Collecting Cyber-News from over 60 sources

Tag: risk

Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw

Jun 26, 2026 12:16 AM

Tags: breach, cisco, cloud, data, data-breach, exploit, flaw, hacker, leak, mandiant, ransomware, risk

Also, Three Ubiquiti Flaws Under Exploitation. This week, Mandiant detailed a Cisco SD-WAN hack as attackers exploited Ubiquiti flaws. London Hydro disclosed a customer data breach, researchers flagged cross-cloud bucket hijacking risks an INC ransomware leak, Texas and Gravity SMTP incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-how-hackers-exploited-cisco-sd-wan-flaw-a-32080
Your Board Is Using Shadow AI

Jun 25, 2026 5:16 PM

Tags: ai, cio, governance, risk

Board Members Adopt GenAI Without Policies or Oversight. A new Diligent Institute survey finds 82% of U.S. public company directors are using generative AI for board work, yet 69% of boards have no formal AI policy in place. CIOs are being left out of the governance conversation, and the risks are mounting. First seen on…
Do CISOs Need a Code of Ethics?

Jun 25, 2026 5:16 PM

Tags: ciso, cybersecurity, jobs, risk

Dark Reading Confidential Episode 19: Kickbacks, no-show jobs, dirty VCs, and shelf ware, industry expert Robert RSnake Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren’t engaged in self-dealing that could risk enterprise, and even national, security. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ciso-code-of-ethics
Orbit: Warum die Satelliten Infrastruktur zur kritischen Angriffsfläche für Unternehmen wird

Jun 25, 2026 5:16 PM

Tags: infrastructure, risk

Satelliten werden zur neuen Cyberangriffsfläche: Wer ihre Risiken unterschätzt, gefährdet Kommunikation, Lieferketten und kritische Infrastrukturen auf der Erde. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/orbit-warum-die-satelliteninfrastruktur-zur-kritischen-angriffsflaeche-fuer-unternehmen-wird/a45601/
Das stille Compliance-Risiko Wie unkontrollierte Tracker auf Unternehmenswebsites zur DSGVO-Schwachstelle werden

Jun 25, 2026 5:16 PM

Tags: compliance, DSGVO, endpoint, firewall, risk, vulnerability

Wann wurden die Tracker das letzte Mal auf der Unternehmenswebsite geprüft? Vermutlich nicht so oft wie die Firewall-Regeln oder die Endpoint-Security-Richtlinien. IT-Sicherheitsteams investieren Millionen in Netzwerkmonitoring und Schwachstellenscans, doch die eigene Website bleibt oft ein blinder Fleck ein ‘ungepatchtes Leck”, das klassische Sicherheitstools gar nicht sehen. Marketingabteilungen betreiben Tracking meist ohne tiefe IT-Abstimmung, Sicherheitsteams haben […]…
Closing the ‘risk window’: Why real-time remediation is the new security standard

Jun 25, 2026 5:16 PM

Tags: risk

First seen on scworld.com Jump to article: www.scworld.com/perspective/closing-the-risk-window-why-real-time-remediation-is-the-new-security-standard
Aryon Secures $29M to Thwart Cloud Risks Before Deployment

Jun 25, 2026 5:16 PM

Tags: cloud, control, google, risk

Series A Funds Back Enforcement Controls That Block Insecure Resources Instantly. Aryon Security raised $29 million in Series A funding to help enterprises enforce security policies at cloud deployment, preventing misconfigurations, excessive permissions and insecure resources from reaching production environments across AWS, Azure and Google Cloud. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/aryon-secures-29m-to-thwart-cloud-risks-before-deployment-a-32069
New Forescout Data Reveals Slow Progress Toward Quantum-Safe Security

Jun 24, 2026 6:34 PM

Tags: awareness, computing, cryptography, data, Internet, risk

Despite growing awareness of quantum computing risks and increasing pressure on organisations to prepare for the transition to post-quantum cryptography (PQC), most internet-facing systems remain unprepared for a quantum-safe future, according to new research from Forescout Research Vedere Labs. The report, published today, reveals that while adoption of PQC-capable technologies has accelerated over the The…
KnowBe4 awarded in the email security industry

Jun 24, 2026 6:34 PM

Tags: best-practice, email, risk, risk-management

KnowBe4, the human risk management platform, today announced it has been awarded ‘2026 Global Customer Value Leadership’ in the email security industry as part of Frost & Sullivan’s Best Practices recognition. Best Practices awards companies for their superior leadership and innovation. Frost & Sullivan recognised KnowBe4 for: Its continued protection of the human element of…
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability

Jun 24, 2026 1:34 PM

Tags: cve, cyber, exploit, flaw, microsoft, risk, service, update, vulnerability

A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp operation. This vulnerability poses risks to organisations that have not yet deployed the security updates from June 2026. The flaw affects Exchange Server versions 2016 CU23, 2019 CU14 and CU15, and…
UK Museums Face Cybersecurity Risks, MPs Warn

Jun 24, 2026 11:34 AM

Tags: cyber, cybersecurity, government, risk

Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mps-criticize-government-museum/
Samsung KNOX Kernel Flaw Exposes Galaxy Devices to Memory Corruption Attacks

Jun 24, 2026 9:34 AM

Tags: attack, cve, cyber, flaw, framework, risk, vulnerability

Samsung has addressed a critical kernel vulnerability in its KNOX security framework that puts millions of Galaxy devices at risk of memory-corruption attacks, potentially allowing full device compromise. This issue, tracked as CVE-2026-20971, was discovered by LucidBit Labs and affects a wide range of Samsung smartphones released over the past eight years, including devices from…
CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog

Jun 24, 2026 7:34 AM

Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, network, office, risk, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the increasing risk to both enterprise and small-office network environments that rely on this popular network management platform. The newly identified flaws, CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, affect UniFi OS…
MSSPs need to stop risk before it hits the SOC

Jun 24, 2026 6:34 AM

Tags: mssp, risk, soc

First seen on scworld.com Jump to article: www.scworld.com/perspective/mssps-need-to-stop-risk-before-it-hits-the-soc
F5 targets shadow AI risk with new AI security platform and SurePath acquisition

Jun 24, 2026 6:34 AM

Tags: ai, risk

First seen on scworld.com Jump to article: www.scworld.com/brief/f5-targets-shadow-ai-risk-with-new-ai-security-platform-and-surepath-acquisition
AI can write code. MSPs still own the risk

Jun 24, 2026 6:34 AM

Tags: ai, msp, risk

First seen on scworld.com Jump to article: www.scworld.com/perspective/ai-can-write-code-msps-still-own-the-risk
Signal president warns about AI chatbot privacy risks

Jun 24, 2026 6:34 AM

Tags: ai, privacy, risk

First seen on scworld.com Jump to article: www.scworld.com/brief/signal-president-warns-about-ai-chatbot-privacy-risks
White House drastically shortens deadline for dropping quantum-vulnerable crypto

Jun 24, 2026 1:33 AM

Tags: crypto, cryptography, risk, vulnerability

Order warns of national security risks if post-quantum cryptography isn’t adopted in time. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/
Xsolis Hack Affecting 1.4M Raises AI Vendor Risk Concerns

Jun 23, 2026 11:34 PM

Tags: ai, business, governance, healthcare, risk, software

Experts Urge Health Sector Organizations to Strengthen AI Governance, Oversight. A Tennessee-based vendor of AI-powered business decision support software for healthcare providers and insurers is notifying nearly 1.4 million people that their information was compromised in a recent hack. Experts said the incident spotlights growing risks to healthcare by AI-tech vendors. First seen on govinfosecurity.com…
DifyTap: Four Bugs Put over 1 million AI Apps at Risk

Jun 23, 2026 8:34 PM

Tags: access, ai, data, data-breach, flaw, open-source, risk, vulnerability

Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-source AI platform used by major companies like Volvo and Maersk to run over a million applications across over 60 industries. Two vulnerabilities are of critical…
HR must have a say in AI policy to forestall legal risks

Jun 23, 2026 6:34 PM

Tags: ai, framework, risk

In this Q&A, employment attorney Deepa Menon explains the legal risks of using AI for workforce decisions and why lawyers, HR and IT must agree on a framework before implementing AI. First seen on techtarget.com Jump to article: www.techtarget.com/searchhrsoftware/news/366644954/HR-must-have-a-say-in-AI-policy-to-forestall-legal-risks
LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens

Jun 23, 2026 3:33 PM

Tags: access, attack, authentication, breach, cyber, data, data-breach, risk, saas, security-incident, supply-chain, unauthorized

A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred after attackers compromised OAuth tokens associated with enterprise integrations. This incident, disclosed by LastPass, underscores the ongoing risks related to SaaS integrations and token-based authentication in today’s enterprise environments. LastPass Customer Data Exposed…
DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps

Jun 23, 2026 3:33 PM

Tags: access, ai, cyber, data, flaw, open-source, risk, vulnerability

A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication. They expose cross-tenant data leakage risks, allowing attackers to access private AI conversations, preview sensitive…
The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027

Jun 23, 2026 2:33 PM

Tags: ai, deep-fake, fraud, risk, service, threat

Learn how AI, deepfakes, synthetic identities and fraud-as-a-service may reshape iGaming risk, and what security teams can do to detect future threats in 2027. First seen on hackread.com Jump to article: hackread.com/igaming-fraud-security-teams-expect-in-2027/
Cybercrime Atlas Cosmos: Open-Source-Plattform kartiert das Ökosystem der Cyberkriminalität

Jun 23, 2026 7:33 AM

Tags: cyberattack, cybercrime, open-source, risk

Management Summary Eine neue offene Plattform macht Strukturen der Cyberkriminalität sichtbar, indem sie Akteure, Werkzeuge, Marktplätze und Geldflüsse in einem gemeinsamen Wissensgraphen verknüpft. Die Lösung adressiert ein wachsendes wirtschaftliches Risiko: Cyberangriffe verursachen hohe Schäden, betreffen einen Großteil der Unternehmen und werden zunehmend arbeitsteilig organisiert. Für Unternehmen und Behörden entsteht ein praktischer Nutzen durch einheitliche Begriffe,……
AI-powered cyber attacks may be just months away, warn Five Eyes

Jun 23, 2026 12:33 AM

Tags: ai, attack, cyber, government, risk

Frontier AI models will pose a greater cyber security risk to government and businesses than previously thought, putting businesses and governments at risk within months First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644997/AI-powered-cyber-attacks-may-be-just-months-away-warn-Five-Eyes
New AI Model Aims to Transform Behavioral Health

Jun 22, 2026 11:33 PM

Tags: ai, data, risk

Nick Allen of Ksana Health on ARPA-H-Funded Effort to Predict Mental Health Risk. A new AI-powered large health behavior model could help detect mental health and substance use risks before crises occur, said Nick Allen of Ksana Health, which is leading the ARPA-H funded effort to combine wearable, smartphone and health record data for earlier…
Diese zehn CTI-Irrtümer machen Unternehmen angreifbarer, als sie glauben

Jun 22, 2026 4:34 PM

Tags: risk

Dazu kommt ein strukturelles Risiko: CTI-Analysten gehören zu den gefragtesten und zugleich am stärksten belasteten Fachkräften in der Cybersecurity. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/diese-zehn-cti-irrtuemer-machen-unternehmen-angreifbarer-als-sie-glauben/a45556/
Novo Nordisk Breach Highlights Software Development Pipeline Risk

Jun 22, 2026 3:34 PM

Tags: breach, data-breach, github, identity, programming, risk, software

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk
Novo Nordisk Breach Highlights Software Development Pipeline Risk

Jun 22, 2026 3:34 PM

Tags: breach, data-breach, github, identity, programming, risk, software

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk