SecurityTicks - Security Ticks

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

supply chain, Supply Chain Security, Vulnerabilities / SecurityTicks

Build Application Firewalls Aim to Stop the Next Supply Chain Attack 2026-05-11 at 17:12 By Kevin Townsend Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt […]

Build Application Firewalls Aim to Stop the Next Supply Chain Attack Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

cybersecurity, Don't miss, Hot stuff, Linux, News, operating system, system hardening, vulnerability disclosure, vulnerability management / SecurityTicks

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

Alation AI Governance creates a system of record for AI oversight

Alation, Industry news / SecurityTicks

Alation AI Governance creates a system of record for AI oversight 2026-05-11 at 16:48 By Industry News Alation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools faster than they can govern them. As a

Alation AI Governance creates a system of record for AI oversight Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats / SecurityTicks

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue

cybercrime, EU, Germany, law enforcement, News / SecurityTicks

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue 2026-05-11 at 16:48 By Sinisa Markovic German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue Read More »

SailPoint Agentic Fabric expands identity governance to autonomous AI agents

Industry news, SailPoint / SecurityTicks

SailPoint Agentic Fabric expands identity governance to autonomous AI agents 2026-05-11 at 16:48 By Industry News SailPoint has introduced SailPoint Agentic Fabric, a new platform designed to help enterprises secure AI agents and other non-human identities at scale. As organizations deploy autonomous AI agents across cloud environments, applications, and endpoints, they face a growing governance

SailPoint Agentic Fabric expands identity governance to autonomous AI agents Read More »

Google Detects First AI-Generated Zero-Day Exploit

AI, Artificial Intelligence, exploit, Google / SecurityTicks

Google Detects First AI-Generated Zero-Day Exploit 2026-05-11 at 16:48 By Eduard Kovacs The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Detects First AI-Generated Zero-Day Exploit Read More »

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Uncategorized / SecurityTicks

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More 2026-05-11 at 16:48 By Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Read More »

Skoda Data Breach Hits Online Shop Customers

data breach, Data Breaches, Skoda / SecurityTicks

Skoda Data Breach Hits Online Shop Customers 2026-05-11 at 15:09 By Ionut Arghire Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Skoda Data Breach Hits Online Shop Customers Read More »

Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring

AI, Artificial Intelligence, Cloudflare, layoff, layoffs, Management & Strategy / SecurityTicks

Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring 2026-05-11 at 15:09 By Eduard Kovacs The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring Read More »

Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room

Uncategorized / SecurityTicks

Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room 2026-05-11 at 15:09 By Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team

Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room Read More »

Inside Meta’s threat to exit New Mexico over kids safety rules — and whether experts believe the ploy will work

Uncategorized / SecurityTicks

Inside Meta’s threat to exit New Mexico over kids safety rules — and whether experts believe the ploy will work 2026-05-11 at 13:58 By Thomas Barrabi Meta claims the remedies sought by New Mexico Attorney General Raúl Torrez – including an effective age verification process and recommendation algorithms that prioritize user safety over engagement– are “so

Inside Meta’s threat to exit New Mexico over kids safety rules — and whether experts believe the ploy will work Read More »

Instagram messaging encryption removed, and privacy advocates are pushing back

Encryption, Instagram, Meta, News, Privacy / SecurityTicks

Instagram messaging encryption removed, and privacy advocates are pushing back 2026-05-11 at 13:57 By Anamarija Pogorelec After introducing optional end-to-end encrypted messaging in 2023, Instagram announced in March 2026 that encryption for direct messages would be discontinued, and the feature was removed on May 8. The change allows Instagram to access direct message content, including

Instagram messaging encryption removed, and privacy advocates are pushing back Read More »

The questionnaire-based TPRM model is broken, and TrustCloud has a fix

Industry news / SecurityTicks

The questionnaire-based TPRM model is broken, and TrustCloud has a fix 2026-05-11 at 13:57 By Industry News TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk

The questionnaire-based TPRM model is broken, and TrustCloud has a fix Read More »

SailPoint Discloses GitHub Repository Hack

Data Breaches, Repository, SailPoint, source code / SecurityTicks

SailPoint Discloses GitHub Repository Hack 2026-05-11 at 13:57 By Ionut Arghire The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SailPoint Discloses GitHub Repository Hack Read More »

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx, Jenkins, supply chain attack, Supply Chain Security, TeamPCP, Trivy / SecurityTicks

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 2026-05-11 at 13:57 By Ionut Arghire A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Read More »

The scam economy has found its AI upgrade

AI, consumer, cybersecurity, deepfakes, F-Secure, News, report, scams / SecurityTicks

The scam economy has found its AI upgrade 2026-05-11 at 12:32 By Anamarija Pogorelec Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according

The scam economy has found its AI upgrade Read More »

Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Canvas, Data Breaches, education, Incident Response, Instructure, ShinyHunters / SecurityTicks

Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools 2026-05-11 at 11:58 By Associated Press Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System Is Online After a Cyberattack

Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools Read More »

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag, Endpoint Security, Featured, Linux, Linux vulnerability, privilege escalation, Vulnerabilities / SecurityTicks

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks 2026-05-11 at 11:27 By Eduard Kovacs Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks Read More »

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Uncategorized / SecurityTicks

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads 2026-05-11 at 11:27 By A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads Read More »