A small Slovenian team handles 6,000 cyber incidents a year

Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES,… Continue reading A small Slovenian team handles 6,000 cyber incidents a year

Zero trust physical security needs trust decisions at the edge

In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the edge … Continue reading Zero trust physical security needs trust decisions at the edge

Data discovery gaps that catch enterprises off guard

In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage, pos… Continue reading Data discovery gaps that catch enterprises off guard

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in th… Continue reading OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

Zapier exploit chain shows how known anti-patterns compose into critical risk

A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in… Continue reading Zapier exploit chain shows how known anti-patterns compose into critical risk

Zapier exploit chain shows how known anti-patterns compose into critical risk

A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in… Continue reading Zapier exploit chain shows how known anti-patterns compose into critical risk

Zapier exploit chain shows how known anti-patterns compose into critical risk

A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in… Continue reading Zapier exploit chain shows how known anti-patterns compose into critical risk

The CISO selling confidence in a market full of breach headlines

Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled the role… Continue reading The CISO selling confidence in a market full of breach headlines

Frontier AI models collapse under multi-turn AI attacks, Cisco finds

Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks u… Continue reading Frontier AI models collapse under multi-turn AI attacks, Cisco finds

Coinflow CISO on crypto payments security under AI pressure

Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow… Continue reading Coinflow CISO on crypto payments security under AI pressure