framework

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks

AitM, backdoor, China, DKnife, framework, Malware & Threats /

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks 2026-02-06 at 11:08 By Ionut Arghire Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users. The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek. This article is an excerpt […]

React to this headline:

Loading spinner

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks Read More »

Mobile privacy audits are getting harder

Android, Don't miss, EU, Europe, framework, mobile apps, News, Privacy, research /

Mobile privacy audits are getting harder 2026-02-06 at 09:28 By Anamarija Pogorelec Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither reliably shows what

React to this headline:

Loading spinner

Mobile privacy audits are getting harder Read More »

Audits for AI systems that keep changing

Artificial Intelligence, framework, News, standards /

Audits for AI systems that keep changing 2026-01-28 at 07:28 By Anamarija Pogorelec Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement

React to this headline:

Loading spinner

Audits for AI systems that keep changing Read More »

EU tightens cybersecurity rules for tech supply chains

cyber resilience, ENISA, EU, Europe, European Commission, framework, Government, News /

EU tightens cybersecurity rules for tech supply chains 2026-01-21 at 17:24 By Anamarija Pogorelec The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure ICT supply chains and ensure products reaching EU citizens are secure by design through a streamlined

React to this headline:

Loading spinner

EU tightens cybersecurity rules for tech supply chains Read More »

MITRE Launches New Security Framework for Embedded Systems 

embedded, ESTM, framework, ICS/OT, IoT Security, MITRE /

MITRE Launches New Security Framework for Embedded Systems  2026-01-21 at 14:15 By Eduard Kovacs The Embedded Systems Threat Matrix (ESTM) aims to help organizations protect critical embedded systems.  The post MITRE Launches New Security Framework for Embedded Systems  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

MITRE Launches New Security Framework for Embedded Systems  Read More »

Security leaders push for continuous controls as audits stay manual

Artificial Intelligence, automation, Compliance, cybersecurity, framework, monitoring, News, RegScale, report /

Security leaders push for continuous controls as audits stay manual 2026-01-21 at 07:03 By Anamarija Pogorelec Security teams say they want real-time insight into controls, but still rely on periodic checks that trail daily operations. New RegScale research shows how wide that gap remains and where organizations are directing time, staff, and budget to manage

React to this headline:

Loading spinner

Security leaders push for continuous controls as audits stay manual Read More »

CISO Assistant: Open-source cybersecurity management and GRC

CISO, Compliance, cybersecurity, DevSecOps, Don't miss, framework, GitHub, GRC, Hot stuff, News, open source, Risk Management, software, strategy /

CISO Assistant: Open-source cybersecurity management and GRC 2026-01-14 at 13:25 By Mirko Zorz CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to

React to this headline:

Loading spinner

CISO Assistant: Open-source cybersecurity management and GRC Read More »

Weak enforcement keeps PCI DSS compliance low

Compliance, Don't miss, framework, News, PCI DSS, regulation, research /

Weak enforcement keeps PCI DSS compliance low 2025-12-23 at 09:41 By Sinisa Markovic Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive. A compliance gap that

React to this headline:

Loading spinner

Weak enforcement keeps PCI DSS compliance low Read More »

LLMs work better together in smart contract audits

blockchain, CISO, cybersecurity, Don't miss, Ethereum, framework, LLMs, News, research, strategy, tips /

LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of

React to this headline:

Loading spinner

LLMs work better together in smart contract audits Read More »

NVIDIA research shows how agentic AI fails under attack

Artificial Intelligence, cyber risk, Don't miss, Features, framework, Hot stuff, Lakera, LLMs, News, NVIDIA, red team, research, Risk Management /

NVIDIA research shows how agentic AI fails under attack 2025-12-08 at 09:56 By Sinisa Markovic Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models,

React to this headline:

Loading spinner

NVIDIA research shows how agentic AI fails under attack Read More »

CISOs are questioning what a crisis framework should look like

Binalyze, burnout, CISO, cyberattacks, cybersecurity, framework, Incident Response, News, report, resilience /

CISOs are questioning what a crisis framework should look like 2025-12-03 at 07:32 By Anamarija Pogorelec CISOs increasingly assume the next breach is coming. What concerns them most is whether their teams will understand the incident quickly enough to limit the fallout. A recent report by Binalyze looks at how investigation practices are holding up

React to this headline:

Loading spinner

CISOs are questioning what a crisis framework should look like Read More »

Attackers keep finding new ways to fool AI

Artificial Intelligence, cybersecurity, framework, Government, News, report, security standard /

Attackers keep finding new ways to fool AI 2025-12-02 at 08:14 By Anamarija Pogorelec AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks. Developers build layered defenses Across the AI ecosystem, developers are

React to this headline:

Loading spinner

Attackers keep finding new ways to fool AI Read More »

DeepTeam: Open-source LLM red teaming framework

Don't miss, framework, GitHub, LLMs, News, open source, prompt injection, red team, software /

DeepTeam: Open-source LLM red teaming framework 2025-11-26 at 07:37 By Sinisa Markovic Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes

React to this headline:

Loading spinner

DeepTeam: Open-source LLM red teaming framework Read More »

The confidence trap holding security back

Artificial Intelligence, boardroom, cyberattacks, cybersecurity, framework, Immersive, News, report, training /

The confidence trap holding security back 2025-11-20 at 07:37 By Anamarija Pogorelec Security leaders often feel prepared for a major cyber incident, but performance data shows a different reality. Teams continue to miss key steps during practice scenarios, and the gap between confidence and capability keeps growing. Findings from Immersive’s Cyber Workforce Benchmark Report show

React to this headline:

Loading spinner

The confidence trap holding security back Read More »

Protecting mobile privacy in real time with predictive adversarial defense

API security, Don't miss, framework, mobile, News, Privacy, research, smartphones /

Protecting mobile privacy in real time with predictive adversarial defense 2025-11-14 at 09:25 By Sinisa Markovic Mobile sensors are everywhere, quietly recording how users move, tilt, or hold their phones. The same data that powers step counters and activity trackers can also expose personal details such as gender, age, or even identity. A new study

React to this headline:

Loading spinner

Protecting mobile privacy in real time with predictive adversarial defense Read More »

Healthcare security is broken because its systems can’t talk to each other

Compliance, cybersecurity, Don't miss, Features, framework, healthcare, Hot stuff, News, Prime Therapeutics, security controls, strategy, tips /

Healthcare security is broken because its systems can’t talk to each other 2025-11-13 at 09:39 By Mirko Zorz In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a

React to this headline:

Loading spinner

Healthcare security is broken because its systems can’t talk to each other Read More »

A new way to think about zero trust for workloads

CISO, cybersecurity, Don't miss, enterprise, Features, framework, Hot stuff, News, OpenID, research, SentinelOne, strategy, Zero Networks, zero trust /

A new way to think about zero trust for workloads 2025-11-03 at 09:10 By Mirko Zorz Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for authenticating workloads without long-lived secrets. Instead of relying on

React to this headline:

Loading spinner

A new way to think about zero trust for workloads Read More »

Everyone’s adopting AI, few are managing the risk

Artificial Intelligence, AuditBoard, cyber resilience, cybersecurity, framework, News, report, risk, Risk Management /

Everyone’s adopting AI, few are managing the risk 2025-10-17 at 08:52 By Anamarija Pogorelec AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for the

React to this headline:

Loading spinner

Everyone’s adopting AI, few are managing the risk Read More »

What if your privacy tools could learn as they go?

Countly, data security, Don't miss, Features, framework, healthcare, Hot stuff, News, Privacy, research /

What if your privacy tools could learn as they go? 2025-10-14 at 11:49 By Mirko Zorz A new academic study proposes a way to design privacy mechanisms that can make use of prior knowledge about how data is distributed, even when that information is incomplete. The method allows privacy guarantees to stay mathematically sound while

React to this headline:

Loading spinner

What if your privacy tools could learn as they go? Read More »

From theory to training: Lessons in making NICE usable

CISA, CISO, CXO, cybersecurity, Daon, Don't miss, Features, framework, Hot stuff, News, NICE, research, Risk Management, SMBs, strategy, tips /

From theory to training: Lessons in making NICE usable 2025-10-10 at 09:02 By Mirko Zorz SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and

React to this headline:

Loading spinner

From theory to training: Lessons in making NICE usable Read More »

Scroll to Top