Cybersecurity

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome....

Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."...

The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices....

Webinar Promo 2025 was the year of AI experimentation. In 2026, the bills are coming due. AI adoption has moved from isolated pilots to autonomous, enterprise wide deployment, bringing with it a sophisticated new generation of security challenges....

US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 15

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 14

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool [...]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s [...]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 11

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data.

The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic.

See what you missed in Daily Tech Insider from April 6–10.

The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic.

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available.

The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic.

Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your account and finances.

The post New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts appeared first on TechRepublic.

A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps.

The post Massive Data Breach Exposes 337K LAPD-Linked Records appeared first on TechRepublic.

The recent supply chain attack involving Mercor and the LiteLLM vulnerability serves as a massive wake-up call for enterprise security teams. While the security industry has spent the last year fixating on prompt injections and model jailbreaks, this breach highlights a far more systemic vulnerability.

The weakest link in enterprise AI is not necessarily the model itself. It is the middleware connecting the models to your data.

As organizations race to adopt AI, they are relying heavily on proxies, gateways, and Model Context Protocol (MCP) servers to route traffic between their proprietary internal systems and external Large Language Models (LLMs). These integration points form the "Agentic Action Layer." When an API gateway like LiteLLM is compromised, attackers gain the keys to the kingdom, bypassing the model entirely to access the raw data streams flowing underneath.

The Anatomy of an AI Supply Chain Attack.

Tools like LiteLLM are incredibly popular because they solve a real engineering problem. They act as a universal proxy, allowing developers to standardize API calls across dozens of different LLM providers (such as OpenAI, Anthropic, and Google) using a single, unified format.

However, this creates a highly sensitive, centralized chokepoint. If an attacker compromises this middleware, they do not need to trick the AI model with a clever prompt. Instead, they gain direct access to the API keys, the unencrypted prompts containing proprietary data, and the raw model responses. The attacker can intercept, exfiltrate, or manipulate the data in transit.

This is the stark reality of the Agentic Era. The AI supply chain is fundamentally an API supply chain.

The Blind Spot: Why Legacy Tools Fail Here.

When a third-party proxy or MCP server is compromised, the resulting lateral movement is entirely machine-to-machine.

As highlighted in the newly released 1H 2026 State of AI and API Security Report, organizations are completely unprepared for this architectural shift:

• 60.2% of organizations admit a profound lack of control over the security of the AI models driving their applications.
• 48.9% are essentially blind to non-human, machine-to-machine traffic.

When an attacker hijacks a legitimate AI proxy, legacy Web Application Firewalls (WAFs) and standard API gateways fail completely. These tools are designed to inspect inbound external traffic from human users. They are architecturally blind to internal machine identities communicating with external LLM endpoints.

To a legacy WAF, a compromised LiteLLM server exfiltrating data looks exactly like a legitimate AI workload executing a scheduled task.

Securing the Middleware with the Salt Agentic Security Platform

To defend against these next-generation supply chain attacks, organizations must secure the Agentic Action Layer. You cannot secure an infrastructure you cannot see, and you cannot rely on static signatures to catch compromised machine identities acting maliciously.

The Salt Agentic Security Platform neutralizes these proxy breaches through two purpose-built capabilities:

1. Agentic Security Posture Management (AG-SPM) and the Security Graph. To prevent vulnerable middleware from exposing your enterprise, you must first map it. Salt builds a dynamic Agentic Security Graph that continuously maps the multi-pronged relationships between LLMs, external proxies, MCP servers, and foundational APIs. By scanning repositories and runtime environments, Salt identifies risky third-party LLM integrations and uncovers "Shadow AI" infrastructure. If developers spin up an unauthorized or vulnerable LLM proxy, AG-SPM flags it before it can be weaponized by an attacker.

2. Agentic Detection and Response (AG-DR) via Intent Analysis. Even with perfect posture, zero-day supply chain vulnerabilities will occur. When middleware is compromised, security teams need to detect anomalous behavior instantly. Salt AG-DR establishes agentic-aware baselines for all LLM connectivity. It performs Identity-Aware Intent Analysis, correlating 100% of traffic back to the specific machine identity (in this case, the LiteLLM proxy).

If that proxy suddenly begins routing traffic to an unauthorized external IP address or executing massive data pulls that fall outside its expected behavior, Salt recognizes the malicious "Sequence of Intent." The platform immediately interrupts the machine-speed attack and automatically triggers blocking actions, stopping data exfiltration in its tracks.

The Takeaway

The Mercor and LiteLLM incident is not an outlier; it is a preview of the new attacker playbook. Securing AI innovation requires more than just sanitizing prompts. It requires absolute visibility and behavioral control over the API supply chain that connects your data to the models.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security's research team and learn what attackers already know.

The post The AI Supply Chain is Actually an API Supply Chain: Lessons from the LiteLLM Breach appeared first on Security Boulevard.

Google has expanded its encryption capabilities in Gmail to mobile devices, enabling enterprise customers to transmit encrypted emails directly within the app on both Android and iOS. The update removes a limitation that previously restricted native encrypted email use on mobile devices. The rollout allows eligible users to compose and read encrypted messages natively, without..

The post Google Extends Gmail Encryption to Mobile, but Limits Access to Enterprise Tier appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Electric Vehicles’ appeared first on Security Boulevard.

Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud.

The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Flashpoint.

The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Security Boulevard.

We found a convincing fake site that installs a trojanized Claude app while quietly deploying PlugX malware.

The post Fake Claude site installs malware that gives attackers access to your computer appeared first on Security Boulevard.

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for now, will remain unnamed), who had invoices stacking back more than 6 months overdue and despite payment terms of

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Significantly, we're shifting more and more of the workload to the latter

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches. We&

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Watching OpenClaw do its thing must be like watching the first plane take flight. It's a bit rickety and stuck together with a lot of sticky tape, but squint and you can see the potential for agentic AI to change the world as we know it. And I

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers 🤷‍♂️), code on the edge, new data storage constructs and a completely different mechanism for even just querying a simple email address.

Claude is actually pretty good on the issues.

ProPublica has a scoop:

In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.

The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.

Or, as one member of the team put it: “The package is a pile of shit.”

For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security...

This is news:

A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module.

There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them.

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.

AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve...

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport.

In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic devices, including cellphones and laptops.

Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks

Categories: Threat Research

Tags: OpenClaw, LLM, AI, penetration testing, Red Team, CISO, Sophos X-Ops

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements

Categories: Products & Services

Tags: CISO, Compliance

Third consecutive time being named a Customers’ Choice for MDR

Categories: Products & Services

Tags: Gartner, Gartner Peer Insights, MDR, Sophos MDR, Third-Party Reviews

Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS).

Categories: Products & Services

Tags: AWS, Sophos Intelix, amazon, Amazon GuardDuty, Sophos OEM

New Sophos survey reveals only 5% of IT leaders say they fully trust their cybersecurity vendors

Categories: Products & Services, Sophos Insights

Tags: Trust, Privacy, Trust Center