Cheap AI has changed the economics of hacking
AI has reduced the cost of hacking, but has the cost of mounting a defense dropped at the same rate?
SC Media
20 articles
‘Claude Code install’ search result leads to ClickFix infostealer attack
The attack leverages a polyglot file, heavy obfuscation and fileless execution to evade detection.
Linux Supply Chain How-To - PSW #928
IBM, Red Hat launch Project Lightwell to secure open-source software
IBM and Red Hat launch $5 billion effort to secure open-source software supply chains.
5 ways to mount a strong defense in the AI era
Here’s how to mitigate the risk from AI-assisted attacks.
Wireless Attacks on AI Data Centers: The Hidden Threat No One Is Watching - WC #1
Man arrested in Netherlands for hacking Ajax football club
The suspect, apprehended in Buren, is believed to have repeatedly accessed Ajax's computer systems without authorization earlier this year.
Cisco study finds major frontier models susceptible to multi-turn prompt injection attacks
Single-turn attack success rates are not a reliable benchmark for model safety, Cisco concludes.
OWASP launches FinBot to help developers secure AI agents
OWASP’s FinBot gives developers hands-on training to secure AI agents.
XM Cyber expands platform to enforce least-privilege access
XM Cyber Inc. announced an expansion of its platform with new capabilities designed to help enterprises enforce least-privilege access across Active Director...
High-severity Starlette vulnerability 'BadHost' could expose sensitive data
The flaw, tracked as CVE-2026-48710, arises from the framework's handling of malformed Host headers.
Xage Security enhances zero-trust platform for AI agents
The updated platform introduces Xage Agent Sentry and Xage Resource Gateway, which aim to secure AI agents and the resources they access at multiple levels, ...
Doppel launches AI email security to disrupt phishing campaigns
Doppel Email Security utilizes autonomous agents and its Doppel 360 Threat Graph to investigate threats within the inbox.
FBI warns law firms of in-person data theft by Silent Ransom Group
SRG actors initiate attacks by posing as IT support staff, contacting victims via phone calls or phishing emails to solicit a remote desktop session.
CISA adds LiteSpeed cPanel plugin bug to exploited vulnerabilities list
CISA warns of exploited LiteSpeed flaw putting shared hosting at risk.
Laying the groundwork: A practical path to identity security for AI agents
As enterprises move toward AI-driven operations, identity modernization becomes essential.
A Founder's Journey: Transitioning from Sales Strategy & Operations to Founder & CEO - Ankita Gupta - FS #15
A new identity class: Why AI agents require runtime control
Because AI agents are neither human nor traditional machines, they must be treated as a third class of identity.
Apple releases quantum-resistant code and verification tools
The release includes implementations of ML-KEM and ML-DSA, two quantum-secure algorithms, along with the formal verification libraries and tools Apple develo...
How attackers engineer BECs against specific organizations
Teams can mitigate BECs by better understanding their company’s attack profile.