AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses...
General
20 articles
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
Fake Gemini npm Package Steals AI Tool Tokens
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI,...
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer...
What we learned about TEE security from auditing WhatsApp's Private Inference
WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such ...
North Korea recruits Iranian workers for IT job fraud
Internal records reveal how North Korean facilitators scout and coach workers.
Hong Kong Police Can Force You to Reveal Your Encryption Keys
According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you ar...
GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the ...
Why the cybersecurity skills gap is partly self-inflicted
The cybersecurity skills gap is usually framed as a hiring problem. Organizations respond by expanding recruitment pipelines, investing in certifications, an...
The rise of proactive cyber: Why defense is no longer enough
For more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That...
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
I recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique ...
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
As breakout time accelerates, prevention-first cybersecurity takes center stage
Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.
Life imprisonment for Cambodian scam compound operators – but will it make a difference?
Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrau...
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A gro...
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advan...
White House Seeks to Slash CISA Funding by $707 Million
The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure. The post White H...
The Quiet Revolt: What the World Happiness Report 2026 Tells Security Professionals
Something the World Happiness Report 2026 reveals deserves more attention than it has received outside wellbeing circles. In Western Europe and English-speak...
Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs
Google study finds LLMs are embedded at every stage of abuse detection
Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for ...