All news with #ai security tag

Cursor AI IDE auto-runs tasks, exposing developers worldwide

⚠️ A default configuration in Cursor, an AI-powered fork of VS Code, automatically executes tasks when a project folder is opened because Workspace Trust is disabled. Oasis Security demonstrated that a malicious .vscode/tasks.json can run arbitrary commands without user action, risking credential theft and environment takeover. Cursor intends to keep the autorun behavior and advises enabling Workspace Trust manually or using a different editor for untrusted repos.

AWS CloudTrail MCP Server Adds Natural-Language Security

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.

Gemini CLI Extensions: Security and Cloud Run Tools

🚀 Google is previewing two Gemini CLI extensions that bring security analysis and Cloud Run deployment directly into your terminal. The security extension introduces /security:analyze to scan local git diffs for issues such as hardcoded secrets, injection flaws, broken access control, and insecure data handling, and returns clear remediation guidance or optional fixes. The Cloud Run extension adds /deploy, a one-command flow to build, containerize, push, and configure services on Cloud Run, returning a public URL and supporting terminal, VS Code agent mode, and Cloud Shell.

AdaptixC2: Open-Source Post-Exploitation Framework Used

🛡️ Unit 42 observed AdaptixC2 in early May 2025 being used in real-world intrusions to perform command execution, file transfers and data exfiltration. The open-source framework offers modular beacons, in-memory execution and multiple persistence and tunneling options, which adversaries have adapted for evasive operations. Unit 42 published extraction tools, YARA rules and hunting guidance to help defenders detect and mitigate these threats.

Time-Saving Guide for Automating MSP and MSSP Workflows

🔧 This guide explains how managed service providers (MSPs) and managed security service providers (MSSPs) can use automation and AI to cut manual effort, improve consistency, and scale services. It highlights five high-impact use cases—risk assessments, policy generation, compliance tracking, remediation planning, and progress reporting—and shows how platforms like Cynomi's vCISO Platform can reduce workloads by up to 70%. Practical steps for piloting, training, and measuring ROI complete the roadmap.

Top Cybersecurity Trends: AI, Identity, and Threats

🤖 Generative AI remains the dominant force shaping enterprise security priorities, but the initial hype is giving way to more measured ROI scrutiny and operational caution. Analysts say gen AI is entering a trough of disillusionment even as vendors roll out agentic AI offerings for autonomous threat detection and response. The article highlights rising risks — from model theft and data poisoning to AI-enabled vishing — along with brisk M&A activity, a shift to identity-centric defenses, and growing demand for specialized cyber roles.

Inside Black Hat's NOC: Zero-Hour Security Operations

🛡️ At Black Hat, Palo Alto Networks' NOC operates a zero-hour defense model that protects critical infrastructure while enabling controlled exploit training. Engineers from Cortex and Unit 42 collaborate with partners like Corelight to develop rapid detections, deploy contextual rules on PA-5430 firewalls, and automate responses via Cortex XSIAM. The environment balances visibility, segmentation and automated enforcement to stop external threats without disrupting sanctioned exercises.

Partner-built AI Security Innovations on Google Cloud

🔒 Google Cloud and its partners announced a range of partner-built AI security solutions now available in the Google Cloud Marketplace. These integrations embed Gemini and Vertex AI into partner products — including CrowdStrike, Palo Alto Networks, Fortinet, and others — to protect models, data, applications, and agents. The collaborations emphasize automated detection, incident response, DLP, identity protection, and agent monitoring to reduce mean time to detect and respond, helping customers adopt AI securely.

Agentic SOC Workshops: Practical AI for Security Teams

🛡️ The Agentic SOC Workshop is a complimentary, half-day event series from Google Cloud designed to help security professionals apply agentic AI and cloud-native threat intelligence to real-world operations. Attendees will participate in hands-on labs, a Capture the Flag challenge, and peer networking to learn how Gemini and Google Cloud tools can reduce alert fatigue and automate routine workflows. Sessions start in Los Angeles on Sept. 17 and Chicago on Sept. 19, with additional dates in October.

Threat Actor Reveals Tradecraft After Installing Agent

🔎Huntress analysts discovered a threat actor inadvertently exposing their workflows after installing the vendor's security agent on their own machine. The agent logged three months of activity, revealing heavy use of AI text and spreadsheet generators, automation platforms like Make.com, proxy services and Telegram Bot APIs to streamline operations. Investigators linked the infrastructure to thousands of compromised identities while many attempts were blocked by existing detections.

Fortinet Adds AI Assistant and Client-Side WAAP Protection

🤖 Fortinet has integrated its virtual AI assistant, FortiAI-Assist, into its web application security offerings, including appliance and virtual FortiWeb and the FortiAppSec Cloud WAAP service. The update also adds integrated client-side protection to monitor payment-page scripts for PCI DSS 4.0 compliance. These features aim to simplify operations, speed threat triage and remediation, and reduce false positives and analyst workload. FortiAppSec Cloud is available through major public cloud marketplaces.

The AI Fix #67: AI crowd fakes, gullible agents, scams

🎧 In episode 67 of The AI Fix, Graham Cluley and Mark Stockley examine a mix of quirky and concerning AI developments, from an AI-equipped fax machine to an AI-generated crowd at a Will Smith gig. They cover security risks such as prompt-injection hidden in resized images and criminals repurposing Claude techniques for ransomware. The hosts also discuss why GPT-5 represented a larger leap than many realised and review tests showing agentic web browsers are alarmingly gullible to scams.

Fortinet + AI: Next‑Gen Cloud Security and Protection

🔐 AI adoption in the cloud is accelerating, reshaping workloads and expanding attack surfaces while introducing new risks such as prompt injection, model manipulation, and data exfiltration. Fortinet recommends a layered defense built into the Fortinet Security Fabric, combining zero trust, segmentation, web/API protection, and cloud-native posture controls to secure AI infrastructure. Complementing those controls, AI-driven operations and correlation — exemplified by Gemini 2.5 Pro integrations — filter noise, correlate cross-platform logs, and surface prioritized, actionable recommendations. Together these measures reduce mean time to detect and respond and help contain threats before they spread.

Microsoft Tests AI Actions in Windows 11 File Explorer

🤖 Microsoft is testing new AI actions in Windows 11 File Explorer that let users manipulate images and interact with files without opening them. Currently supported edits for JPG, JPEG, and PNG files include background removal, object erasure, background blur, and a reverse image search via Bing. Insiders on Canary Channel Build 27938 can access these tools from the right-click contextual menu. A new privacy control also shows which third-party apps have used Windows' generative AI models and lets users manage access.

The Dark Side of Vibe Coding: AI Risks in Production

⚠️ One July morning a startup founder watched a production database vanish after a Replit AI assistant suggested—and a developer executed—a destructive command, underscoring dangers of "vibe coding," where plain-English prompts become runnable code. Experts say this shortcut accelerates prototyping but routinely introduces hardcoded secrets, missing access controls, unsanitized input, and hallucinated dependencies. Organizations should treat AI-generated code like junior developer output, enforce CI/CD guardrails, and require thorough security review before deployment.

New Malware Campaigns: MostereRAT and ClickFix Risks

🔒 Researchers disclosed linked phishing campaigns delivering a banking malware-turned-RAT called MostereRAT and a ClickFix-style chain distributing MetaStealer. Attackers use an obscure Easy Programming Language (EPL), mutual TLS for C2, and techniques to disable Windows security and run as TrustedInstaller to evade detection. One campaign drops remote-access tools like AnyDesk and VNC variants; another uses fake Cloudflare Turnstile pages, LNK tricks, and a prompt overdose method to manipulate AI summarizers.

Shadow AI Agents Multiply Rapidly — Detection and Control

⚠️ Shadow AI Agents are proliferating inside enterprises as developers, business units, and cloud platforms spin up non-human identities and automated workflows without security oversight. These agents can impersonate trusted users, exfiltrate data across boundaries, and generate invisible attack surfaces tied to unknown NHIs. The webinar panel delivers a pragmatic playbook for detecting, governing, and remediating rogue agents while preserving innovation.

How CISOs Are Experimenting with AI for Security Operations

🤖 Security leaders are cautiously adopting AI to improve security operations, threat hunting, reporting and vendor risk processes while maintaining strict guardrails. Teams are piloting custom integrations like Anthropic's MCP, vendor agents such as Gem, and developer toolchains including Microsoft Copilot to connect LLMs with telemetry and internal data sources. Early experiments show significant time savings—automating DLP context, producing near-complete STRIKE threat models, converting long executive reviews into concise narratives, and accelerating phishing triage—but practitioners emphasize validation, feedback loops and human oversight before broad production use.

Experts: AI-Orchestrated Autonomous Ransomware Looms

🛡️ NYU researchers built a proof-of-concept LLM that can be embedded in a binary to synthesize and execute ransomware payloads dynamically, performing reconnaissance, generating polymorphic code and coordinating extortion with minimal human input. ESET detected traces and initially called it the first AI-powered ransomware before clarifying it was a lab prototype rather than an in-the-wild campaign. Experts including IST's Taylor Grossman say the work was predictable but remains controllable today. They advise reinforcing CIS and NIST controls and prioritizing basic cyber hygiene to mitigate such threats.

CISA Priorities at 16th Billington CyberSecurity Summit

🔐 The Cybersecurity and Infrastructure Security Agency (CISA) will present senior leaders and experts at the 16th Annual Billington CyberSecurity Summit, Sept. 9–12 in Washington, D.C. Acting Director Madhu Gottumukkala and new Executive Assistant Director for Cybersecurity Nick Andersen will deliver fireside chats outlining CISA’s strategic objectives. Other sessions address vulnerability management, threat hunting, supply chain collaboration, and AI in code security. Registration is required.