Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons…
NCC Group’s David Brauchler III shared how foundational controls and threat modeling strategies can help secure agentic AI tools in ways traditional guardrails can’t. – Read More
Users of remote monitoring and management (RMM) solution N-able N-central are urged to deploy patches for two critical vulnerabilities that are being actively exploited in the wild. Frequently a target…
New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast. – Read More
Quick recovery relies on three security measures. – Read More
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before…
Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as…
Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past. – Read More
More financial results A&O Shearman has reported global revenues of £2.9 billion for the past financial year — the Magic Circle firm’s first set of results since its merger completed…
Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest…
Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia’s research labs. – Read More
DARPA’s Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale. – Read More
Russian state-sponsored cyber actors linked to the Federal Security Service (FSB) conducted a decade-long espionage campaign that compromised thousands of enterprise network devices across critical sectors worldwide, according to an…
The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog,…
Microsoft has said that it has restricted certain Chinese firms from its cybersecurity vulnerability early warning program after concerns surfaced that information from the system may have been linked to…