#hp-trust
#hp-trust

17 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromInfoQ

6 days ago

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

fromBusiness Matters

Information security

5 IT Mistakes That Still Catch Small Businesses Off Guard

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

6 hours ago

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

EU data protection

17 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Node JS

fromInfoQ

6 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

6 hours ago

Mikko Hypponen says the age of viruses is over - now he's building defences against drones - Silicon Canals

Mikko Hyppönen is applying cybersecurity methods to develop anti-drone systems at Sensofusion, focusing on drone communication detection.

more#cybersecurity

fromTechRepublic

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

Tech industry faces rapid AI advancements alongside significant security vulnerabilities and human costs.

fromElectronic Frontier Foundation

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

Science

19 hours ago

SpaceX, Amazon, and Google want orbital data centers - four engineering barriers reveal who really benefits - Silicon Canals

Orbital data centers will concentrate AI infrastructure power among a few dominant companies, limiting access for smaller competitors and national regulators.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

more#openclaw

#ai

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

Business intelligence

Kyndryl Launches Service for Managing and Automating AI Agents

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Artificial intelligence

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

Kyndryl Launches Service for Managing and Automating AI Agents

Kyndryl launched Agentic Service Management to help organizations prepare IT environments for autonomous AI agents, addressing gaps in current systems.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Intellectual property law

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.

more#ai

fromNextgov.com

Tech bills of the week: Limiting adversaries' access to US tech; and boosting cyber apprenticeships

New legislation aims to strengthen U.S. export controls on sensitive technologies to prevent adversaries from exploiting them for economic gain.

Apple

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

fromNextgov.com

HHS reverses Biden-era restructuring of its IT and tech operations

HHS Chief Information Officer Clark Minor stated that consolidating the CTO, CDO, and CAIO roles within his office allows the department to move faster on shared platforms and protect systems more effectively.

Healthcare

#data-integrity

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

more#data-integrity

fromTheregister

NHS staff resist using Palantir software

One official reportedly described Palantir as 'ethically bankrupt' in justifying his refusal to use the software, and noted that he knows of coworkers who deliberately slow their work pace when forced to use the system.

EU data protection

#ai-governance

fromMarTech

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

Artificial intelligence

Securing AI agents: Okta's approach to identity governance

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Artificial intelligence

AI regulations are already out of date - IT leaders need to think ahead

Establishing a solid AI governance foundation now can ease future compliance with evolving AI regulations.

fromMarTech

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

Securing AI agents: Okta's approach to identity governance

Organizations must govern AI identities to mitigate security risks while embracing AI for competitiveness.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

AI regulations are already out of date - IT leaders need to think ahead

Establishing a solid AI governance foundation now can ease future compliance with evolving AI regulations.

more#ai-governance

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

HackerOne hit by data breach via third-party partner

HackerOne confirmed a data breach at Navia, affecting 287 employees' personal data, including sensitive information like Social Security numbers.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

HackerOne hit by data breach via third-party partner

HackerOne confirmed a data breach at Navia, affecting 287 employees' personal data, including sensitive information like Social Security numbers.

AWS Security and Compliance Quiz (25 Questions) with Detailed Answers - Cloud Practitioner Guide

Understanding AWS security services is essential for modern applications running on AWS.

fromAmazon Web Services

Streamlining Cloud Compliance at GoDaddy Using CDK Aspects | Amazon Web Services

CDK Aspects enable organization-wide policy enforcement in AWS infrastructure as code, enhancing compliance and security during the development process.

fromMedium

AWS Security and Compliance Quiz (25 Questions) with Detailed Answers - Cloud Practitioner Guide

Understanding AWS security services is essential for modern applications running on AWS.

fromAmazon Web Services

Intellectual property law

Streamlining Cloud Compliance at GoDaddy Using CDK Aspects | Amazon Web Services

CDK Aspects enable organization-wide policy enforcement in AWS infrastructure as code, enhancing compliance and security during the development process.

more#aws

fromNextgov.com

Trade and industry groups warn of risks in GSA's draft AI procurement guidance

Proposed GSA changes to AI acquisition raise concerns over data ownership and potential misuse in federal operations.

All shook up, IFS unlocks asset-based pricing for enterprise AI

IFS introduces an outcomes-based pricing model for enterprise AI, aligning software costs with operational assets instead of user counts.

Podcast

fromSecuritymagazine

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.

Google gives enterprises new controls to manage AI inference costs and reliability

Gemini API introduces Flex and Priority tiers for managing AI inference workloads based on criticality and cost.

EU data protection

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

fromTNW | Artificial-Intelligence

Human-governed AI. How Fortis Solutions is building trust in intelligent infrastructure

AI is reshaping work while emphasizing the necessity of human governance and intention in technology.

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

Kilo targets shadow AI agents with a managed enterprise platform

KiloClaw for Organizations enhances AI agent management with centralized governance, addressing security and compliance concerns for enterprises.

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

IGEL brings 'Smarter, Zero Trust' approach Contextual Access to endpoints

IGEL's Contextual Access enhances endpoint security by adapting access rights based on user, device, location, and trust status.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.

Privacy professionals

fromTheregister

Even Microsoft know Copilot can't be trusted

Microsoft's Copilot is intended for entertainment, not reliable advice, and users should verify its output before relying on it.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

fromElectronic Frontier Foundation

Google and Amazon: Acknowledged Risks, And Ignored Responsibilities

Google and Amazon have failed to act on human rights risks associated with Project Nimbus despite multiple warnings and commitments.

fromTheregister

Amazon security boss: AI makes pentesting 40% more efficient

Amazon has achieved a 40% efficiency gain in pentesting through AI tools, enhancing security without reducing staff.

fromTNW | Insights

13 hours ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

fromArs Technica

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromTechRepublic

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.

Harness secures AI code and AI apps with two new modules

Harness launches AI Security and Secure AI Coding modules to detect, test, and protect AI components throughout the application lifecycle while scanning AI-generated code for vulnerabilities in real time.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromTechRepublic

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.

Harness secures AI code and AI apps with two new modules

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

more#cisco

Mercor Hit by LiteLLM Supply Chain Attack

We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow. Our security team moved promptly to contain and remediate the incident.

Information security

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromEntrepreneur

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

HPE embeds security in network further with SRX400 and AI governance

HPE aims to deeply integrate security into networks with the new SRX400 Series Firewalls and updates to enhance cyber resilience.

Platformisation or platform theatre? Navigating cyber consolidation | Computer Weekly

Consolidation in enterprise security is necessary but can introduce risks like single points of failure and integration issues.

HP launches TPM Guard to help defeat physical TPM attacks

TPM Guard protects against physical attacks on encryption keys by creating a secure tunnel between the TPM and CPU.

fromReadWrite

The CISO Struggle: How AI is Changing the Data Security Landscape

Generative AI adoption is rapid, but security governance is lagging, creating significant risks for organizations.

Beyond integration theatre: Building stronger cyber platforms | Computer Weekly

Integration layers between security platforms, not the platforms themselves, have become the primary enterprise security risk requiring rigorous governance of delegated trust.

3 weeks ago

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

HPE released patches for a critical vulnerability in Aruba Networking AOS-CX switches that allows remote, unauthenticated attackers to reset administrator passwords and gain full system control.