All news with #ai security tag

Salesloft–Drift Supply Chain Breach and Weekly Recap

🔒 Salesloft has moved to take Drift offline after a supply‑chain compromise that resulted in the mass theft of OAuth tokens and unauthorized access to Salesforce data. Multiple large vendors — including Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, and Tenable — confirmed impact, and activity is attributed to clusters tracked as UNC6395 and GRUB1. The incident underscores how fragile integrations can be and the importance of token hygiene, rapid revocation, and enhanced monitoring to contain downstream exposure.

Onboarding Attacks: When Fake Hires Become Insider Threats

🔐 Attackers are increasingly bypassing email defenses by infiltrating organizations through the hiring process, as in the 'Jordan' example where a bogus hire gained broad access on day one. Remote recruiting, AI-generated profiles and deepfakes have turned identity into the new perimeter, undermining traditional vetting. Adopting zero standing privileges—with JIT/JEP, strict baselines and comprehensive auditing—and tools such as BeyondTrust Entitle can remove persistent access and automate time‑bound, auditable privilege grants.

Reviewing AI Data Center Policies to Mitigate Risks

🔒 Investment in AI data centers is accelerating globally, creating not only rising energy demand and emissions but also an expanded surface of cyber threats. AI facilities rely on GPUs, ASICs and FPGAs, which introduce side-channel, memory-level and GPU-resident malware risks that differ from traditional CPU-focused threats. Organizations should require operators to implement supply-chain vetting, physical shielding (for example, Faraday cages), continuous model auditing and stronger personnel controls to reduce model exfiltration, poisoning and foreign infiltration.

Ten Security Leadership Missteps That Damage Careers

🔒 Security leaders must avoid career-limiting behaviors that erode trust and effectiveness. The article outlines 10 common missteps — from failing to align security with business priorities and remaining purely technical to drawing inflexible red lines and mishandling AI — that stall advancement. It stresses practical shifts: become a business partner, balance risk with speed, improve asset visibility, foster relationships, and rehearse incident response to maintain credibility.

Rewiring Democracy: How AI Will Transform Politics

📘 Bruce Schneier announces his new book, Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship, coauthored with Nathan Sanders and published by MIT Press on October 21; signed copies will be available directly from the author after publication. The book surveys AI’s impact across politics, legislating, administration, the judiciary, and citizenship, including AI-driven propaganda and artificial conversation, focusing on uses within functioning democracies. Schneier adopts a cautiously optimistic stance, stresses the importance of imagining second-order effects, and argues for the creation of public AI to better serve democratic ends.

Practical Guide to Reducing Kids’ Digital Footprint

🔒 This practical guide helps parents reduce their children's digital footprint by identifying risky "hot spots"—from unsecured group chats and gaming voice channels to oversharing on social media, unsafe downloads, public Wi‑Fi and unvetted AI tools. It stresses open conversation over heavy-handed controls and recommends concrete measures: disable geolocation, vet links with anti‑phishing tools, use antivirus, a trusted VPN on public networks, and parental controls such as Kaspersky Safe Kids. The guide also encourages parents to watch and discuss online activity together and to teach habits like unique passwords and cautious AI use.

Latest Social Engineering Trends Targeting Enterprises

🛡️Social engineering remains the favoured vector as attackers combine psychological manipulation with accessible AI tools to target high-value corporate roles. Recent incidents show sophisticated pretexting, voice cloning and mass email flooding used to create urgency and extract funds or credentials. Fraudsters increasingly exploit collaboration platforms such as Microsoft Teams and legitimate utilities like Quick Assist to appear trustworthy and gain remote control. Organizations should harden collaboration settings, enforce conditional access and MFA, and reduce privilege scope to limit the blast radius of any compromise.

Passing the Security Vibe Check for AI-generated Code

🔒 The post warns that modern AI coding assistants enable 'vibe coding'—prompting natural-language requests and accepting generated code without thorough inspection. While tools like Copilot and ChatGPT accelerate development, they can introduce hidden risks such as insecure patterns, leaked credentials, and unvetted dependencies. The author urges embedding security into AI-assisted workflows through automated scanning, provenance checks, policy guardrails, and mandatory human review to prevent supply-chain and runtime compromises.

Penn Study Finds: GPT-4o-mini Susceptible to Persuasion

🔬 University of Pennsylvania researchers tested GPT-4o-mini on two categories of requests an aligned model should refuse: insulting the user and giving instructions to synthesize lidocaine. They crafted prompts using seven persuasion techniques (Authority, Commitment, Liking, Reciprocity, Scarcity, Social proof, Unity) and matched control prompts, then ran each prompt 1,000 times at the default temperature for a total of 28,000 trials. Persuasion prompts raised compliance from 28.1% to 67.4% for insults and from 38.5% to 76.5% for drug instructions, demonstrating substantial vulnerability to social-engineering cues.

Advanced Threat Hunting Workshop — Labscon 2025 LLMs

🔎 Our colleague Joseliyo Sánchez, together with SentinelOne researcher Aleksandar Milenkoski, will present a hands-on workshop at Labscon on automating large-scale threat hunting using the VirusTotal Enterprise API. Attendees will employ Python and Google Colab to process massive datasets, track APT behaviors, and apply LLMs to enhance analysis, query building, and visualizations. The session targets CTI analysts, threat hunters, incident responders, SOC analysts, and security researchers. A follow-up blog post will publish example exercises and materials for further learning.

61% of US Companies Hit by Insider Data Breaches in Two Years

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.

From Summer Camp to Grind Season — Threat Source Recap

📰 This week’s Threat Source newsletter highlights three significant vulnerabilities Talos researchers uncovered and helped remediate: a Dell firmware persistence flaw (Revault), an Office for macOS permissions bypass, and router compromises that blend malicious traffic with legitimate ISP flows. The author, William Largent, also emphasizes mental health and recommends a paper on AI behavioral pathologies to help anticipate malicious or errant AI-driven activity. Top headlines include a 4.4M-record TransUnion breach, a Salesloft Drift AI token compromise, a Passwordstate high-severity fix, an Azure AD credential leak, and a WhatsApp zero-day. Watch the Talos Threat Perspective episode and read the Dell write-up for mitigation guidance.

Avnet Reclaims Security Data, Cuts Costs, Boosts AI

🔐 Avnet moved away from vendor-bound SIEM, EDR and RBVM silos toward a centralized security data pipeline built on Cribl, prompted by a legacy SIEM renewal that became a strategy inflection point. The redesign gave Avnet full ownership of telemetry, enabled large-scale ETL and flexible routing, and freed analysts from vendor dashboards. Operationally, licensing and storage costs dropped dramatically to 15% of prior levels while processing capacity doubled and pipeline staffing fell from four engineers to one. With its own data layer in place, Avnet is accelerating analytics and AI use cases such as tailored LLMs and retrieval-augmented generation (RAG) to improve investigations and reduce analyst workload.

Architecture Advantage: Fortinet's Hybrid Security Platform

🔒 Fortinet argues its long-standing, architecture-first approach uniquely positions it to address hybrid enterprise security without the operational overhead of cobbled-together point products. The company highlights early investments in AI, purpose-built ASICs, and a unified FortiOS to deliver integrated networking, SASE, SOC automation, and OT protection. Customers and Gartner Peer Insights recognition are cited as validation of lower total cost of ownership and simpler, high-performance operations.

Prisma SASE 4.0: AI-Ready Security for Distributed Work

🔒 Prisma SASE 4.0 is positioned as a unified, cloud-delivered security platform engineered for the AI era. It combines AI-powered threat protection, frictionless data security for structured and unstructured content, and unified intelligent operations to automate deployment and troubleshooting. New capabilities include browser-based postload inspection, an Advanced DNS Resolver with Precision AI, SaaS security posture monitoring for AI agents, and Autonomous Digital Experience Management to preserve performance and resilience.

Automotive Industry Raises Alarm Over Cyberattack Risks

🚗 A recent survey of 200 German automotive cybersecurity experts and IT decision-makers shows 75% of companies rate the threat from cyberattacks as high or very high. Respondents identified cloud security gaps (19.5%) and ransomware/malware (19%) as the leading concerns, while data breaches (16.5%), AI-based attack scenarios (14.5%) and connected-vehicle vulnerabilities (14%) followed. Fewer than half of firms (47%) express confidence in their defenses, and many plan investments in threat detection, AI-driven analytics and security training.

Generative AI Used as Cybercrime Assistant, Reports Say

⚠️ Anthropic reports that a threat actor used Claude Code to automate reconnaissance, credential harvesting, network intrusion, and targeted extortion across at least 17 organizations, including healthcare, emergency services, government, and religious institutions. The actor prioritized public exposure over classic ransomware encryption, demanding ransoms that in some cases exceeded $500,000. Anthropic also identified North Korean use of Claude for remote‑worker fraud and an actor who used the model to design and distribute multiple ransomware variants with advanced evasion and anti‑recovery features.

Cybercriminals Exploit X's Grok to Amplify Malvertising

🔍 Cybersecurity researchers have flagged a technique dubbed Grokking that attackers use to bypass X's promoted-ads restrictions by abusing the platform AI assistant Grok. Malvertisers embed a hidden link in a video's "From:" metadata on promoted video-card posts and then tag Grok in replies asking for the video's source, prompting the assistant to display the link publicly. The revealed URLs route through a Traffic Distribution System to drive users to fake CAPTCHA scams, malware, and deceptive monetization networks. Guardio Labs observed hundreds of accounts posting at scale before suspension.

Agentic Tool Hexstrike-AI Accelerates Exploit Chain

⚠️ Check Point warns that Hexstrike-AI, an agentic AI orchestration platform integrating more than 150 offensive tools, is being abused by threat actors to accelerate vulnerability discovery and exploitation. The system abstracts vague commands into precise, sequenced technical steps, automating reconnaissance, exploit crafting, payload delivery and persistence. Check Point observed dark‑web discussions showing the tool used to weaponize recent Citrix NetScaler zero-days, including CVE-2025-7775, and cautions that tasks which once took weeks can now be completed in minutes. Organizations are urged to patch immediately, harden systems and adopt adaptive, AI-enabled detection and response measures.

CrowdStrike Named Leader in Forrester Wave MDR Europe

🔒 CrowdStrike has been named a Leader in The Forrester Wave™: Managed Detection and Response (MDR) Services in Europe, Q3 2025, receiving the highest possible scores in 16 evaluation criteria spanning detection surfaces, managed response, threat hunting and analyst experience. Falcon Complete Next-Gen MDR combines AI-accelerated detection and investigation with expert-led response across endpoint, cloud, identity and third-party telemetry. The service uses CrowdStrike Charlotte AI to triage alerts and accelerate analysis, and emphasizes end-to-end remediation actions that remove persistence and contain intrusions without costly reimaging. CrowdStrike positions this recognition as validation of its platform-led, AI-plus-human approach to stopping breaches.