Tag: tool
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfront, modern operators chain trusted utilities to gain SYSTEM access, kill security processes, and then encrypt at scale. Because many of these…
-
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT.”The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating First seen on thehackernews.com Jump to article:…
-
The AI Arms Race Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments.This is the defining challenge of the new era of digital warfare: the…
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
The external pressures redefining cybersecurity risk
Tags: access, ai, attack, breach, business, ciso, control, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, governance, guide, incident response, injection, network, nist, resilience, risk, risk-management, supply-chain, technology, threat, toolAI is accelerating both the attackers and your defenses, but governance is often missing : What I see generative AI doing in cybersecurity is accelerating what attackers can do and lowering the cost of entry for new criminal gangs. Cyberattacks are more potent because the technology makes it easier to target victims, create deepfake videos or…
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
Databricks betritt mit KI-gestützten SIEM ‘Lakewatch” den Security-Markt
Databricks will mehr als nur ein weiteres SIEM-Tool liefern. Es geht um eine Plattform, die Sicherheit konsequent aus der Datenperspektive denkt First seen on infopoint-security.de Jump to article: www.infopoint-security.de/databricks-steigt-mit-neuem-siem-lakewatch-im-security-markt-ein/a44442/
-
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new 2026 campaigns. Security researchers have already tracked more than a hundred tax-themed operations worldwide, with a noticeable increase in the use of legitimate RMM…
-
Hottest cybersecurity open-source tools of the month: March 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/hottest-cybersecurity-open-source-tools-of-the-month-march-2026/
-
Kernel Observability for Data Movement
Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking. First seen on hackread.com Jump to article: hackread.com/kernel-observability-for-data-movement/
-
Wave Browser Brings Gaming Tools and Ocean Cleanup into the Same Tab
Tags: toolWave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity. First seen on hackread.com Jump to article: hackread.com/wave-browser-gaming-tools-ocean-cleanup-tab/
-
FIRESIDE CHAT: AI gives rise to a semantic attack surface, forcing a new class of network defense
SAN FRANCISCO, Enterprises rushing to deploy AI in their operations are opening a security exposure most of their existing tools were never designed to address. That’s the hard message coming out of RSAC 2026, and it’s one worth… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fireside-chat-ai-gives-rise-to-a-semantic-attack-surface-forcing-a-new-class-of-network-defense/
-
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV
A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV. This evolution allows attackers to bypass traditional script-based detection mechanisms, increasing the likelihood of a successful, stealthy compromise. The attack begins similarly to earlier ClickFix…
-
Android 17 tweaks location privacy with one-time access
Google introduced a suite of location privacy features in Android 17 Beta 3 to give users more control and provide developers with tools for data minimization and product … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/android-location-privacy-features-control/
-
SystemRescue 13 updates its kernel to Linux 6.18 LTS, adds new recovery tools
Bootable Linux recovery environments occupy a specific niche in the systems administration and incident response toolkit. SystemRescue, an Arch-based live distribution built … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/systemrescue-13-released/
-
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/shipsec-studio-security-workflow-automation-platform/
-
VoidLink Proves AI-Assisted Malware Is No Longer Experimental
VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing self-hosted models, abusing agentic AI architectures, and probing enterprise GenAI usage as a fresh attack…
-
Attribute-Based Access Control for AI Capability Negotiation
Learn how Attribute-Based Access Control (ABAC) secures AI capability negotiation and MCP deployments against quantum threats and tool poisoning. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attribute-based-access-control-for-ai-capability-negotiation/
-
Malicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” Attack
A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact with AI tools in isolated tabs, manually copying and pasting content for analysis or summarization.…
-
Fake Certificate Loader Hides BlankGrabber Malware Chain
BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…
-
RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging
SAN FRANCISCO, Forty-four thousand cybersecurity practitioners converged on Moscone Center this week with an urgent question: how do you secure a network when everything, the technology, the threats, the tools, is changing faster than anyone can govern… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/rsac-2026-no-easy-fixes-for-expanding-ai-attack-surface-but-a-coordinated-response-is-emerging/
-
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
Tags: ai, attack, credentials, cyber, exploit, group, hacker, intelligence, malicious, security-incident, supply-chain, threat, toolThe FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial intelligence software. By exploiting weak credential management and leveraging AI-assisted coding, the group distributed malicious…
-
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.”The pipeline had a single boolean return value that meant both ‘no scanners are configured’…
-
Erpressungen erwartet: Hacker wollen riesige Supply-Chain-Attacke zu Geld machen
Nach verheerenden Attacken auf Trivy, LiteLLM und andere Tools will TeamPCP massenhaft eingesammelte Zugangsdaten für Ransomware-Angriffe einsetzen. First seen on golem.de Jump to article: www.golem.de/news/erpressungen-erwartet-hacker-wollen-riesige-supply-chain-attacke-zu-geld-machen-2603-206984.html
-
RSAC Focuses Cybersecurity Insights, Tech, and Community in One Place
The RSAC conference has once again descended upon San Francisco and delivered an event that brings together the largest collection of industry leaders, technologies, and cybersecurity community events! Over the course of several days, attendees accessed exceptional keynotes, thought-leading expert sessions, and an unmatched technology expo. During the evenings, there were countless private events, get-togethers,…
-
Apple’s Email Privacy Tool Tested in FBI Threat Case, Exposing Limits of Anonymity
Apple’s Hide My Email feature, long promoted as a privacy safeguard for consumers, has come under scrutiny following a federal investigation that revealed how easily anonymized identities can be uncovered through legal channels. Newly disclosed court records show that Apple provided authorities with account information tied to an anonymous email address used to send a..…