Tag: risk
-
Predicting 2026
In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/predicting-2026/
-
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026
Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
-
Modern Executive Protection: Digital Exposure Physical Risk
Tags: riskNisos Modern Executive Protection: Digital Exposure & Physical Risk Executive protection has long focused on physical security measures such as trained personnel, secure travel, and site assessments… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/modern-executive-protection-digital-exposure-physical-risk/
-
News alert: Panorays study finds most CISOs lack vendor visibility as supply chain attacks climb
NEW YORK, Jan. 14, 2026, CyberNewswire, Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/news-alert-panorays-study-finds-most-cisos-lack-vendor-visibility-as-supply-chain-attacks-climb/
-
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads
Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk? First seen on hackread.com Jump to article: hackread.com/years-old-vulnerable-apache-struts-2-downloads/
-
From typos to takeovers: Inside the industrialization of npm supply chain attacks
Tags: access, application-security, attack, automation, backdoor, blockchain, breach, control, credentials, cybersecurity, github, gitlab, malicious, malware, phishing, radius, risk, supply-chain, threat, update, wormFrom typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead…
-
Data-Resilience 2026 die Scorecard, die IT-Führungskräfte kennen sollten
Welchen Herausforderungen und Risiken waren die digitalen Infrastrukturen im Jahr 2025 ausgesetzt, und welche zentralen Anforderungen für eine widerstandsfähige Datenarchitektur leiten sich daraus im Jahr 2026 ab? Insbesondere KI-Bereitschaft, Unveränderbarkeit, Souveränität und Cloud-Resilienz stehen im Fokus. Eine Scorecard signalisiert mit grünen Signalen eine zukunftssichere Datenbasis und rote Warnsignale zeigen auf verborgene Risiken wie Vendor-Lock-in, ungetestete……
-
CISOs flag gaps in third-party risk management
Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/15/panorays-cisos-ai-vendor-risk/
-
Neue Regeln, neue Risiken: Die wichtigsten ITHandlungsfelder für 2026
In Deutschland müssen 2026 zahlreiche neue Vorschriften im Bereich IT-Security eingehalten werden, unter anderem zur Umsetzung von EU-Vorgaben. Sie erfordern angepasste, überarbeitete oder sogar neue Ansätze für die Compliance. Hinzu kommen weiter steigende Gefahren durch KI-basierte Attacken, Cybercrime-as-a-Service und erweiterte Angriffsflächen. Unter diesen Bedingungen reichen klassische, überwiegend reaktive Verteidigungsmodelle immer weniger aus. Sicherheit muss… First…
-
Sophisticated VoidLink malware framework targets Linux cloud servers
Cloud reconnaissance and adaptability: The malware was designed to detect whether it’s being executed on various cloud platforms such as AWS, GCP, Azure, Alibaba, and Tencent and then to start leveraging those vendors’ management APIs. The code suggests the developers plan to add detections for Huawei, DigitalOcean, and Vultr in the future.The malware collects extensive…
-
Incorporating Geopolitical Risk Into Your IT Strategy
Scenario Planning Must Model Disruption, Strengthen Cyber Basics, Build Redundancy. IT organizations know how to plan for outages, but even the most rigorously designed strategy is vulnerable to the shifting winds of geopolitics. CIOs and technology leaders need to know how their organizations will respond to geopolitical disruptions, and scenario planning needs to be a…
-
Output from vibe coding tools prone to critical security flaws, study finds
checking agents, which, of course, is where Tenzai, a small startup not long out of stealth mode, thinks it has found a gap in the market for its own technology. It said, “based on our testing and recent research, no comprehensive solution to this issue currently exists. This makes it critical for developers to understand…
-
The multibillion-dollar AI security problem enterprises can’t ignore
AI agents are supposed to make work easier. Butthey’realso creating a whole new category of security nightmares. As companies deploy AI-powered chatbots, agents, and copilots across their operations, they’re facing a new risk: How do you let employees and AI agents use powerful AI tools without accidentally leaking sensitive data, violating compliance rules, or opening…
-
How WitnessAI raised $58M to solve enterprise AI’s biggest risk
As companies deploy AI-powered chatbots, agents, and copilots across their operations,they’refacing a new risk: how do you let employees and AI agents use powerful AI tools without accidentally leaking sensitive data, violating compliance rules, oropening the door to prompt-based injections? Witness AI just raised $58 million to find a solution, building what they call >>the…
-
How WitnessAI raised $58M to solve enterprise AI’s biggest risk
As companies deploy AI-powered chatbots, agents, and copilots across their operations,they’refacing a new risk: how do you let employees and AI agents use powerful AI tools without accidentally leaking sensitive data, violating compliance rules, oropening the door to prompt-based injections? Witness AI just raised $58 million to find a solution, building what they call >>the…
-
How WitnessAI raised $58M to solve enterprise AI’s biggest risk
As companies deploy AI-powered chatbots, agents, and copilots across their operations,they’refacing a new risk: how do you let employees and AI agents use powerful AI tools without accidentally leaking sensitive data, violating compliance rules, oropening the door to prompt-based injections? Witness AI just raised $58 million to find a solution, building what they call >>the…
-
Beyond Testing: API Security as the Foundational Intelligence for an ‘industry leader’-Level Security Strategy
Tags: ai, api, application-security, attack, business, ciso, communications, container, data, detection, gartner, governance, intelligence, risk, service, strategy, technology, tool, vulnerabilityIn today’s security landscape, it’s easy to get lost in a sea of acronyms. But one layer has become the undisputed foundation for modern application security: API security. Why? Because APIs are no longer just part of the application, they are the application. They are the connective tissue for microservices, third-party data, and the explosive…
-
The multi-billion AI security problem enterprises can’t ignore
AI agents are supposed to make work easier. Butthey’realso creating a whole new category of security nightmares. As companies deploy AI-powered chatbots, agents, and copilots across their operations, they’re facing a new risk: how do you let employees and AI agents use powerful AI tools without accidentally leaking sensitive data, violating compliance rules, or opening…
-
Living Security Adds AI Engine to Surface Risky End User Behavior
Living Security revealed it is beta testing an artificial intelligence (AI) engine on its platform that continuously analyzes billions of signals to predict risk trajectories, recommend the most effective actions, and automate routine interventions to better secure employees and, by extension, AI agents. Dubbed Livvy, the AI engine is being added to a Human Risk..…
-
AI surges among top business risk concerns, while cybersecurity holds firm
A report from Allianz Commercial shows the rapid embrace of AI is posing new challenges for enterprise leaders. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-surges-business-risk-cybersecurity-holds/809620/
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
CrowdStrike to add browser security to Falcon with Seraphic acquisition
Gen AI altering browser risk: Generative AI has fundamentally altered the browser risk profile. Gogia noted that the browser is now a bidirectional data exchange, where employees routinely feed sensitive context into AI systems. Most of this activity happens outside formal enterprise governance. Copying internal data into AI prompts, uploading files for summarisation, or using…
-
US cybersecurity weakened by congressional delays despite Plankey renomination
Tags: business, cisa, cyber, cybersecurity, government, infrastructure, law, network, risk, strategy, threatCISA 2015 reauthorization: Likely, but late and suboptimal: A major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which expired on Sept. 30, was temporarily revived on Nov. 13 and given a two-month lease on life through Jan. 30, 2026. The law provides critical legal liability protections that enable cyber threat…
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
MS-ISAC Flags High-Risk Security Flaws in Fortinet Products
A new cybersecurity advisory from the Multi-State Information Sharing and Analysis Center (MS-ISAC) is alerting organizations to multiple vulnerabilities affecting Fortinet products, some of which could allow attackers to execute arbitrary code on impacted systems. The advisory, identified as MS-ISAC Advisory 2026-003, was issued on January 13, 2026, and applies to a wide range of enterprise, government, and education-focused…
-
Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps
As software supply chains become longer and more interconnected, enterprises have become well aware of the need to… First seen on hackread.com Jump to article: hackread.com/survey-rapid-ai-adoption-cyber-risk-visibility-gaps/
-
CISO Assistant: Open-source cybersecurity management and GRC
CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/14/ciso-assistant-open-source-cybersecurity-management-grc/
-
2026 Study from Panorays: 85% of CISOs Can’t See Third-Party Threats Amid Increasing Supply Chain Attacks
New York, NY, January 14th, 2026, CyberNewsWire Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk as one of the most critical challenges facing security leaders today, driven largely by a lack of…