@guardian360.bsky.social
Artificial intelligence (AI) is doing exactly what security teams hoped it would do: eliminate the repetitive, low-value work that has long burned out junior analysts. But in solving this problem, it may be creating another one that could have a long-lasting impact.
Log review.
Log review.
November 24, 2025 at 11:04 AM
Artificial intelligence (AI) is doing exactly what security teams hoped it would do: eliminate the repetitive, low-value work that has long burned out junior analysts. But in solving this problem, it may be creating another one that could have a long-lasting impact.
Log review.
Log review.
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities.
November 24, 2025 at 9:35 AM
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities.
Under the radar, Google has added features that allow Gmail to access all private messages and attachments for training its AI models.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
November 22, 2025 at 8:40 AM
Under the radar, Google has added features that allow Gmail to access all private messages and attachments for training its AI models.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
De roep om minder afhankelijk te worden van Amerikaanse cloudproviders en om meer grip te krijgen op onze data en systemen klinkt steeds luider, zowel in Nederland als in de rest van Europa.
November 21, 2025 at 10:00 AM
De roep om minder afhankelijk te worden van Amerikaanse cloudproviders en om meer grip te krijgen op onze data en systemen klinkt steeds luider, zowel in Nederland als in de rest van Europa.
De nieuwe Cyberbeveiligingswet (Cbw) klinkt misschien als iets voor volgend jaar, maar wie nu nog niets doet, is straks te laat.
November 20, 2025 at 5:45 PM
De nieuwe Cyberbeveiligingswet (Cbw) klinkt misschien als iets voor volgend jaar, maar wie nu nog niets doet, is straks te laat.
Fortinet on Tuesday disclosed a second zero-day vulnerability in its FortiWeb product line, less than a week after revealing a different flaw in its web application firewall (WAF) line had been exploited in the wild. www.darkreading.com/vulnerab...
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in Fortinet's web application firewall (WAF) line has raised more questions about the vendor's disclosure practices.
www.darkreading.com
November 20, 2025 at 4:00 PM
Fortinet on Tuesday disclosed a second zero-day vulnerability in its FortiWeb product line, less than a week after revealing a different flaw in its web application firewall (WAF) line had been exploited in the wild. www.darkreading.com/vulnerab...
Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks. www.darkreading.com/applicat...
AI Attack Surface: How Agents Raise the Cyber Stakes
Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise networks.
www.darkreading.com
November 20, 2025 at 3:15 PM
Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks. www.darkreading.com/applicat...
Researchers have demonstrated how to breach Internet of Things (IoT) devices through firewalls, without the need for any kind of software vulnerability.
Typically, hackers breach IoT devices by obtaining their IP addresses and exploiting firmware vulnerabilities.
Typically, hackers breach IoT devices by obtaining their IP addresses and exploiting firmware vulnerabilities.
November 20, 2025 at 12:00 PM
Researchers have demonstrated how to breach Internet of Things (IoT) devices through firewalls, without the need for any kind of software vulnerability.
Typically, hackers breach IoT devices by obtaining their IP addresses and exploiting firmware vulnerabilities.
Typically, hackers breach IoT devices by obtaining their IP addresses and exploiting firmware vulnerabilities.
Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more. www.wired.com/story/a-simple...
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more. www.wired.com/story/a-simple...
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.
www.wired.com
November 20, 2025 at 8:00 AM
Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more. www.wired.com/story/a-simple...
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more. www.wired.com/story/a-simple...
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
November 19, 2025 at 4:00 PM
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
Nobody ever gets credit for fixing security problems that never happened
We in security aren’t unique in our challenges, but we sure know how to take the problems everyone else has and crank them up to eleven. ventureinsecurity.net/p/nobo...
We in security aren’t unique in our challenges, but we sure know how to take the problems everyone else has and crank them up to eleven. ventureinsecurity.net/p/nobo...
Nobody ever gets credit for fixing security problems that never happened
We in security aren’t unique in our challenges, but we sure know how to take the problems everyone else has and crank them up to eleven.
ventureinsecurity.net
November 19, 2025 at 10:00 AM
Nobody ever gets credit for fixing security problems that never happened
We in security aren’t unique in our challenges, but we sure know how to take the problems everyone else has and crank them up to eleven. ventureinsecurity.net/p/nobo...
We in security aren’t unique in our challenges, but we sure know how to take the problems everyone else has and crank them up to eleven. ventureinsecurity.net/p/nobo...
In de week van 10 november 2025 gaat de internetconsultatie van de ministeriële regelingen onder de Cyberbeveiligingswet en Wet weerbaarheid kritieke entiteiten van start. De consultatie biedt iedereen de mogelijkheid om te reageren op de conceptteksten.
November 19, 2025 at 8:00 AM
In de week van 10 november 2025 gaat de internetconsultatie van de ministeriële regelingen onder de Cyberbeveiligingswet en Wet weerbaarheid kritieke entiteiten van start. De consultatie biedt iedereen de mogelijkheid om te reageren op de conceptteksten.
An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks.
November 18, 2025 at 7:00 PM
An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks.
A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild.
Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb.
Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb.
November 18, 2025 at 5:30 PM
A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild.
Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb.
Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb.
De Hobby Computer Club (HCC) vraagt opnieuw aandacht voor digitale soevereiniteit. Volgens de vereniging neemt de afhankelijkheid van buitenlandse technologie verder toe, met risico’s voor databeveiliging, privacy en controle over digitale diensten.
November 18, 2025 at 4:00 PM
De Hobby Computer Club (HCC) vraagt opnieuw aandacht voor digitale soevereiniteit. Volgens de vereniging neemt de afhankelijkheid van buitenlandse technologie verder toe, met risico’s voor databeveiliging, privacy en controle over digitale diensten.
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security."
November 18, 2025 at 1:00 PM
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security."
Multiple American and European government agencies warned that recent Akira ransomware activity poses an "imminent threat" to critical infrastructure.
November 18, 2025 at 8:30 AM
Multiple American and European government agencies warned that recent Akira ransomware activity poses an "imminent threat" to critical infrastructure.
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb Web Application Firewall (WAF) that could allow an attacker to take over admin accounts and completely compromise a device.
November 17, 2025 at 9:35 AM
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb Web Application Firewall (WAF) that could allow an attacker to take over admin accounts and completely compromise a device.
The Russian Embassy in Thailand said it is seeking access to a Russian citizen reportedly detained on the resort island of Phuket at the request of the United States over suspected cybercrimes.
November 15, 2025 at 4:00 PM
The Russian Embassy in Thailand said it is seeking access to a Russian citizen reportedly detained on the resort island of Phuket at the request of the United States over suspected cybercrimes.
F5 Security Incident In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.
November 15, 2025 at 1:50 PM
F5 Security Incident In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.
New survey data indicates that organizations are pushing hard for passwordless authentication.
A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few.
A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few.
November 14, 2025 at 7:15 PM
New survey data indicates that organizations are pushing hard for passwordless authentication.
A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few.
A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few.
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year.
November 14, 2025 at 4:00 PM
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year.
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025.
November 14, 2025 at 1:25 PM
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025.
Organizations that earlier this year rushed to patch the critical "CitrixBleed 2" vulnerability in NetScaler ADC and Gateway systems (CVSS 9.3), and the max-critical bug in Cisco Identity Service Engine (ISE) tracked as CVE-2025-20337 (CVSS 10), might want to take another look
November 14, 2025 at 7:30 AM
Organizations that earlier this year rushed to patch the critical "CitrixBleed 2" vulnerability in NetScaler ADC and Gateway systems (CVSS 9.3), and the max-critical bug in Cisco Identity Service Engine (ISE) tracked as CVE-2025-20337 (CVSS 10), might want to take another look
With 63 unique CVEs, Microsoft's November security update is considerably slimmer than the company's record-busting patch rollout last month, which contained fixes for as many as 175 vulnerabilities.
November 14, 2025 at 6:36 AM
With 63 unique CVEs, Microsoft's November security update is considerably slimmer than the company's record-busting patch rollout last month, which contained fixes for as many as 175 vulnerabilities.