Tag: risk
-
Eine neue Klasse operativer und sicherheitsrelevanter Risiken: KI-Agenten
OWASP hat erstmals die Top 10 for Agentic Applications veröffentlicht. Der Bericht macht deutlich, welche erheblichen geschäftlichen Risiken von agentischer KI ausgehen können insbesondere, weil diese Systeme eigenständig Entscheidungen treffen und ohne menschliches Eingreifen handeln [1]. Dazu ein Kommentar von Keren Katz, Co-Lead, OWASP Agentic AI Project; Senior Group Manager of AI Security,… First seen…
-
Cybersecurity Snapshot: Predictions for 2026: AI Attack Acceleration, Automated Remediation, Custom-Made AI Security Tools, Machine Identity Threats, and More
Tags: access, ai, attack, automation, breach, ciso, cloud, computer, conference, control, cyber, cybersecurity, data, data-breach, defense, detection, exploit, governance, group, identity, intelligence, mitigation, risk, service, threat, tool, zero-dayIn this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahead. Key takeaways AI will supercharge the speed and volume of traditional cyber…
-
Starlink to lower orbits of thousands of satellites over safety concerns
Tags: riskMove will see spacecraft shift from 550 km to 480 km as collision risks rise First seen on theregister.com Jump to article: www.theregister.com/2026/01/02/starlink_lower_orbits/
-
Critical Flaw Puts WHILL Electric Wheelchairs at Risk of Hijacking
A critical Bluetooth flaw could allow nearby attackers to remotely control WHILL electric wheelchairs, posing serious safety risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/critical-flaw-puts-whill-electric-wheelchairs-at-risk-of-hijacking/
-
Why 47-Day TLS and SSL Certificate Renewal Cycles Alarm CIOs
Visibility Gaps Increase the Risk of Certificate-Driven Outages. Moving to 47-day TLS and SSL certificate renewal cycles by 2029 will turn certificate management into an enterprise risk. Automation and crypto-governance are now board-level imperatives. Enterprises can prepare for continuous renewal cycles without losing resilience, says Sectigo CEO Kevin Weiss. First seen on govinfosecurity.com Jump to…
-
ISMG Editors: How AI Is Reshaping Cybersecurity Strategy
Also: Leadership Decisions Shaping Cybersecurity in 2026. Security leaders are heading into 2026 facing growing pressure from AI-driven risks, limited resources and an increasingly complex threat landscape. Sean Mack, who leads ISMG’s CXO Advisor practice, joined ISMG editors to discuss how these forces are reshaping security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-how-ai-reshaping-cybersecurity-strategy-a-30430
-
Best of 2025: NIST Launches Updated Incident Response Guide
Tags: cybersecurity, framework, guide, incident response, nist, risk, risk-management, technology, updateThe National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should……
-
GNU Wget2 Vulnerability Enables Remote File Overwrite Attacks
A high-severity security flaw has been discovered in GNU Wget2, a popular command-line tool used for downloading files from the web. The vulnerability, tracked as CVE-2025-69194, allows remote attackers to overwrite files on a user’s computer without their permission. This issue is rated asImportantwith a CVSS score of8.8 (High), indicating a significant risk to users who rely…
-
Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
Cybersecurity experts discuss 2026 predictions, highlighting the rise of AI-driven threats, the shift to resilience over prevention, and the urgent need for advanced security measures to combat evolving risks First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cybersecurity-predictions-for-2026-navigating-the-future-of-digital-threats
-
How SaaS Management Reduces Organizational Risk and Improves GRC Outcomes
As enterprises increasingly rely on SaaS applications to run critical business functions, risk management and compliance challenges are becoming more complex and less visible. Traditional governance models were not designed to account for the scale, speed, and decentralization of modern SaaS environments. Addressing this gap requires a closer connection between operational visibility and governance, risk,……
-
Cybersecurity skills matter more than headcount in the AI era
Tags: ai, cloud, cybersecurity, data, finance, jobs, risk, skills, technology, threat, tool, training, vulnerabilityAI adoption accelerates: The research found that AI adoption is accelerating quickly, with 28% of respondents reporting that they have already integrated AI tools into their operations and 69% involved in some level of adoption, through integration, active testing, or early evaluation.”What stands out is how fast AI has moved from experimentation into day-to-day operations.…
-
Wie KI die Cybersicherheit neu gestaltet
Tags: ai, ciso, cloud, cyber, cyberattack, cybersecurity, cyersecurity, data, encryption, gartner, governance, group, guide, hacker, incident response, infrastructure, microsoft, phishing, resilience, risk, sans, soc, supply-chain, threat, tool, vulnerability-managementKünstliche Intelligenz und insbesondere Generative KI dringt immer tiefer in die Sicherheitsprozesse vor.Generative KI (GenAI) ist zu einem allgegenwärtigen Werkzeug in Unternehmen geworden. Laut einer Umfrage der Boston Consulting Group nutzen 50 Prozent der Unternehmen die Technologie, um Arbeitsabläufe neu zu gestalten. 77 Prozent der Befragten sind überzeugt, dass KI-Agenten in den nächsten drei bis…
-
48-Stunden-Angriff zeigt Risiken ungepatchter Edge-Komponenten – So führte eine ungepatchte Firewall zur kompletten Netzwerkübernahme
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-angriff-netzwerkuebernahme-a-2e03ed1ebe27b072563dcdb1f0b59306/
-
How are SOC teams empowered by advanced Machine Identity Management
How Can Machine Identity Management Optimize Security Operations? In cybersecurity, how can organizations effectively minimize risks associated with unmanaged Non-Human Identities (NHIs)? Where businesses continue to depend heavily on cloud infrastructures and automated processes, understanding the strategic significance of NHIs becomes paramount, particularly for Security Operations Centers (SOC) teams tasked with safeguarding digital. With NHIs……
-
Identity Security 2026: Four Predictions & Recommendations
Agentic AI adoption and identity security risks, IGA expands in mid-market, SOC-identity team collaboration, and identity platform consolidation”, this 2026 predictions post previews identity trends. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-security-2026-predictions-and-recommendations
-
What Kevin Bacon Can Teach You About Cybersecurity Careers
Systems Thinking, Not Tools, Increasingly Separates Senior Talent From Peers The Six Degrees of Kevin Bacon game shows how quickly distance disappears once connections are traced. Cybersecurity careers work the same way. Advancement depends on understanding how your work connects to indirect risk, supply chain failures and business outcomes beyond your role. First seen on…
-
Identity Security 2026: Four Predictions and Recommendations
Agentic AI adoption and identity security risks, IGA expands in mid-market, SOC-identity team collaboration, and identity platform consolidation”, this 2026 predictions post previews identity trends. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-security-2026-predictions-and-recommendations
-
Governance und Technik sichern KI-generierten Code – KI-Coding-Tools steigern Produktivität und das Risiko gleichermaßen
First seen on security-insider.de Jump to article: www.security-insider.de/ki-coding-risiko-produktivitaet-a-58baba6d765452f24331dc77086d7ef2/
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
Risk-Based User Sign-In Protection Strategies
Learn how to implement risk-based user sign-in protection strategies. Explore adaptive mfa, contextual signals, and ciam best practices for secure software development. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/risk-based-user-sign-in-protection-strategies/
-
Daran scheitert Passwordless
Passwortlose Authentifizierung im Unternehmen einzuführen, ist nur auf dem Papier einfach.Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026″ von RSA (Download gegen Daten)…
-
So geht Post-Incident Review
Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen wenn sie richtig aufgesetzt sind.Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die…
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas
OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered…
-
75,000 MongoDBs Exposed as Attackers Exploit ‘MongoBleed’
Tags: data, data-breach, exploit, flaw, group, Internet, mitigation, ransomware, risk, software, vulnerabilityPatches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal Data. Tens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice. First seen on…
-
Top 5 real-world AI security threats revealed in 2025
Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerabilityA critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
-
Welche Compliance-Risiken beschert KI deutschen Unternehmen Vom Regelhüter zum Risikonavigator
Das Interview mit Oliver Riehl, Regional Vice President DACH bei NAVEX, beleuchtet die Herausforderungen und Chancen, die künstliche Intelligenz (KI) für deutsche Unternehmen im Bereich Compliance mit sich bringt. Riehl betont, dass KI helfen kann, Ordnung in die wachsende Komplexität der Regularien zu bringen, jedoch eine gute Governance und klare Richtlinien erforderlich sind, um effektiv…