Alright, let's cut through the marketing noise. You're a tech pro. You've seen the alphabet soup of security tools, and two that frequently cause confusion are DLP (Data Loss Prevention) and EDR (Endpoint Detection and Response). On the surface, they both run agents on endpoints and promise "protection." But that's like saying a packet sniffer and a compiler are the same because they both process code.
Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks around the clock. They're not new. But they're multiplying fast. And most weren't built with security in mind. Traditional identity tools assume intent, context, and ownership. Non-human identities have none of those.
Named WorkHorse, the solution is described as a tool that easily integrates with an organization's SIEM system and within minutes it begins transforming raw alerts into fully contextualized information that is ready for Tier 2 analysts. The goal is to cut alert fatigue to zero and reduce case triage time from hours to seconds.
Over the weekend it was widely reported in French media that a group of hackers had breached the government's ANTS website, stealing personal data from between 12 and 13 million people. The unidentified group posted messages online claiming that the personal data was now for sale on the dark web, offering sample data to apparently prove that their hack had been successful.
The combination of artificial intelligence and exponential data growth presents new challenges for organizations. Many companies struggle with the cost-effective storage of large amounts of data that are rarely used but must be retained for compliance purposes. Focus on compliance The solution focuses specifically on sectors with strict retention requirements. Healthcare providers, financial institutions, law firms, and government agencies often have to retain large volumes of data for years.
While AI agents show promise in bringing AI assistance to the next level by carrying out tasks for users, that autonomy also unleashes a whole new set of risks. Cybersecurity company Radware, as by The Verge, decided to test OpenAI's Deep Research agent for those risks -- and the results were alarming. Also: OpenAI's Deep Research has more fact-finding stamina than you, but it's still wrong half the time
Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs running on public cloud services. The research shows that L1TF (L1 Terminal Fault), also known as Foreshadow, a bug in Intel processors reported in January 2018, and half-Spectre, gadgets believed unexploitable on new-generation CPUs, as they cannot directly leak secret data, can be used together to leak data from the public cloud.
Cybersecurity veteran Brian Gumbel - president and chief operating officer (COO) at Dataminr - works at the confluence of real-time information and AI. Mainlined into humanity's daily maelstrom of data, Dataminr detects events "on average 5 hours ahead of the Associated Press" - it picked up the 2024 Baltimore bridge collapse, for example, about an hour ahead of all mainstream media sources. The accuracy rate of its "news" is, says Gumbel, a highly impressive 99.5%.
In a report examining the malicious use of LLMs, the cybersecurity company said AI models are being increasingly used by threat actors for operational support, as well as for embedding them into their tools - an emerging category called LLM-embedded malware that's exemplified by the appearance of LAMEHUG (aka PROMPTSTEAL) and PromptLock. This includes the discovery of a previously reported Windows executable called MalTerminal that uses OpenAI GPT-4 to dynamically generate ransomware code or a reverse shell.
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs patching. The vendor issued an advisory for CVE-2025-10035 on Thursday, saying successful exploitation can potentially lead to command injection. Fortra's advisory states "a deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection."
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard Operating Procedures (SOPs) from Confluence. When an alert triggers, AI agents analyze it, locate
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC). The targeted 11 companies are located in Canada, France, the United Arab Emirates, the United Kingdom, and the United States.
REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online. This service has been a favorite for several actors such as those behind TransferLoader, which has ties to the Morpheus ransomware group. SystemBC is a C-based malware that turns infected computers into SOCKS5 proxies, allowing infected hosts to communicate with a command-and-control (C2) server and download additional payloads.
