< ciso
brief />
Tag Banner

All news with #ai security tag

757 articles · page 32 of 38

Atlas Browser Flaw Lets Attackers Poison ChatGPT Memory

⚠️ Researchers at LayerX Security disclosed a vulnerability in OpenAI’s Atlas browser that allows attackers to inject hidden instructions into a user’s ChatGPT memory via a CSRF-style flow. An attacker lures a logged-in user to a malicious page, leverages existing authentication, and taints the account-level memory so subsequent prompts can trigger malicious behavior. LayerX reported the issue to OpenAI and advised enterprises to restrict Atlas use and monitor AI-driven anomalies. Detection relies on behavioral indicators rather than traditional malware artifacts.
read more →

Amazon Nova Multimodal Embeddings — Unified Cross-Modal

🚀 Amazon announces general availability of Amazon Nova Multimodal Embeddings, a unified embedding model designed for agentic RAG and semantic search across text, documents, images, video, and audio. The model handles inputs up to 8K tokens and video/audio segments up to 30 seconds, with segmentation for larger files and selectable embedding dimensions. Both synchronous and asynchronous APIs are supported to balance latency and throughput, and Nova is available in Amazon Bedrock in US East (N. Virginia).
read more →

ChatGPT Atlas 'Tainted Memories' CSRF Risk Exposes Accounts

⚠️ Researchers disclosed a CSRF-based vulnerability in ChatGPT Atlas that can inject malicious instructions into the assistant's persistent memory, potentially enabling arbitrary code execution, account takeover, or malware deployment. LayerX warns that corrupted memories persist across devices and sessions until manually deleted and that Atlas' anti-phishing defenses lag mainstream browsers. The flaw converts a convenience feature into a persistent attack vector that can be invoked during normal prompts.
read more →

AI 2030: The Coming Era of Autonomous Cybercrime Threats

🔒 Organizations worldwide are rapidly adopting AI across enterprises, delivering efficiency gains while introducing new security risks. Cybersecurity is at a turning point where AI fights AI, and today's phishing and deepfakes are precursors to autonomous, self‑optimizing AI threat actors that can plan, execute, and refine attacks with minimal human oversight. In September 2025, Check Point Research found that 1 in 54 GenAI prompts from enterprise networks posed a high risk of sensitive-data exposure, underscoring the urgent need to harden defenses and govern model use.
read more →

Cyber-risk in the Shadows: Shadow IT, AI Use and Risks

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.
read more →

Mic-E-Mouse: Eavesdropping via High-Resolution Mice

🔊 A recent study by researchers at the University of California, Irvine shows that very high-resolution optical sensors in some mice can detect minute desk vibrations produced by speech. The theoretical attack, labeled Mic-E-Mouse, requires mice with extremely high DPI (≈10,000+) and very high polling rates (≈4,000 Hz+) and malware to exfiltrate raw sensor frames. The raw signals are extremely noisy, but Wiener filtering and ML-based denoising allowed partial speech recovery under controlled lab conditions. Significant practical limitations — few qualifying models, controlled setups with speakers inches from the sensor, and steep drops in accuracy with common barriers — plus straightforward mitigations make the attack largely a proof of concept for now.
read more →

Secure AI at Scale and Speed: Free Webinar Framework

🔐 The Hacker News is promoting a free webinar that presents a practical framework to secure AI at scale while preserving speed of adoption. Organizers warn of a growing “quiet crisis”: rapid proliferation of unmanaged AI agents and identities that lack lifecycle controls. The session focuses on embedding security by design, governing AI agents that behave like users, and stopping credential sprawl and privilege abuse from Day One. It is aimed at engineers, architects, and CISOs seeking to move from reactive firefighting to proactive enablement.
read more →

Manipulating Meeting Notetakers: AI Summarization Risks

📝 In many organizations the most consequential meeting attendee is the AI notetaker, whose summaries often become the authoritative meeting record. Participants can tailor their speech—using cue phrases, repetition, timing, and formulaic phrasing—to increase the chance their points appear in summaries, a behavior the author calls AI summarization optimization (AISO). These tactics mirror SEO-style optimization and exploit model tendencies to overweight early or summary-style content. Without governance and technical safeguards, summaries may misrepresent debate and confer an invisible advantage to those who game the system.
read more →

ChatGPT Atlas Signals Shift Toward AI Operating Systems

🤖 ChatGPT Atlas previews a future where AI becomes the primary interface for computing, letting users describe outcomes while the system orchestrates apps, data, and web services. Atlas demonstrates an context-aware assistant that understands a user’s digital life and can act on their behalf. This prototype points to productivity and accessibility gains, but it also creates new security, privacy, and governance challenges organizations must prepare for.
read more →

CISO Imperative: Building Resilience in Accelerating Threats

🔒 The Microsoft Digital Defense Report 2025 warns that cyber threats are accelerating in speed, scale, and sophistication, driven by AI and coordinated, cross-border operations. Attack windows have shrunk—compromises can occur within 48 hours in cloud containers—while AI-powered phishing and credential theft have grown markedly more effective. For CISOs this requires reframing security as a business enabler, prioritizing resilience, automation, and modern identity controls such as phishing-resistant MFA. The Secure Future Initiative provides practitioner-tested patterns to operationalize these priorities.
read more →

Meta launches new anti-scam tools for WhatsApp, Messenger

🛡️ Meta is rolling out new anti-scam features for Messenger and WhatsApp to help users detect and avoid fraud. Messenger testing includes AI-assisted scam detection that warns about suspicious new contacts and offers options to block, report, or submit messages for review. WhatsApp will display warnings about screen-sharing with unknown callers. These protections are enabled by default.
read more →

AI-Powered Mobile Threats Elevate Need to Rethink Security

📱 The 2025 Verizon Mobile Security Index underscores growing danger as mobile devices account for the majority of global internet traffic and increasingly serve as primary attack surfaces. Check Point highlights the rise of AI-powered threats, persistent phishing, and human error that expand exposure. Organizations must rethink security architectures, strengthen endpoint controls, and adopt AI-aware defenses across apps, devices, and identities to reduce risk.
read more →

Ransomware Payouts Rise to $3.6M as Tactics Evolve

🔒 The average ransomware payment climbed to $3.6m in 2025, up from $2.5m in 2024, as attackers shift to fewer but more lucrative, targeted campaigns. ExtraHop's Global Threat Landscape Report found 70% of affected organisations paid ransoms, with healthcare and government incidents averaging nearly $7.5m each. The study highlights expanding risks from public cloud, third‑party integrations and generative AI, and urges organisations to map their attack surface, monitor internal traffic for lateral movement and prepare for AI‑enabled tactics.
read more →

AI-Enabled Ransomware: CISOs’ Top Security Concern

🛡️ CrowdStrike’s 2025 ransomware survey finds that AI is compressing attacker timelines and enhancing phishing, malware creation, and social engineering, forcing defenders to react in minutes rather than hours. 78% of respondents reported a ransomware incident in the past year, yet fewer than 25% recovered within 24 hours and paying victims often faced repeat compromise and data theft. CISOs rank AI-enabled ransomware as their top AI-related security concern, and many organizations are accelerating adoption of AI detection, automated response, and improved training.
read more →

Securing AI in Defense: Trust, Identity, and Controls

🔐 AI promises stronger cyber defense but expands the attack surface if not governed properly. Organizations must secure models, data pipelines, and agentic systems with the same rigor applied to critical infrastructure. Identity is central: treat every model or autonomous agent as a first‑class identity with scoped credentials, strong authentication, and end‑to‑end audit logging. Adopt layered controls for access, data, deployment, inference, monitoring, and model integrity to mitigate threats such as prompt injection, model poisoning, and credential leakage.
read more →

CISOs' 2025 Priorities: Data, AI, and Simplification

🔒 CSO's 2025 Security Priorities Study finds security leaders are juggling expanding responsibilities while facing greater complexity in selecting the right tools. Seventy-six percent say solution selection is more complex and 57% had trouble finding incident root causes in the past year. Top focuses are protecting sensitive data, securing cloud systems, and simplifying IT infrastructure, with 73% now more likely to consider AI-enabled security. Many plan to rely on managed service providers and maintain level budgets while driving strategic AI and governance initiatives.
read more →

Amazon Bedrock Data Automation Adds Video, Faster Images

🎞️ Amazon Bedrock Data Automation now supports AVI, MKV, and WEBM video formats and the AV1 and MPEG-4 Visual (Part 2) codecs, expanding coverage for archival, multi-track, and web-based videos. The service also delivers up to 50% faster image processing to accelerate extraction of visual insights. BDA is available in eight AWS Regions, enabling organizations to process native formats and streamline GenAI workflows.
read more →

Ransomware Reality: High Confidence, Low Preparedness

⚠️ The CrowdStrike State of Ransomware Survey reveals a sizable gap between organizational confidence and actual ransomware readiness. Half of 1,100 security leaders say they are "very well prepared," yet 78% were attacked in the past year and fewer than 25% recovered within 24 hours. The report warns that AI-accelerated attacks deepen this gap and recommends AI-native detection and response such as Falcon to regain the advantage.
read more →

AI-Powered Phishing Detection: Next-Gen Security Engine

🛡️ Check Point introduces a continuously trained AI engine that analyzes website content, structure, and authentication flows to detect phishing with high accuracy. Integrated with ThreatCloud AI, it delivers protection across Quantum gateways, Harmony Email, Endpoint, and Harmony Mobile. The model learns from millions of domains and real-time telemetry to adapt to new evasion techniques. Early results indicate improved detection of brand impersonation and credential-harvesting pages.
read more →

Moloco and Google Cloud Power AI Vector Search in Retail

🔎 Moloco’s AI-native retail media platform, integrated with Vertex AI Vector Search on Google Cloud, delivers semantic, real-time ad retrieval and personalized recommendations. The joint architecture uses TPUs and GPUs for model training and scoring while vector search runs efficiently on CPUs, enabling outcomes-based bidding at scale. Internal benchmarks report ~10x capacity, up to ~25% lower p95 latency, and a ~4% revenue uplift. The managed service reduces operational overhead and accelerates time-to-value for retailers.
read more →