AI cyberattackers are getting better faster
The ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in…
Category: CISOOnline
New image-based prompt injection attack targets multimodal AI models
“CrossMPI can steer the model’s interpretation of both textual and visual inputs via image-only prompt injection,” the researchers wrote in the paper. Unlike traditional prompt…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a…
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um…
2026 CSO Award winners showcase business-enabling cyber innovation
K&N Engineering shifts left for greater cloud security Organization: K&N EngineeringProject: Code to Cloud Security TransformationSecurity leader: Iqbal Rana, CIO Manufacturing company K&N Engineering manages…
ClickFix finds a backup plan in PySoxy proxy chains
As the researchers pointed out in a blog post, PySoxy is giving attackers encrypted proxy access without relying on well-known malware or remote monitoring and…
Palo Alto Networks bets on identity security for autonomous AI with Idira launch
“For most of the last two decades, identity security was built on a comfortable assumption: One can maintain a firm divide between a small number…
The economics of ransomware 3.0
Guidance: NIST’s Cybersecurity Framework 2.0 provides the most widely adopted reference architecture for incident response capability maturity, covering identification, protection, detection, response and recovery functions.…
EU’s Cyber Resiliency Act will put IT leaders to the test
Although nearly everyone in SaaS alternative Cloudsmith’s recent Artifact Management Report generates SBOMs, only a quarter do that automatically rather than manually or on demand.…
Expired domain leads to supply chain attack on node-ipc npm package
Node-ipc is a Node.js module that implements support for local and remote Inter-Process Communication over various types of socket across all major platforms. One use…
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
“This is another reminder to find a trusted cloud provider for e-mail,” added Johannes Ullrich, dean of research at the SANS Institute. “On-premises Exchange is…
Cisco warns of an actively exploited SD-WAN flaw with max severity
“A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an…