5+ hour, 52+ min ago  (731+ words) The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the Glass Worm malware has uploaded 73 more impersonated links, as its attempt to infect software supply chains continues. Philipp Burckhardt, head of threat intelligence at Socket,…...

19+ hour, 51+ min ago  (472+ words) According to findings by AI pentesting platform Novee Security, once a developer cloned and interacted with a malicious repository, the IDE's AI agent could trigger embedded Git logic, resulting in attacker-controlled code execution. "The root cause is not a flaw…...

19+ hour, 51+ min ago  (829+ words) Identity has always been central to security, but the proliferation of AI agents is rapidly changing the challenge of managing and securing identity, spurring CISOs to rethink their identity strategies " even how it is defined. "Identity is now both a…...

1+ day, 4+ hour ago  (981+ words) The security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (Ai TM) phishing does not steal credentials and replay them. It sits between the user and…...

20+ hour, 50+ min ago  (342+ words) In the enterprise Saa S space, AI agents are becoming an integral part of the Saa S product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise,…...

1+ day, 4+ hour ago  (537+ words) Security researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At risk are devices…...

1+ day, 20+ hour ago  (549+ words) An administrative role meant for AI agents within Microsoft's Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. "Prior to the fix, the Agent ID Administrator role allowed assigning…...

1+ day, 20+ hour ago  (1361+ words) Artificial intelligence tools are revamping Dev Sec Ops processes, enabling security and development teams to more effectively build safeguards into software products from the get-go. But AI's impact on Dev Sec Ops goes well beyond tooling and processes, altering the…...

1+ day, 20+ hour ago  (1046+ words) Every SOC analyst has heard it by now: "AI is coming for your job. I hear it in conversations with SOC teams. I see it in the hesitation during evaluations. And increasingly, I feel it as a source of resistance…...

2+ week, 4+ day ago  (1105+ words) The bills would create national standards for privacy and security practices while broadly preempting many state privacy laws, including the stronger protections already in place in states like California and Maryland. They also would eliminate the possibility of private lawsuits…...