Tag: software
-
NHS cyber resilience deal signals shift toward specialist MSSPs, says Check Point
Healthcare and public sector organisations are increasingly turning away from generalist managed security service providers (MSSPs) in favour of specialists with deeper technical expertise, and a recent NHS deployment is being held up as a case study in why that shift matters. Check Point Software has highlighted the growing demand for specialist MSSPs as organisations…
-
Check Point Becomes One of First Security Vendors to Embed OpenAI Frontier Models in Live Customer Defences
Check Point Software has announced it is embedding OpenAI’s frontier cyber capabilities directly into its customer-facing security products, becoming one of a select group of vendors accepted into OpenAI’s Daybreak Cyber Partner Programme. The move represents a significant escalation in the deployment of advanced AI in enterprise security, not as a back-end research tool but…
-
Black Duck Lands Leader Spot in Gartner’s Brand-New Software Supply Chain Security Magic Quadrant
Application security firm Black Duck has been named a Leader in Gartner’s first-ever Magic Quadrant for Software Supply Chain Security, the company announced today. The inaugural report assessed 18 vendors against two axes, Completeness of Vision and Ability to Execute, and placed Black Duck firmly in the Leaders quadrant. The timing of the report reflects…
-
Overwhelming support for Microsoft SMS designation in CMA responses
Some 25 organisations back Strategic Market Status for Microsoft’s business software ecosystem, while the Open Cloud Coalition estimates £60m in annual public sector costs First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366645005/Overwhelming-support-for-Microsoft-SMS-designation-in-CMA-responses
-
Security testing was built for a slower world
Software teams are pushing code into production faster than security testing can keep up. AI is accelerating development cycles and adding pressure to security programs that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/24/ai-security-testing-report/
-
Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices
Samsung’s KNOX flaw (CVE-2026-20971) is a kernel UAF in PROCA/FIVE that can enable corruption via a race; Samsung patched it in Jan 2026. Experts found a nasty kernel flaw in Samsung’s KNOX stack, and the uncomfortable part is where it lived: inside the software designed to raise the bar for attackers. CVE-2026-20971 is a use-after-free…
-
Xsolis Hack Affecting 1.4M Raises AI Vendor Risk Concerns
Experts Urge Health Sector Organizations to Strengthen AI Governance, Oversight. A Tennessee-based vendor of AI-powered business decision support software for healthcare providers and insurers is notifying nearly 1.4 million people that their information was compromised in a recent hack. Experts said the incident spotlights growing risks to healthcare by AI-tech vendors. First seen on govinfosecurity.com…
-
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows
The CI/CD workflow weakness affects Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris analytics database, Cloudflare’s Workers SDK, and Python Software Foundation’s Black. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows
-
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the…
-
OpenAI Expands Daybreak to Help Defenders Patch Flaws
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-daybreak-gpt-5-5-cyber/
-
KI-Entwicklung schreitet schneller voran als Compliance und Datenkontrolle folgen können
Eine neue Studie von Veeam Software, dem Unternehmen für Data- und AI-Trust, zeigt eine zunehmende Compliance-Kluft in Unternehmen der EMEA-Region. 99 % der befragten Entscheidungsträger sind zwar der Meinung, dass Datenhoheit von entscheidender Bedeutung ist. Allerdings rückt die Mehrheit (72,5 %) das Thema zugunsten beschleunigter KI-Einführung in den Hintergrund. Das Ergebnis: KI-Workflows sind zur größten…
-
LG and Samsung Smart TV Apps Found Monetizing Users’ IP Addresses via Proxy SDKs
A large-scale analysis of smart TV applications has revealed that thousands of apps available on LG webOS and Samsung Tizen platforms are covertly transforming consumer devices into residential proxy nodes, raising significant security and privacy concerns. Researchers scanned 6,038 smart TV applications and identified 2,058 apps that embed proxy software development kits, monetizing users’ internet…
-
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication…
-
Over 2,000 LG and Samsung Smart TV Apps Found Running Residential Proxy SDKs
A large-scale analysis of smart TV applications has revealed that thousands of apps available on LG webOS and Samsung Tizen platforms are covertly transforming consumer devices into residential proxy nodes, raising significant security and privacy concerns. Researchers scanned 6,038 smart TV applications and identified 2,058 apps that embed proxy software development kits, monetizing users’ internet…
-
Neue Initiative von OpenAI – ‘Patch the Planet” soll kritische Open-Source-Software stärken
Bei ‘Patch the planet” sollen KI-Sicherheitsanalysen mit menschlicher Expertise kombiniert werden, um Schwachstellen schneller zu erkennen. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/neue-initiative-von-openai-patch-the-planet-soll-kritische-open-source-software-staerken.98050
-
Neue Initiative von OpenAI – ‘Patch the Planet” soll kritische Open-Source-Software stärken
Bei ‘Patch the planet” sollen KI-Sicherheitsanalysen mit menschlicher Expertise kombiniert werden, um Schwachstellen schneller zu erkennen. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/neue-initiative-von-openai-patch-the-planet-soll-kritische-open-source-software-staerken.98050
-
A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security
A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/codex-security-ai-security-auditing/
-
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it’s releasing an improved version of its GPT”‘5.5″‘Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month.Calling GPT”‘5.5″‘Cyber its “strongest model yet for finding and helping patch software vulnerabilities,” OpenAI said the model can “sustain deeper analysis across large codebases” to identify…
-
Only 7% of companies are ready for the AI agents they deployed
Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/ai-trust-gap-research/
-
North Korean Hackers Poison Mastra AI Framework
Tags: ai, attack, backdoor, credentials, framework, hacker, malicious, microsoft, north-korea, software, supply-chain, theft, toolMore Than 140 npm Packages Carried Credential-Stealing Code. Microsoft says North Korean-linked BlueNoroff compromised a Mastra npm maintainer account and published more than 140 malicious packages, using a software supply-chain attack to distribute infostealers, backdoors and credential theft tools through AI development environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korean-hackers-poison-mastra-ai-framework-a-32042
-
New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available
Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with physical access. The post New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-usbliter8-securerom-exploit-june-2026/
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Plant” initiative to fix open-source software bugs. First seen on wired.com Jump to article: www.wired.com/story/openai-launches-full-scale-effort-to-patch-open-source-bugs-as-it-takes-on-anthropics-mythos/
-
GentleKiller Framework Disables Victims’ Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gentlekiller-gentlemen-ransomware/
-
Novo Nordisk Breach Highlights Software Development Pipeline Risk
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk

