NIST will test three major tech firms’ frontier AI models for cybersecurity risks
After Anthropic’s announcement of Claude Mythos, agencies across the government are racing to get ahead of new AI models’ potential dangers. Source link
Category: CyberSecurityDive
Iran-sponsored threat group behind false flag social engineering campaign
The state-linked actor has been masquerading as a criminal ransomware group in attacks targeting U.S. organizations. Source link
Businesses eager but unprepared for AI to transform their security strategies
Meanwhile, a new report found, companies are neglecting other basic security tools. Source link
CISA urges critical infrastructure firms to ‘fortify’ before it’s too late
As concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning operators to practice maintaining services in a degraded state. Source…
Trellix investigating breach of source code repository
The cybersecurity company said there is no immediate evidence of code being exploited or released. Source link
New MOVEit vulnerabilities prompt urgent patch warning
Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. Source link
Critical vulnerability in cPanel leads to widespread exploitation
Researchers warn that threat activity continues to surge, including brute force attacks and ransomware. Source link
US and allies urge ‘careful adoption’ of AI agents
New guidance from a coalition of Western governments underscores the difficult-to-predict risks of still-evolving agentic tools. Source link
White House questions tech industry on defensive AI use, cybersecurity resilience
Companies may be reluctant to answer some of the government’s questions, given the sensitive topics they address. Source link
As email phishing evolves, malicious attachments decline and QR codes surge
A new Microsoft report also describes the collapse of a once-dominant tool for generating phishing websites with fake CAPTCHAs. Source link
US agencies promote zero-trust practices for operational technology networks
Many zero-trust defenses work differently in industrial environments than in traditional business networks, five federal agencies said in newly published guidance. Source link
PwC partners with Google Cloud to take on the managed security market
The professional services firm is stepping up its managed security ambitions with a Google Cloud-powered service that leans on agentic AI. The target market is…