder Risiken […]…
-
Why a 17-Year-Old Built an AI to Expose Deepfake Maps
A high school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/why-17-year-old-built-ai-expose-deepfake-maps
-
Why a 17-Year-Old Built an AI to Expose Deepfake Maps
A high school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/why-17-year-old-built-ai-expose-deepfake-maps
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
Cybersafety-Prognosen für 2026: Das Internet wird immer gefährlicher
»2026, das Jahr, in dem das Internet der menschlichen Intuition entwächst« 2026 wird das Internet so schnell und komplex, dass die menschliche Intuition nicht mehr ausreicht, um Risiken zu erkennen künstliche Intelligenz verändert Vertrauen, Identität und Wahrheit grundlegend. Cyberkriminelle nutzen KI aktiv, um Identitäten, Emotionen und Browser gezielt zu manipulieren, wodurch neue Sicherheitsreflexe… First seen…
-
ESicherheit: BSI untersucht EProgramme
In unserem E-Mail-Programm lesen, schreiben und verwalten wir all unsere E-Mails. Nicht selten enthalten die Anwendungen daher auch sensibelste Informationen. Entsprechend gut müssen sie vor Risiken wie etwa Mitlesen und Manipulation durch Dritte geschützt werden. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat untersucht, inwiefern E-Mail-Programme relevante Eigenschaften wie Transport- und Inhaltsverschlüsselung, SPAM-, Phishing-……
-
Echo Secures $35M to Tackle Cloud Vulnerabilities With AI
Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries. Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software. First seen…
-
Code Execution in Jupyter Notebook Exports
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks. Executive Summary We identified a new way external Jupyter notebooks could……
-
Code Execution in Jupyter Notebook Exports
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks. Executive Summary We identified a new way external Jupyter notebooks could……
-
NDSS 2025 Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
Session 6B: Confidential Computing 1 Authors, Creators & Presenters: Maryam Rostamipoor (Stony Brook University), Seyedhamed Ghavamnia (University of Connecticut), Michalis Polychronakis (Stony Brook University) PAPER LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms As the use of language-level sandboxing for running untrusted code grows, the risks associated with memory disclosure vulnerabilities and…
-
NDSS 2025 IsolateGPT: An Execution Isolation Architecture For LLM-Based Agentic Systems
Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Yuhao Wu (Washington University in St. Louis), Franziska Roesner (University of Washington), Tadayoshi Kohno (University of Washington), Ning Zhang (Washington University in St. Louis), Umar Iqbal (Washington University in St. Louis) PAPER IsolateGPT: An Execution Isolation Architecture for LLM-Based Agentic Systems Large language models…
-
PwC on using AI to turn cybersecurity risk into competitive advantage
PwC supports clients across the full cyber lifecycle First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/pwc_using_ai_turn/
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
Microsoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server Components
Tags: authentication, cve, cvss, cyber, malicious, microsoft, mitigation, rce, remote-code-execution, risk, vulnerabilityMicrosoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerability enables attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request, representing an unprecedented risk to modern React-based web…
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…
-
Cyber-Resilienz von Unternehmen: Wenn Stillstand zum Risiko wird
First seen on t3n.de Jump to article: t3n.de/news/cyber-resilienz-unternehmen-risiko-1720779/
-
Communicating AI Risk to the Board With Confidence – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/communicating-ai-risk-to-the-board-with-confidence-kovrr/