#cass-report

[ follow ]
#cybersecurity
Healthcare
fromSecurityWeek
5 days ago

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.
Node JS
fromInfoQ
6 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.
Information security
fromSecurityWeek
2 days ago

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026

Thirty-eight cybersecurity-related M&A deals were announced in March 2026, including significant acquisitions by Airbus, AppViewX, Cellebrite, and Databricks.
EU data protection
fromnews.bitcoin.com
1 day ago

MiCA Decoded: July 1 Is Not the Deadline. For Most Service Providers, It Already Passed

Service providers must secure authorization by July 1, 2026, or cease operations, with many missing jurisdiction-specific application deadlines.
DevOps
fromMedium
1 day ago

AWS Security and Compliance Quiz (25 Questions) with Detailed Answers - Cloud Practitioner Guide

Understanding AWS security services is essential for modern applications running on AWS.
#ai-governance
fromFortune
1 month ago
Artificial intelligence

Exclusive: CrowdStrike and SentinelOne veterans raise $34M to tackle enterprise AI's governance gap | Fortune

fromFortune
1 month ago
Artificial intelligence

Exclusive: CrowdStrike and SentinelOne veterans raise $34M to tackle enterprise AI's governance gap | Fortune

#citigroup
France news
fromThe Local France
3 days ago

Citigroup orders home-working as US banks in Paris and Frankfurt tighten security

Citigroup has instructed employees in Paris and Frankfurt to work from home due to heightened security concerns following a thwarted attack on a US bank.
France news
fromwww.thelocal.com
3 days ago

Citigroup orders home-working as US banks in Paris and Frankfurt tighten security

Citigroup has instructed employees in Paris and Frankfurt to work from home due to heightened security concerns following a thwarted attack on a US bank.
France news
fromThe Local France
3 days ago

Citigroup orders home-working as US banks in Paris and Frankfurt tighten security

Citigroup has instructed employees in Paris and Frankfurt to work from home due to heightened security concerns following a thwarted attack on a US bank.
France news
fromwww.thelocal.com
3 days ago

Citigroup orders home-working as US banks in Paris and Frankfurt tighten security

Citigroup has instructed employees in Paris and Frankfurt to work from home due to heightened security concerns following a thwarted attack on a US bank.
#data-breach
Privacy professionals
fromSilicon Canals
2 days ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromTheregister
3 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Privacy professionals
fromSilicon Canals
2 days ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromTheregister
3 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
#ai
Venture
fromSecurityWeek
3 days ago

Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents

Variance raised $21.5 million for an AI platform focused on compliance and risk investigations, enhancing fraud detection and management for financial institutions.
Artificial intelligence
fromSecurityWeek
5 days ago

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.
Venture
fromSecurityWeek
3 days ago

Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents

Variance raised $21.5 million for an AI platform focused on compliance and risk investigations, enhancing fraud detection and management for financial institutions.
Artificial intelligence
fromSecurityWeek
5 days ago

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.
Business intelligence
fromwww.housingwire.com
5 days ago

The AI-native mortgage: Supporting intelligent, compliant adoption

AI is transforming mortgage origination and servicing by improving efficiency and borrower engagement through integrated systems and high-quality data.
SF politics
fromNextgov.com
5 days ago

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.
Remote teams
fromTheregister
6 days ago

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.
fromComputerworld
1 day ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
#fincen
Law
fromwww.housingwire.com
1 week ago

FinCEN's anti-money laundering rule struck down now what?

FinCEN has authority to regulate real estate transactions and enforce reporting requirements under the Bank Secrecy Act.
Law
fromwww.housingwire.com
1 week ago

FinCEN's anti-money laundering rule struck down now what?

FinCEN has authority to regulate real estate transactions and enforce reporting requirements under the Bank Secrecy Act.
Women in technology
fromInfoQ
1 week ago

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.
Artificial intelligence
fromTearsheet
3 days ago

What a bank-client relationship looks like when banks control the data behind the UX - Tearsheet

Grasshopper's Model Context Protocol enables secure AI integration with banking data while maintaining client control and data security.
Podcast
fromSecuritymagazine
1 week ago

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.
DevOps
fromInfoQ
5 days ago

Event-Driven Patterns for Cloud-Native Banking: Lessons from What Works and What Hurts

Event-driven architecture introduces complexity and requires careful implementation, especially in regulated environments, to ensure reliability and system evolution.
London startup
fromFortune
2 weeks ago

UL Solutions rolls out a new standard to fill a gap in AI regulation: 'Innovation without safety is failure' | Fortune

UL Solutions launches its first AI product certification standard (UL 3115) to ensure AI-embedded products are safe, robust, and human-controlled, addressing the lack of government oversight in rapidly evolving AI technology.
#ai-security
fromInfoWorld
2 days ago
Information security

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

DevOps
fromDevOps.com
3 weeks ago

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.
fromZDNET
1 month ago
Miscellaneous

Rolling out AI? 5 security tactics your business can't get wrong - and why

Information security
fromThe Hacker News
2 weeks ago

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.
Software development
fromThe Hacker News
2 weeks ago

How Ceros Gives Security Teams Visibility and Control in Claude Code

AI coding agents like Claude Code operate outside existing enterprise security controls, requiring new machine-level security infrastructure to provide visibility, policy enforcement, and audit trails.
Information security
fromInfoWorld
2 days ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
DevOps
fromDevOps.com
3 weeks ago

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.
fromZDNET
1 month ago
Miscellaneous

Rolling out AI? 5 security tactics your business can't get wrong - and why

Information security
fromThe Hacker News
2 weeks ago

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.
Online learning
fromeLearning Industry
2 weeks ago

Can An LMS Really Reduce Compliance Risk Before It Happens?

A strategically positioned LMS reduces compliance risk by ensuring consistent policy communication across organizations and enabling rapid regulatory updates, transforming it from a reporting tool into a proactive risk management system.
DevOps
fromThe Hacker News
5 days ago

3 SOC Process Fixes That Unlock Tier 1 Productivity

Fragmented workflows and manual triage slow down Tier 1 SOC performance more than the threats themselves.
EU data protection
fromnews.bitcoin.com
1 week ago

MiCA Decoded: 174 Registered CASPs, but Only 14 Can Operate a Centralized Crypto Exchange (CEX)?

Only 14 crypto exchanges are authorized in the EU despite 174 MiCA licenses, revealing unexpected business model distributions across jurisdictions.
Information security
fromThe Hacker News
2 days ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Privacy professionals
fromwww.housingwire.com
2 weeks ago

Reducing risk: Why logging, protection, and review matter

Application logs are critical cybersecurity safeguards that provide visibility into system behavior, enabling early detection of security threats and operational issues in real estate and mortgage lending organizations.
EU data protection
fromTNW | Ecosystems
2 weeks ago

DORA compliance: most European financial firms still aren't ready

Europe's financial institutions struggle to comply with the Digital Operational Resilience Act, with many lacking confidence in meeting the 2025 deadline.
Artificial intelligence
fromNextgov.com
1 week ago

IRS faces AI skills gaps after pushing tech talent out, watchdog finds

The IRS faces significant workforce gaps in AI expertise due to recent staff reductions, impacting its modernization and deployment of artificial intelligence.
Business intelligence
fromwww.housingwire.com
3 weeks ago

Banks adopt AI fast but lack strategy and governance

Organizations prioritize operational efficiency in AI investment, but face significant data infrastructure gaps and regulatory uncertainty that hinder transition from experimentation to strategic deployment.
Information security
fromSecurityWeek
4 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Business intelligence
fromFortune
3 weeks ago

Something big is changing in auditing | Fortune

AI will fundamentally redefine auditing over the next three to five years, with internal audit teams increasingly governing AI models while automation saves up to 40% of audit time.
Business intelligence
fromSecuritymagazine
3 weeks ago

AI Security and Forensic Accounting: Protecting Financial Systems in an Automated World

AI-enhanced forensic accounting is essential for detecting financial fraud and payment manipulation in automated financial systems vulnerable to sophisticated, AI-driven attacks.
fromZDNET
1 month ago

Why enterprise AI agents could become the ultimate insider threat

Suddenly, Claude was kicking off four, five, six, seven, even eight agents at once. I had no visibility into what they were all doing. I didn't even have a way to stop them if one or more ran amok. And run amok they sure did. One got stuck trying to access a file for which it didn't have root privileges. Another went in and attempted to refactor an entire app (which I did not request).
Miscellaneous
Information security
fromnews.bitcoin.com
4 days ago

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.
Privacy professionals
fromDataBreaches.Net
1 month ago

Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule - DataBreaches.Net

A partial government shutdown delays the DHS cybersecurity incident reporting rule, leaving companies uncertain about compliance requirements and enforcement timelines.
Information security
fromSecurityWeek
6 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
EU data protection
fromwww.housingwire.com
1 month ago

How to ensure locked-down compliance during HMDA reporting season, and year-round

HMDA compliance requires year-round automation and verification systems to manage increasing regulatory scrutiny, as manual processes and data errors create significant compliance risks for financial institutions.
Information security
fromReadWrite
1 week ago

The CISO Struggle: How AI is Changing the Data Security Landscape

Generative AI adoption is rapid, but security governance is lagging, creating significant risks for organizations.
Mental health
fromSecuritymagazine
1 month ago

Security Insights Delivered Through Podcasts

Security professionals face significant mental-health risks and team burnout, requiring leaders to integrate empathetic practices and psychological safety into security operations.
Artificial intelligence
fromZDNET
1 month ago

Meet your AI auditor: How this new job role monitors model behavior

AI auditors monitor and report on AI system behavior and output quality, similar to financial auditors but for artificial intelligence transactions rather than monetary ones.
Information security
fromSecurityWeek
2 weeks ago

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

All analyzed companies operate AI-enabled SaaS environments, with organizations averaging 140 such applications, creating cascading breach risks across interconnected systems.
fromFortune
2 months ago

As risk skyrockets, current and former CFOs are in demand for audit committees | Fortune

As audit committees confront a rapidly expanding risk landscape, their role in corporate governance is being reshaped. Boards have often turned to current and former CFOs as independent directors, particularly for audit committees, because of their ability to translate complex operational and financial realities into effective oversight.For example, this month, J. Michael Hansen, former EVP and CFO of Cintas Corporation, was appointed to the audit committee at Paychex.
Business
US politics
fromNextgov.com
1 month ago

Navigating FedRAMP 20x and the continuous compliance imperative

Federal agencies need modern commercial software but compliance barriers and inconsistent FedRAMP standards block adoption.
Privacy technologies
fromTechCrunch
1 month ago

Complyance raises $20M to help companies manage risk and compliance | TechCrunch

Complyance uses AI agents to run continuous governance, risk, and data compliance checks for enterprises, automating manual audits and assessing vendor risk.
Real estate
fromwww.housingwire.com
2 months ago

Distressed assets, AI fraud complicating title insurance risk

Layered validation and synchronized countermeasures are essential to combat increasingly sophisticated, AI-driven title insurance fraud amid uneven property market risks and rising bad actors.
Careers
fromTheregister
2 months ago

ATM maintenance tech broke the bank by forgetting a key

An ATM technician accidentally took a bank branch's ATM keys, realized the mistake, reported it, and returned to hand the keys over.
Information security
fromThe Hacker News
2 weeks ago

Why Security Validation Is Becoming Agentic

Security validation tools operate in silos while attackers exploit interconnected systems, creating a structural blind spot that Agentic Exposure Validation can address through continuous, autonomous, context-aware assessment.
Information security
fromComputerWeekly.com
3 weeks ago

How CISOs can build a truly unified and resilient security platform | Computer Weekly

Modern enterprise security requires rethinking architecture from perimeter defense to distributed asset protection across decentralized networks and cloud environments.
Information security
fromComputerWeekly.com
3 weeks ago

Vulnerability reports: Increase in quantity, decrease in quality? | Computer Weekly

Bug bounty programs face sustainability challenges due to increased low-quality submissions, prompting cURL founder Daniel Stenberg to shut down his HackerOne program and switch to GitHub for vulnerability reporting.
Information security
fromSecuritymagazine
3 weeks ago

Why Security Culture Metrics Matter More Than Dashboards

Traditional cybersecurity metrics create false confidence by masking hidden risks; culture metrics measuring employee engagement and responsiveness are essential for actual security effectiveness.
Information security
fromSecurityWeek
3 weeks ago

How to 10x Your Vulnerability Management Program in the Agentic Era

Agentic AI cyberattacks are actively occurring, forcing vulnerability management to evolve from static scanning to continuous, contextual, autonomous remediation systems.
Information security
fromSecurityWeek
3 weeks ago

CISO Conversations: Aimee Cardwell

Aimee Cardwell transitioned from product management at Netscape to CISO at UnitedHealth Group through curiosity-driven learning, demonstrating that effective cybersecurity leadership requires technical expertise, business acumen, and people management skills.
fromDbmaestro
4 years ago

5 Pillars of Database Compliance Automation |

There is a growing emphasis on database compliance today due to the stricter enforcement of compliance rules and regulations to safeguard user privacy. For example, GDPR fines can reach £17.5 million or 4% of annual global turnover (the higher of the two applies). Besides the direct monetary implications, companies also need to prioritize compliance to protect their brand reputation and achieve growth.
EU data protection
Information security
fromSecuritymagazine
1 month ago

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.
fromTechRepublic
7 months ago

State of AI Adoption in Financial Services: A TechRepublic Exclusive

But if you dig deeper into how businesses in this industry are actually approaching AI deployments - if you ask questions like how they are governing their data, how they are ensuring data quality, and how easily are they connecting AI tools directly to data platforms - you'll soon realize that claims about AI adoption in financial services don't always align with reality.
Artificial intelligence
Information security
fromThe Hacker News
1 month ago

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Tier 1 SOC analysts process the highest alert volume with the least experience, creating a structural vulnerability where alert fatigue, decision fatigue, and cognitive overload directly undermine organizational security performance and increase incident costs.
fromTechzine Global
2 months ago

AI audit trails: the next step toward responsible AI for businesses

This will also greatly increase the need for AI audit trails: detailed records of what data AI used, what steps it took, what suggestions or decisions it influenced, and who ultimately confirmed the choices. These trails will become crucial for compliance, ethical accountability, and ensuring business integrity. According to Pugh, there will be a clear trend toward transparent AI workflows, and companies will increasingly see that an error in a prediction can be traced back to a specific step in the AI workflow.
Artificial intelligence
fromDataBreaches.Net
1 month ago

CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams - DataBreaches.Net

CISA's guidance is intended to assist critical infrastructure stakeholders, which includes private sector entities across various sectors, with implementing an insider threat mitigation program that combines physical security, cybersecurity, personnel awareness, and community partnerships. Although framed for critical infrastructure, CISA's guidance is relevant to a broader range of organizations, including those outside of critical infrastructure sectors.
Information security
fromSecurityWeek
1 month ago

Four Risks Boards Cannot Treat as Background Noise

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.
Information security
#cisa-kev
fromSecuritymagazine
2 months ago

Leveraging ISACA for Your CMMC Career

The Cybersecurity Maturity Model Certification (CMMC) is the definitive standard for DoW contractors to demonstrate security competence. Whether viewed as necessary progress or an audit burden, CMMC represents a strategic career investment - and a strong entry point for practitioners looking to specialize. It is poised to reshape cybersecurity roles in the defense sector, making certification a strategic move for advancement.
Information security
Information security
fromSecuritymagazine
1 month ago

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.
Information security
fromSecuritymagazine
2 months ago

77% of Financial Service Organizations Accrued Security Debt in 2025

63% of BFSI organizations carry critical security debt, largely driven by third-party code, and take longer to remediate vulnerabilities than other industries.
Information security
fromSecuritymagazine
2 months ago

Is Renewing CISA Enough to Restore Confidence for Cyber Threat Reporters?

Temporary extensions and stop-and-go reauthorizations of CISA create uncertainty that undermines real-time cyber threat reporting and industry confidence.
Information security
fromSecuritymagazine
2 months ago

How Banks Can Protect Their Most Valuable Asset: Customers

Banks must secure money, property, data, and reputation because incidents—crime, insider misuse, fraud, or IT failures—threaten safety, customer trust, regulatory standing, and brand.
#ctem
Information security
fromwww.housingwire.com
2 months ago

Reducing risk: The importance of administrative access responsibilities

Clearly defined and strictly managed administrative access reduces cybersecurity risk while preserving operational efficiency in real estate, title insurance, and mortgage systems.
Information security
fromAbove the Law
2 months ago

Think You Are Covered? Better Read Your Cybersecurity Policy - Carefully - Above the Law

Cyber insurance often fails to fully protect organizations due to exclusions, leaving law firms particularly vulnerable without proper cybersecurity and coverage review.
Information security
fromDevOps.com
1 month ago

Survey Surfaces More Focus on Software Security Testing and API Security - DevOps.com

Many enterprises plan to increase spending on software security testing, API security, and application security as AI-driven code growth strains DevSecOps capacity.
Information security
fromTechzine Global
1 month ago

CISA warns of active exploitation of critical SolarWinds vulnerability

A critical remote-code-execution vulnerability CVE-2025-40551 in SolarWinds Web Help Desk is actively exploited; federal agencies must install the patch within three days.
[ Load more ]