enterprise

The CISO selling confidence in a market full of breach headlines

The CISO selling confidence in a market full of breach headlines 2026-05-28 at 10:16 By Mirko Zorz Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled […]

The CISO selling confidence in a market full of breach headlines Read More »

Coinflow CISO on crypto payments security under AI pressure

Coinflow CISO on crypto payments security under AI pressure 2026-05-27 at 09:24 By Mirko Zorz Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered

Coinflow CISO on crypto payments security under AI pressure Read More »

European AI adoption hits 99% with regulated data driving most policy violations

European AI adoption hits 99% with regulated data driving most policy violations 2026-05-27 at 09:24 By Sinisa Markovic Generative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial information,

European AI adoption hits 99% with regulated data driving most policy violations Read More »

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

The AI backdoor your security stack is not built to see

The AI backdoor your security stack is not built to see 2026-05-18 at 09:42 By Sinisa Markovic Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from

The AI backdoor your security stack is not built to see Read More »

AI cyber capability is speeding past earlier projections

AI cyber capability is speeding past earlier projections 2026-05-14 at 12:48 By Sinisa Markovic AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can complete cybersecurity

AI cyber capability is speeding past earlier projections Read More »

Closing the AI governance gap in your enterprise

Closing the AI governance gap in your enterprise 2026-05-14 at 08:00 By Help Net Security In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI

Closing the AI governance gap in your enterprise Read More »

One in four MCP servers opens AI agent security to code execution risk

One in four MCP servers opens AI agent security to code execution risk 2026-05-05 at 13:21 By Anamarija Pogorelec Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into

One in four MCP servers opens AI agent security to code execution risk Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

Shadow AI risks deepen as 31% of users get no employer training

Shadow AI risks deepen as 31% of users get no employer training 2026-05-01 at 11:49 By Anamarija Pogorelec Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI

Shadow AI risks deepen as 31% of users get no employer training Read More »

Cisco releases open-source toolkit for verifying AI model lineage

Cisco releases open-source toolkit for verifying AI model lineage 2026-04-30 at 16:02 By Mirko Zorz Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026

Cisco releases open-source toolkit for verifying AI model lineage Read More »

New Mirai variants target routers and DVRs in parallel campaigns

New Mirai variants target routers and DVRs in parallel campaigns 2026-04-22 at 16:42 By Zeljka Zorz Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging

New Mirai variants target routers and DVRs in parallel campaigns Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Network segmentation projects fail in predictable patterns

Network segmentation projects fail in predictable patterns 2026-04-15 at 07:25 By Mirko Zorz Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type of failure

Network segmentation projects fail in predictable patterns Read More »

Testing reveals Claude Mythos’s offensive capabilities and limits

Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that

Testing reveals Claude Mythos’s offensive capabilities and limits Read More »

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) 2026-04-04 at 17:39 By Zeljka Zorz Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Read More »

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 2026-03-30 at 15:37 By Zeljka Zorz A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) Read More »

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) 2026-03-28 at 11:30 By Zeljka Zorz A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) Read More »

Your security stack looks fine from the dashboard and that’s the problem

Your security stack looks fine from the dashboard and that’s the problem 2026-03-25 at 08:07 By Anamarija Pogorelec One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience

Your security stack looks fine from the dashboard and that’s the problem Read More »

Scroll to Top