Tag: risk
-
Chance statt Risiko: Wie künstliche Intelligenz verantwortungsvoll eingesetzt wird
Künstliche Intelligenz entscheidet zunehmend darüber, ob Unternehmen in komplexen, dynamischen oder kritischen Situationen handlungsfähig bleiben und richtige Entscheidungen treffen. Das aktuelle Allianz Risk Barometer 2026 [1] zeigt: Über ein Viertel der deutschen Unternehmen sieht den KI-Einsatz inzwischen als Risiko insbesondere bei Haftungsfragen. Die rasante Verbreitung von GenAI-Systemen in Verbindung mit ihrer zunehmenden Nutzung in… First…
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
Treasury AI Plan Faces Calls for Enforceable Controls
Analysts Urge Mandatory Guardrails on AI Agents, Identity and Privilege. Security leaders are pressing Treasury to embed enforceable guardrails – covering adversarial testing, AI inventory, identity privilege mapping and real-time monitoring – into its forthcoming financial-sector AI guidance as deepfake fraud, data poisoning and autonomous agent risks escalate. First seen on govinfosecurity.com Jump to article:…
-
US dominance of agentic AI at the heart of new NIST initiative
Moving too slowly: According to Gary Phipps, head of customer success at agentic AI security startup Helmet Security, a problem with NIST is that its initiatives are being outpaced by real-world developments. “History says that anything NIST comes up with will likely not emerge fast enough to address agentic AI,” said Phipps.”From the time NIST…
-
Audit Finds Security Weaknesses at VA Spokane Medical Center
Access, Vulnerability Management, Configuration Lapses. A federal watchdog agency inspection of information security at the VA health system in Spokane, Wash. last year found deficiencies across three areas – configuration management, vulnerability management and access controls – that could potentially put sensitive data at risk, a new report said. First seen on govinfosecurity.com Jump to…
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
Texas Sues TP-Link Over Alleged Security Risks and Supply Chain Deception
Texas has sued TP-Link over alleged supply chain deception and router security flaws linked to Chinese threat actors. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/texas-sues-tp-link-over-alleged-security-risks-and-supply-chain-deception/
-
HHS burrows into identifying risks to health sector from third-party vendors
Tags: riskA department official speaking at CyberTalks said HHS is trying to help the sector on finding where those risks are. First seen on cyberscoop.com Jump to article: cyberscoop.com/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors/
-
ONCD official says Trump administration aims to bolster AI use for defense without increasing risk
Alexandra Seymour also talked about cyber workforce goals, including emulating Israel’s Unit 8200. First seen on cyberscoop.com Jump to article: cyberscoop.com/trump-administration-ai-cybersecurity-oncd-strategy/
-
AI-generated passwords are a security risk
AI-generated passwords are “highly predictable” and aren’t truly random, making them easier for cybercriminals to crack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-generated-passwords-are-a-security-risk/
-
NDSS 2025 Defending Against Backdoor Attacks On Graph Neural Networks Via Discrepancy Learning
Tags: attack, backdoor, conference, defense, framework, Internet, ml, network, risk, technology, threat, vulnerabilitySession 12D: ML Backdoors Authors, Creators & Presenters: Hao Yu (National University of Defense Technology), Chuan Ma (Chongqing University), Xinhang Wan (National University of Defense Technology), Jun Wang (National University of Defense Technology), Tao Xiang (Chongqing University), Meng Shen (Beijing Institute of Technology, Beijing, China), Xinwang Liu (National University of Defense Technology) PAPER DShield: Defending…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
How infostealers turn stolen credentials into real identities
Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-infostealers-turn-stolen-credentials-into-real-identities/
-
Forescout research points to record number of ICS vulnerabilities in 2025
Forescout has released new research warning that industrial control systems (ICS) are facing unprecedented levels of cyber risk, with 2025 marking the highest number of recorded vulnerabilities to date. The report, ICS Cybersecurity in 2026: Vulnerabilities and the Path Forward, reveals that 508 ICS advisories were published in 2025, covering a total of 2,155 vulnerabilities,…
-
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries, often all at the same time.Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about…
-
Texas sues TP-Link over Chinese hacking risks, user deception
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users’ devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-sues-tp-link-over-chinese-hacking-risks-user-deception/
-
From Exposure to Exploitation: How AI Collapses Your Response Window
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a “temporary” API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle.In 2026,…
-
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
srcset=”https://b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?quality=50&strip=all 1200w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=300%2C200&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=768%2C512&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=1024%2C683&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=150%2C100&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=1046%2C697&quality=50&strip=all 1046w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=252%2C168&quality=50&strip=all 252w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=126%2C84&quality=50&strip=all 126w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=720%2C480&quality=50&strip=all 720w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=540%2C360&quality=50&strip=all 540w, b2b-contenthub.com/wp-content/uploads/2026/02/OWASP1.png?resize=375%2C250&quality=50&strip=all 375w” width=”1024″ height=”683″ sizes=”auto, (max-width: 1024px) 100vw, 1024px”> Cyber NewsWireGovernance and Privilege Failures DominateThe highest-ranked risks for 2026 include:Access Control VulnerabilitiesBusiness Logic VulnerabilitiesPrice Oracle ManipulationFlash LoanFacilitated AttacksProxy & Upgradeability VulnerabilitiesAnalysis of 2025 incidents shows…
-
UK sounds alarm on rising cyber risks to businesses
The UK government launched a national campaign urging businesses to strengthen basic cyber defenses. The initiative follows new figures highlighting the scale of the threat. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/uk-government-businesses-cyber-campaign/
-
UK sounds alarm on rising cyber risks to businesses
The UK government launched a national campaign urging businesses to strengthen basic cyber defenses. The initiative follows new figures highlighting the scale of the threat. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/uk-government-businesses-cyber-campaign/
-
UK sounds alarm on rising cyber risks to businesses
The UK government launched a national campaign urging businesses to strengthen basic cyber defenses. The initiative follows new figures highlighting the scale of the threat. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/uk-government-businesses-cyber-campaign/
-
Hackers can turn Grok, Copilot into covert commandcontrol channels, researchers warn
Tags: ai, automation, awareness, cloud, control, detection, framework, governance, hacker, identity, monitoring, network, risk, saas, toolSteps to take: Security leaders should not respond by blocking AI outright, analysts said, but by applying the same governance discipline used for other high-risk SaaS platforms.Varkey recommended starting with a comprehensive inventory of all AI tools in use and establishing a clear policy framework for approving and enabling them.Organizations should also implement AI-specific traffic…
-
Cybersicherheit braucht Reife und keine Checklisten
Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln.Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder klopfen sich nach einem einzigen erfolgreichen Audit selbst auf die Schulter. Auf dem Papier mag das produktiv aussehen, aber in Wirklichkeit schafft es ein…
-
Shadow Machines: The Non-Human Identities Exposing Your Cloud AI Stack
Tags: access, ai, api, authentication, automation, business, cloud, compliance, container, control, credentials, data, encryption, framework, governance, iam, identity, infrastructure, iot, jobs, login, mfa, password, risk, risk-management, saas, service, software, strategy, supply-chain, toolShadow Machines: The Non-Human Identities Exposing Your Cloud & AI Stack madhav Thu, 02/19/2026 – 06:30 The machines we don’t see are the ones running our businesses. Unfortunately, most IAM systems do not track them. In an ironic twist, the ghost in the machine has become the machine itself: invisible, autonomous, and increasingly beyond human…
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…