Enterprise data is creeping its way into shadow AI tools
Executives and employees are clashing over usage policies as AI security concerns rise, an Okta report found. Source link
Category: CyberSecurityDive
IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities
The tech giant’s project could make it easier for businesses to safely use open-source packages. Source link
How CISOs can manage sovereign-cloud security risks
Selecting and adopting cloud services from non-U.S. regional providers requires solid cyber risk and security assessment. Source link
Leading AI models are more vulnerable to malicious prompts than vendors claim
Hackers could subvert frontier models with attacks that their developers overlook, Cisco said. Source link
Coordinated operation takes down Glassworm botnet
The botnet began in early 2025, targeting software developers across the open-source supply chain. Source link
FBI warns about PhaaS platform used to access Microsoft 365 environments
Device code phishing enabled hackers to bypass multifactor authentication without credentials. Source link
Iranian government, not hacktivist group, breached LA Metro system, security firm says
A report by Israel-based Gambit Security dismisses the hackers’ claims of being patriotic but unaffiliated activists. Source link
New York regulator calls for additional cyber mitigation amid heightened threat environment
The guidance from the state Department of Financial Services arises from concerns about frontier AI and threats linked to the Iran war and other geopolitical…
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
Companies, particularly those in the affected industries, should harden their defenses against impersonation schemes, Palo Alto Networks said. Source link
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
The company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security. Source link
CISA asks cybersecurity community to alert it to vulnerability exploitation
The agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible. Source link
Compromised coding tool helped hackers breach thousands of GitHub repositories
The attack is the latest example of hackers’ intense focus on open-source packages. Source link