Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
The two code execution flaws share a single design weakness. Notepad++ stores user choices, such as the path to the command-line interpreter and the list…
Category: CISOOnline
GDPR set the tone for regulatory action — and the AI fine pushback to come
The EU’s General Data Protection Regulation (GDPR) came into force eight years ago this week. Over those eight years, European regulators announced an estimated €7.1…
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
Announced today, the project will commit $5 billion and 20,000 IBM and Red Hat engineers to build a new ‘enterprise clearinghouse’ to accelerate discovery and…
The AI governance imperative you can’t afford to ignore
“The biggest challenge is not simply whether an agent produces a good answer,” he says. “It is whether the organization can prove what the agent…
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
The 38-page framework also recommends one-day remediation for critical externally exposed vulnerabilities, three days for critical internal vulnerabilities affecting high-value systems, and five days for…
GlassWorm falls, but the repo problem is far from solved
The CrowdStrike-led takedown, conducted alongside Google and the Shadowserver Foundation, disrupted infrastructure linked to the campaign that had poisoned hundreds of repositories with malicious packages…
Another IT governance headache: AI-enabled sanction evasion
Key findings include the fact that AI is now capable of mass producing high-quality fraudulent documents, as well as automating what the report describes as…
Employees are unknowingly inviting tech support impersonators into firms, says FBI
Nick Tausek, lead security automation architect at Swimlane, said the Silent Ransom Group’s attack strategy of leaning into trust says a lot about where extortion…
AI models more vulnerable than claimed when faced with iterative attacks
“The dominant safety benchmarks for frontier large language models share a structural assumption: that a single prompt and a single model response are enough to…
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
An application can be exposed even if its developers never installed Starlette, because another component may have, X41 D-Sec said. Starlette has more than 400,000…
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
I remember when cyber operations lived inside scripts. They moved into frameworks, then into automated pipelines, then into what we somewhat optimistically called orchestration. Each…
DSPM buyer’s guide: Top 10 data security posture management tools
Leading vendors for data security posture management (DSPM) The market space of DSPM is evolving quickly. Based on our own research and research from Gartner,…