enterprise

AI cyber capability is speeding past earlier projections

AI, Anthropic, cybersecurity, enterprise, News, OpenAI /

AI cyber capability is speeding past earlier projections 2026-05-14 at 12:48 By Sinisa Markovic AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can complete cybersecurity […]

AI cyber capability is speeding past earlier projections Read More »

Closing the AI governance gap in your enterprise

AI, CISO, cyber risk, cybersecurity, enterprise, News, strategy, tips, Video /

Closing the AI governance gap in your enterprise 2026-05-14 at 08:00 By Help Net Security In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI

Closing the AI governance gap in your enterprise Read More »

One in four MCP servers opens AI agent security to code execution risk

agentic AI, AI, cybersecurity, data, enterprise, framework, News, report /

One in four MCP servers opens AI agent security to code execution risk 2026-05-05 at 13:21 By Anamarija Pogorelec Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into

One in four MCP servers opens AI agent security to code execution risk Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, security update, vulnerability /

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

Shadow AI risks deepen as 31% of users get no employer training

AI, enterprise, Lenovo, News, report, survey /

Shadow AI risks deepen as 31% of users get no employer training 2026-05-01 at 11:49 By Anamarija Pogorelec Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI

Shadow AI risks deepen as 31% of users get no employer training Read More »

Cisco releases open-source toolkit for verifying AI model lineage

AI, Cisco, Don't miss, enterprise, GitHub, News, open source, Python, Risk Management /

Cisco releases open-source toolkit for verifying AI model lineage 2026-04-30 at 16:02 By Mirko Zorz Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026

Cisco releases open-source toolkit for verifying AI model lineage Read More »

New Mirai variants target routers and DVRs in parallel campaigns

Akamai, botnet, consumer, DDoS, Don't miss, DVR, end of support, enterprise, exploit, Fortinet, Hot stuff, Internet of Things, Malware, News, router, SMBs /

New Mirai variants target routers and DVRs in parallel campaigns 2026-04-22 at 16:42 By Zeljka Zorz Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging

New Mirai variants target routers and DVRs in parallel campaigns Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security /

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Network segmentation projects fail in predictable patterns

Cisco, enterprise, networking, News, research, survey /

Network segmentation projects fail in predictable patterns 2026-04-15 at 07:25 By Mirko Zorz Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type of failure

Network segmentation projects fail in predictable patterns Read More »

Testing reveals Claude Mythos’s offensive capabilities and limits

AI, Anthropic, Artificial Intelligence, Cloud Security Alliance, cybersecurity, Don't miss, enterprise, Hot stuff, News, security testing, SMBs, tips /

Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that

Testing reveals Claude Mythos’s offensive capabilities and limits Read More »

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

0-day, Defused Cyber, Don't miss, enterprise, Fortinet, Hot stuff, News /

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) 2026-04-04 at 17:39 By Zeljka Zorz Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Read More »

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)

Bishop Fox, Defused Cyber, Don't miss, enterprise, Fortinet, Hot stuff, News, vulnerability /

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 2026-03-30 at 15:37 By Zeljka Zorz A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) Read More »

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)

access management, CISA, CVE, Don't miss, enterprise, F5 Networks, financial industry, Government, Hot stuff, News, vulnerability /

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) 2026-03-28 at 11:30 By Zeljka Zorz A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) Read More »

Your security stack looks fine from the dashboard and that’s the problem

Absolute, CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, endpoint management, enterprise, generative AI, News, report, Risk Management, RSAC 2026 /

Your security stack looks fine from the dashboard and that’s the problem 2026-03-25 at 08:07 By Anamarija Pogorelec One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience

Your security stack looks fine from the dashboard and that’s the problem Read More »

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)

API security, Don't miss, enterprise, Hot stuff, identity management, News, Oracle, vulnerability /

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) 2026-03-23 at 13:50 By Zeljka Zorz Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) Read More »

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

0-day, AWS, Cisco, Don't miss, enterprise, firewall, Hot stuff, News, Ransomware /

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) 2026-03-20 at 15:21 By Zeljka Zorz A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) Read More »

As AI agents start making purchases, security teams must rethink risk

agentic AI, Chargebacks911, Don't miss, enterprise, Features, fraud, Hot stuff, News, Privacy, procurement, risk /

As AI agents start making purchases, security teams must rethink risk 2026-03-05 at 08:17 By Zeljka Zorz In this Help Net Security interview, Donald Kossmann, CTO at fintech company Chargebacks911, talks about the emerging security, fraud, and governance risks of “agentic commerce,” where AI agents can autonomously make purchasing decisions on behalf of users or

As AI agents start making purchases, security teams must rethink risk Read More »

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

CVE, Don't miss, enterprise, Hot stuff, IceWarp, News, security update, Shadowserver, SMBs, vulnerability /

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) 2026-03-04 at 15:57 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) Read More »

AI went from assistant to autonomous actor and security never caught up

1Password, agentic AI, Artificial Intelligence, CISO, Databricks, Don't miss, Elastic, enterprise, Features, Hot stuff, MIT, News /

AI went from assistant to autonomous actor and security never caught up 2026-03-03 at 08:35 By Mirko Zorz Enterprise AI deployments have shifted from pilot programs to production systems handling customer data, executing business transactions, and integrating with core infrastructure. That has exposed a significant gap between what AI agents can do and what security

AI went from assistant to autonomous actor and security never caught up Read More »

Scroll to Top