According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls…
Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to…
Three newly disclosed high-severity bugs in the “runc” container runtime let attackers break out of containers despite standard hardening and isolation controls. According to Aleksa Sarai, a senior software engineer…
AI chatbots have opened a new frontier of attack vectors against users and their data, and not even industry leaders are immune. Following recent flaws discovered in Google’s Gemini and…
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT.…
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS…
In my previous article — Your SOC is the parachute — I wrote about how many security operations centers (SOCs) would fail the moment we pull the ripcord. They’re overloaded,…
For most organizations, cybersecurity has always been seen as a cost center rather than a business enabler or revenue driver. Executives perceive cybersecurity as a necessary evil that pulls funds…
Wenn physische Security nur immer so simpel umzusetzen wäre… Foto: Leremy | shutterstock.com Obwohl CISOs im Allgemeinen eher selten mit dem gesamten Spektrum der Gesundheits- und Arbeitssicherheitsbelange betraut sind, spielen…
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market…
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics…
The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices. – Read More
A published VS Code extension didn’t hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated. – Read More
In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs. – Read More
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The…