Tag: risk
-
Why Passwordless Authentication Is Critical for Online Learning Student Services
Passwordless authentication reduces risk and friction in online learning. See how passwordless login protects accounts, boosts access, and supports student services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/why-passwordless-authentication-is-critical-for-online-learning-student-services/
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Measuring Agentic AI Posture: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits
51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
-
Seven habits that help security teams reduce risk without slowing delivery
Tags: riskThe right habits change everything First seen on theregister.com Jump to article: www.theregister.com/2026/01/29/seven_habits_that_help/
-
From Quantum to AI Risks: Preparing for Cybersecurity’s Future
As 2026 begins, these journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications, in the latest edition of Reporters’ Notebook. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/quantum-ai-risks-cybersecuritys-future
-
Outtake Gets $40M to Grow Automated Threat Response
Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated Spaces. Outtake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup’s agent-led model stands apart by replacing manual labor with scalable AI workflows. First seen on govinfosecurity.com Jump to…
-
AI, Deepfakes Are Top Risks for Financial Crime Specialists
ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection. The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists…
-
Salt Security Brings >>Plain English<< Clarity to API Security
Salt Security has unveiled a suite of new intelligent analysis features designed to solve the critical >>Context Crisis<>Plain English<< Clarity to API Security appeared first on IT Security Guru. First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2026/01/29/salt-security-brings-plain-english-clarity-to-api-security/
-
Employment Fraud Hiring Risk: When Access Becomes Risk
Nisos Employment Fraud & Hiring Risk: When Access Becomes Risk Hiring has long been treated as an administrative function. Once a candidate clears background checks and completes onboarding, trust is assumed… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/employment-fraud-hiring-risk-when-access-becomes-risk/
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
New CISA Guidance Targets Insider Threat Risks
CISA urges action against insider threats with publication of a new infographic offering strategies to manage risks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-targets-insider-threat-risks/
-
MIND Extends DLP Reach to AI Agents
MIND extends its data loss prevention platform to secure agentic AI, enabling organizations to discover, monitor, and govern AI agents in real time to prevent sensitive data exposure, shadow AI risks, and prompt injection attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/mind-extends-dlp-reach-to-ai-agents/
-
MIND Extends DLP Reach to AI Agents
MIND extends its data loss prevention platform to secure agentic AI, enabling organizations to discover, monitor, and govern AI agents in real time to prevent sensitive data exposure, shadow AI risks, and prompt injection attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/mind-extends-dlp-reach-to-ai-agents/
-
MIND Extends DLP Reach to AI Agents
MIND extends its data loss prevention platform to secure agentic AI, enabling organizations to discover, monitor, and govern AI agents in real time to prevent sensitive data exposure, shadow AI risks, and prompt injection attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/mind-extends-dlp-reach-to-ai-agents/
-
Critical RCE bugs expose the n8n automation platform to host”‘level compromise
Python code node escape breaks isolation: JFrog also identified a separate sandbox escape affecting n8n’s Python Code node when the platform is configured to use its “Internal” execution mode. In this case, restrictions intended to contain Python code execution can be bypassed, again allowing authenticated users to run arbitrary code outside the sandbox.The second issue,…
-
SoundCloud Data Breach: Nearly 30 Million Accounts Confirmed Exposed
SoundCloud has confirmed that a significant data breach first detected in December 2025 affected approximately 29.8 million user accounts. New verification of the leaked data clarifies the scope of the incident and highlights the practical risks for users of the music and audio platform. The breach did not involve a direct break-in to SoundCloud’s main……
-
QA: Why Cybersecurity Is Now a Core Business Risk, Not Just a Technical Problem
Tags: attack, business, cyber, cybersecurity, data, government, infrastructure, resilience, risk, supply-chain, threatCybersecurity threats are escalating in scale and sophistication, and organisations around the world are scrambling to keep pace with the evolving digital risk landscape. Governments and corporations alike face increasing pressure to strengthen cyber resilience as attacks extend across critical infrastructure, supply chains and data systems with growing frequency. At the forefront of national and…
-
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk. Three strategic steps you can take this year…
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
NSFOCUS Unveils Enhanced AI LLM Risk Threat Matrix for Holistic AI Security Governance
SANTA CLARA, Calif., Jan 29, 2026 Security is a prerequisite for the application and development of LLM technology. Only by addressing security risks when integrating LLMs can businesses ensure healthy and sustainable growth. NSFOCUS first proposed the AI LLM Risk Threat Matrix in 2024. The Matrix addresses security from multiple perspectives: foundational security, data security,…The…
-
NIST’s AI guidance pushes cybersecurity boundaries
Tags: access, ai, ciso, control, cybersecurity, data, defense, exploit, framework, intelligence, nist, risk, risk-assessment, software, threatThe limits of ‘AI is just software’: NIST’s instinct to frame AI as an extension of traditional software allows organizations to reuse familiar concepts, risk assessment, access control, logging, defense in depth, rather than starting from zero. Workshop participants repeatedly emphasized that many controls do transfer, at least in principle.But some experts argue that the…
-
10 Anzeichen für einen schlechten CSO
Sind IT-Mitarbeiter unzufrieden, kann das an schlechten Führungskräften oder an einer unzureichenden IT-Strategie liegen.Unternehmen können die für sie allgemein schlechte Lage am Arbeitsmarkt kaum beeinflussen. Doch sie können einige Faktoren vermeiden, die zu Kündigungen durch Mitarbeitende führen. Dazu gehört insbesondere eine schlechte Führung, die fähige Fachkräfte vergrault. Hier sind die 10 wichtigsten Anzeichen, an denen…
-
Crooks are hijacking and reselling AI infrastructure: Report
Tags: access, ai, api, attack, authentication, business, cloud, communications, control, credentials, cybersecurity, data, data-breach, endpoint, exploit, firewall, group, infosec, infrastructure, intelligence, Internet, LLM, malicious, marketplace, risk, service, skills, technology, theft, threat, training, vulnerabilityexposed endpoints on default ports of common LLM inference services;unauthenticated API access without proper access controls;development/staging environments with public IP addresses;MCP servers connecting LLMs to file systems, databases and internal APIs.Common misconfigurations leveraged by these threat actors include:Ollama running on port 11434 without authentication;OpenAI-compatible APIs on port 8000 exposed to the internet;MCP servers accessible without…
-
How do autonomous agents decide in secure environments
How Safe Are Autonomous Agents in Your Cloud Environment? Have you ever considered the security risks posed by autonomous agents in your organization’s cloud environment? With technology advances, the rise of machine identities or Non-Human Identities (NHIs) has become a focal point in contemporary cybersecurity discussions. These NHIs operate much like a “tourist” with a……
-
Critical bug in popular vm2 Node.js sandboxing library puts projects at risk
Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed,” the official advisory reads. “This allows attackers to escape the sandbox and run arbitrary code.” Sandboxes like vm2 are needed by web and other Node-based applications whose functionality enables users or tools to upload and execute scripts. Because user-controlled code is untrusted by nature, it cannot be allowed…
-
OpenSSL Vulnerabilities Cause Risk of Remote Code Execution
OpenSSL patched 12 flaws found by AISLE, including a high-severity bug that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openssl-vulnerabilities-cause-risk-of-remote-code-execution/