Collecting Cyber-News from over 60 sources

Tag: risk

What CISOs need to land a board role

May 14, 2026 12:01 PM

Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, training

Tips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
Palo Alto Networks bets on identity security for autonomous AI with Idira launch

May 14, 2026 12:01 PM

Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerability

CISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
Banks Face a Growing AI Risk at the Database Layer

May 12, 2026 7:19 PM

Tags: ai, finance, risk

Researchers warn that banks may be overlooking AI risks at the database layer. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/banks-face-a-growing-ai-risk-at-the-database-layer/
Datensouveränität im Zeitalter der KI

May 12, 2026 5:19 PM

Tags: ai, cloud, risk

In den vergangenen zehn Jahren hat die Cloud die Technologiestrategie vieler IT-Entscheider geprägt. Heute verschiebt sich der Fokus hin zu mehr Datensouveränität insbesondere in Behörden und regulierten Branchen. Datensouveränität erfordert die Fähigkeit, eine substanzielle und nachweisbare Kontrolle über Daten, Technologien, Betriebsprozesse und rechtliche Risiken zu behalten unabhängig davon, wo sich diese befinden. Sie hat […] First…
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

May 12, 2026 4:20 PM

Tags: access, ai, cisco, crowdstrike, cyber, cybersecurity, defense, detection, fortinet, framework, government, malware, network, openai, oracle, penetration-testing, RedTeam, risk, software, strategy, technology, update, vulnerability

OpenAI’s cybersecurity model stack: OpenAI is pursuing a scalable cyber defense platform strategy with Daybreak and is rolling out the initiative through three different model tiers: GPT-5.5 (default), GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber.The standard GPT-5.5 model is positioned for general-purpose enterprise use cases, including developer assistance and knowledge work. GPT-5.5 with Trusted…
20 Leaders Who Built the CISO Era: 2 Decades of Change

May 12, 2026 3:19 PM

Tags: ciso, risk

As part of Dark Reading’s 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/20-leaders-ciso-era-2-decades-change
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

May 12, 2026 3:19 PM

Tags: dark-web, hacker, intelligence, risk, soc, supply-chain, waf

Why do the Riskiest SOC Alerts Go Unanswered?Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating.A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT, dark web…
WorkNest Launches WorkNest Secure to Expand Cybersecurity and Compliance Services

May 12, 2026 2:19 PM

Tags: compliance, cyber, cybersecurity, data, penetration-testing, risk, service

WorkNest Secure has launched a new cybersecurity and compliance division aimed at helping organizations strengthen security, manage risk, and meet growing regulatory demands. The new division, called WorkNest Secure, brings together the cyber, information security, and data protection capabilities of Pentest People and Bulletproof under one brand. Both companies became part of WorkNestGroup following a…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Veeam warnt nach Cyberangriff auf Canvas vor unterschätzten SaaS-Risiken

May 12, 2026 11:19 AM

Tags: cyberattack, risk, saas, security-incident, veeam

Entscheidend bleibt die Fähigkeit von Unternehmen, Daten unabhängig wiederherstellen und den Geschäftsbetrieb auch nach einem Sicherheitsvorfall schnell fortsetzen zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-warnt-nach-cyberangriff-auf-canvas-vor-unterschaetzten-saas-risiken/a45086/
Cyberkriminelle greifen über Umwege an – Third-Party-Risiken werden systematisch unterschätzt

May 12, 2026 9:19 AM

Tags: risk

First seen on security-insider.de Jump to article: www.security-insider.de/lieferkettenrisiken-cybersecurity-third-party-angriffe-a-fc524787c1b7676b663beb3af25496f5/
The hidden smart fridge risks that emerge years after purchase

May 12, 2026 7:19 AM

Tags: cloud, control, mobile, risk, service, software

Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/12/iot-smart-fridge-risks/
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

May 12, 2026 5:19 AM

Tags: access, attack, business, control, cve, cybersecurity, exploit, flaw, group, incident response, infosec, linux, LLM, mitigation, risk, service, strategy, switch, technology, tool, update, vulnerability, zero-day

), a logic bug which lets users easily obtain root access, and Dirty Frag, which abuses weaknesses in how the Linux kernel handles fragmented memory pages. The Dirty Frag attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). The proposal has set off a furious…
AI Is Reshaping Software Supply Chain Risk

May 11, 2026 11:18 PM

Tags: ai, control, risk, software, supply-chain

AI-assisted development is expanding software supply chain risks faster than security controls can keep pace. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-is-reshaping-software-supply-chain-risk/
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 5:20 PM

Tags: ai, attack, ceo, cyber, cybersecurity, exploit, framework, github, Hardware, identity, infrastructure, Internet, penetration-testing, RedTeam, risk, threat, tool, vulnerability, zero-day

Identity, who the AI agent is.Scope, what it is authorized to do.Attestation, whether it or its instructions have been tampered with.Delegation, who delegated authority.Revocation, whether that authority has been revoked.”Every AI agent on the internet today is a stranger. You don’t know who it is, what it’s authorized to do, or whether it’s been tampered…
AI security is repeating endpoint security’s biggest mistake

May 11, 2026 5:20 PM

Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, update

Most AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

May 11, 2026 5:20 PM

Tags: ai, attack, authentication, breach, cloud, control, credentials, data, data-breach, defense, exploit, framework, governance, identity, infrastructure, Internet, LLM, malicious, monitoring, network, risk, service, supply-chain, threat, tool, vulnerability, zero-trust

The epistemological chasm: What renders MCP vulnerabilities particularly vexatious is the fundamental asymmetry they exploit between machine cognition and human oversight.Tool poisoning attacks insert malevolent instructions into tool metadata that LLMs process with complete fidelity but that remain utterly invisible to human operators. The machine perceives everything; its ostensible supervisors perceive nothing. We have unwittingly…
Angreifer nutzen bekannte Schwachstellen schneller und systematischer aus, als viele Organisationen reagieren können

May 11, 2026 5:20 PM

Tags: cyberattack, germany, risk, vulnerability

‘Die aktuellen Angriffe auf tausende cPanel-/WHM-Instanzen in Deutschland zeigen erneut, wie schnell sich das Risiko aus einer einzelnen kritischen Schwachstelle in eine breit angelegte Angriffskampagne verwandeln kann”, so Jörg Vollmer, General Manager Field Operations DACH und CEE bei Qualys. Aus Sicht von Qualys ist dabei weniger die Schwachstelle selbst überraschend, sondern die Dynamik, mit der Angreifer…
Linux developers weigh emergency >>killswitch<< for vulnerable kernel functions

May 11, 2026 5:20 PM

Tags: linux, mitigation, risk, vulnerability

Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (>>Killswitch<<) that would allow administrators to disable vulnerable … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/linux-kernel-emergency-killswitch/
Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data

May 11, 2026 5:20 PM

Tags: access, corporate, cyber, data, exploit, flaw, malicious, microsoft, privacy, risk, vulnerability

Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If successfully exploited, malicious actors could bypass established security boundaries to access sensitive information processed, summarized,…
Künstliche Intelligenz: Anwälte warnen vor KI-Transkriptionstools in Meetings

May 11, 2026 5:20 PM

Tags: ai, risk

KI-Bots protokollieren Meetings präzise mit. Juristen warnen vor massiven Risiken für das Anwaltsgeheimnis. First seen on golem.de Jump to article: www.golem.de/news/kuenstliche-intelligenz-anwaelte-warnen-vor-ki-transkriptionstools-in-meetings-2605-208512.html
KI”‘Cyberangriffe nehmen zu, Governance und Know-how hinken hinterher

May 8, 2026 7:48 AM

Tags: cyberattack, governance, risk

Begrenzte Transparenz bei KI”‘Cyberangriffen: 35″¯% der europäischen Unternehmen können nicht beurteilen, ob sie bereits von KI”‘gestützten Cyberangriffen betroffen waren ein Zeichen für erhebliche Defizite in Erkennung und Monitoring. Steigende Bedrohung bei sinkender Erkennungsfähigkeit: KI”‘gestützte Phishing”‘ und Social”‘Engineering”‘Angriffe sind deutlich schwerer zu erkennen (71″¯%), das Vertrauen in klassische Sicherheitsmethoden nimmt ab. Größte wahrgenommene Risiken durch… First…
Multiple Critical Flaws Fixed in Next.js and React Server Components

May 8, 2026 7:48 AM

Tags: authentication, cyber, flaw, github, risk, service, update, vulnerability

Vercel has rolled out vital security updates for Next.js to address a wave of high-severity vulnerabilities affecting versions across the 13.x to 16.x branches. Published via GitHub advisories by Tim Neutkens, these flaws expose web applications to severe risks, including unauthenticated Denial of Service (DoS), Server-Side Request Forgery (SSRF), and multiple middleware authentication bypasses. The…
13 new critical holes in JavaScript sandbox allow execution of arbitrary code

May 8, 2026 5:48 AM

Tags: access, advisory, control, credentials, cve, docker, email, exploit, flaw, group, network, risk, software, update, vulnerability

VM.run() can obtain host process object and runs host commands with zero co-operation from the host.However, researchers at Socket told us in an email that the advisory about this escape says it has been confirmed only on Node.js 25.6.1, and requires a Node.js version with WebAssembly exception handling and JSTag support.The highest-risk scenario, they said, would be an…
The Privacy Risks of Embedded, Shadow AI in Healthcare

May 7, 2026 11:48 PM

Tags: ai, healthcare, intelligence, law, privacy, risk, software, technology, tool

Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/privacy-risks-embedded-shadow-ai-in-healthcare-i-5546
Europe Moves to Delay and Dilute AI Regulations

May 7, 2026 9:48 PM

Tags: ai, intelligence, law, regulation, risk

Trilogue Deal Carves Out Industrial AI, Adds Nudifier Ban. Lawmakers from Europe’s political institutions agreed to water down the continent’s landmark artificial intelligence regulation at a moment when the 2024 AI Act has barely started to be implemented. The law’s requirements for high-risk AI will likely only be enforced starting in December 2027. First seen…
Proof of Concept: Anatomy of a Breach – the Aftermath

May 7, 2026 9:48 PM

Tags: breach, risk

Blackbaud’s Attorneys Jon Olson and Ron Raether on Legal Risk, Trust and Recovery. In part three of the Anatomy of a Breach series, attorneys Jon W. Olson and Ron Raether examine what happens in the aftermath of a breach crisis. The experts discuss legal exposure, regulatory scrutiny and how early decisions can shape long-term trust,…
Financial stability risks are rising as AI fuels cyber-attacks, IMF warns; oil below $100 on Iran peace hopes as it happened

May 7, 2026 6:48 PM

Tags: ai, attack, business, container, cyber, finance, iran, middle-east, risk

Rolling coverage of the latest economic and financial news<ul><li><a href=”https://www.theguardian.com/business/2026/may/07/climate-campaigners-attack-shell-over-windfall-profits-from-iran-war”>Climate campaigners attack Shell over ‘windfall’ profits from Iran war</li></ul>The Danish shipping giant <strong>Maersk</strong> has maintained its profit guidance for the year, even as it reported a spike in fuel costs and warned that traffic through the strait of Hormuz “remains at a near standstill”.The company,…