Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

CSOonline

Members
  • Joined

  • Last visited

    Never

Everything posted by CSOonline

  1. An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020, was recently picked up by Nightmare Eclipse, a researcher on an ongoing spree of Windows bug discoveries, and reworked to gain SYSTEM privileges. “I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons,” Eclipse said in a PoC writeup, calling the re-discovery ‘MiniPlasma’. “The original PoC by Google worked without any changes.” Eclipse’s PoC triggered SYSTEM privileges on all Windows versions running on the researcher’s machines, but said “success rate may vary since it’s a race condition.” “The exploit is highly credible, it works on fully patched systems, and it highlights a massive gap in how legacy regression flaws are managed,” said Agnidipta Sarkar, chief evangelist at ColorTokens. “A quick lookup tells me that the vulnerability resides in cldflt.sys (the Windows Cloud Files Mini Filter Driver), specifically within the HsmOsBlockPlaceholderAccess routine, which handles Cloud Sync functionality (such as OneDrive placeholder files).” Microsoft did not immediately respond to CSO’s request for comments. A fixed bug that still works MiniPlasma reproduced an old issue, tracked as CVE-2020-17103, around how Windows handles key creation through an undocumented API tied to the Cloud Filter driver. Forshaw’s original Project Zero report described a scenario where arbitrary registry keys could be created inside the “.DEFAULT ” user hive without proper access checks, potentially enabling local privilege escalation. The flaw was assigned a 7.8 “high severity” CVSS rating by NIST, but Microsoft had contested that rating with a 7.0 out of 10 CVSS assessment of its own. “Because this is a Local Privilege Escalation (LPE) flaw, it cannot be used for initial, remote entry into a system,” Sarkar said. “And it is hopeful because this requires lateral movement, which can be denied by modern microsegmentation in an agentless model integrating with the EDR like CrowdStrike/Defender/SentinelOne, etc., implemented in less than a day to keep vulnerable systems quarantined until the Microsoft patch is applied.” Microsoft had patched the issue in December 2020, calling exploitation of the flaw “less likely” as it assessed the attack complexity to be “high.” Eclipse, however, claims the flawed behavior never truly disappeared. The original exploit chain from 2020 still succeeds on modern Windows builds, allowing a standard user account to elevate directly to SYSTEM privileges, they noted in the writeup. “I don’t know why Microsoft missed this, but my speculation is that either they blocked only a specific side channel, not the whole routine, or this was an accidental miss,” Sarkar added. “In either case, in the age of Mythos, this definitely is a major issue.” Security researcher Will Dormann confirmed the buggy behavior carried through to the latest May updates, though he noted the exploit failed on the latest Windows 11 Canary Insider build, suggesting Microsoft may already be quietly testing mitigations. It is unclear if the flaw was ever weaponized in these years, outside of the multiple POCs published. Nightmare-Eclipse’s Windows disclosure spree keeps growing MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs. The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported observing BlueHammer, RedSun, and UnDefend tooling during a real-world intrusion investigation related to suspicious VPN activity and hands-on-keyboard attacker behavior. Earlier this month, Eclipse also released YellowKey and GreenPlasma. YellowKey allegedly bypasses TPM-only BitLocker protections by abusing Windows Recovery Environment behavior to gain shell access to encrypted drives, while GreenPlasma is another local privilege escalation technique aimed at achieving SYSTEM access. It was during their follow-up investigation into the GreenPlasma technique that Eclipse ran into MiniPlasma. “After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out ‘cldflt!HsmOsBlockPlaceholderAccess’ is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago,” Eclipse said. The researcher reportedly disagreed with how Microsoft handled the BlueHammer disclosure, making their subsequent string of Windows vulnerability PoCs particularly interesting. “Over the past several weeks, Nightmare-Eclipse has released a relentless string of zero-day/regression disclosures,” Sarkar pointed out. “The timing is a giveaway, the MiniPlasma was released on May 13, 2026—exactly one day after Microsoft’s May Patch Tuesday cycle, ensuring defenders have no official vendor patch for weeks. But yes, that is exactly where microsegmentation integrated with existing EDR platforms helps.” View the full article
  2. When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. ​Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Moltbook’s backend database, hosted on Supabase, had been improperly configured. As a result, it granted broad read and write access to platform data. “The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents,” Wiz researchers noted in a blogpost. In traditional software development, leaking a secret typically stems from a mistake. Usually, a developer hardcodes a key, copies the wrong configuration file, or pushes internal code to a public repository. With AI-assisted coding, those mistakes can happen quickly and often go unnoticed, because speed and functionality are prioritized over security. Given the rise in popularity of vibe coding, the issue is accelerating. “The pace at which we are building and the sheer amount of code would have been unimaginable even just a few years ago,” says Dwayne McDaniel, principal developer advocate at GitGuardian. In 2025, public code commits surged by more than 40% compared to the previous year, and secrets are rising just as fast. Security firmGitGuardian reported a 34% increase in leaked secrets on GitHub last year — the largest spike on record — bringing the total to nearly 29 million exposed credentials. “12 of the top 15 fastest-growing leaked secret types were AI services,” says McDaniel. More than 1.27 million AI-related secrets were exposed in 2025, marking an 81% year-over-year increase, the fastest growth recorded in any single category. McDaniel groups these credentials into several broad areas: the LLM platforms themselves, the support and orchestration ecosystem, the AI control plane, Model Context Protocol (MCP) servers, and agentic coding assistants. “I’m increasingly concerned about the volume of code being pushed out by AI and the speed at which developers are reviewing it,” says Christine Bejerasco, CISO of WithSecure. “That can lead to more vulnerable code, especially as frontier AI models are now capable of identifying vulnerabilities at scale.” Secrets leaks require immediate response Many organizations know deep down they have a problem with AI-generated code. However, some don’t realize the severity of the situation, just how many secrets are exposed across their systems. When a leaked secret is detected, the issue should be treated as a security incident. “We activate our incident response process immediately,” says WithSecure’s Bejerasco. The secret is revoked or disabled, and a new one is generated. “From there, the incident response team works with R&D to investigate the impact across systems and data. That’s followed by cleanup, then hardening,” she says. “While incidents are typically coordinated by the CISO office, the R&D team owns the actual revocation and cleanup.” The organization conducts post-mortems and implements any necessary updates to systems or policies based on what was learned. Although remediation is critical, the process is far from straightforward. According to GitGuardian, 64% of valid secrets identified in 2022 remain unrevoked in 2026, largely because many organizations lack the governance and repeatable processes needed to clean them up at scale. “We think this is less a visibility issue and more a combination of priority, tooling, and ownership,” GitGuardian’s McDaniel says. Detection is the easy part, says Rohan Gupta, vice president of cloud, security, and DevOps at R Systems. “Remediation is where discipline gets tested.” Addressing the broader issue As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up. “We focus on both, but the risk profile is very different — what’s identified in Jira or Slack is far different from what you’ll find in your code repository,” says David MacKinnon, chief security officer at N-able. “A mature SDLC — which includes things like effective credential vaulting, separation of duties, source code scanning, separated dev, stage/production environments, and more — helps to minimize the business risk.” At WithSecure, Bejerasco says secrets and agent access are kept “as transient as possible” to reduce risk. And there’s also a Lifecycle Security Policy in place that mandates code reviews. “This policy is effectively the security ‘bible’ for developers,” she says. “It covers privacy impact assessments, threat modeling, security testing, and code review.” R Systems’ Gupta agrees, advising organizations to rotate credentials, revoke exposed versions, audit for unauthorized use during any exposure window, and purge from history wherever feasible. “For the long-tail legacy service accounts, third-party integrations, embedded vendor credentials rotation is still a coordinated manual exercise, and we’re steadily moving more of it into automation,” he says. A key step in fixing the issue is knowing it exists. “If an organization is not aware of how many secrets they’re exposing in their code base, or the level of access those secrets hold, they have a tremendous amount of business risk that they’re unaware of,” says N-able CSO MacKinnon. He advises CISOs to raise awareness around the scale of the problem. He also suggests stronger developer training, better tools to detect and manage risks, and solutions that enable both human and AI-driven development to operate securely. Just as important, he says, is embedding these practices into everyday workflows so that security becomes part of how code is written, not something added afterward. ​ His organization scans for secrets when code is committed to block any commits that would introduce risk into the products. “The creator of that code, whether it be human or AI, is held to the same level of security maturity,” MacKinnon adds. Bejerasco agrees. “We need to be deliberate about assigning ownership upfront and continuously validating it, and by cracking down on anything that falls through the cracks,” she says. “Otherwise, these unmanaged identities and secrets will accumulate faster than we can control them.” Advice for CISOs If there is one clear lesson from the rise of AI-driven development, it’s this: The biggest mistake CISOs can make is treating secrets sprawl as a scanning problem. “It is really an ownership and governance problem for machine identities at scale,” McDaniel says. Gupta goes even further. “A leaked secret is a symptom of an ungoverned non-human identity (NHI) issue,” he says. “Treat it as detection and response, and you’ll chase leaks forever. Treat it as identity governance — inventory every NHI, assign ownership, enforce short-lived credentials, prefer workload identity over static keys, rotate automatically, decommission aggressively — and the problem starts to shrink instead of grow.” ​And while public leaks draw attention, most secrets exposure builds up privately — in internal repositories, build systems, and developer workflows — where ownership is unclear and remediation is often deferred. “Private tends to get mistaken for safe, when it really just means there are fewer eyes on it,” says Gupta. “Inside private repos, people loosen up. Because it feels contained, the guard can get dropped. All it takes is one supply-chain issue or someone walking out the door with unauthorized access.” The real risk lies in the sheer volume of NHIs being created faster than organizations can track them. “The smartest CISOs right now are pushing their DevOps and dev teams to embrace better ways to handle authorization than long-lived, overprivileged API keys,” he says. To WithSecure’s Bejerasco, the security issues associated with AI-generated code are urgent. ​“The appetite for AI adoption from organizational leaders is high right now, and we need to manage that risk even though the capabilities and controls are not fully mature yet,” she says. Yet, despite the urgency, the industry is still figuring out how to respond. “I don’t think anyone has the right answers yet; we’re all building governance as we go,” Bejerasco says. As AI agents become more widespread, traditional approaches might not keep up, and organizations might need to use AI to help govern AI, she adds. MacKinnon believes CISOs should not be alone in this. They should involve CEOs and CTOs in the process and explain to them that “the risk is real and it’s rampant.” ​“There’s never a perfecttime to address it, but the investment in proactively reducing that risk is far easier and cheaper than learning about it after it’s been used to compromise your company,” MacKinnon says. View the full article
  3. There is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to close the latest gap. The budget gets approved. The tool gets deployed. And six months later, the conversation happens again because the gap didn’t actually close. It just moved. This pattern has been running on repeat for decades. And it has produced a security industry that is extraordinarily well-tooled and still struggling with the same fundamental problem it had ten years ago. Organizations cannot consistently answer basic questions about their own environments. What assets exist? Who and what has access to them? What is actually happening, right now, across all of those systems? The instinct to buy another tool is understandable. It feels like progress. It satisfies the board’s need to see action. And vendors are very good at packaging their products as the answer to whatever the latest headline threat is. But the organizations that are actually reducing risk, not just responding to it, have figured out something that the tool-buying cycle obscures. The most valuable security capability isn’t detection, prevention or response. It is visibility. More tools, same blind spots Most enterprise security teams can name every tool in their stack. Very few can draw a complete picture of what those tools are collectively looking at, what falls between them and what nobody is watching at all. Each tool was purchased to solve a specific problem. Each one does what it was designed to do reasonably well. And yet the overall security posture of most organizations hasn’t improved proportionally with these investments. Think of it like a city that keeps hiring more specialized security guards without ever drawing a map of the buildings they’re protecting. One guard watches the front entrance. Another patrols the parking garage. A third monitors the loading dock. Each one is competent. But none of them knows about the unmarked side door that was added during a renovation three years ago. The guards aren’t the problem. The missing map is. Security tools work the same way. The endpoint tool sees endpoint activity. The cloud security tool sees cloud configurations. The network tool watches traffic patterns. The SIEM collects logs from all of them. But none of them, individually or collectively, provides a unified picture of the environment as it actually exists. Each tool illuminates its own corner. The spaces between those corners are where breaches live. Attackers don’t break through your defenses. They walk between them The most effective attacks today don’t target any single tool’s coverage area. They move through the seams. An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network alerts. An attacker who creates a new automated credential using the permissions of a compromised account doesn’t set off the configuration scanner. Going back to the city analogy, it’s as if someone walked past every guard using a legitimate employee badge. No guard was wrong to let them through. The failure was that nobody maintained a map showing which doors the badge should actually open, which buildings the person had no reason to enter and which sequence of entering access points across the city constitutes a pattern worth investigating. In conversations with security leaders across industries and company sizes over the last several years, this is the frustration that surfaces most consistently. The tools work. The alerts fire. But nobody can reconstruct the full story of what happened across systems until days or weeks after the damage is done. The information existed in the environment. It just wasn’t connected. Visibility is not the same as data Visibility is one of those words that has been used so often in security marketing that it has lost most of its meaning. Every vendor claims to provide visibility. What most of them actually provide is data. Logs, alerts, dashboards, reports. Data is not visibility. Data is the raw material. Visibility is the ability to answer a specific question about your environment in minutes, not days, and trust the answer. Real visibility means knowing what exists in your environment before something goes wrong, not discovering it during the forensics investigation afterward. It means understanding the relationships between systems, between users and the resources they access, between automated processes and the data they touch. It means being able to trace any activity across boundaries, not just within the walls of a single tool’s coverage. Most security programs today are data-rich and visibility-poor. They generate terabytes of logs, thousands of alerts and hundreds of reports. And when something goes wrong, the first 48 hours are still spent figuring out what the attacker had access to and which systems were involved. That gap between data and understanding is where breach costs compound, response timelines stretch and board confidence erodes. Where the blind spot is biggest right now This visibility gap shows up across the security stack, but there is one area where it has grown faster than most organizations realize. The number of machine and automated credentials in the average enterprise has quietly outgrown every other asset class security teams track. Service accounts, API keys, automation credentials, third-party integrations and now AI agents all operate alongside human users. Most of them were created by someone who has since moved on to a different project or even a different company. Many have never been reviewed. The result is an environment where the actual inventory of who and what can access critical systems is typically several multiples larger than what leadership believes it to be. And the gap between assumed and actual is where risk accumulates. A credential that nobody knows about is a credential that nobody is monitoring. A credential that nobody is monitoring is one that an attacker can use without triggering a single alert. This is problem is compounded by AI adoption, which is creating new categories of automated access faster than governance programs can track. But the underlying problem is not specific to AI, or to any single technology trend. It is the same visibility problem that has existed for a decade, accelerated by the pace at which modern environments generate new connections, new credentials and new trust relationships that fall outside the view of tools built to watch a narrower perimeter. The question boards should be asking instead For board members and senior leaders evaluating security investments, the shift in thinking is simple to describe and difficult to execute. Stop asking “Are we protected?” and start asking “What can we see?” A security program that can see its environment clearly, understand the relationships between systems and reconstruct any chain of activity within minutes is fundamentally more resilient than a program with twice the tools but half the visibility. The tools matter. But they only matter if they’re built on a foundation of actually knowing what exists. Before approving the next tool purchase, boards should ask their security leaders a few questions. Do we have a complete and current inventory of everything that can access our critical systems? If we had a breach tomorrow, could we reconstruct what happened across every system the attacker touched? Where are the gaps between our tools, and who is watching those gaps? If the answers are uncertain, the highest-return investment isn’t another detection layer on top of an incomplete foundation. It is the foundation itself. The best investment a board can make in 2026 is not another tool. It is pushing their teams to ensure they have the ability to see their environment as it actually is, not as they assume it to be. Draw the map first. Everything else builds on that. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article
  4. A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account. The node-ipc package has had malware added to its code in the past. In March 2022, following Russia’s invasion of Ukraine, the project’s creator intentionally added malicious code to the program to wipe files on systems with Russian or Belarusian IP addresses. Node-ipc is a Node.js module that implements support for local and remote Inter-Process Communication over various types of socket across all major platforms. One use case is in implementing complex multi-process neural networks in JavaScript, but the module is also used as a dependency for 424 other projects, and receives almost 700K weekly downloads. On Thursday, attackers managed to publish three trojanized versions across three different branches of the project: 9.1.6, 9.2.3 and 12.0.1. All new versions contained an 80KB obfuscated credential-stealing payload inside the node-ipc.cjs file. The malicious code searches for and steals a wide range of credentials for CI/CD tools, cloud services and infrastructure, Kubernetes, SSH, and AI coding agents. The data is exfiltrated through DNS TXT queries rather than HTTP connections. Since node-ipc is a dependency for hundreds of other packages, which in turn could be dependencies for even more packages, this attack could have a large blast radius. Users should immediately scan their systems to determine if they have any of the compromised versions installed, and if they do, treat the machine and any access token, environment variable, and API key stored on it as compromised. Exhaustive credential collection and sneaky exfiltration The malicious payload is decrypted and executed whenever other applications load the package through require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority. Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts looking for credentials in various locations based on the detected OS. “The payload chooses between separate decoded target lists for macOS and Linux/default platforms,” researchers from Socket.dev said in their analysis. “The lists are not identical. In the analyzed payload, the macOS list contains 113 patterns and the Linux/default list contains 127 patterns.” The target lists are extensive and include: Configuration files for AWS, Azure, GCP, OCI, DigitalOcean, Scaleway, Hetzner, Fly, Vercel, Railway, Alibaba Cloud, IBM Cloud, Linode, MinIO, Snowflake, Doppler, and Salesforce; SSH keys and SSH configuration; Kubernetes, Docker, Helm, Rancher, and service-account material; npm, Yarn, Netrc, Git, GitHub CLI, GitLab CLI, and Hub credentials; Terraform credentials and tfvars files; .env, .env.local, .env.production, database configuration files, shell histories, and database CLI histories; macOS Keychain database files; Firefox profile key database files on macOS; Linux keyrings and KWallet files; FileZilla, Remmina, OpenVPN, and related connection profiles; Microsoft Teams local storage and IndexedDB paths. While browser credential stores are not targeted directly, macOS keychain databases can contain system and browser credentials, so those credentials should be considered compromised as well and rotated. All the collected data is archived in a GZIP file, which is then split into chunks and exfiltrated by making DNS TXT queries on an attacker-controlled domain whose name is similar to that of Microsoft’s legitimate Azure Static Web Apps domain. Since the attackers control the DNS server for their domain name, they can see the TXT record queries made by the infected systems and can reconstruct the archives on their end from the leaked bytes. The Socket researchers estimate that a 500KB file would require around 29,400 TXT queries to exfiltrate in this way. “The payload does not establish persistence in the decoded sample,” the researchers said. “There is no observed cron, launchd, rc.d, service installation, or second-stage download. The operational impact is concentrated in the execution window: collection, archive creation, DNS TXT exfiltration, and attempted cleanup.” Expired domain led to email takeover The malicious node-ipc versions were published from an npm account called atiertant, which belongs to one of the several developers with maintainer access to the package. Atiertant had never used his access to publish new node-ipc versions before, and has had no activity on node-ipc or any other npm package he has access to since 2022. Security researchers noticed that the email address for atiertant’s account was hosted on a domain called atlantis-software.net that had expired in January 2025 and was re-registered earlier this month, most likely by the attackers. It was then just a matter of setting up an email server, recreating atiertant’s email address and performing a password reset on the account. This highlights some of the security challenges open-source software projects face. While periodically reviewing access lists for dormant and unused accounts is a general security recommendation for companies, open-source projects are maintained by groups of volunteers, and it’s not unusual for people to take long breaks from contributing to projects, especially if those projects have reached a high level of maturity and feature completeness so they no longer get frequent updates. It’s also likely that the attackers did not target node-ipc from the start, they just searched npm for accounts with email addresses on custom domain names, then checked if any of those domain names had expired. This means there might be other dormant accounts out there susceptible to email takeover using the same method. The Socket.dev report contains additional recommendations for both users and developers, as well as file hashes and other indicators of compromise that can be used by security teams to create detections. View the full article
  5. A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group. “This is another reminder to find a trusted cloud provider for e-mail,” added Johannes Ullrich, dean of research at the SANS Institute. “On-premises Exchange is becoming a legacy product, and while some organizations need it for internal and outbound email, its attack surface should be minimized by reducing its exposure to external email.” Ullrich was commenting on an alert from Microsoft this week about a cross-site scripting vulnerability affecting Exchange Outlook Web Access (OWA) that could be exploited merely by sending a specially crafted email to a user. If the user opens the message in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context. Avoiding cross-site scripting problems in webmail systems like Outlook Web Access is hard, Ullrich admitted. A webmail system must include HTML email received from users within the application’s HTML without confusing the two. Techniques like sandboxed iFrames can help, but need to be applied carefully. At the same time, he said, cross-site scripting flaws in webmail can usually be used to read the content of an email, and in some cases even to send an email. “Luckily,” he added, “many organizations have moved away from on-premises Exchange and Outlook Web Access.” “I’m guessing this is bad,” said Kellman Meghu,” CTO of DeepCove Cybersecurity, “but so is running an onsite Exchange Server in general.” Affected by the vulnerability (CVE-2026-42897) are Exchange Server 2016, 2019, and Server Subscription Edition (SE), regardless of their update levels. The cloud service, Exchange Online, is unaffected. Mitigation Microsoft is still working on a security patch. In the meantime, Exchange administrators should know that if the Exchange EM Service is enabled on their servers – and it should be; since its release in September 2021 it has been enabled by default – then Microsoft’s automatic mitigation for this vulnerability has already been published for affected versions of Exchange. If EM Service for whatever reason has been disabled, it should be enabled immediately. Note, however, that EM Service won’t be able to check for new mitigations if the server is running an Exchange Server version older than March 2023. Those who can’t use the EM Server, because, for example, they are disconnected or have air-gapped environments, should download the latest version of the Exchange on-premises Mitigation Tool (EOMT) and apply the mitigation on a per server base, or on all servers at once by running the script via an elevated Exchange Management Shell. Known issues with mitigation tactics However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service. OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not display correctly in the recipient’s OWA reading pane. As a workaround, send images as email attachments or use Outlook Desktop client. OWA light (OWA URL ending in /?layout=light) does not work properly. Note that this feature was deprecated several years ago and is not intended for regular production use. Admins may get a message saying “Mitigation invalid for this Exchange version.” in mitigation details. This issue is cosmetic and the mitigation does apply successfully if the status is shown as “Applied”. Microsoft is investigating how to address this glitch. Updates coming ‘in the future’ A Microsoft spokesperson was asked when the security update would be released. We were referred to the company’s statement. In its warning, Microsoft says security updates for impacted versions of Exchange Server will come “in the future.” They will be for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15. Those running older CU versions are urged to update now. An Exchange SE update will be released as a publicly available security update. Exchange 2016 and 2019 updates will be released only to customers who are enrolled in the Period 2 Exchange Server ESU program. Period 1-only ESU customers will not receive this update, as that program ended last month. Enderle said the fact that Microsoft issued an interim fix that breaks features like calendar printing and inline images is “a clear sign of how desperate they are to stop the bleeding. “CSOs need to move past the ‘wait and see’ approach and treat this as a litmus test for their security automation,” he said. “If your team has the Exchange Emergency Mitigation (EM) Service enabled, you should already be protected, but you need to verify that ‘Mitigation M2’ is actually active across your entire inventory. If you’re running air-gapped or have the EM service disabled, you’re sitting ducks until you manually run the EOMT script.” This is another “massive nudge” from Redmond to shift from on-premises email, Enderle added. “If you aren’t already planning your exit from on-site Exchange, your risk profile is only going to keep climbing as these zero days become the new normal. This does showcase that Azure, and web services in general, are where the industry, and particularly Microsoft, is pushing IT to go, whether they want to or not.” View the full article
  6. Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability that Cisco patched in February. In the latest advisory, the company said the new flaw was identified while investigating the previously disclosed issue. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system,” Cisco said in an advisory. The company also confirmed that it became aware of “limited exploitation” of the flaw in May 2026. However, it did not disclose details about the attack or threat actors involved. The zero-day flaw is now fixed with software updates, and organizations are advised to apply fixes immediately, as there are no workarounds that address this bug. Attackers craft a connection for admin access According to Cisco, the vulnerability stems from improper validation during the authentication process used to establish control connections between SD-WAN devices. It said an attacker could exploit the issue remotely by sending crafted control connection requests to a targeted system. Successful exploitation would allow the attacker to bypass authentication, establish themselves as trusted peers, and obtain administrative privileges to the affected device. “A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.” The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings. Cisco credited Stephen Fewer, Senior Principal Security Researcher, and Jonah Burgess, Senior Security Researcher, both of Rapid7, for discovering and reporting the bug. Active exploitation kicks patching into high gear Cisco disclosed being aware of exploitation attempts in May, urging customers to upgrade to a fixed release immediately. Shortly after the disclosure, the flaw was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog (KEV). “Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available,” it said. The US cybersecurity watchdog has given federal executive agencies until May 17th to patch the flaw. “Customers are advised to upgrade to an appropriate fixed software release,” Fewer and Burgess said in a blog post, citing fixed software releases that address the flaw in versions 20.9 through 26.1.1. “There are no workarounds that address this vulnerability.” Alongside software fixes, Cisco published operational guidance to help organizations identify potentially malicious control connections. The advisory instructed admins to review existing control peering relationships, using the “show control connections” command, and validate all connected peers, particularly those associated with SD-WAN Manager systems. Organizations that suspect compromise are being advised to contact Cisco Technical Assistance Center support and collect diagnostic information from affected devices. View the full article
  7. Waymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just out of reach — too complex, too risky and not ready for the real world. That argument is no longer credible. Autonomous systems are now outperforming humans in high-speed, high-volume environments. That is not because they are perfect, but because they are faster in the moments that matter. This is not an article about autonomous cars. Security is approaching the same transition. The problem was never detection For the last decade, the security industry has focused on detection. The emphasis has been on generating more alerts, improving signal quality and expanding coverage. These efforts have been meaningful, but we are approaching a saturation point. Despite continued progress in detection, defenders are still falling behind while attackers retain the advantage. According to CrowdStrike, lateral movement can now occur in an average of just 29 minutes. Within that window, the difference between understanding and uncertainty determines whether an incident is contained or escalates. Visibility remains important, but the ability to move through the OODA loop — understand, orient, decide and act — within an increasingly compressed time window matters more. Security teams are not constrained by a lack of alerts or data; they are constrained by a lack of answers. Each alert initiates a process that requires analysts to pivot across tools, assemble fragmented context, reconstruct events and determine impact. This process is fundamentally time-bound and in most environments, it still takes hours. Attackers operate on a much shorter timeline, creating a structural asymmetry that human-driven investigation cannot match. The industry has not failed to improve detection; it has misidentified the primary constraint. Investigation speed is the limiting factor. Security still runs at human speed Despite advances in infrastructure, cloud and AI, the underlying workflow of security operations has not fundamentally changed. At its core, security still operates as a human-driven process: Alerts are generated, analysts investigate, context is assembled manually and decisions are made under pressure. This model was sufficient when environments were smaller and attacker velocity was lower, but it breaks down under modern conditions. Today’s environments generate a volume and diversity of signals that exceed what manual investigation can process within the time window that matters. The limitation is not access to data, but the ability to assemble and interpret it fast enough to act. As a result, teams struggle to move from observation to orientation in time, delaying downstream decisions and response. Compressing observation and orientation In a traditional workflow, an alert indicating unusual access to a production workload initiates a sequence of actions — analysts query logs, correlate identity activity, review system changes and attempt to build a timeline. Each step introduces latency, slowing the transition from observation to orientation. In modern systems, investigation can begin with a structured understanding of the event itself. The investigative sequence is absorbed into the system. By the time the alert is presented, the relevant context has already been assembled: The identity involved, the access path, the changes made and whether the behavior aligns with established patterns or represents risk. The role of the analyst shifts accordingly, too. Instead of reconstructing events, the analyst evaluates a completed analysis and determines the appropriate response. This compresses the first half of the OODA loop, allowing teams to move from observation to decision with significantly less friction. It reduces latency, improves consistency and aligns the speed of decision-making with the speed of the environment. From decision to action, without delay Accelerating investigation addresses only part of the problem. The remaining challenge is completing the OODA loop. Even when teams reach a decision quickly, action is often delayed by manual processes. Remediation requires coordination across systems, validation of impact and careful execution. In practice, this introduces latency between decision and response. Agent-based remediation removes this delay. Systems can act directly, with human oversight. Once a decision threshold is met, agents can isolate workloads, revoke credentials, block access paths or enforce policy in real time with the oversight of a human to ensure control. These actions are informed by the same contextual understanding generated during investigation, reducing the risk of overreaction while increasing speed. This closes the second half of the OODA loop, where decisions are not only made faster, they are executed faster and more consistently. AI compresses the timeline further As organizations adopt AI, the same constraint becomes more severe. These risks do not introduce a new problem; they accelerate it. AI-driven applications operate at interaction speed, not infrastructure speed. The environment is no longer just workloads, but interactions between users, models and data. Risks such as prompt injection, model misuse and unintended data exposure unfold quickly and across distributed surfaces. Those risks require rapid understanding and response, often within a single interaction. Managing them requires the same capability: The ability to execute the OODA loop faster than the threat. With AI adoption, security systems must observe interactions, orient on intent and context, decide on risk and act in real time. Traditional approaches such as periodic testing or surface-level behavioral observation are insufficient. Continuous validation models are emerging, where security systems actively probe for weaknesses and verify defenses on an ongoing basis. Speed becomes the advantage Autonomous driving did not succeed because it achieved perfection — it succeeded because it demonstrated better outcomes in critical scenarios. Waymo did not win by seeing more data or generating better alerts; it won by collapsing the time between perception, decision and action faster than a human driver could. Security is undergoing the same transition. In environments where attackers operate on minute-scale timelines, workflows that depend on human-speed completion of the OODA loop are structurally disadvantaged. The future of security will not be defined by better visibility or more precise detection. It will be defined by systems that can observe, orient, act and decide — end-to-end — faster than attackers can exploit the environment. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article
  8. Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger relationships with open source projects your organization relies on. And it comes with a deadline: by September 11 this year, you need to have vulnerability and incident reporting processes in place. Even for organizations already using software bills of materials (SBOMs), following new CRA obligations to report an actively exploited vulnerability in a product within 24 hours, and having to deliver a full report within three days may prove hard to meet. Although nearly everyone in SaaS alternative Cloudsmith’s recent Artifact Management Report generates SBOMs, only a quarter do that automatically rather than manually or on demand. Over half said a comprehensive report would need significant time and effort, while fewer than a third were very confident they could pass the kind of unexpected software supply chain audit the CRA’s spot checks will require. “A lot of organizations weren’t doing software supply chain best practices,” says Alison Sickelka, VP of product at Cloudsmith. “And that’s reflected in people having to scramble to figure out how they’re going to generate SBOMs, do reporting, and have all that in place in time.” Sometimes seen as a burden slowing down software development, SBOMs and auditability are now necessities, she adds. For a lot of CIOs, though, the CRA isn’t even on their radar. “They may think it’s almost a tick box exercise,” says Oli Venn, engineering manager at security vendor WatchGuard, rather than a broad regulation with aggressive reporting requirements covering the entire product lifecycle from planning and design, to support and maintenance. “If you’re any kind of vendor, or you’re manufacturing or supplying any digital system, whether it’s smart thermostats, coffee machines or anything else that can be connected to the internet or a network, that falls into regulation,” he adds. “If you’ve got developers and consumers using that in any way, then you fall into scope for the CRA.” Spheres of influence The CRA applies to software and devices like mobile phones, embedded operating systems, databases, games, network equipment, IoT devices, and even tickets delivered through an app. However, it doesn’t apply to non-commercial open source, but open source foundations have some obligations. And if your product includes open source elements, you’re responsible for making sure they’re compliant. Pure SaaS isn’t covered but client software, appliances, or devices that use SaaS as a backend are. “The CRA includes backend components, what we call remote data processing solutions, if you have a server side to your product,” says Daniel Ehrenberg, a standards engineer on ETSI’s Cyber EUSR committee. Products already on sale in the EU don’t have to fully comply with the CRA, unless they get significantly updated, though companies still have to report incidents and vulnerabilities. Yet the act recognizes it may not be possible to address them. Otherwise, the only products exempt are those already covered by more stringent regulations in sectors like automotive and medical. Product safety The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and integrity with encryption and reduced data collection. That amounts to a mandate that commercial software must handle them well, explains Ehrenberg, with an effective process to take bug reports. “There’s been a lot of hope that somehow this won’t happen, but it’ll be a wake-up call to consider all the requirements, starting with a risk assessment,” he says. “When you’re putting a product on the market, you have to do an assessment of the cyber security risks, and have a continuous audit to know what your live dependencies are so you can evaluate whether you need them updated.” That includes components from vendors. “Be sure they’re staying compliant and reporting any security vulnerabilities,” Venn says. The SBOM requirements are sensible rather than onerous, adds Nigel Douglas, head of developer relations for Cloudsmith. “Do you have visibility into package names and IDs so you can tell if the version in your software supply chain and the code base that users are consuming and paying for carry potentially malicious code that’s going to affect them,” he says. “The main thing is being able to prove you can quickly respond to an incident.” For open source, it also means assessing projects you rely on. “The CRA mandates knowing about and understanding project health and making informed, intelligent decisions about open source projects you use,” notes Kubernetes steering committee member Kat Cosgrove. Organizations that discover and fix vulnerabilities in open source projects will be required to contribute that upstream, Venn points out. “They can no longer just be consumers of these technologies,” he says. “If they want to use it, they have to be a part of the community.” Not like the others Unlike traditional cybersecurity regulations, the CRA focuses not on software development practices and certifications, which Ehrenberg warns may not map to the new requirements, but on the product being sold. “Did you achieve a product that minimizes the amount of data that’s being processed in order to reduce risks related to data if it’s not properly managed?” he asks. “Are you protecting data as it’s at risk and in transit?” CIOs need to consider the products their organization sells in a top-down way, looking at how they meet security requirements rather than whether the way they’re built checks all the boxes. “It’s a shift in responsibility,” he adds “You’re responsible for the final product, not just making sure the steps were correct.” Requirements also mandate product support, updates, and lifecycles, in most cases for a minimum of five years of free security updates, all of which go in a declaration of conformity digital products will require from December 2027. The declaration and documentation will need to stay available for 10 years after the product goes on sale, but the SBOM doesn’t need to be public, just available to the market surveillance authorities when they ask for it. Standards in practise Different classes of products attract different levels of scrutiny. Most digital products get default regulation under horizontal standards for cybersecurity and vulnerability handling that’s already available in draft form from European standardization organizations. But important products like including identity management systems, web browsers, password managers, VPNs, and internet access routers, as well as critical products such as hypervisors, PKI infrastructure, hardware security modules, and industrial firewalls, will require more stringent conformity assessments. These are covered by vertical standards being developed to analyze specific risks, which list potential mitigations like writing a web browser in a memory-safe language. “The CRA doesn’t require you to transition to memory safe languages, nor move off COBOL or anything like that,” Ehrenberg says. Timelines and fines As a regulation rather than a directive, the CRA applies without individual European countries passing new laws, and the mechanisms for it to be administered are being set up this summer. “The market surveillance authorities are coming online with their ability to review and approve things, then the individual conformity assessment bodies come online,” Ehrenberg says. The European Union Agency for Cybersecurity (ENISA) will run the single platform for reporting actively exploited vulnerabilities and incidents. Although the CRA applies fully from 11 December 2027, enforcement will come in gradually and will depend on the technical capacity of the market surveillance authorities, says Ehrenberg. They can insist products be made compliant, restrict their sale, or have them withdrawn or even recalled, as well as levy fines of up to €15 million or 2.5 % of turnover. “There are probably going to be court battles in the future to interpret this,” Ehrenberg says, as aspects have already been criticized for being too vague and weak. But organizations relying on limited enforcement are missing an opportunity to improve their products and their own security. Simply better security With the rise of supply chain attacks, CRA mandates will provide real security benefits by forcing enterprises to track their open source usage and notify end users of issues promptly, says Neil Levine, SVP of products at cybersecurity vendor Anchore. He suggests adopting SBOMs by September to help you comply with reporting requirements, rather than waiting until the 2027 deadline. Savvy CIOs can also use this as an opportunity to get the resources to deliver improvements. “Most CIOs would want to do these things anyway but just don’t have the bandwidth,” says Venn. “So this is probably a tool for them to go to the board and say they need the budget and the time.” View the full article
  9. The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out loud: “Let’s just see what the insurance covers.” That instinct, understandable as it is, has become one of the most expensive assumptions in modern business. The threat landscape has moved on. The insurance market is moving on with it. And the organizations still treating cyber insurance as their primary recovery strategy are flying into a storm with a beach umbrella. How ransomware became a business Criminal groups don’t think in generations — they follow the money. Early campaigns were blunt instruments: Mass phishing, opportunistic encryption and hope that enough victims panic-pay. Groups like REvil and Conti figured out that one well-researched enterprise target was worth more than ten thousand spray-and-pray attempts. Ransom demands climbed from hundreds of dollars to tens of millions. What you’re dealing with now is categorically different from both predecessors. Ransomware 3.0 isn’t primarily about encryption. That’s just the opening move. The real play is owning your leverage — over your operations, your data, your customers and your regulators — simultaneously. Verizon’s 2024 Data Breach Investigations Report documented ransomware or extortion as a factor in 32% of all breaches, with organized criminal groups accounting for most incidents. Triple extortion: The mechanics of maximum pressure Most organisations mentally prepare for one thing when they hear “ransomware” — locked systems, a ransom note, a recovery decision. That framing is now dangerously out of date. What groups like ALPHV (BlackCat) and Cl0p deploy is a three-layer pressure campaign. Encryption hits first — operations locked, revenue stopped. Then comes exfiltration: Your data was already removed before the encryptor ran, and that threat doesn’t expire when you restore from backup. The third layer is the one most organisations are least prepared for — direct contact with your customers, regulators and shareholders, timed to maximise pressure at the worst possible moment. They don’t just threaten to follow through. They follow through. The economic logic here is sound, from the attacker’s perspective. A good backup strategy can defeat encryption alone. Exfiltration cannot. Once your customer records, intellectual property or board communications are in the hands of a criminal group, no backup restores that situation. You are no longer dealing with a technology problem. Coveware’s ransomware analysis for Q4 2024 consistently shows that data exfiltration now occurs in most enterprise ransomware cases, fundamentally altering the negotiation and recovery calculus. Ashish Mishra What the Change Healthcare case tells you about real costs Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems — it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the country for weeks. Parent company UnitedHealth Group reportedly paid approximately $22 million in ransom. The total financial impact, including operational disruption, remediation and ongoing legal exposure, came to approximately $3.09 billion for 2024 alone. Insurance covered a fraction of it. HHS Office for Civil Rights confirmed it formally opened an investigation into Change Healthcare and UnitedHealth Group, focused on whether protected health information was breached and whether HIPAA Rules were complied with — citing the attack’s unprecedented impact on patient care and privacy. The numbers from Change Healthcare are worth sitting with, because they reframe the entire insurance conversation in a single case study. In February 2024, the ALPHV group walked into this healthcare payments processor through an unprotected Citrix portal and spent weeks moving through the network before anyone noticed. By the time the encryptor ran, the damage was already done — over 100 million Americans had their personal health information exposed, pharmacy services across the country ground to a halt, and UnitedHealth Group found itself paying approximately $22 million in ransom to a group that took the money and disappeared without delivering the promised decryptor. The total bill for 2024 came to approximately $3.09 billion. That figure covers operational disruption, remediation, provider support and ongoing legal exposure. The insurance programme covered a fraction of it — and that fraction came after a fight, not automatically. HHS Office for Civil Rights didn’t wait for the dust to settle. They opened a formal investigation into whether UnitedHealth Group had complied with HIPAA Rules and whether patient privacy protections had held up, framing it publicly as the largest breach of healthcare data in American history. That regulatory pressure didn’t arrive weeks later. It arrived while the organisation was still in active recovery. Why your insurance policy is not the safety net you think it is That example points directly to the insurance problem. Cyber insurance was priced and structured for a different threat model. Carriers increasingly include sub-limits for ransomware events, exclusions for nation-state attribution (a category that is deliberately difficult to disprove when it suits an insurer), and requirements around security controls that many policyholders have never actually verified they meet. After a major incident, you may discover that your $10 million policy has a $2 million ransomware sublimit — and that a coverage dispute will run in parallel with your breach response for the next 18 months. This isn’t theoretical. Merck’s legal battle with insurers after the 2017 NotPetya attack — which attackers attributed to Russian state actors — dragged through the courts for years before a settlement. Merck settled with remaining insurers in January 2024 — just days before New Jersey Supreme Court oral arguments — after the appellate court ruled that the hostile/warlike action exclusion did not apply to the NotPetya cyberattack on a non-combatant firm. On another side, Lloyd’s of London subsequently mandated that all standalone cyber policies must exclude losses arising from state-backed cyber operations, effective March 2023. The market is not moving in favour of policyholders. Lloyd’s of London’s Market Bulletin Y5381, published in August 2022, required all standalone cyber policies to exclude losses arising from state-backed cyber operations, effective from 31 March 2023 — in direct response to coverage disputes arising from state-attributed attacks. None of this means you shouldn’t carry cyber insurance. You should. But the mental model must change. Insurance is a financial transfer mechanism for residual risk — the risk that remains after you’ve built meaningful defences. What a mature incident response architecture looks like What contains a triple extortion event is a mature incident response architecture. That means several things working in concert: Network segmentation that limits an attacker’s lateral movement after initial access; endpoint detection and response tooling that can identify suspicious behaviour before encryption begins; an offline or immutable backup strategy that survives even a sophisticated attacker who has spent weeks inside your environment; and a rehearsed response capability that doesn’t require you to learn the playbook during the incident itself. The “rehearsed” part is where most organisations fall short. Tabletop exercises are valuable, but they rarely simulate the full chaos of a real event — the communication blackouts, the pressure from the CEO’s office, the media calls starting before you’ve even confirmed the scope. MGM Resorts’ 2023 ransomware attack, attributed to Scattered Spider, demonstrated what happens when the human layer fails, even if the technology layer is adequate. Social engineering of the IT help desk gave attackers initial access. The subsequent disruption cost the company an estimated $100 million in lost revenue and remediation costs in a single month. Guidance: NIST’s Cybersecurity Framework 2.0 provides the most widely adopted reference architecture for incident response capability maturity, covering identification, protection, detection, response and recovery functions. The only bet that pays off in both scenarios The uncomfortable truth your board needs to hear is this: The question is no longer whether your organisation will face a sophisticated threat actor. For any organisation of meaningful size, operating in a connected supply chain, with digital customer relationships, the question is how well-prepared you are when it happens. The economics of ransomware as a criminal enterprise have never been stronger. Attack-as-a-service platforms have lowered the barrier to entry. Ransom payment data is analysed and used to calibrate future demands. These groups study your financial filings. Investing in incident response capability — in people, process and technology — is not a cost centre decision. It’s the only bet that pays off in both the prevention scenario and the response scenario. Insurance pays out after the damage is done. A mature response architecture reduces the damage itself. The organisations that navigated the Cl0p MOVEit campaign of 2023 with the least disruption weren’t the ones with the biggest insurance policies. They were the ones who had mapped their data flows, limited unnecessary MOVEit exposure and had a response team that could move within hours rather than days. That’s the standard you’re competing against now. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article
  10. Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found in Nginx by researchers from security startup DepthFirst AI, using their LLM-powered platform. It adds to the increasing number of flaws that security scanners and humans have missed in high profile open-source projects over the years, but which have been discovered with the help of AI models in recent months. Nginx is one of the most popular web servers, powering almost one third of all websites on the internet, and is integrated into many commercial products as well. The software is also commonly used as a reverse proxy, load balancer and cache for other web applications and servers. The CVE-2026-42945 vulnerability is located in ngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1. The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions R36 P4, R32 P6 and 37.0.0. Other F5 products based on Nginx open source and Nginx Plus are impacted, but have not yet received updates, including Nginx Instance Manager, F5 WAF for Nginx, Nginx App Protect WAF, F5 DoS for Nginx, Nginx App Protect DoS, Nginx Gateway Fabric, and Nginx Ingress Controller. “This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?),” F5 said in its advisory. According to the company, exploitation will result in a denial of service condition in the form of a server crash and, on systems with Address Space Layout Randomization (ASLR ) disabled, arbitrary code execution. Achieving RCE While the proof-of-concept (PoC) exploit developed by DepthFirst and shared with F5 did not include an ASLR bypass, the researchers believe it is possible to achieve one. ASLR is a memory corruption exploit mitigation technology that’s present and enabled by default in most modern operating systems. “Nginx uses a multi process architecture where worker processes fork from a single master process,” DepthFirst researcher Zhenpeng Lin said in a blog post. “Because of this design, the memory space is duplicated exactly for every child worker. This means the heap layout remains entirely deterministic across different workers. If our exploit fails and crashes a worker, the master process simply spawns a new one with the exact same memory layout. This allows us to safely try multiple times until we succeed without worrying about the worker crashing and changing the memory layout. Theoretically, we could leverage this design to leak ASLR by progressively overwriting pointers byte by byte.” The researchers also believe the Nginx configurations required to exploit this vulnerability are common. For example, URL rewrite rules are often used when migrating APIs endpoints to new locations without causing disruptions to external clients that still try to query the old URL. The set directive can be used to store the original path, or parts of it, in a custom variable to maintain state, route endpoints dynamically, or to pass it to the backend application for audit and logging purposes. “Together, these two directives are common building blocks in API gateway configurations,” Lin said. Since the proof-of-concept exploit has been published on GitHub, users are advised to upgrade to a patched version as soon as possible, as Nginx vulnerabilities have been exploited by attackers in the past. Denial of service alone is a serious risk to web servers, even without the ASLR bypass posited by the researchers. The other three vulnerabilities disclosed by DepthFirst and patched in the new Nginx releases can also lead to denial of service, memory leaks, or data modification. They are tracked as CVE-2026-42946 (CVSS 8.3 – high severity), CVE-2026-42934 (CVSS 6.3 – medium) and CVE-2026-40701 (CVSS 6.3 – medium). View the full article
  11. Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is read-only’) to allow manipulation without touching the disk.” Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel. XFRM is an IP framework intended for packet transformations, and ESP-in-TCP (Encapsulating Security Payload in TCP) is a networking technique used to encapsulate IPsec ESP packets inside TCP segments. A proof of concept (PoC) exploit is already publicly available. The good news, Beggs said, is that the vulnerability can’t be exploited remotely. An attacker needs local access to trigger specific code paths and be able to control local socket operations and manipulate packet fragmentation. Still, he added, any unprivileged user can exploit the bug on a vulnerable system to corrupt security-sensitive files in memory, such as privileged access management configuration, password, systemd service files, or cron jobs. Although the attacker cannot modify the file on the disk, modifying in-memory files can trick privileged processes, alter system behavior, execute arbitrary code, and escalate privileges on the system, he said. Linux distributions including Red Hat, Ubuntu, AlmaLinux and others are pushing out patches or mitigations; CloudLinux said a patch is being tested. In a statement to CSO, Mike McGrath, Red Hat’s vice-president of Core Platforms, said issuing mitigations and fixes for privilege escalations like Fragnesia are a top priority. “We have published workarounds for the esp4 and esp6 kernel modules that we feel provide protection to customers in the immediate term while we work with the upstream community to identify a permanent fix in the form of a patch,” he said. According to Linux support provider TuxCare, systems running the affected skbuff code paths, including kernels that have already received the Dirty Frag fix, are impacted. The public PoC requires systems with the configuration option CONFIG_INET_ESPINTCP to access the bug, so kernels built without it block this exploit. But the underlying skbuff defect may be reachable through other paths. Microsoft urges Linux users and organizations to apply the patch as soon as possible by running update tools. If patching is not possible at this point, consider applying the same mitigations as for Dirty Frag, such as assessing whether esp4, esp6, and related xfrm/IPsec functionality can be temporarily disabled safely, restricting unnecessary local shell access, hardening containerized workloads, and increasing monitoring for abnormal privilege escalation activity. Related content: Kill switch for Linux kernel features proposed to improve security Beggs advises system administrators to confirm kernel exposure by reviewing version numbers, and then update to a patched kernel if necessary and reboot the affected system. If ESP-in-TCP is not required, disable the module and block its use; this mitigation can also be immediately applied until patching is complete. Because the vulnerability requires local access, make sure that basic steps such as enforcing MFA for privileged accounts, disabling of unneeded shell access, and enforcing least privilege are all in place. Beggs also said admins may wish to increase monitoring of privileged processes (PAM, systemd, cron) and look for unexpected restarts, unexpected config reloads, and sudden privilege escalations. View the full article
  12. A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for traditional email and static-analysis tools to detect. Researchers at Sublime Security said in April that they identified the campaign, which used KrakVM, an open-source JavaScript virtual machine recently published on GitHub, to obfuscate malicious code delivered via HTML attachments in phishing emails. The campaign targets credentials and multi-factor authentication (MFA) codes for services including Microsoft 365, Hotmail, and GoDaddy, while also supporting adversary-in-the-middle (AiTM) interception techniques designed to hijack authenticated sessions. “What makes this campaign notable is the adoption of KrakVM as a delivery wrapper within a month of the project’s public release,” the researchers wrote in a report. The findings highlight how phishing operations are increasingly adopting techniques traditionally associated with sophisticated malware campaigns, including virtualized execution environments and layered obfuscation frameworks. Browser-based VM used to hide phishing payloads According to the report, victims receive phishing emails containing HTML attachments disguised as voicemail notices, invoices, or vendor communications. When opened in a browser, embedded JavaScript immediately launches a credential-harvesting workflow tailored to the victim’s environment. The attack chain uses KrakVM to compile malicious JavaScript into encrypted bytecode, which is executed through a virtual machine running inside the browser. “KrakVM compiles JavaScript into unreadable bytes,” the researchers wrote, adding that the virtual machine then interprets and executes the payload at runtime. The approach adds multiple layers of obfuscation designed to complicate static analysis and evade traditional email-security tooling. While virtual-machine-based obfuscation has long been used in malware packers and software protection systems, its adoption inside large-scale phishing kits appears far less common. The campaign dynamically adapts to victims After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users. According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company logos and backgrounds. The phishing kit also enumerates MFA methods registered on victim accounts, including Microsoft Authenticator push notifications, TOTP codes, SMS authentication, and voice verification flows. When the victim enters credentials, the kit forwards them to a command-and-control server, which attempts a real login against the target service. If the service prompts for MFA, the kit presents the victim with a matching prompt, captures the response, and forwards it to complete the attacker’s session. Researchers said the framework supports real-time AiTM interception, allowing operators to relay authentication sessions while harvesting credentials and MFA tokens. “A widely known unique feature of FlowerStorm is its capability for advanced AiTM and MFA interception,” the report said. Detection challenges grow for defenders The combination of VM-based obfuscation and AiTM-capable payload creates a detection gap for email security tools. Sublime Security said its own Autonomous Security Analyst system identified the attack as malicious, partly because of the HTML attachment’s use of “heavily obfuscated JavaScript with custom virtual machine bytecode.” The researchers also noted that both KrakVM and FlowerStorm appeared to operate close to their default configurations, suggesting the campaign did not require advanced technical sophistication from operators. That raises concern that VM-based obfuscation techniques could spread quickly across phishing ecosystems if tooling becomes easier to operationalize, the report added. The broader phishing ecosystem is evolving The campaign has targeted sectors including local government, logistics, retail, communications, and real estate, according to the report. Researchers also identified infrastructure using domains designed to resemble court systems, enterprise portals, and Microsoft-related services. Sublime published 153 indicators of compromise, including dozens of subdomains on cloud object storage services across regions, including Singapore, Bangkok, Frankfurt, Tokyo, Seoul, Jakarta, and Ashburn. The researchers also identified domain naming patterns that overlap with prior FlowerStorm reporting, including German-language domains assembled from English words to mimic legitimate business names. Sophos had documented FlowerStorm in December 2024, after the kit emerged following a disruption to the Rockstar2FA phishing service. The researchers said they had found no evidence linking the KrakVM developer to FlowerStorm operations. The findings come as security teams face increasingly sophisticated phishing campaigns that blend credential theft, MFA interception, session hijacking, and anti-analysis techniques into unified attack chains. “This campaign likely represents only the earliest use of KrakVM’s obfuscation capabilities,” the researchers wrote. “We anticipate more complex implementations as its adoption grows.” View the full article
  13. A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances for exact vulnerable endpoints. The bug involves a legacy Flask-based API server component “src/praisonai/api_server.py” in PraisonAI that shipped with authentication disabled by default. The issue affects versions 2.5.6 to 4.6.33, and has been fixed in version 4.6.34. “Authentication disabled by default in a development-grade API server is a known anti-pattern, and its blast radius is bounded by whatever permissions the operator gave the agent workflow,” said Trey Ford, chief strategy and trust officer at Bugcrowd. “Any organization that accelerated AI agent adoption without auditing network binding, authentication defaults, and credential exposure in agent configuration files now faces risk it likely hasn’t quantified.” Sysdig said a GitHub advisory was published around 13:56 UTC on May 11, and probing started at 17:40 UTC. Authentication was disabled by default Sysdig said the vulnerable component was a PraisonAI legacy API server, where authentication protections were effectively disabled by design. The researchers noted that any reachable caller could interact with agent workflows without valid tokens. “PraisonAI ships a legacy Flask-based API server that hard-codes ‘AUTH_ENABLED = False’ and ‘AUTH_TOKEN = None’,” Sysdig researchers said in a blog post. “The check_auth() helper returns True whenever authentication is disabled, so the two “protected” routes fail open by design.” The flaw, tracked as CVE-2026-44338, received a severity rating of CVSS 7.3 out of 10, but is being considered an urgency, considering attackers are already looking to exploit it. “Any AI service reachable from the internet should be treated as a production asset with controls around authentication, network segmentation, and monitoring,” said Vineeta Sangaraju, AI Research Engineer at Black Duck, urging organizations to patch immediately. Sysdig’s researchers said the initial reconnaissance traffic appeared generic at first, targeting common internet-exposed paths such as /./.env and /admin. Minutes later, however, the scanner pivoted to PraisonAI-specific endpoints including “/praisonai/version.txt”, “/docs”, “/api/agents/config”, and “/api/agents.” Researchers warned that a successful exploit could escalate to serious breaches. “The bypass itself is not arbitrary code execution,” they said. “But because it removes authentication from a workflow trigger that an operator deliberately exposed to do something useful, the impact ceiling is whatever that workflow is allowed to do.” Mitigations and recommendations Sysdig urged organizations to immediately upgrade to PraisonAI version 4.6.34 or later, which removes the vulnerable legacy API behavior and introduces stronger authentication protections. The researchers also recommended discontinuing use of the legacy “api_server.py” entrypoint entirely, noting that exposed instances running older configurations remain vulnerable to unauthenticated access attempts. To support detection efforts, defenders were advised to monitor for requests containing the “CVE-Detector/1.0” user-agent string, along with suspicious requests targeting /agents, /chat, /api/agents, and related MCP endpoints. “Until an upgrade is possible, network-layer monitoring catches this class of traffic cleanly because the bypass leaves no missing-auth signal in the application logs,” the researchers noted. View the full article
  14. Cybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be viewed as too technical to win the support needed. One way some CISOs are working to improve that relationship is by becoming board members themselves to better understand what is important and how to communicate to board members. Others may seek board positions to elevate their profile, help shape the tools of the future, or contribute to expanding the community’s knowledge. The latter is the case for Jamie Norton, vice chair of the ISACA board. “As a long-term member, I had reached a stage in my career where I had more flexibility in managing my time and wanted to contribute back to the industry. To be able to accomplish this on a global scale with ISACA was a perfect fit,” Norton tells CSO. For Mitra Minai, global cyber health leader at Accenture, it was about being a part of the solution rather than engaging with a board only during high-pressure moments. “I saw firsthand how board comprehension of cyber and digital risk directly influences organizational outcomes, particularly in healthcare where cyber incidents can affect patient safety and continuity of care,” says Minai, who is a board member with the Austrialian Information Security Association (AISA), industry advisory member with the Australian Cyber Security Centre, and digital governance committee member at Uniting AgeWell. “Becoming involved at a governance level allows me to contribute earlier and more strategically, helping boards shape risk appetite, investment priorities, and resilience before crises occur,” she adds. “It also provides an opportunity to help boards navigate the growing intersection between technology, trust, regulation, and organizational purpose.” As in health, cyber incidents can have a catastrophic impact in other critical infrastructure services. For CISOs looking to make a difference, vendor advisory boards are another option. Nathan Morelli, head of cybersecurity and IT resilience at SA Power Networks, says his motivation to join vendor advisory boards was a conscious move to influence the global product roadmaps that protect essential services. “In critical infrastructure, the impact [of cyber incidents] is significant, and I wanted to ensure that the tools we use are actually fit for purpose. By joining these boards I gain a seat at the table where I can shape the technology of tomorrow, rather than just reacting to it. It’s about moving beyond the perimeter of one organization to influence the resilience of the entire sector,” says Morelli, who is a member of advisory boards with Cyera, CrowdStrike, Proofpoint, and SailPoint. Getting a board role isn’t a straightforward path CISOs must be aware, however, that board roles can be difficult to land. Despite being involved in the Canberra Chapter of ISACA for many years, Norton went through several attempts before earning his board role. He applied once and was unsuccessful; the following year he tried again to no avail. It can be hard to not take such rejections personally, he says, adding that he received great feedback and was encouraged to apply again. “There was a lot of reflection on the process, and whether the result was challenges with expertise, experience, or simply the skills the board needed that was driving the outcome,” he says. “The required skills did come around to match my expertise soon after and I was successful. It has been a great journey since.” It is also a significant commitment, Norton adds, “with many hours per week spent on board-related work and meetings, many of which run early morning between 12am to 2am Australian time.” Advisory and committee positions don’t require any specific certifications, but governance capability and credibility are essential to be effective at board level, says Minai, who plans to complete formal Australian Institute of Company Directors (AICD) governance education within the next 12 to 18 months as part of an intentional progression toward broader non‑executive director roles. Tips for CISOs aiming for a board role For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector. For non-industry or public boards, CISOs must be comfortable contributing to discussions on P&L statements, ESG reports, or Modern Slavery statements. You are there to provide oversight for the entire organization’s strategy and sustainability. Here are other top tips from Minai, Morelli, and Norton: Start with governance, not titles. Committees, not‑for‑profit boards, and industry associations provide real governance experience. Separate governance from execution/management. Board effectiveness requires oversight and judgment, not operational problem‑solving. Learn the language of boards. Boards focus on risk appetite, trade‑offs, outcomes, and value creation, not just controls and tools. Invest in formal governance education. Even experienced executives benefit from structured governance training when moving into board roles. Choose wisely. Zero in on boards where your expertise genuinely matters and companies that are aligned to your values. Consider volunteering. Targeting a not-for-profit or charity for your first board position can help you earn valuable first-board experience. Leverage your network. Board opportunities often arise from existing relationships. Get certified. Consider investing in a NACD Directorship Certification or similar credentials. Like your CISO role, branding and narrative are important. Research and develop a board bio that highlights key skills and experiences such as financial, legal, governance, risk, crisis management, regulatory navigation, and strategic governance. The benefits of experiencing the board from the other side CISOs will reap many benefits from being a board member. Chief among these, Norton says, is a greater appreciation of the director mindset. “Understanding what represents a material concern, the right level of detail that board members want in reporting, and contributions to risk appetite and corporate strategy” have been invaluable, he says. “As a CISO in my day-job, this significantly assists in balancing board messaging and understanding how to frame discussions in the right way.” Minai’s experience has shaped how she thinks and leads as well. Some of the benefits she experienced include developing a long‑term, enterprise‑wide perspective beyond functional optimization; a deeper understanding of how boards balance risk, investment, culture, and stakeholder expectations; exposure to decision‑making under uncertainty with incomplete information; and strengthening the ability to translate technical and cyber risk into strategic and financial implications. “These roles have also broadened my exposure across aged care, academia, government, and not‑for‑profit sectors, which has strengthened my judgment and impact as a senior executive,” Minai says. For Morelli, it is about being able to see where the industry is heading in 18 to 24 months. “There is also a significant compounding effect of the network. Sitting in a room with the world’s top CISOs and business leaders provides a level of strategic intelligence that no briefing note can replicate. It forces you to grow as a leader because you are constantly challenged by peers operating at a global scale,” he says. Even with cybersecurity leaders being increasingly invited into the boardroom, the invitation alone does not guarantee effectiveness. The CISOs who succeed in governance roles are those who can reframe cybersecurity as a matter of trust, resilience, and organizational stewardship, not just technical defence, Minai says. “Boards are not looking for another security operator; they are looking for clear thinking, calm judgement, and strategic insight under complexity,” she says. “That is where experienced CISOs can make a unique and lasting contribution.” View the full article
  15. The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new. But the conviction by a Virginia jury last week of one of the brothers raises a number of issues that IT pros and CEOs have to keep in mind. A federal jury convicted Sohaib Akhter, 34, of Alexandria, Virgina, on charges of conspiracy to commit computer fraud, password trafficking, and possession of a firearm by a prohibited person. He will be sentenced in September. And last month his brother, Muneeb, signed an agreed statement of facts about the siblings’ activities in response to several charges against him. But according to documents from the case provided on the Free Law Project’s archive of court data, The Court Listener, Muneeb is now trying to have the charges dismissed. Still, the incident has led one expert, Robert Enderle of the Enderle Group, to say, “it should serve as a wake-up call: Organizations must not only tighten their internal controls, but also begin accounting for how AI tools can be weaponized against them, and these AI tools need far stronger guardrails than they currently have.” The statement of facts According to the statement of facts Muneeb agreed to, but now disputes, he and his brother, Sohaib, worked for an unnamed company in Washington, DC that provided software and services to more than 45 US government agencies, including hosting data for some federal clients. They included the US Equal Employment Opportunity Commission (EEOC), Homeland Security, and the Internal Revenue Service (IRS). On Feb 18, 2025, both brothers were terminated by the company after it discovered Sohaib had been convicted nine years earlier of a felony. After the firing, they both allegedly tried to harm their former employer by accessing computers without authorization, deleting databases and destroying evidence of their work. In his statement of facts this year, Muneeb admitted to deleting 96 databases. How? While five minutes after they were fired in 2025, Sohaib’s VPN was disconnected and he lost access to the hosting provider, his brother still had access. The brothers also still had their company-issued laptops. They went to work. As part of their alleged destructive work, when Muneeb didn’t know the database commands necessary to accomplish his goals, he used an AI tool to help him, asking “how do I clear system logs from SQL servers after deleting databases” and later, “how do you clear all event and application logs from Microsoft Windows Server 2012.” The agreed statement of facts doesn’t make it clear, but presumably the AI tool was a public chatbot. In the statement of facts, Muneeb agreed he stole copies of IRS information on a virtual machine that included federal tax information of 450 people. Muneeb also admitted that between May and December 2025, he committed fraud and stole credentials for the EEOC public portal in an attempt to access email and other online accounts of 4,500 people. In hundreds of instances, he successfully logged into victims’ email accounts without their authorization. State of insider attacks According to the State of Human Risk Report from Mimecast, 42% of organizations have experienced an increase in malicious insider incidents over the past year, with 42% also reporting a rise in negligent incidents for the first time. A report this year by the Ponemon Institute on the costs of insider risks, commissioned by insider threat detection provider DTEX, estimated incidents cost organizations an average of $19.5 million last year, up from $17.4 million in 2024. The biggest cause of losses last year (53%) was negligence and mistakes, it said. The second biggest cause, however, was malicious activity (27%). Musa Ishaq, senior principal insider threat analyst at DTEX, said last week’s conviction “is a clear and sobering reminder that termination is not the end of risk. In many cases, it is the beginning of it.” The off-boarding moment “is one of the most dangerous windows in any organization’s security posture,” he said, “and it remains one of the most underestimated. Every departing employee, whether they leave willingly or are terminated, represents a live risk event that must be treated in real time. That means immediate access revocation, active session termination, and active monitoring, not a checklist completed the following day. When those steps fail, or when even a single access pathway is left open, the consequences can be catastrophic, as this case demonstrates.” ‘AI didn’t give attackers a new capability’ Equally important, he added, is what this case reveals about AI’s role in accelerating insider threats. “AI did not give them a new capability; they already had the access and the intent. What it did was compress their decision cycle, turning what might have taken several minutes of research into seconds of execution. The new threat reality is that AI does not create malicious insiders, but it dramatically amplifies what they can accomplish before defenders are able to respond.” As a result, organizations have to shift to proactive and risk-adaptive security approaches, Ishaq said. A privileged user querying an AI tool through a company owned or controlled computer for log evasion techniques while simultaneously executing destructive commands on production servers is an escalation signal, he said. “Behavioral visibility, not just technical controls, is what enables security teams to detect that pattern and act before deletion becomes destruction,” he said. “This case is a preview of what insider threats look like in an AI-enabled world in terms of being faster, harder to trace, and far more consequential when governance gaps exist,” he said. “As such, the fundamentals, including strict access control, real-time off-boarding protocols, and layered monitoring of privileged users, have never been more critical.” ‘Textbook example’ of need to re-think processes Enderle agreed. He said this incident “is a textbook example of why we need to rethink the speed and process of our off-boarding processes. The fact that a former employee was able to access and delete government databases post-termination highlights a massive failure in basic access control. In a modern enterprise, access revocation needs to be instantaneous, automatic, and comprehensive; any gap between a firing and a lockout is a window for significant liability.” The most disturbing aspect, he added, is the role AI played. “Using an AI tool to solicit instructions on clearing system logs is a clear signal that the barrier to entry for sophisticated digital sabotage is dropping,” Enderle said. “We are entering an era where AI can act as a force multiplier for malicious intent, making it easier for individuals to cover their tracks. Even AI protections can be bypassed. I saw a demonstration on YouTube the other day where a user just re-asked a question to a public AI site on preparing a bomb until the AI gave up saying ‘No,’ and provided the answer.” Queries like ‘How to clear SQL logs’ have legitimate administrative purposes, he acknowledged. But, he added, AI providers must move beyond simple keyword filtering and implement intent-aware guardrails that can identify attack chains. “When a sequence of prompts moves from technical curiosity to a roadmap for destroying evidence and obfuscating logs, the AI should recognize the malicious context and refuse the request, Enderle argued. “Ultimately,” he warned, “if AI providers don’t take responsibility for preventing their platforms from becoming a ‘How-to’ manual for criminal activity, they risk a regulatory backlash and potential civil and criminal liability that could stifle the very innovation they are trying to promote.” View the full article
  16. Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to threat actors because these products sit in high-trust security functions that threat actors often target,” Piyush Sharma, CEO and co-founder of SecOps company Tuskira, told CSO via email. “When a vulnerability affects a tool that already has privileged visibility or sits close to critical systems, exploitation can give attackers a much larger head start than a flaw in an ordinary application.” The flaw in FortiAuthenticator, tracked as CVE-2026-44277, has a 9.1 CVSS severity score and is described as an improper access control issue. Successful exploitation allows unauthenticated attackers to execute unauthorized code and commands by sending specifically crafted requests. An identity and access management (IAM) solution, FortiAuthenticator serves as the central hub for RADIUS, LDAP, and SAML authentication. It integrates with Active Directory and supports single sign-on and multi-factor authentication. To patch this new vulnerability, companies are advised to upgrade to FortiAuthenticator 6.5.7, 6.6.9, or 8.0.3 depending on the release they’re using. The flaw in FortiSandbox is a missing authorization issue that similarly allows unauthenticated attackers to execute arbitrary code and commands via HTTP requests. Tracked as CVE-2026-26083, the vulnerability also has a severity score of 9.1. FortiSandbox is a threat detection solution designed to identify zero-day threats by using machine learning to perform static and dynamic analysis on suspicious files inside an isolated environment. It integrates with other Fortinet security products such as FortiGate and FortiMail and comes in different variants, including hardware and virtual appliances. The vulnerability impacts all supported versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. Users are advised to upgrade to version 4.4.9 or 5.0.2, depending on release. Both CVE-2026-26083 and CVE-2026-44277 were discovered internally by Fortinet, so there is no evidence of in-the-wild exploitation yet. However, exploits for other Fortinet RCE vulnerabilities were adopted by attackers in the past. For example, CVE-2026-21643, an SQL injection vulnerability in FortiClient Endpoint Management Server (EMS) that was found internally by Fortinet and was patched in February, ended up exploited in the wild a month later. This was followed up last month by exploitation of another FortiClient EMS flaw, this time a zero-day. In addition to the two critical flaws, Fortinet released patches for high- and medium-severity flaws in several products: an out-of-bounds write vulnerability in FortiOS that can lead to RCE (CVE-2025-53844), an OS command injection vulnerability in FortiAP and FortiAP-W2 (CVE-2025-53870) that leads to privilege escalation, and a separate OS command injection flaw in FortiAP, FortiAP-U, and FortiAP-W2 (CVE-2025-53680) that can lead to RCE. Exploitation of these flaws requires authentication, which is why they’re not rated critical, but attackers compromising enterprise credentials is not uncommon so they should still be treated with urgency. View the full article
  17. The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to a limited group of security partners, has demonstrated the ability to discover zero-day vulnerabilities in every major operating system and browser, sometimes finding bugs that had survived decades of human review and millions of automated tests. Anthropic has framed Mythos as a watershed moment, launching Project Glasswing and committing $100 million in usage credits to help defenders secure critical infrastructure before similar capabilities become widely available. Meanwhile, the strategic buffer that Washington has long assumed it held over Beijing is narrowing faster than most policymakers have been willing to admit. Chinese entities have sought access to Mythos and have so far been denied, but it’s likely the model will leak out. Mythos has already seen unauthorized access: a small group of users reportedly gained entry to the model on the same day Anthropic announced its limited release. The gap that wasn’t For years, the US-China AI competition was framed as an asymmetric contest — American labs in front, Chinese labs years behind, export controls and chip restrictions buying the United States time. However, Stanford’s 2026 AI Index, published last month, found that US and Chinese models have traded the global performance lead multiple times since early 2025. As of March 2026, Anthropic’s Claude Opus 4.6 leads China’s best model by just 2.7 percentage points on a key benchmark — down from a gap of 17 to 31 percentage points in mid-2023. China leads the world in AI patent filings, research citations, and industrial robot installations. While the Stanford index shows US private investment towering over Chinese private investment by a factor of 23, Chinese state guidance funds have deployed an estimated $912 billion across strategic industries over two decades, a figure that private-investment comparisons entirely miss. The AI talent picture is, if anything, more alarming. The number of AI researchers moving to the United States has dropped 89% since 2017, with 80% of that decline occurring in just the past year, accelerated in part by the Trump administration’s H-1B restrictions. The real threat isn’t who you think The US-China framing — useful for budgets and political narratives — obscures the more consequential risk from systems like Mythos. “The US and China may stand more to gain from controlling these systems together than simply fighting over them,” Gal Tal-Hochberg, co-founder and CEO of Beacon Security and former CTO of cybersecurity venture firm Team8, tells CSO. “When it becomes very cheap to do damage, people who are not anybody can suddenly do damage.” The danger is not simply that Beijing develops models with advanced cyber capabilities. The larger concern is what happens when those capabilities — or something close to them — diffuse into criminal ecosystems, ransomware operations, or loosely affiliated proxy groups that no government controls. “The cost and complexity of attacks are dropping,” Tal-Hochberg says. “Defenders who could previously get away with being less sophisticated may no longer be able to.” A nuclear analogy that has limits but holds Senior US officials, speaking ahead of the summit, said Washington is prepared to “explore channels of deconfliction” with Beijing on AI, using language that evokes Cold War nuclear logic. What those channels might look like is taking shape. Both sides are weighing a recurring set of conversations focused on establishing guardrails covering AI models behaving unexpectedly, autonomous military systems, and nonstate actors using powerful open-source tools. Both AI and nuclear weapons involve technologies of potentially catastrophic offensive capability. Both involve two rival powers who share an interest in preventing the worst outcomes even as they compete. And in both cases, the US has to decide whether dialogue with an adversary is a concession or a necessity. But the nuclear analogy breaks down in one critical way: Nuclear weapons were economically irrelevant outside defense ecosystems. AI is the opposite. It is simultaneously the most significant general-purpose economic technology of this era and a potentially destabilizing offensive capability. As Tal-Hochberg puts it, “AI is both nuclear power and nuclear weapons at the same time. Governments want the economic benefits while also trying to limit the offensive risks.” That dual nature makes agreed limits enormously harder to negotiate, verify, or enforce. The Council on Foreign Relations has argued that Beijing’s actual interest in AI safety dialogue is primarily instrumental — an opportunity to close the capability gap rather than constrain it. The sole prior US-China AI safety dialogue, held in 2024, illustrated the asymmetry: The US sent technical experts to outline shared risks; China sent diplomats to complain about chip export controls. What Washington still hasn’t decided The more uncomfortable truth is that the United States has not yet resolved what Mythos-class systems actually are. The Trump administration spent much of the past year resisting broad AI regulation, arguing that oversight would blunt competitive advantage. Now it faces growing internal pressure to develop testing requirements for frontier models with advanced cyber capabilities and is reportedly preparing executive action on AI safety, a significant pivot from its earlier posture. Anthropic’s decision to release Mythos through Project Glasswing — giving defenders access before offensive capabilities become broadly available — represents one model for managing this problem. And the access decisions themselves are already becoming geopolitical. The EU, notably, has still not been granted access to Mythos, even as OpenAI has moved to provide European cybersecurity teams access to its own cyber model. These are unilateral judgments by private companies, not a policy framework. The window won’t stay open for long More capable AI can accelerate the development of still more capable AI. The country — or company, or actor — with the strongest models today has structural advantages in building tomorrow’s models. What Washington and Beijing discuss in Beijing this week will not resolve the fundamental tension between competitive AI development and the risks that development creates. But the establishment of even narrow deconfliction channels — a hotline logic for AI crises, shared norms around the most dangerous applications, transparency mechanisms that let each side verify the other isn’t crossing agreed lines — would represent meaningful progress over the current state, which is no framework at all. View the full article
  18. Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the Windows Attack Research and Protection group. The platform will enter private preview for enterprise customers next month, Microsoft said in a blog post announcing the system. The vulnerabilities were patched as part of Microsoft’s May 12 Patch Tuesday release. “Cyber defenders are facing an increasingly asymmetric battle,” Microsoft added in the blog post. “Attackers are using AI to increase the speed, scale, and sophistication of attacks.” Critical Windows components affected The four critical vulnerabilities affected core Windows components broadly deployed across enterprise environments, Microsoft said in the blog. Among them was CVE-2026-33827, a remote unauthenticated use-after-free flaw in the Windows IPv4 stack reachable through specially crafted packets carrying the Strict Source and Record Route option, Microsoft said. Another flaw, CVE-2026-33824, involved a pre-authentication double-free issue in the IKEEXT service affecting RRAS VPN, DirectAccess, and Always-On VPN deployments. Two additional critical flaws affected Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8. The remaining 12 vulnerabilities rated “Important” included denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws affecting components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe, according to Microsoft. How MDASH orchestrates AI agents According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models, with each agent assigned to a different stage of the vulnerability discovery pipeline. Some agents scan source code for potential flaws, others validate whether findings are genuine, and another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review. “The model is one input. The system is the product,” Taesoo Kim, Microsoft vice president for agentic security, wrote in the blog. Microsoft said the architecture was intentionally designed to remain largely model-agnostic, allowing the company to swap underlying AI models without rebuilding the broader orchestration pipeline. That detail matters because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic’s Claude Mythos Preview model. “Microsoft is now operating as platform owner, security vendor, AI infrastructure player, OpenAI partner, Mythos integrator, and agentic security supplier,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “That is a formidable position. It is also a concentration of influence that security leaders must examine with clear eyes.” AI vs AI vulnerability race The announcement also highlights growing concern that AI-driven vulnerability discovery could accelerate offensive operations as well as defensive research. Anthropic has previously said its Mythos Preview model identified thousands of high-severity vulnerabilities, including a decades-old OpenBSD flaw and a long-undetected FFmpeg issue that traditional fuzzing tools failed to uncover despite millions of attempts. “We’ve entered an AI-versus-AI vulnerability discovery race,” said Sunil Varkey, advisor at Beagle Security. “The winners won’t be the organizations with the best static scanners anymore. They’ll be the ones who can run these agentic systems fastest against their own code and remediate at machine speed.” Varkey said enterprises should pursue early access to systems such as MDASH where possible rather than waiting for broader commercial availability. “Early access isn’t just nice-to-have,” he said. “It’s becoming a defensive necessity in the AI era.” For CISOs, the broader implication may be that vulnerability management is shifting from periodic scanning toward continuous, AI-assisted discovery and remediation. “The future belongs to security teams that can find, validate, contain, and fix in one governed motion,” Gogia said. Benchmarks show progress, but analysts urge caution To support its claims, Microsoft published benchmark results showing MDASH identified all 21 deliberately planted vulnerabilities in an internal Windows test driver without false positives. The company also said the system successfully recovered nearly all historical Microsoft Security Response Center cases tested against older Windows component snapshots. On the public CyberGym benchmark for vulnerability reproduction tasks, Microsoft said MDASH achieved a score of 88.45%, topping the public leaderboard at publication time. Gogia said the results show the category is maturing but warned against treating benchmark scores as direct proof of enterprise value. “CyberGym is a signal, not a buying decision,” he said. “The machinery around the model is beginning to resemble a serious security research workflow.” He added that many enterprises still lack the governance maturity required to operationalize machine-generated vulnerability discovery effectively. “Discovery without remediation discipline is theatre,” Gogia said. “It produces dashboards, not resilience.” View the full article
  19. Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege controls across every type of identity inside an enterprise. “For most of the last two decades, identity security was built on a comfortable assumption: One can maintain a firm divide between a small number of powerful administrators and a much larger number of ordinary users; that is enough to secure the organization. That assumption no longer holds,” Peretz Regev, chief product & technology officer at Palo Alto, said in a blog post. The launch follows Palo Alto’s acquisition and integration of CyberArk, which forms a key foundation of the platform. Palo Alto’s bet on AI-era identity security “The fundamental problem today is scale,” said Rohan Vaidya, AVP Sales India and SAARC. “Most organisations are already running AI agents — and those agents authenticate, call APIs, access sensitive data, and can escalate their own privileges to complete a task. No legacy IAM or PAM platform was designed to see any of that, let alone control it.” With Idira, Palo Alto attempts to address these risks by treating every identity in the organization as privileged. “What Idira does differently is operate as a single control plane across all three identity types; human, machine, and agentic. On the discovery side, it continuously scans SaaS, cloud, and developer environments to surface every active agent and machine identity, enriching each one with context: who owns it, what it can access, and what permissions are actually in use. That alone closes a blind spot most security teams don’t even know they have,” Vaidya said. Analysts say Idira is attempting to address gaps that traditional identity-management platforms such as Auth0 and SailPoint were not originally designed to handle, particularly around governing autonomous AI agents in real time. “Auth0 excels at consumer identity and enterprise single sign-on, but its core architecture is not natively designed to govern the dynamic, autonomous nature of generative AI agents. SailPoint, on the other hand, provides excellent AI-driven insights for human access governance, such as role discovery and certification recommendations, but it primarily focuses on lifecycle management and compliance rather than runtime security for autonomous actors,” explained Amit Jaju, senior managing director at Ankura Consulting. Jaju added that what genuinely sets Idira apart is that instead of granting an agent static access tokens (which Auth0 or SailPoint might manage), Idira dynamically elevates privileges exactly when an agent needs to execute a task and instantly revokes them afterward. CISOs navigate AI risks For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale. Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and IT administrators rather than AI agents and automated services. “A self-contained AI agent can engage with systems, initiate processes, and make decisions without any form of human validation. This presents a much bigger threat surface. Current technologies that help manage this issue address only some aspects of the problem, many having been built without the intent of handling machine speed, highly dynamic environments,” said Devroop Dhar, co-founder and CEO at Primus Partners. As identity, cloud security, artificial intelligence governance, and SOC workflows continue to converge, organizations will find themselves becoming more and more reliant on one particular ecosystem, Dhar said. The advantage here is ease of operation, a consolidated view, and greater integration. The downside is less flexibility over time. Breaking away from the system at a later date may prove challenging since identity management procedures and other processes will be woven deeply into business operations. In the coming years, CISOs will favour ecosystems that support open architectures, Dhar noted. Analysts also caution that none of the platforms eliminates the need for multilayered security. Organizations will need to maintain good identity hygiene practices, implement least privilege, utilize MFA, rotate credentials, and conduct constant monitoring. “Another aspect to address relates to agent governance. There must be a clear understanding of what assets can be accessed by agents, under what circumstances human intervention is required, and how agent activities are monitored,” said Dhar. Enterprises must invest in prompt filtering systems to prevent prompt injection attacks, which currently stand as the largest vulnerability in AI systems, Jaju said. “They should also engage in continuous adversarial testing and agentic red teaming before deploying any autonomous system into a production environment.” View the full article
  20. Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege controls across every type of identity inside an enterprise. “For most of the last two decades, identity security was built on a comfortable assumption: One can maintain a firm divide between a small number of powerful administrators and a much larger number of ordinary users; that is enough to secure the organization. That assumption no longer holds,” Peretz Regev, chief product & technology officer at Palo Alto, said in a blog post. The launch follows Palo Alto’s acquisition and integration of CyberArk, which forms a key foundation of the platform. Palo Alto’s bet on AI-era identity security “The fundamental problem today is scale,” said Rohan Vaidya, AVP Sales India and SAARC. “Most organisations are already running AI agents — and those agents authenticate, call APIs, access sensitive data, and can escalate their own privileges to complete a task. No legacy IAM or PAM platform was designed to see any of that, let alone control it.” With Idira, Palo Alto attempts to address these risks by treating every identity in the organization as privileged. “What Idira does differently is operate as a single control plane across all three identity types; human, machine, and agentic. On the discovery side, it continuously scans SaaS, cloud, and developer environments to surface every active agent and machine identity, enriching each one with context: who owns it, what it can access, and what permissions are actually in use. That alone closes a blind spot most security teams don’t even know they have,” Vaidya said. Analysts say Idira is attempting to address gaps that traditional identity-management platforms such as Auth0 and SailPoint were not originally designed to handle, particularly around governing autonomous AI agents in real time. “Auth0 excels at consumer identity and enterprise single sign-on, but its core architecture is not natively designed to govern the dynamic, autonomous nature of generative AI agents. SailPoint, on the other hand, provides excellent AI-driven insights for human access governance, such as role discovery and certification recommendations, but it primarily focuses on lifecycle management and compliance rather than runtime security for autonomous actors,” explained Amit Jaju, senior managing director at Ankura Consulting. Jaju added that what genuinely sets Idira apart is that instead of granting an agent static access tokens (which Auth0 or SailPoint might manage), Idira dynamically elevates privileges exactly when an agent needs to execute a task and instantly revokes them afterward. CISOs navigate AI risks For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale. Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and IT administrators rather than AI agents and automated services. “A self-contained AI agent can engage with systems, initiate processes, and make decisions without any form of human validation. This presents a much bigger threat surface. Current technologies that help manage this issue address only some aspects of the problem, many having been built without the intent of handling machine speed, highly dynamic environments,” said Devroop Dhar, co-founder and CEO at Primus Partners. As identity, cloud security, artificial intelligence governance, and SOC workflows continue to converge, organizations will find themselves becoming more and more reliant on one particular ecosystem, Dhar said. The advantage here is ease of operation, a consolidated view, and greater integration. The downside is less flexibility over time. Breaking away from the system at a later date may prove challenging since identity management procedures and other processes will be woven deeply into business operations. In the coming years, CISOs will favour ecosystems that support open architectures, Dhar noted. Analysts also caution that none of the platforms eliminates the need for multilayered security. Organizations will need to maintain good identity hygiene practices, implement least privilege, utilize MFA, rotate credentials, and conduct constant monitoring. “Another aspect to address relates to agent governance. There must be a clear understanding of what assets can be accessed by agents, under what circumstances human intervention is required, and how agent activities are monitored,” said Dhar. Enterprises must invest in prompt filtering systems to prevent prompt injection attacks, which currently stand as the largest vulnerability in AI systems, Jaju said. “They should also engage in continuous adversarial testing and agentic red teaming before deploying any autonomous system into a production environment.” View the full article
  21. ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy. As the researchers pointed out in a blog post, PySoxy is giving attackers encrypted proxy access without relying on well-known malware or remote monitoring and management (RMM) tools. The observed attack chain established an initial PowerShell-based C2 channel, followed by a second C2 path through PySoxy. The campaign was observed in April. ReliaQuest said this was the first time it had seen ClickFix combined with PySoxy in active intrusions. PySoxy used for dual-channel persistence The attack started with a ClickFix lure that tricked the victim into manually pasting and executing a malicious command disguised as a fix to a technical issue. Once launched, the command initiated a multi-stage infection chain. According to ReliaQuest, the execution flow established persistence through scheduled tasks, carried out domain reconnaissance, and opened an initial PowerShell-based C2 channel back to the attackers. The chain then deployed PyProxy to create a second encrypted communication path that turns the infected endpoint into a proxy relay. “After staging reconnaissance output locally and uploading it to separate attacker-controlled infrastructure, the attacker downloaded Python tooling to C:\ProgramData,” the researchers said. “The compiled bytecode file was then executed with Python and identified as PySoxy. This turned the intrusion from a PowerShell-led access chain into one with redundant access paths.” Researchers noted that the use of a second foothold, proxying through PySoxy, allows the intrusion to go on even after the PowerShell C2 connection is blocked. ClickFix drifts into post-exploitation ReliaQuest pointed to the evidence that ClickFix is no longer just a social engineering delivery mechanism. It is being increasingly used as a gateway into broader post-exploitation operations involving stealth, persistence, and trusted-tool abuse. Earlier this year, the cybersecurity technology company reported that ClickFix accounted for a large share of observed incidents and defense evasion activities in late 2025 and early 2026, with attackers relying on obfuscated commands and hidden execution chains. The use of PySoxy marks ClickFix shifting to older legitimate tooling with modular access techniques. By orchestrating multiple communication paths within the chain, the attackers are forcing defenders to expand containment efforts. “Looking ahead, we expect ClickFix operators to continue experimenting with post-exploitation tooling beyond PowerShell,” the researchers said. “Python is one option, but the underlying logic, using whatever scripting runtime is available to stage proxy or C2 capability without dropping a traditional payload, applies equally to other interpreters.” Hunting clues include scheduled tasks and Python artifacts In the ReliaQuest observed chain, scheduled tasks repeatedly relaunched malicious activity after communication attempts failed. ReliaQuest said defenders should specifically investigate recurring scheduled task creation alongside unusual Python-related artifacts and proxy-style command-line activity. Recommendations for incident responders included isolating affected hosts, reviewing scheduled tasks for suspicious re-execution patterns, and hunting for encrypted proxy behavior in Python processes instead of focusing solely on blocked C2 traffic. “Hunt for command lines containing combinations such as -ssl, -remote_ip, -remote_port, SOCKS, or .pyc execution,” the researchers said, adding that these are high-value signals for PySoxy-style activity. View the full article
  22. The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling for documentation of models, datasets, software components, providers, licenses, and other dependencies. The supplemental minimum elements are not exhaustive or mandatory, CISA said, but reflect a consensus among G7 experts and are expected to expand as AI technology evolves. For security leaders, the document puts AI risk more firmly inside enterprise supply-chain oversight. That could make AI SBOMs part of the same vendor-risk conversations that already surround software composition, cloud services, and third-party technology platforms. But one important difference is that AI SBOMs require visibility beyond software composition, because AI risk is shaped by models, data, infrastructure, and system behavior. “AI systems add new layers of opacity: model lineage, training and inference data, fine-tuning history, prompts, vector databases, third-party foundation models, APIs, orchestration logic, and runtime behavior,” said Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services. AI software is also different because it is probabilistic, with outputs shaped by data provenance as well as code, according to Keith Prabhu, founder and CEO of Confidis. “AI software inherently encompasses more than just software,” Prabhu said. “In addition to the software components, it would also need to track models, training data, prompts and system instructions, model weights and checkpoints, and GPU dependencies.” Sanchit Vir Gogia, chief analyst at Greyhound Research, put the shift more broadly. “The question is no longer only, ‘what code is inside this product?’ The question is, ‘what code, model, data, infrastructure, control, and vendor decision shapes this system’s behavior?’” Gogia said. How to make use of it The immediate use of the guidance may be in procurement and vendor risk management. It gives security teams a way to press vendors before AI-enabled products are allowed into production. “Organizations should ask vendors to provide visibility into model provenance, training data sources, software and API dependencies, licensing obligations, security testing practices, update cycles, runtime monitoring controls, and shared responsibility boundaries,” Grover said. The level of scrutiny may also depend on the type of supplier. “For large vendors, CISOs should specifically seek transparency around third-party foundation model dependencies, geographic data flows, model update practices, and whether customer data is being retained for model training or fine-tuning,” Grover added. “For startups, the focus should be on the maturity of governance processes, dependency tracking, secure development practices, identity controls, and operational monitoring across the AI life cycle.” The same risk-based approach should apply to how the technology will be used. For higher-risk deployments, Gogia said AI SBOMs should become part of a broader vendor evidence pack, supported by documentation on data flows, security architecture, model behavior, privacy impact, red-team findings, incident response, logging, and prompt-injection testing. The gaps that remain The biggest gap is that an AI SBOM may show what a vendor says is inside an AI system, but does not prove whether the system can be trusted for the way an enterprise plans to use it. “Minimum elements create visibility,” Gogia said. “They do not create assurance. They tell the buyer what the vendor says exists. They do not, by themselves, prove that every dependency has been disclosed, every dataset is lawful, every control works, every model behaves within tolerance, or every runtime pathway is being monitored.” The hard part will be proving that the document matches reality. Security teams may receive an AI SBOM from a vendor, but they still need to determine whether it reflects the system running in production and keeps pace with changes to the AI environment. Prabhu said even a high-quality AI SBOM will offer only partial visibility into AI risk. Issues such as evolving AI behavior, hallucinations, changing prompt usage, and limited training data transparency can still make it difficult for security leaders to assess actual risk. As AI systems mature, AI SBOMs will also have to evolve to address those gaps, Prabhu added. View the full article
  23. The annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enterprises navigate risks in an increasingly challenging cyber environment. These projects showcase the variety of strategies that CISOs and their teams are employing to bolster enterprise security today. Many leverage the principles of zero trust to reduce risk. Others are using AI and automation to better defend their organization. Still others are using gamification and other change management practices to strengthen security awareness and bolster their first line of defense. Here, we profile six of these award-winning initiatives that collectively represent the transformative work happening in security today. Changing the security culture at Copart Organization: Copart Project: Making Cybersecurity as Instinctual as Buckling Your Seatbelt Security leader: Kevin Vuong, CISO With social engineering still a central initial attack vector today, online car auction company Copart faced a challenge familiar to most CISOs: training workers to automatically incorporate cybersecurity into their daily tasks. Security process manager Brittany Little says the training and testing strategies that Copart’s security department had been using, such as phishing simulations, weren’t getting the results security leaders wanted to see. And traditional training, which was manual, episodic, and compliance-driven, didn’t match the education needs of a 12,000-member global workforce comprising vastly different role types. So the security team set about creating a more efficient, impactful security awareness program, Little says, to make cybersecurity behavior as “instinctual as buckling a seatbelt.” So Copart implemented an automated, adaptive security awareness program that continuously delivers role-based phishing simulations and immediate micro-training tied directly to employee actions. That ensures the training “focuses on the things that matter,” Little says. The new program is also more intensive, Little says. Previously, security sent out three or four global simulations per quarter. “With a more efficient platform that has more automation and relatable content, we have delivered 202,992 simulations in one year — over 950 of those being unique simulations related to employee’s role, title, behavior analytics in the program,” she notes. The revamped awareness program also leans into gamification, with live leaderboards, achievements, and recognition. And it replaced manual analysis with automated reporting and executive scorecards. These improvements have increased the security culture at the company. In the two years before new program was introduced, the simulation reporting rates sat between 17% and 24%; with the new program, the report rate is between 55% and 60%. “The gamification has been something that has made the training and awareness different,” Little says, noting that it has been key to worker engagement. Workers now boast about their strong performances and talk with one another as well as with security staffers about what they learned in the gamified training sessions. The scorecards have also been instrumental, giving department leaders metrics on the cybersecurity acuity of each of their workers. “We look at the data, we analyze it, and now we get to go and actually have the conversations that matter,” Little explains. “It has allowed us to actually change behaviors.” Zero trust data governance repositions HMSA’s cyber team as a business enabler Organization: Hawaii Medical Service Association (HMSA) Project: Zero Trust Data Governance Initiative Security leader: Sudhakar Gummadi, CISO HMSA CISO Sudhakar Gummadi says three forces prompted the nonprofit health insurer’s Zero Trust Data Governance Initiative: an intensifying threat landscape targeting the healthcare sector; increasing regulations and privacy expectations; and HMSA’s expanding digital footprint. “We recognized that incremental remediation would not meaningfully reduce risk,” Gummadi says. “What was required was a deliberate transformation in how we think about trust, data usage, and accountability across the enterprise.” HMSA embarked on its Zero Trust Data Governance Initiative in 2024 as part of that transformation. In addition to implementing and maturing numerous zero-trust principles, HMSA sought to ensure no confidential member information (CMI) left its production zone. That goal went against traditional healthcare industry practice, where copies of real-life production data existed for use in nonproduction environments to ensure system functionality and fidelity. That practice, while operationally convenient, significantly increases enterprise exposure to data privacy and cybersecurity risks, Gummadi says, noting that many nonproduction systems don’t have the same security controls as in the production zone. As such, the initiative’s biggest challenge was the change management component. “We were asking teams to rethink long‑standing practices around how data is used in nonproduction environments,” Gummadi says. “We addressed this through sustained executive support, transparent communication, and a focus on early wins that demonstrated value — both to the business and to members whose trust we are responsible for protecting.” In addition to eliminating CMI from all nonproduction environments, HMSA’s initiative sought to protect member data privacy and reduce exposure risk across the entire technology ecosystem; mitigate cybersecurity vulnerabilities associated with nonproduction environments; standardize and modernize data governance practices; and implement a scalable, sustainable, and automated masking framework. To do that while ensuring operational continuity, HMSA’s security team opted to use high-fidelity, functionally equivalent data for development, testing, and analytics — a significant task, as HMSA had more than 50 terabytes of CMI residing across heterogeneous platforms, diverse data models, and inconsistent data governance processes. HMSA used an AI-enabled automated data masking suite from Perforce Delphix to identify CMI and apply algorithmically consistent masking rules. That enabled HMSA to fully de-identify CMI in the nonproduction environment. To ensure long-term sustainability, HMSA’s data governance team established standardized process flows, controls, and a responsibility assignment matrix, enabling automated masked data refreshes and ongoing compliance as systems evolve. “Trust is foundational to HMSA’s mission. Protecting member information is not simply a compliance requirement; it is a core business imperative,” Gummadi adds. “This initiative strengthened our ability to safeguard that trust at scale, while also improving operational efficiency and enabling more informed decision‑making. It repositioned cybersecurity as a strategic enabler rather than a downstream control.” Hensel Phelps takes a team approach to automating away cyber drudgework Organization: Hensel Phelps Construction Project: Project SAM Security leader: Dustin Morris, director of cybersecurity and compliance Dustin Morris, director of cybersecurity and compliance of Hensel Phelps, faces a scenario common for security leaders: defending against an ever-expanding threat environment with resources that don’t grow as much or as fast. Starting in 2024, Morris focused on using automation to build capacity, setting out to automate 1,250 hours of manual tasks, effectively replicating a full-time employee’s functions. “The vision was to really reduce the day-to-day monotonous tasks we have in cybersecurity operations,” says Morris, who took a methodical and enlisted his five-person team. Together they identified tasks to automate, calculated how much time that automation would save them, and laid the groundwork for automation. Morris then scheduled an “automation week,” during which the entire team came together to automate those identified tasks. In some cases, they implemented automation capabilities offered within their existing security software, while in other cases they built their own. Automation work has been ongoing, including a second “automation week” in 2025 — at which point the project was dubbed SAM for “Security Automation Member.” By early 2026 the security team’s automation efforts eliminated more than 1,250 hours per year of manual effort while improving consistency, reducing human error, and strengthening the company’s security posture. Furthermore, the automation enhanced operational efficiency, optimized license utilization, and improved user experience by reducing downtime and accelerating remediation. Additionally, the initiative demonstrated how automation can scale security operations to meet business growth without proportional increases in headcount while increasing work-life balance for cyber employees. Project SAM has also enabled security team members to spend more time on high-value proactive security tasks, such as threat hunting. Morris aims to automate another FTE’s worth of work by the end of 2027. K&N Engineering shifts left for greater cloud security Organization: K&N Engineering Project: Code to Cloud Security Transformation Security leader: Iqbal Rana, CIO Manufacturing company K&N Engineering manages its own direct-to-consumer ecommerce environment in AWS. CIO Iqbal Rana, who oversees security, has always followed security best practices in the cloud, relying on cloud-native security capabilities and controls implemented by his security team to ensure “we had all the rights things in place.” But an assessment by his cyber insurance company a couple of years ago alerted him to a security vulnerability in the software deployment tool used by his IT workers. That alert prompted Rana to immediately address the vulnerability — and to more aggressively look at the risks within his vendor environment and in IT processes, he says. That led to K&N’s Code to Cloud Security Transformation, which tackles vulnerabilities not only in vendor tools but also in the code his team was deploying. The initiative involved implementing a code-to-cloud security framework and Wiz technology, which integrated security into every stage of the development lifecycle across K&N’s AWS and Azure environments. Now his team can proactively identify and remediate vulnerabilities before deployment, ensuring secure, compliant, and efficient cloud operations. “So we not only fix the deployment risk but also code risk as well,” he says, explaining that the technology prevents code with known vulnerabilities from being inadvertently deployed. “And it doesn’t end there. When the code is deployed [and] you’re live in production, at that point it keeps checking on an ongoing basis. So we have a dashboard that will tell us not only any infrastructure vulnerability but also any problem with the code.” Rana says the technology enabled a transformative shift-left strategy, as his team can now uncover and remediate hundreds of hidden vulnerabilities. It also gave the team near real-time visibility into risk exposure while strengthening compliance and safeguarding critical revenue streams. Security transformation fortifies McDonald’s resilience while reducing risk Organization: McDonald’s Project: Securing the Arches Security leader: Mike Gordon, CISO McDonald’s has more than 44,000 locations operating in more than 100 countries, serving 69 million-plus customers daily. Approximately 95% of its restaurants are operated by local franchisees. The company’s technology stack reflects its size, global reach, and distributed nature. Its cyber risk does, too. For example, its mobile app connects some 250 million consumers to its restaurants. “Digital transformation created a much more connected ecosystem at McDonald’s than was ever imagined by Ray Kroc,” says company CISO Mike Gordon. “As such, cyber risk was way higher than it ever was.” An assessment of the company’s security posture performed a few years ago confirmed as much, showing tech leadership there was room for improvement. The assessment determined that the company’s maturity on the NIST Cybersecurity Framework trailed industry peers. It also showed that its cybersecurity capabilities, including foundational controls and visibility into threats and vulnerabilities, varied widely across regions. As a result, McDonald’s CIO championed a transformation and hired Gordon in early 2024 to execute it. The Securing the Arches (STA) program modernized and unified cybersecurity across both the company’s corporate and licensed markets. STA established a consistent foundation for identity controls, vulnerability management, data protection, and threat detection across the company’s 100-plus markets. It also established consistent, enterprise-grade protections through shared services that include a global SOC, secure development pipelines, proactive testing, and systemwide endpoint visibility. The size and structure of this transformation required strong executive skills. “I’m not a CISO of one company; I’m fundamentally the CISO of about 150 companies, of which I actually only have direct control over one,” Gordon explains, saying transformation success meant building relationships and influencing other leaders as well as deploying the right technology and technical skills within the security team. STA has strengthened the company’s resilience and reduced risk, thereby providing the security foundation needed to support McDonald’s accelerating digital growth. As the company’s cybersecurity maturity has climbed, Gordon says he’s now enacting Securing the Arches 2.0 with a focus on continually improving the effectiveness of the cybersecurity program. “We’ll continue to evolve,” he adds. MISO brings maturity and metrics to threat action operations Organization: Midcontinent Independent System Operator (MISO) Project: STRIKE (Strategic Threat Reduction & Intelligence-Driven Knowledge Engine) Security leader: Eric Miller, VP and CISO Like many security departments, MISO’s security team used common tools such as NIST frameworks and other maturity models to score its program and track its maturity improvements. “But from a threat intelligence and a threat hunting perspective, there wasn’t really a particular meaningful metric to indicate how successful our program was,” says David Webb, director of MISO’s cyber threat action center. As a result, MISO security leaders and other executives weren’t able to clearly track the center’s effectiveness or whether it was maturing. So in 2024 Webb and threat researcher Nate Apperson started the Strategic Threat Reduction & Intelligence-Driven Knowledge Engine, or STRIKE. STRIKE transforms cybersecurity risk management by integrating global threat intelligence, MITRE ATT&CK mapping, and NIST frameworks into a unified model. It delivers real-time scoring that quantifies visibility gaps and control effectiveness against real-world adversary tactics. It also prioritizes actions based on threat likelihood and readiness. And it provides a prescriptive path for technical configuration, thereby reducing remediation and analysis cycles to near-instant. According to Webb, STRIKE ensures security activities align with threat intel and contribute to advancing the overall cyber security strategy. It also provides metrics for measuring the effectiveness of threat hunting — a vital benefit. “When we do a threat hunt or when we complete one, what’s the output? We wanted more than just a check mark on the top of the page saying that we’ve completed the threat hunt,” Webb explains. “We want to show that we are reducing risk throughout the organization.” It’s a common challenge, he says, as traditional risk management relies on siloed frameworks and subjective prioritization. This leaves gaps between threat intelligence, control requirements, and technical remediation. To overcome that challenge, STRIKE operationalizes threat intelligence to identify active adversary behaviors and align them to MITRE ATT&CK techniques, thereby ensuring risk decisions are based on real-world threats. STRIKE also creates links between ATT&CK techniques, NIST CSF functions, and NIST SP 800-53 controls, thus clarifying which controls mitigate which adversary behaviors and highlighting gaps across policy, process, and technology. Additionally, Webb says that by incorporating DISA STIGs, STRIKE provides the technical steps to close control gaps. Tying it all together is STRIKE’s Detect & Protect Scoring Framework, a quantitative model that measures visibility (detect) and defensive strength (protect) against high-risk techniques with scores weighted by threat likelihood and updated dynamically. View the full article
  24. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker haben die Sicherheitsexperten nach eigenen Angaben erstmals einen KI-basierten Zero-Day-Exploit „in freier Wildbahn“ entdeckt. The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding… — News from Google (@NewsFromGoogle) May 12, 2026 System-Management-Tool ausgehebelt „Unsere Analyse der mit dieser Kampagne verbundenen Schwachstellen identifizierte eine Zero-Day-Schwachstelle. Diese ist in einem Python-Skript implementiert und ermöglicht es, die Zwei-Faktor-Authentifizierung eines populären, webbasierten System-Management-Tools auf Open-Source-Basis zu umgehen“, so die Google-Sicherheitsexperten in einem (ausführlichen) Blogbeitrag. Um welches Tool es sich dabei konkret handelt, ist derzeit nicht bekannt. Die betroffenen Parteien wurden jedoch über die Entdeckung informiert. (fm) Dieser Artikel ist im Original bei unserer Schwesterpublikation Computersweden.se erschienen. View the full article
  25. Roman Samborskyi | shutterstock.com Lösungen im Bereich Breach & Attack Simulation (BAS) unterstützen Unternehmen dabei, ihr Sicherheitsniveau zu verstehen. Dazu automatisieren die Tools die Tests spezifischer Bedrohungsvektoren. Als Grundlage dienen dabei in der Regel das MITRE-ATT&CK– oder Cyber-Killchain-Framework. BAS-Produkte simulieren zum Beispiel: Netzwerkangriffe und Infiltrationsversuche, Lateral Movement, Phishing, Endpunkt- und Gateway-Attacken, Malware- und Ransomware-Angriffe sowie Insider-Bedrohungen. Breach & Attack Simulation eingeordnet Breach & Attack Simulation kann Red Teaming, Penetration Testing oder auch Attack Surface Assessments (ASA) ergänzen, unterscheidet sich aber deutlich von diesen Maßnahmen. Stellen Sie sich vor, Ihr Unternehmen wäre eine Villa: Beim Red Teaming oder Penetration Testing beauftragen Sie jemanden, in Ihr Anwesen einzubrechen und Ihren Safe auszuräumen. Das Ziel: potenzielle Zugangsmöglichkeiten aufzudecken. Breach & Attack Simulation ist hingegen, als würden Sie sämtliche Schlösser an den Türen auf Funktionstüchtigkeit prüfen und sicherstellen, dass die installierten Security-Kameras auch entsprechend reagieren, wenn sie Personen erkennen. Das Ziel: sichergehen, dass alle Kontrollmaßnahmen wie vorgesehen funktionieren. Während sich BAS dabei auf Enterprise-Security-Kontrollen wie EDR fokussiert, werden beim Attack Surface Assessment sämtliche potenziellen Schwachstellen und Angriffsvektoren untersucht. Das Analystenhaus Gartner fasst diese Technologien in der breiteren Kategorie “Exposure Management” zusammen. Laut den Analysten sind Lösungen im Bereich Breach & Attack Simulation vor allem in stark regulierten Branchen wie dem Banken- und Versicherungsumfeld gefragt, die mit wachsenden Compliance-Anforderungen konfrontiert sind. Diese Einschätzung kann Ilja Rabinovich, Director of Adversarial Tactics beim Sicherheitsanbieter Sygnia, nur bestätigen: “BAS-Produkte sind in der Regel teuer und werden von kleineren Unternehmen mit begrenztem Budget oder eingeschränkter Prozesslandschaft nicht angeschafft.” Der Markt für Breach & Attack Simulation Tools Die Auguren von Gartner prognostizieren, dass sich mehr als 40 Prozent aller Unternehmen bis zum Jahr 2026 auf konsolidierte Plattformen oder Managed Service Provider verlassen werden, wenn es um Validierungsprüfungen im Bereich Cybersecurity geht. Entsprechend breit aufgestellt präsentiert sich die BAS-Anbieterlandschaft: Sowohl Standalone-Anbieter als auch große Security-Unternehmen und Service Provider wollen ihre BAS-Lösungen an den Kunden bringen. Chirag Mehta, Analyst bei Constellation Research, sieht dabei eine weitergehende Konsolidierung des Marktes am Horizont: “Wenn Sie ein Tool haben, das Angriffe simulieren kann, ist der nächste logische Schritt, diese Attacken zu verhindern. Das erfordert allerdings, eine Reihe verschiedener Tools zu integrieren, was kein Kinderspiel ist.” Ein wachsender Trend in diesem – wie auch allen anderen Bereichen der IT-Sicherheit – ist der Einsatz von Generative AI (GenAI). Erik Nost, Analyst bei Forrester Research, sieht diese Entwicklung positiv: “Vermutlich werden wir generative KI als erstes im Bereich des User Interface im Einsatz sehen. Mit Daten auf coole Art und Weise interagieren zu können, ist der neue GenAI-Use-Case.” Der Analyst hält es auch für möglich, dass KI künftig auf der Basis von Daten – oder den für die Benutzer respektive das Unternehmen relevantesten Angriffsarten – Bedrohungen modelliert. Er fügt hinzu: “Generative KI könnte außerdem auch eingesetzt werden, um Unternehmen dabei zu helfen, die von BAS gefundenen Probleme zu verstehen, entsprechende Prioritäten zu setzen und spezifische Abhilfemaßnahmen vorzuschlagen.” Das sollten BAS-Lösungen leisten Auf folgende wichtige Features sollten Anwender bei Breach & Attack Simulation Tools achten: Repräsentative Angriffsvektoren, um ein möglichst breites Spektrum an für das Unternehmen relevanten Angriffen simulieren zu können. Realistische Angriffsszenarien auf Grundlage von Frameworks wie MITRE ATT&CK, die denen echter Angreifer ähneln. Anpassbare Szenarien, um spezielle Infrastrukturaspekte testen zu können. Automatisierte Tests, um regelmäßige und effiziente Simulationen zu realisieren, ohne den Betrieb zu beeinträchtigen oder zusätzliche personelle Ressourcen einzusetzen. Detaillierte Reportings und Analysen, um die Bedeutung der Tests erklären und verbesserungswürdige Bereiche identifizieren zu können. Skalierbarkeit, um nicht nur die aktuelle Unternehmensumgebung, sondern auch künftige Entwicklungen abdecken zu können. Testmöglichkeiten für hybride Produktionsumgebungen, um Kontrollmaßnahmen unter realen Bedingungen begutachten zu können. Einfache Nutzung und simple Deployment-Optionen, sowie Integrationsmöglichkeiten mit vorhandenen Security-Tools und -Plattformen. Fachkundiger Support – insbesondere, wenn Sie mit Breach & Attack Simulation Tools nicht vertraut sind oder keine größeren Sicherheitsteams mit entsprechenden Erfahrungswerten einsetzen können. Eine geeignete Kostenstruktur, da die Preismodelle von BAS-Anbietern in der Regel variieren. Die Preisstruktur sollte dem Anwendungsfall angemessen sein. Die wichtigsten Anbieter für Breach & Attack Simulation Tools Im Folgenden werfen wir einen Blick auf die wichtigsten Anbieter – und ihre Lösungen – im Bereich Breach & Attack Simulation. Die Auswahl basiert dabei auf Kundenrezensionen aus Gartners Peer-Insights-Ranking sowie den Einschätzungen der Spezialisten von Expert Insights. AttackIQ Laut Expert Insights repliziert die zentrale Emulationsplattform von AttackIQ die Taktiken, Techniken und Methoden von Angreifern im Einklang mit dem MITRE-ATT&CK-Framework. Das Angebot des Unternehmens im Bereich Breach & Attack Simulation gliedert sich in drei Optionen: Die Managed Platform “Ready!” soll Unternehmen schneller und einfacher zu einer konsistenten Security-Validation-Strategie verhelfen. Der agentenlose Testing Service “Flex” funktioniert On Demand und wird im Pay-as-you-Go-Modell oder auch auf monatlicher sowie jährlicher Basis abgerechnet. Bei “Enterprise” handelt es sich um einen umfassenden Co-Managed-Service. AttackIQ hat sich zudem einen Namen gemacht, wenn es darum geht, ML- und KI-basierte Cybersecurity-Komponenten zu testen. Nach eigener Aussage ist das Unternehmen zudem der einzige BAS-Anbieter, der sowohl Self-Service- als auch Full-Service-Lösungen anbietet. Künftig soll künstliche Intelligenz Attack-IQ-Kunden außerdem verstärkt dabei unterstützen, Sicherheitslücken automatisiert zu identifizieren und zu beheben. Cymulate Cymulate gehört nicht nur laut Expert Insights zu den führenden Anbietern für Continuous Threat Exposure Management, sondern ist auch der Anbieter mit den besten Kundenbewertungen bei Gartners Peer Insights – auch dank der guten User Experience. Die “Breach and Attack (BAS)”-Lösung von Cymulate wird im SaaS-Modell bereitgestellt. Für Unternehmen mit Data-Segregation-Bedürfnissen steht auch eine Private-Tenancy-Option zur Verfügung. Wie AttackIQ verwendet Cymulate das MITRE ATT&CK Framework als Grundlage. Laut dem Anbieter dauert es derzeit circa drei bis vier Wochen, um die Integrationen einzurichten und sein BAS-Tool einzusetzen. Diesen Zeitraum möchte Cymulate künftig mit Hilfe von Generative AI auf wenige Minuten reduzieren. Doch die GenAI-Pläne des Anbieters gehen noch weiter: Die Technologie soll künftig automatisiert aus Tausenden oder gar Hunderttausenden verschiedenen Angriffsszenarien Mitigationsstrategien entwickeln können – und den Security-Teams erklären, wie diese umzusetzen sind. Die GenAI-Funktionen sollen laut Cymulate bis Ende Oktober 2024 in vollem Umfang zur Verfügung stehen. Fortinet In Sachen Kundenbewertungen kann das BAS-Offering von Fortinet nicht ganz mit den ersten beiden Angeboten mithalten. Allerdings kombiniert “FortiTester” Breach & Attack Simulation mit Netzwerk-Performance-Testing und stellt insofern eine umfassende Lösung dar. Das Fortinet-Tool simuliert diverse Angriffsarten auf Grundlage des MITRE-ATT&CK-Frameworks und unterstützt laut Expert Insights außerdem CVE-basierte IPS-Tests, sowie DDoS Traffic Generation. Mandiant Security-Anbieter Mandiant ist in erster Linie für seine Dienstleistungsangebote im Bereich Threat Intelligence bekannt. Die Expertise in diesem Bereich lässt das Unternehmen auch in seine BAS-Softwarelösung “Security Validation” einfließen – und hebt sich dadurch von seinen Mitbewerbern ab. Das Mandiant-Tool unterstützt zum Beispiel MITRE ATT&CK Framework Mapping, automatisiertes Alerting sowie Environmental Drift Detection und simuliert Angriffsszenarien aus der echten Welt. NetSPI In Sachen Penetrationstests hat sich NetSPI bereits einen Namen gemacht. Das Unternehmen hat mit “Breach and Attack Simulation” ebenfalls eine BAS-Lösung im Angebot, die Sicherheitskontrollen validieren, Detection-Lücken identifizieren und Angriffsflächen managen kann. Das Pentesting-Knowhow von NetSPI manifestiert sich dabei insbesondere in umfassenden Support, wie Derek Wilson, leitender Security-Berater des Unternehmens, verspricht: “Unser erfahrenes Pentester-Team schließt sich mit Ihrem SOC-Team kurz und unterstützt dabei, Detections einzuordnen und Präventionsmaßnahmen zu ergreifen.” Auch bei NetSPI soll künftig Generative AI Mehrwert für die BAS-Kunden erschließen: Künftig soll die Lösung des Anbieters dank der Technologie in der Lage sein, mehrere Datenquellen zu nutzen, um die nötigen Tests möglichst schnell zu identifizieren und zu priorisieren. Darüber hinaus stehen auch Playbooks, die auf Basis von Bedrohungsinformationen für spezifische Industrien generiert werden sowie die Simulation dynamischer Angriffsketten, um Abdeckungslücken zu identifizieren, auf dem Plan. Picus Security Auf Grundlage der Gartner Peer Insights ist Picus Security der BAS-Anbieter mit der zweithöchsten Kundenzufriedenheit und wurde von den Auguren mit einem “Customers Choice”-Award ausgezeichnet. Nach eigenen Angaben zählt Picus Hunderte von globalen Unternehmen zu seinen Kunden, darunter beispielsweise Mastercard oder die ING-Bankengruppe. Die “Security Validation“-Plattform des Anbieters beinhaltet Breach & Attack Simulation, unterstützt darüber hinaus allerdings auch automatisierte Penetrationstests und Attack Surface Management sowie SOC-Optimierung und Cloud Security Posture Managenet (CSPM). Auch Picus investiert stark in KI und will künftig mit Hilfe der Technologie bessere, schnellere und umfassender personalisierte Einblicke in das Sicherheitsniveau der Anwender liefern. Redscan Weil Redscan auf Managed Detection and Response sowie Penetration Testing spezialisiert ist, bietet das Unternehmen einen praxisorientierten BAS-Ansatz namens “FAST Attack Simulations”. Dieser verspricht den Anwendern maßgeschneiderte Angriffssimulationen kombiniert mit Beratungsleistungen, um bei den nachfolgenden Schritten zu unterstützen. Reliaquest Der Anbieter Reliaquest wurde für seine Security-Plattform “GreyMatter” 2023 von Gartner in der Kategorie “Managed Detection and Response” mit einem “Customers Choice”-Award ausgezeichnet. Besonders stark ist diese Lösung im Umfeld mittelständischer Unternehmen verbreitet. Eine Funktion dieser Plattform heißt “Verify” und realisiert Breach & Attack Simulation. Die BAS-Lösung von Reliaquest verspricht Anwendern ein umfassendes Portfolio (kuratierter) Angriffsszenarien, um möglichst zeitnah zu entsprechenden Ergebnissen zu kommen. Diese Szenarien werden zudem laufend auf Grundlage aktueller Threat-Informationen aktualisiert. Die ermittelte Bedrohungsabdeckung gleicht das Tool mit Security-Frameworks wie MITRE ATT&CK ab. Sollten Sie diesen Anbieter ins Auge fassen, behalten Sie eines jedoch im Hinterkopf: Möglicherweise ist es im Sinne einer unabhängigen Überprüfung der Wirksamkeit von Sicherheitsmaßnahmen nicht die beste Idee, denselben Anbieter für BAS und MDR zu wählen. Andererseits könnten Anwender auch von dieser Integration profitieren. SafeBreach Auch der dedizierte BAS-Anbieter SafeBreach kommt bei den Peer Reviews von Gartner gut weg – auch dank seiner umfassenden Integrationsmöglichkeiten mit anderen Security-Tools. Auch in Sachen namhafte Kunden kann SafeBreach mit Netflix, PayPal, Pepsi und der Carlsberg-Gruppe überzeugen. Die BAS-Plattform “SafeBreach” testet die Wirksamkeit bestehender Sicherheitskontrollen auf der Grundlage von mehr als 25.000 Angriffsmethoden, die dem unternehmenseigenen “Hackers Playbook” entstammen. Zudem verspricht der Anbieter, seine Plattform innerhalb von 24 Stunden um neu aufkommende Bedrohungen ergänzen zu können. Neben maßgeschneiderten Angriffssimulationen auf Grundlage des MITRE-ATT&CK-Frameworks bietet die SafeBreach-Lösung auch die Option, die voraussichtlichen Kosten für Risikominimierungsmaßnahmen zu ermitteln. 7 Fragen vor dem BAS-Invest Forrester-Analyst Nost empfiehlt Unternehmen, ihre BAS-Journey mit einem guten Überblick über ihre Systeme und Kontrollmaßnahmen anzutreten und von “Schnellschüssen” abzusehen: “Bevor Sie nicht wissen, was Sie testen sollen, sollten Sie sich auch nicht auf ein BAS-Tool einlassen.” Davon abgesehen empfiehlt es sich, Anbieter von Breach & Attack Simulation Tools mit den richtigen Fragen zu löchern, um vor unschönen Überraschungen verschont zu bleiben. Zum Beispiel: Inwiefern gewährleistet Ihr Produkt verbesserte Detection-Fähigkeiten im Rahmen von Sicherheitskontrollen? Können Tests skaliert und in Produktionsumgebungen gefahren werden – ohne größere Auswirkungen für die Kunden? Wie sehen Ihre Research-Bemühungen mit Blick auf die neueste Bedrohungen aus? Wie oft aktualisieren Sie ihre Threat-Bibliothek? Können Sie anhand eines Beispiels demonstrieren, wie die Simulationsergebnisse präsentiert werden? Sind Ihre Plattformen transparent oder ist nur Black-Box-Testing möglich? Besteht die Option für On-Premises- oder Air-Gapped-Deployments? Dieser Artikel ist im Original bei unserer Schwesterpublikation CSOonline.com erschienen. View the full article

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.