Tag: risk

Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets

May 1, 2026 10:39 AM

Tags: ai, cyber, flaw, network, risk, update, vulnerability

The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The most critical bugs in this release allow for possible arbitrary code execution, elevating the risk…
Shadow AI risks deepen as 31% of users get no employer training

May 1, 2026 8:40 AM

Tags: ai, governance, risk, training

Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/01/shadow-ai-risks-it-oversight/
Shadow AI risks deepen as 31% of users get no employer training

May 1, 2026 8:40 AM

Tags: ai, governance, risk, training

Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/01/shadow-ai-risks-it-oversight/
Malicious PyTorch Lightning Packages Found on PyPI

May 1, 2026 5:39 AM

Tags: attack, best-practice, breach, cloud, control, credentials, data, data-breach, detection, endpoint, exploit, github, infrastructure, malicious, malware, network, open-source, pypi, risk, service, supply-chain, threat, tool, unauthorized, update

<div cla TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions. If downloaded, these malicious versions have likely…
‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform

May 1, 2026 1:39 AM

Tags: ai, api, attack, business, cloud, data, flaw, governance, intelligence, risk, tool, update, vulnerability

Bridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface, eliminate noise, and focus on the risks that matter most. Key takeaways As frontier AI models like Claude accelerate the pace of vulnerability discovery, security programs must shift their…
State CISOs Are Losing Confidence as AI Threats Surge

May 1, 2026 12:39 AM

Tags: ai, attack, ciso, cyber, data, risk, threat

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses. State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data. First seen on govinfosecurity.com Jump…
State CISOs Are Losing Confidence as AI Threats Surge

May 1, 2026 12:39 AM

Tags: ai, attack, ciso, cyber, data, risk, threat

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses. State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data. First seen on govinfosecurity.com Jump…
Socket Buys Secure Annex to Expand Supply-Chain Visibility

Apr 30, 2026 11:38 PM

Tags: ai, open-source, risk, software, supply-chain

Combined Platform Spans Dependencies, Extensions, Developer Tools. Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/socket-buys-secure-annex-to-expand-supply-chain-visibility-a-31562
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability

Apr 30, 2026 8:38 PM

Tags: access, ai, attack, browser, cisa, cloud, container, crypto, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, linux, mitigation, ransomware, risk, tool, update, vulnerability

A flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability in the Linux kernel reportedly affecting virtually every major distribution released…
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts

Apr 30, 2026 8:38 PM

Tags: chatgpt, openai, phishing, risk

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. First seen on wired.com Jump to article: www.wired.com/story/openai-chatgpt-codex-advanced-account-security/
Linux Kernel Flaw ‘Copy Fail’ Exposes Widespread Privilege Escalation Risk

Apr 30, 2026 7:39 PM

Tags: control, cve, flaw, linux, risk, vulnerability

A newly disclosed Linux kernel vulnerability is exposing a pathway for unprivileged users to gain full admin control on a wide range of systems. The flaw, identified as CVE-2026-31431 and dubbed Copy Fail, affects nearly all major Linux distros released over the past eight years. The issue stems from a logic error in the kernel’s..…
AI Adoption Fuels Rise in Identity Attack Path Risk

Apr 30, 2026 6:38 PM

Tags: ai, attack, identity, risk

A new SpecterOps report shows AI is driving identity risk, pushing organizations to prioritize attack path visibility and reduce exposure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-adoption-fuels-rise-in-identity-attack-path-risk/
The Top 3 Ways Criminals Use AI in Cyber Attacks

Apr 30, 2026 5:39 PM

Tags: ai, attack, cyber, risk, saas

AI-driven SaaS security risks grow fast. Here’s what to watch out for and how to prevent breaches. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-top-3-ways-criminals-use-ai-in-cyber-attacks/
Passwortsicherheit ist nur so gut wie deren Governance

Apr 30, 2026 3:38 PM

Tags: access, governance, risk

Jedes Jahr löst der Weltpassworttag dieselbe Diskussion aus. Und jedes Jahr treten Angreifer ungehindert durch dieselben offenen Türen. Zugangsdaten sind nach wie vor das am häufigsten ausgenutzte Einfallstor bei Sicherheitsverletzungen in Unternehmen. Das passiert nicht, weil das Risiko unbekannt wäre, sondern weil der Zugriff immer noch nicht entsprechend streng kontrolliert wird, wie es die Bedrohung…
Chargebacks911 warnt: KI-Shopping-Agenten lösen Fehlalarme aus und blockieren legitime Umsätze

Apr 30, 2026 1:39 PM

Tags: ai, risk

Die zentrale Frage ist nicht mehr, ob KI einkauft sondern ob Händler darauf vorbereitet sind. Denn das eigentliche Risiko liegt in der Fehlinterpretation legitimer Transaktionen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/chargebacks911-warnt-ki-shopping-agenten-loesen-fehlalarme-aus-und-blockieren-legitime-umsaetze/a44844/
WAF Defense in Crisis? NSFOCUS Locks Down “Ghost Bits” Attacks in Advance

Apr 30, 2026 12:39 PM

Tags: attack, defense, detection, flaw, risk, threat, waf

Incident Review In April 2026, Black Hat Asia 2026 disclosed a systematic security threat named Ghost Bits, targeting underlying encoding flaws in the Java ecosystem that can render mainstream WAF/IDS defenses completely ineffective. The core of this risk lies in inconsistent encoding interpretations of the same input between the security detection chain and the application……
Stopping the quiet drift toward excessive agency with re-permissioning

Apr 30, 2026 11:38 AM

Tags: access, ai, api, attack, ciso, control, data, finance, framework, injection, least-privilege, network, risk, risk-management, service, supply-chain, tool, unauthorized, update

Excessive agency directly proportional to over-permissioning: Organizations are worried about the level of autonomy AI introduces into their operational framework. Nearly three-quarters of organizations say agents often receive more access than necessary. It’s this excessive agency that needs to be reined in.In practice, unchecked autonomy within a particular workflow means the agent can access systems…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
Best AI security tools for exposure assessment in 2026

Apr 30, 2026 11:38 AM

Tags: ai, attack, risk, threat, tool

AI is transforming both attacks and defense. To avoid being outstripped by AI-powered adversaries, organizations need platforms that prioritize risk in real-time. Exposure management with AI is the next evolution in comprehensive cybersecurity. AI-powered exposure management, as embodied in continuous threat exposure management (CTEM) platforms, help security leaders keep an eye on the entire ecosystem,…
Cyber is the Number One Global “People Risk,” Says Marsh

Apr 30, 2026 11:38 AM

Tags: ai, cyber, risk, skills

Marsh’s 2026 People Risks survey finds cyber”‘related challenges dominate, as cyber”‘threat literacy tops risks and cyber and AI skills shortages rise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyber-number-one-global-people/
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals

Apr 30, 2026 10:39 AM

Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerability

Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
The Real Cost of a Data Breach for Small Businesses How to Prevent

Apr 30, 2026 8:39 AM

Tags: attack, breach, business, cyberattack, cybersecurity, data, data-breach, finance, risk, threat

Data breaches pose a serious threat to small businesses, often resulting in significant financial losses, operational downtime, and long-term trust erosion. This blog examines the real costs of cyberattacks on SMBs, including direct expenses, hidden operational impacts, and reputational damage that can exceed recovery costs. It outlines the most common attack types targeting small organizations…
Wer UCC nur als Meeting-Tool absichert, unterschätzt das Risiko – Unified Communication gehört heute zur kritischen Infrastruktur

Apr 30, 2026 8:39 AM

Tags: infrastructure, risk, tool

First seen on security-insider.de Jump to article: www.security-insider.de/ucc-sicherheit-kritische-infrastruktur-security-by-design-a-994134541ca28ca73ac75e67a35c50db/
Adaptive Security Leadership in an Expanding Threat Surface

Apr 30, 2026 5:39 AM

Tags: access, attack, automation, control, cyber, data, identity, least-privilege, resilience, risk, saas, service, technology, threat, zero-trust

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…
Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Apr 30, 2026 5:39 AM

Tags: credentials, exploit, flaw, microsoft, risk, update, windows

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-zero-click-flaw-incomplete-patch/
cPanel Vulnerability Exposes Servers to Takeover

Apr 29, 2026 11:40 PM

Tags: authentication, flaw, risk, vulnerability

A cPanel flaw allows authentication bypass and risks full server compromise, prompting urgent patching. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cpanel-vulnerability-exposes-servers-to-takeover/
Capability Deep Dive

Apr 29, 2026 6:39 PM

Tags: cloud, control, detection, mitigation, monitoring, oracle, risk, risk-management

The Two Control Gaps Oracle Risk Management Cloud (RMC) Can’t Provide: Mitigation, Monitoring, and Materialized Risk Detection Your Oracle environment will always have some elevated access. The real question is whether you can show it was controlled, monitored, and not misused over time. Problem: Some Oracle risks can’t be removed Some Oracle Segregation of Duties……
European Commission accuses Meta of breaching child safety rules

Apr 29, 2026 6:39 PM

Tags: risk, service

The platforms allegedly flouted the bloc’s Digital Services Act (DSA) by “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services,” the commission said. First seen on therecord.media Jump to article: therecord.media/european-commission-accuses-meta-of-breaching-digital-child-safety-laws