Collaborate Disseminate
Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result of an action) used during training. A new research paper explores a different … Continue reading New observational auditing framework takes aim at machine learning privacy leaks
Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out what matters. When you dig into real incidents involving payment data, a surprising number come d… Continue reading Why password management defines PCI DSS success
Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range of model sizes and … Continue reading Small language models step into the fight against phishing sites
Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, … Continue reading DeepTeam: Open-source LLM red teaming framework
People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength of the encryption that protects each hop. Tor developers are preparing a major upgrade called Counter Galois On… Continue reading Tor Project is rolling out Counter Galois Onion encryption
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers. Microsoft has updated Defender for Office 365 so tha… Continue reading Microsoft cracks down on malicious meeting invites
The expansion of IoT devices in shared, multi-vendor environments, such as aircraft cabins, has created tension between the benefits of data collaboration and the risks to passenger privacy, vendor intellectual property, and regulatory compliance. A ne… Continue reading Aircraft cabin IoT leaves vendor and passenger data exposed
cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs attention. At it… Continue reading cnspec: Open-source, cloud-native security and policy project
Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security teams rush to uncover who had access, how those passwords were stored and whether… Continue reading Is your password manager truly GDPR compliant?
Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play Store, those privacy sections often leave people scratching their heads. A new study looks at how users read these parts of an… Continue reading Google Play Store’s privacy practices still confuse Android users