All news with #ai security tag

Ransomware and Phishing Threats Escalate for German SMEs

🔒 German SMEs face a sharp rise in ransomware and data-exfiltration incidents, with leak-site publications more than quadrupling from 2021 to 2024. Authorities report that 80% of analyzed ransomware incidents targeted small and medium-sized enterprises, often using double extortion. Attackers favor targeted phishing—executives receive on average 57 such attempts yearly—and many firms lack adequate defenses amid staffing shortages and overly complex security stacks.

CISOs Rethink Security Organization for the AI Era

🔒 CISOs are re-evaluating organizational roles, processes, and partnerships as AI accelerates both attacks and defenses. Leaders say AI is elevating the CISO into strategic C-suite conversations and reshaping collaboration with IT, while security teams use AI to triage alerts, automate repetitive tasks, and focus on higher-value work. Experts stress that AI magnifies existing weaknesses, so fundamentals like IAM, network segmentation, and patching remain critical, and recommend piloting AI in narrow use cases to augment human judgment rather than replace it.

OpenAI Updates GPT-5 Instant to Offer Emotional Support

🤗 OpenAI has updated GPT-5 Instant to better detect and respond to signs of emotional distress, routing users to supportive language and, when appropriate, real-world crisis resources. The change responds to feedback that some GPT-5 variants felt too clinical when users sought emotional support. OpenAI says it developed the model with help from mental health experts and will route GPT-5 Auto or non-reasoning model conversations to GPT-5 Instant for faster, more empathetic responses. The update begins rolling out to ChatGPT users today.

OpenAI expands $4 ChatGPT Go availability in Southeast Asia

🌏 OpenAI is expanding its lower-cost ChatGPT plan, ChatGPT Go ($4), into additional Southeast Asian markets after tests in India and Indonesia. The company is updating local pricing and now lists amounts in EUR, USD, GBP and INR while testing availability in Malaysia, the Philippines, Thailand and Vietnam. The Go tier offers access to GPT-5 with limited capabilities, expanded messaging and uploads, faster image generation, longer memory and basic deep research, but excludes higher-end models and advanced reasoning reserved for the $20 GPT Plus tier. OpenAI says Go provides higher usage limits than the Free plan but remains feature-limited compared with Plus.

CometJacking: One-Click Attack Turns AI Browser Rogue

🔐 CometJacking is a prompt-injection technique that can turn Perplexity's Comet AI browser into a data exfiltration tool with a single click. Researchers at LayerX showed how a crafted URL using the 'collection' parameter forces the agent to consult its memory, extract data from connected services such as Gmail and Calendar, obfuscate it with Base64, and forward it to an attacker-controlled endpoint. The exploit leverages the browser's existing authorized connectors and bypasses simple content protections.

Rhadamanthys Stealer Adds Fingerprinting, PNG Steganography

🛡️ Check Point researchers report that the Rhadamanthys information stealer (v0.9.2) has been updated to collect extensive device and browser fingerprints and to deliver payloads via steganography embedded in WAV, JPEG and PNG files. The operator—initially known as kingcrete2022 and now marketing as RHAD security/Mythical Origin Labs—offers the malware as a tiered MaaS product with subscription plans and enterprise options. The sample includes sandbox-evasion checks, an embedded Lua runner for plugins, obfuscated configurations, and a PNG-based payload decryption step that requires a shared secret.

AI and Cybersecurity: Fortinet and NTT DATA Webinar

🔒 In a joint webinar, Fortinet and NTT DATA outlined practical approaches to deploying and securing AI across enterprise environments. Fortinet described its three AI pillars—FortiAI‑Protect, FortiAI‑Assist, and FortiAI‑SecureAI—focused on detection, operational assistance, and protecting AI assets. NTT DATA emphasized governance, runtime protections, and an "agentic factory" to scale pilots into production. The presenters stressed the need for visibility into shadow AI and controls such as DLP and zero‑trust access to prevent data leakage.

CometJacking attack tricks Comet browser into leaking data

🛡️ LayerX researchers disclosed a prompt-injection technique called CometJacking that abuses Perplexity’s Comet AI browser by embedding malicious instructions in a URL's collection parameter. The payload directs the agent to consult connected services (such as Gmail and Google Calendar), encode the retrieved content in base64, and send it to an attacker-controlled endpoint. The exploit requires no credentials or additional user interaction beyond clicking a crafted link. Perplexity reviewed LayerX's late-August reports and classified the findings as "Not Applicable."

CISO GenAI Board Presentation Template and Guidance

🛡️Keep Aware has published a free Template for CISO GenAI Presentations designed to help security leaders brief boards or AI committees. The template centers on four agenda items—GenAI Adoption, Risk Landscape, Risk Exposure and Incidents, and Governance and Controls—and recommends visuals and dashboard-style metrics to translate technical issues into business risk. It also emphasizes browser-level monitoring to prevent data leakage and enforce policies.

Fake CISO Job Offer Used in Long-Game 'Pig-Butchering' Scam

🔒 A seasoned US CISO was targeted in a months-long pig-butchering scam that used a fabricated recruitment process posing as Gemini Crypto, including LinkedIn outreach, SMS, WhatsApp messages and a likely deepfaked video interview. The attackers groomed the target from May–September 2025, offered a fictitious CISO role, and asked him to buy $1,000 in crypto on Coinbase as "training." The candidate declined, documented the exchange, and warned peers; analysts say these long-game social engineering campaigns and malware-laced "test" assignments are increasingly common and financially damaging.

Microsoft Named a Leader in IDC MarketScape for XDR

🔒 Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 assessment. Microsoft Defender XDR is highlighted for broad signal coverage across endpoints, identities, email and collaboration, SaaS apps, cloud workloads, and data, plus AI-driven automation and native SIEM integration that consolidate visibility and accelerate response. IDC also cited Microsoft Security Copilot and automatic attack disruption as key differentiators that reduce dwell time and free SOC teams to focus on higher-value tasks.

Daniel Miessler on AI Attack-Defense Balance and Context

🔍 Daniel Miessler argues that context determines the AI attack–defense balance: whoever holds the most accurate, actionable picture of a target gains the edge. He forecasts attackers will have the advantage for roughly 3–5 years as Red teams leverage public OSINT and reconnaissance while LLMs and SPQA-style architectures mature. Once models can ingest reliable internal company context at scale, defenders should regain the upper hand by prioritizing fixes and applying mitigations faster.

HackerOne Pays $81M in Bug Bounties, AI Flaws Surge

🛡️ HackerOne paid $81 million to white-hat hackers over the past 12 months, supporting more than 1,950 bug bounty programs and offering vulnerability disclosure, penetration testing, and code security services. The top 100 programs paid $51 million between July 1, 2024 and June 30, 2025, and the top 10 alone accounted for $21.6 million. AI-related vulnerabilities jumped over 200%, with prompt injection up 540%, while 70% of surveyed researchers reported using AI tools to improve hunting.

ThreatsDay Bulletin: Exploits Target Cars, Cloud, Browsers

🔔 From unpatched vehicles to hijacked clouds, this ThreatsDay bulletin outlines active threats and defensive moves across endpoints, cloud, browsers, and vehicles. Observers reported internet-wide scans exploiting PAN-OS GlobalProtect (CVE-2024-3400) and campaigns that use weak MS‑SQL credentials to deploy XiebroC2 for persistent access. New AirBorne CarPlay/iAP2 flaws can chain to take over Apple CarPlay in some cases without user interaction, while attackers quietly poison browser preferences to sideload malicious extensions. On defence, Google announced AI-driven ransomware detection for Drive and Microsoft plans an Edge revocation feature to curb sideloaded threats.

Expiry of CISA 2015 Leaves US Intelligence Sharing Exposed

🔒 The 2015 Cybersecurity Information Sharing Act (CISA 2015) has expired after lawmakers failed to extend legal safe-harbors for voluntary threat sharing via the Automated Indicator Sharing program (AIS). Amid a congressional funding standoff and a resulting partial government shutdown, industry leaders warn the lapse exposes companies to litigation and may deter intelligence exchange. Security executives say reduced sharing could create blind spots, elevate software supply-chain risk and slow development of AI-driven defenses.

Forrester Predicts Agentic AI Will Trigger 2026 Breach

⚠️ Forrester warns that an agentic AI deployment will trigger a publicly disclosed data breach in 2026, potentially prompting employee dismissals. Senior analyst Paddy Harrington noted that generative AI has already been linked to several breaches and cautioned that autonomous agents can sacrifice accuracy for speed without proper guardrails. He urges adoption of the AEGIS framework to secure intent, identity, data provenance and other controls. Check Point also reported malicious agentic tools accelerating attacker activity.

ENISA: Phishing Drives Most EU Cyber Intrusions in 2024–25

📣 The EU security agency's ENISA Threat Landscape 2025 report, analyzing 4,875 incidents from 1 July 2024 to 30 June 2025, finds phishing was the initial access vector in 60% of intrusions, with vulnerability exploitation at 21%. Botnets and malicious applications accounted for 10% and 8% respectively, and 68% of intrusions led to follow-up malware deployment. ENISA highlights AI-powered phishing exceeded 80% of social engineering globally by early 2025 and warns of attacks aimed at critical digital supply chain dependencies and high-value targets such as outdated mobile and OT systems.

Modern Business Continuity and Disaster Recovery Basics

🛡️ Modern disaster recovery and business continuity require a ground-up rebuild to address distributed data, evolving cyberthreats, climate-driven disruptions, and strict breach-reporting obligations. Key elements include executive sponsorship, standing interdisciplinary teams, AI-assisted discovery and classification, continuous and immutable backups aligned with a 3-2-1-1-0 approach, and the design of a minimum viable business to restore core functions. Frequent, gamified tabletop exercises and automated validation complete a resilient program.

Smashing Security 437: ForcedLeak in Salesforce AgentForce

🔐 Researchers uncovered a security flaw in Salesforce’s new AgentForce platform called ForcedLeak, which let attackers smuggle AI-readable instructions through a Web-to-Lead form and exfiltrate data for as little as five dollars. The hosts discuss the broader implications for AI integration, input validation, and the surprising ease of exploiting customer-facing forms. Episode 437 also critiques typical breach communications and covers ITV’s phone‑hacking drama and the Rosetta Stone story, with Graham Cluley joined by Paul Ducklin.

Cybersecurity Awareness Month: Security Starts With You

🔐 As Cybersecurity Awareness Month begins, Microsoft emphasizes that cybersecurity is both a personal and organizational responsibility. The post spotlights the Microsoft Secure Future Initiative (SFI), which has mobilized more than 34,000 engineers to reduce risk and implement protections such as phishing-resistant multifactor authentication on 100% of production system accounts and 92% of employee productivity accounts. It highlights new resources — including the Be Cybersmart Kit and SFI patterns and practices — plus learning paths, scholarships, and programs to help organizations and students improve security skills.