Collecting Cyber-News from over 60 sources

Tag: risk

Anthropic Warns US Risks Losing AI Edge to China Over Chips

May 16, 2026 12:00 AM

Tags: access, ai, china, control, infrastructure, risk

New Report Warns China Could Reach Frontier AI Near-Parity by 2028. Anthropic warned that weak chip export controls, model distillation and expanded Chinese access to advanced compute infrastructure could erode Washington’s frontier AI advantage and accelerate Beijing’s push toward near-parity in advanced AI systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/anthropic-warns-us-risks-losing-ai-edge-to-china-over-chips-a-31702
Exchange Server zero-day vulnerability can be triggered by opening a malicious email

May 15, 2026 11:00 PM

Tags: automation, data, email, malicious, microsoft, mitigation, risk, service, tactics, update, vulnerability, zero-day

Known issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not…
The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be

May 15, 2026 5:00 PM

Tags: ai, exploit, flaw, google, risk, supply-chain, zero-day

Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, and containment. The post The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-ai-crafted-zero-day-exploit/
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

May 15, 2026 2:00 PM

Tags: attack, malware, powershell, risk, threat, tool

In Your Biggest Security Risk Isn’t Malware, It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild, the same trusted utilities your IT team uses every day are also the preferred toolkit of…
Autonomous systems are finally working. Security is next

May 15, 2026 1:00 PM

Tags: access, ai, cloud, credentials, data, defense, exploit, identity, infrastructure, injection, risk

Security still runs at human speed: Despite advances in infrastructure, cloud and AI, the underlying workflow of security operations has not fundamentally changed. At its core, security still operates as a human-driven process: Alerts are generated, analysts investigate, context is assembled manually and decisions are made under pressure. This model was sufficient when environments were…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks

May 15, 2026 11:00 AM

Tags: attack, cve, cyber, flaw, rce, remote-code-execution, risk, vulnerability

Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and raises concerns for organizations that rely on Java-based database connectivity. Redshift JDBC Driver Flaws The…
Automatisch, sicher, DSGVO-konform: So lösen IT-Admins das Problem der Kontaktsynchronisation auf Diensthandys!

May 15, 2026 9:00 AM

Tags: DSGVO, governance, risk

Abbildung 1 Bildquelle: magnific In vielen Unternehmen liegen die nativen Kontakte-Apps auf Diensthandys brach. Mitarbeitende verlieren daher Zeit mit der Suche nach Kontaktinformationen in Outlook, Intranet- oder Excel-Listen. Für IT-Verantwortliche ist das jedoch mehr als ein Komfortproblem es ist ein Risiko für Governance und Security. Die »Mobile Gap«: Das unsichtbare Effizienz-Leck Fehlende Kontaktsynchronisation… First seen…
AI agent finds 18-year-old remote code execution flaw in Nginx

May 15, 2026 5:00 AM

Tags: ai, api, application-security, cve, cvss, data, dos, endpoint, exploit, flaw, github, leak, mitigation, network, open-source, remote-code-execution, risk, service, technology, update, vulnerability, waf

ngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1.The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions…
Checkbox Assessments Aren’t Fit to Measure Risk

May 14, 2026 5:02 PM

Tags: compliance, governance, risk, risk-management

Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/checkbox-assessments-aren-t-fit-to-measure-to-risk
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

May 14, 2026 4:00 PM

Tags: cve, cvss, cyber, dns, flaw, microsoft, remote-code-execution, risk, vulnerability, windows

Windows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user interaction. Tracked as CVE-2026-41096, the vulnerability has been rated critical with a CVSS base score of 9.8. It is patched in Microsoft’s May 12, 2026, security updates. Critical DNS client…
Google Launches Android Spyware Forensics Tool for High-Risk Users

May 14, 2026 4:00 PM

Tags: android, google, infection, risk, spyware, tool

Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-android-spyware/
How AI Hallucinations Are Creating Real Security Risks

May 14, 2026 3:00 PM

Tags: ai, data, exploit, infrastructure, risk, training

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate.…
Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry

May 14, 2026 1:00 PM

Tags: ai, attack, cloud, cyber, cybersecurity, data, detection, endpoint, incident response, intelligence, microsoft, risk, threat

A new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detection, incident response, and forensic investigations across endpoints and cloud environments. However, collecting high-quality attack telemetry remains a persistent…
ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

May 14, 2026 1:00 PM

Tags: ai, attack, office, risk

The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-steps-in-advice-handling-ai/
What CISOs need to land a board role

May 14, 2026 12:01 PM

Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, training

Tips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
Palo Alto Networks bets on identity security for autonomous AI with Idira launch

May 14, 2026 12:01 PM

Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerability

CISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
Banks Face a Growing AI Risk at the Database Layer

May 12, 2026 7:19 PM

Tags: ai, finance, risk

Researchers warn that banks may be overlooking AI risks at the database layer. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/banks-face-a-growing-ai-risk-at-the-database-layer/
Datensouveränität im Zeitalter der KI

May 12, 2026 5:19 PM

Tags: ai, cloud, risk

In den vergangenen zehn Jahren hat die Cloud die Technologiestrategie vieler IT-Entscheider geprägt. Heute verschiebt sich der Fokus hin zu mehr Datensouveränität insbesondere in Behörden und regulierten Branchen. Datensouveränität erfordert die Fähigkeit, eine substanzielle und nachweisbare Kontrolle über Daten, Technologien, Betriebsprozesse und rechtliche Risiken zu behalten unabhängig davon, wo sich diese befinden. Sie hat […] First…
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

May 12, 2026 4:20 PM

Tags: access, ai, cisco, crowdstrike, cyber, cybersecurity, defense, detection, fortinet, framework, government, malware, network, openai, oracle, penetration-testing, RedTeam, risk, software, strategy, technology, update, vulnerability

OpenAI’s cybersecurity model stack: OpenAI is pursuing a scalable cyber defense platform strategy with Daybreak and is rolling out the initiative through three different model tiers: GPT-5.5 (default), GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber.The standard GPT-5.5 model is positioned for general-purpose enterprise use cases, including developer assistance and knowledge work. GPT-5.5 with Trusted…
20 Leaders Who Built the CISO Era: 2 Decades of Change

May 12, 2026 3:19 PM

Tags: ciso, risk

As part of Dark Reading’s 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/20-leaders-ciso-era-2-decades-change
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

May 12, 2026 3:19 PM

Tags: dark-web, hacker, intelligence, risk, soc, supply-chain, waf

Why do the Riskiest SOC Alerts Go Unanswered?Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating.A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT, dark web…
WorkNest Launches WorkNest Secure to Expand Cybersecurity and Compliance Services

May 12, 2026 2:19 PM

Tags: compliance, cyber, cybersecurity, data, penetration-testing, risk, service

WorkNest Secure has launched a new cybersecurity and compliance division aimed at helping organizations strengthen security, manage risk, and meet growing regulatory demands. The new division, called WorkNest Secure, brings together the cyber, information security, and data protection capabilities of Pentest People and Bulletproof under one brand. Both companies became part of WorkNestGroup following a…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Veeam warnt nach Cyberangriff auf Canvas vor unterschätzten SaaS-Risiken

May 12, 2026 11:19 AM

Tags: cyberattack, risk, saas, security-incident, veeam

Entscheidend bleibt die Fähigkeit von Unternehmen, Daten unabhängig wiederherstellen und den Geschäftsbetrieb auch nach einem Sicherheitsvorfall schnell fortsetzen zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-warnt-nach-cyberangriff-auf-canvas-vor-unterschaetzten-saas-risiken/a45086/