Security News

Blame Game: Why Public Cyber Attribution Carries Risks

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

SANS: Top 5 Most Dangerous New Attack Techniques to Watch

For the first time, SANS Institute's five top attack techniques all have one thing in common – AI.

Why a 'Near Miss' Database Is Key to Improving Information Sharing

Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls?

AI-Native Security Is a Must to Counter AI-Based Attacks

Attacks by artificial intelligence agents are a reality. Experts at Nvidia's GTC conference say defenders need to use the same tools to fight them off.

Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks

Four former NSA chiefs representing a near-complete history of US Cyber Command debated and discussed the role of offensive cyber in the government.

Iran Hacktivists Make Noise but Have Little Impact on War

Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable.

CSA Launches CSAI Foundation for AI Security

Cloud Security Alliance creates dedicated nonprofit to govern autonomous AI agent ecosystems through risk intelligence and certification

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx's KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.

How AI Coding Tools Crushed the Endpoint Security Fortress

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down.

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.

How a Large Bank Uses AI Digital Twins for Threat Hunting

JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.

Microsoft Proposes Better Identity, Guardrails for AI Agents

Companies need better controls to manage key threats rising from the growth of agentic AI. These new features provide a starting point.

AI in the SOC: What Could Go Wrong?

Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here's what they learned.

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.

Ransomware's New Era: Moving at AI Speed

Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data

CISOs Debate Human Role in AI-Powered Security

The idea of a "human in the loop" in AI deployment was challenged during a security executive panel at the RSAC 2026 Conference this week.

Attackers Hide Infostealer in Copyright Infringement Notices

A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.

Secure Your Spot at RSAC 2026 Conference

AI Dominates RSAC Innovation Sandbox

The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.