When AI safety constrains defenders more than attackers
Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows. Yet many of the most widely deployed, enterprise-approved…
Category: CISOOnline
Security-Tools für KI-Infrastrukturen – ein Kaufratgeber
bieten im Regelfall agentenlose Konfigurationen, greifen auf Cloud-basierte Modelle zu und belassen Daten auf den vorhandenen Plattformen. Letzteres dient sowohl der Sicherheit als auch dazu,…
Hacker abusing .arpa domain to evade phishing detection, says Infoblox
He pointed out that “.arpa” queries are typically pointer (PTR) queries for reverse lookups. In the malicious queries, normal address (A or AAAA) queries will…
CVE program funding secured, easing fears of repeat crisis
CISA ultimately stepped in at the last minute, issuing an emergency 11-month contract extension that kept the system running but left the global security community…
OpenAI says Codex Security found 11,000 high-impact bugs in a month
Flaws uncovered in proprietary and open-source projects In its first testing cycle, OpenAI said Codex Security scanned more than 1.2 million commits across external repositories,…
NIS-2: Tausende reißen BSI-Frist und riskieren Strafen
Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6. Dezember 2025 in Kraft getreten. konstakorhonen – shutterstock.com Welche Auswirkungen IT-Sicherheitsvorfälle für die Bevölkerung haben…
Rogues gallery: 15 worst ransomware groups active today
Targeted victims: LockBit targeted thousands of victims worldwide in its heyday, including government services, private sector companies, and critical infrastructure providers. Attribution: LockBit’s use of…
4 ways to prepare your SOC for agentic AI
When acting on an AI tool’s recommendation, analysts must understand what questions the agent asked, which data sources it queried, and what evidence informed its…
PQC roadmap remains hazy as vendors race for early advantage
“We do hear of HNDL attacks, where conventionally encrypted content is no longer discarded but retained by criminals, who are seeing the (quantum) developments as…
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden
Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen. mycteria – shutterstock.com Ransomware-Angreifer ändern zunehmend…
Iranian cyberattacks fail to materialize but threat remains acute
Security company Radware detected 149 DDoS attacks that appeared to be connected to Iran between February 28 and March 2, the majority targeting government entities…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Because authentication is bound to the origin (domain) and the cryptographic challenges cannot be replayed through a reverse proxy, these methods cannot be proxied, he…