< ciso
brief />
Tag Banner

All news with #insider threat tag

132 articles · page 4 of 7

Man Arrested After Downloading Confidential Police Files

🔒 Dutch police arrested a 40-year-old man in Ridderkerk after he downloaded confidential documents that an officer mistakenly shared via a download link and then refused to delete them unless he received "something in return." Authorities detained him on suspicion of computer trespass, searched his home and seized storage devices to recover the files. Police reported the breach and are investigating, saying there is no indication the documents were distributed further.
read more →

OpenClaw (Moltbot): Critical Enterprise AI Agent Risks

⚠️ OpenClaw (formerly Clawdbot/Moltbot) is an open-source local AI assistant that integrates with chat apps and can access calendars, email, browsers and the filesystem. Since its November 2025 debut and January 2026 viral spike, multiple critical vulnerabilities — notably CVE-2026-25253 — enabled token theft and arbitrary command execution. The project stores secrets in plaintext, exposes dangerous defaults, and hosts a marketplace where malicious skills have proliferated. Organizations face regulatory, operational, and insider-threat risks if employees run this software on personal or corporate devices.
read more →

Developers as an Emerging Attack Vector in Software

🔐 Developers and the tools they rely on are increasingly targeted as attackers move beyond exploiting application bugs to compromising developer workflows and ecosystems. Threats include typosquatting, malicious open-source packages, compromised plugins, supply-chain hijacks and fake employees who gain insider access. AI increases the scale and plausibility of social engineering, code changes and malicious package recommendations. Security leaders should combine identity hygiene, least-privilege, secrets management, whitelists and continuous hands-on developer training to reduce risk.
read more →

Software Developers as Prime Cyber Targets and Risks

🔐 Software developers are increasingly targeted by attackers exploiting their tools, credentials, and trusted channels rather than traditional application bugs. Threats include malicious IDE extensions, tainted open-source packages, CI/CD pipeline abuse, credential theft, social engineering, and AI-driven manipulation. Because developers hold tokens, API keys, cloud credentials, and long-lived secrets, compromises can grant broad access to source code and infrastructure. CISOs must combine technical controls, least-privilege practices, supply-chain defenses, and ongoing developer training to reduce systemic risk.
read more →

Smashing Security #453: Epstein Files Expose Risks Now

📰 In episode 453 of Smashing Security, Graham Cluley and guest Tricia Howard examine how sloppy redaction and a mix of AI and open social profiles can deanonymise documents once thought obscured. They discuss real-world incidents including malware delivery via a compromised Notepad++ installer, a sex-addiction app leaking intimate user data, and a problematic AV update used to distribute malware. The episode also highlights insider-threat risks after a senior US cybersecurity official uploaded sensitive government material into a public ChatGPT instance, and explores how broken trust can have lasting reputational consequences for vendors and organisations.
read more →

Coinbase Confirms Contractor Insider Breach of Support Data

🔒 Coinbase confirmed that a contractor improperly accessed data for approximately 30 customers in a December incident, and the individual no longer performs services for the company. Impacted users were notified, provided identity theft protection services, and Coinbase disclosed the incident to relevant regulators. Screenshots of an internal support panel briefly appeared on Telegram and were associated with the 'Shiny Lapsus Hunters' posts, showing customer PII, KYC details, and wallet balances, though attribution remains unclear.
read more →

Step Finance: Executive Device Compromise Leads to $40M Theft

🚨 Step Finance announced on January 31 that attackers compromised devices belonging to several executives, resulting in the theft of roughly $40 million in digital assets. The Solana-based DeFi analytics and execution platform engaged external cybersecurity researchers and law enforcement and has recovered about $4.7 million so far through Token22 protections and partner coordination. Some operations are paused to strengthen security. Users are advised not to interact with the STEP token while a pre-exploit snapshot and remediation plan are processed.
read more →

Former Google Engineer Guilty of Stealing AI Secrets

🔒 A former Google engineer, Linwei Ding, was convicted by a US federal jury on 14 counts, including economic espionage and theft of trade secrets, after allegedly exfiltrating over 2,000 pages of sensitive AI technical documents. Prosecutors say he copied data into Apple Notes, converted it to PDFs, and uploaded the materials to a personal Google Cloud account to evade DLP controls. The stolen IP involved custom TPU and GPU orchestration software and SmartNIC designs intended for AI supercomputers, and the DoJ alleges Ding planned to support Chinese state-affiliated entities.
read more →

Former Google Engineer Convicted for Stealing AI Data

🔒 A U.S. jury has convicted Linwei Ding, a former software engineer at Google, for stealing confidential AI supercomputer information and covertly sharing it with China-based technology firms. Prosecutors say Ding exfiltrated more than 2,000 pages of proprietary material — including details about TPU and GPU systems, orchestration software, and SmartNIC networking — by uploading files to his personal cloud account between May 2022 and April 2023. He later founded Shanghai Zhisuan Technology Co., sought government talent programs, and was convicted on multiple counts of economic espionage and trade secret theft after an 11-day San Francisco trial.
read more →

CISA Issues New Guidance on Insider Threat Risk Management

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic to help critical infrastructure operators and SLTT governments prevent, detect and respond to insider threats. It advocates treating insider risk as an essential capability and recommends scalable, multidisciplinary teams that are embedded in existing structures. The guidance outlines a four-stage model—plan, organize, execute, maintain—and emphasizes confidentiality, legal compliance and coordination with external partners.
read more →

CISA Acting Director Uploaded FOUO Files to ChatGPT

🛡️ The acting director of the U.S. Cybersecurity and Infrastructure Security Agency uploaded multiple for official use only (FOUO) contracting documents to the public version of ChatGPT between mid‑July and early August 2025, triggering automated DHS security alerts. Sensors detected the activity in early August, generating several alerts in the first week and prompting an internal review. The uploads—containing contracting information not intended for public release—underscore gaps in AI governance and exception handling for senior officials at CISA.
read more →

Four Arrested in Discord SWATting and Doxing Crackdown

🚨 Hungarian and Romanian police arrested four young men accused of orchestrating Discord-based SWATting and doxing campaigns that triggered hoax bomb threats and endangered targeted individuals. Law enforcement released video of coordinated raids in which computers, phones and other digital evidence were seized as investigators traced anonymous calls to spoofed numbers. Suspects, aged 16 to 20, face investigations and charges including misuse of personal data and public endangerment; authorities stress these actions are serious crimes with potentially life‑threatening consequences.
read more →

CISA Urges Critical Infrastructure to Combat Insider Threats

🛡️ CISA is urging critical infrastructure organizations and SLTT governments to take decisive action against insider threats and has published an infographic titled Assembling a Multi-Disciplinary Insider Threat Management Team to guide prevention, detection, and mitigation. The agency highlights that insider threats include both deliberate malicious acts and unintentional errors that can undermine systems and trust. The resource offers actionable steps to build cross-functional teams, foster accountability, and strengthen organizational resilience.
read more →

Law Firm Probes Coupang Security Failures After Breach

🔍 US law firm Hagens Berman is investigating alleged security failures at Coupang after a June 2025 breach that may have exposed the personal data of 33.7 million customers. The firm says it is probing why it took nearly six months to detect a former employee’s access and alleges inadequate access protocols. Investors are being urged to join a class action by the February 17 lead-plaintiff deadline. South Korean regulators and police have also opened inquiries, and Coupang has faced executive changes and an order to remove a liability disclaimer from its terms.
read more →

Insider Threats: Recognising and Managing Internal Risk

🔒 A growing body of evidence shows insider threats are a systemic and underestimated risk: a Bitkom survey found 48% of German companies attribute data theft, espionage or sabotage to employees. Insiders hold legitimate access and institutional knowledge, enabling subtle misuse that often evades technical controls. Effective protection requires shifting from isolated tools to a holistic, human-centred approach that combines culture, governance and clear ownership of risk.
read more →

Hidden Risks of Orphan Accounts in Enterprise Identity

🔒 Orphan accounts — abandoned human, service, and AI‑agent identities — create persistent, unseen access across applications, platforms, assets, and cloud consoles. These dormant accounts often evade traditional IAM and IGA tools due to integration gaps, unclear ownership, and proliferation of non‑human identities. Continuous identity audit using application telemetry and a unified audit trail can detect, flag, and automatically remediate or decommission orphaned accounts. Orchid positions its Identity Audit as connective evidence to inform IAM decisions.
read more →

Invisible Culture Undermining Security Operations Now

🔍 Organizational culture — not the tools — is the decisive factor in security outcomes. The piece identifies three interrelated layers: observable (policies, controls, visible behaviors), non-observable (beliefs, biases, risk perception) and implicit (unspoken norms and power dynamics) that together determine whether controls work in practice. It uses high-profile breaches and a deep dive into a mid-sized financial firm to show how misaligned incentives, leadership signals and psychological safety can nullify even well-built technical defenses, and prescribes culture audits, leadership modeling, integrated DevSecOps and incentive changes to effect durable improvement.
read more →

Payroll Pirates: Social Engineering Diverts Paychecks

📞 This Unit 42 engagement recounts how an attacker used social engineering to impersonate employees and manipulate payroll, IT, and HR help desks to reset passwords and re-enroll MFA, ultimately redirecting direct-deposit payments into attacker-controlled accounts. Unit 42 investigated using Cortex XSIAM and correlated payroll, HR, and firewall telemetry to contain the compromise to three accounts, reverse fraudulent payroll changes, and harden identity controls. The case underscores how human-driven workflows can be exploited to bypass technical defenses and cause targeted financial fraud.
read more →

Google Vertex AI permissions raise insider threat risks

⚠️ XM Cyber disclosed privilege-escalation flaws in Google’s Vertex AI that let low‑privileged users manipulate Google-managed Service Agents to gain elevated project-wide permissions. Google told XM Cyber this behavior is "working as intended." Security experts warn that managed service identities and insecure defaults create invisible, structural risks. CISOs are urged to audit service identities, reduce authentication scope, and monitor agent activity like privileged users.
read more →

Insider Risk in an Era of Workforce Volatility and AI Agents

⚠️ Economic pressures, mass layoffs, and rapid AI adoption have pushed insider risk to multi-year highs. In 2025 tech companies announced roughly 245,000 job cuts while US employers logged more than 1.17 million cuts, fueling resentment, negligence, and opportunistic exfiltration. Autonomous AI agents — highlighted by Palo Alto Networks — expand the attack surface, introducing risks like goal hijacking, prompt injection, and shadow deployments that require urgent governance and monitoring.
read more →