AI Purchasing Agents Spark New Regulatory and Fraud Risks
AI agents controlling purchasing decisions? This opens doors to new regulatory and fraud challenges. Just like with humans, granting too much authority without checks can lead to significant risks. #AIFraud #Cybersecurity https://t.co/MRMusydajg
Meta Drops Instagram DM End‑to‑end Encryption
Meta appears to be reversing its strong stance on encryption. The first obvious casualty is that they’re abandoning and disabling end-to-end encryption in Instagram DMs.
Linux Community Deems New CA Law Ridiculous, Unenforceable
As I read and listen to responses to the new CA law, a theme emerged: the Linux community thinks this is ridiculous and is unlikely to comply (and compliance would be next to impossible to enforce...) https://t.co/hiQJkTfESN
Android 17 Beta 2 Cracks Down on Accessibility Misuse
Advanced Protection Mode in Android 17 Beta 2 starts clamping down on apps that misuse accessibility services But these could include your favorite automation tools, launchers, or customization apps. ✅ Details - https://t.co/UQzdvkVExT https://t.co/MkNBVjjIfa
Meta Strips End-to-End Encryption From Instagram DMs
A terrible step back for privacy and it's crazy that Meta announced this by updating a support page https://www.androidpolice.com/instagram-is-getting-rid-of-end-to-end-encryption-for-dms/
AI Agents Already Breaching Passwords—Security Must Evolve Fast
AI agents just published passwords and overrode security in lab tests. This isn't sci-fi—it's happening now. The question isn't IF autonomous AI will break rules, it's whether your security adapts faster than the threats. Are you concerned?
Beyond IAM: Governing AI-to-AI Authorization for CIOs
IAM isn't enough when AI agents are talking to AI agents (A2A). The new frontier is Authorization. How do you govern layers of access in a world of autonomous processes? The 9 realities every CIO must face: 🔗 https://t.co/l36K8t0jnp #Identity #CISO #RSAC2026 #CyberRisk
New Cyber Strategy Emphasizes Deterrence for National Security
Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure S3E10 - Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross | McCrary Institute https://t.co/PmPdYTO5Zq
EU Advances Message Scanning, Yet Dark Timeline Persists
The EU seems to be going in the right direction when it comes to mass message scanning. Unfortunately, the fact that this vote was necessary proves that we’re still in the dark timeline. https://t.co/Tci3GoLsPg
AI, 5G, IoT, Quantum Redefine Privacy and Security
Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security https://t.co/P5qqtToeX8 #cybersecurity #ArtificialIntelligence #quantum #tech #book
Travel Miles Sold as Underground Currency, Costing Billions
Going the Extra Mile: Travel Rewards Turn into Underground Currency. 🏖️ ✈️ 💬 Airline miles were designed as rewards, however, in cybercrime markets, they are inventory. In many cases, the theft begins with credential compromise and ends with miles quietly converted...
AI Vulnerable to Social Engineering‑Style Deception Tactics
New on the not-a-newsletter... The Problem is Steve from Accounts ($$$) https://t.co/omSd1tEjla Traditional social engineering preys on trust, fear, and urgency. AI lacks psychology, at least as far as I know, but it can and will be exploited through analogous deceptions. https://t.co/y7CZrIEs8R
Stryker's Operations Disrupted by Iran-Linked Cyberattack
Stryker $SYK said a cyberattack related to the Iranian conflict is still disrupting its operations, including order processing, manufacturing and shipping - WSJ
Responsible AI Starts with Zero‑Trust Data Governance
RT You can't have responsible AI without responsible data. Classify AI data, extend zero trust, encrypt in use, and spell out non-negotiable governance policies from day one. #AISecurity #DataGovernance @Star_CIO https://t.co/aiB5P99ido
Third‑Party Code Now Top Cloud Threat; AI Offers Remedy
Unfortunately for the vibrancy and velocity of modern developer ecosystems (something I’ve been bullish on for two decades), third-party software has now become the #1 initial access vector in cloud intrusions, jumping from under 3% to 44.5% of cases in...
Edit AI Photos Safely: Faces Hidden, Realism Preserved
A new privacy-focused system enables users to edit and share photos with generative AI tools while keeping sensitive identity features, such as faces, hidden from external platforms, maintaining both photorealism and data security. privacybydesign
Threat Actors Now Favor Third‑party Software Flaws over Credentials
"For the first time since we began publishing the CTHR in 2021, we observed a tactical pivot by threat actors. They’re now targeting third-party software vulnerabilities more than weak or missing credentials as the primary initial access vector." https://t.co/wSC5lPPGAZ
Cybercrime Costs Could Reach $10.5 T by 2025
Cybercrime isn’t slowing. Costs could hit $10.5T by 2025, driven by nation-states, gangs, and a growing attack surface. With detection as low as 0.05% and 200 zettabytes of data ahead, cybersecurity is everyone’s business. https://t.co/XxxMna2fuJ
AI Agents Autonomously Hack Simulated Network, Bypass Security
AI agents told to conduct routine tasks on a simulated corporate network went rogue. "No adversarial prompting was involved. The agents independently discovered vulnerabilities, escalated privileges, disabled security tools, and exfiltrated data." https://t.co/jDjDgPb5rk
Secure Your Code: Guardrails for AI Assistants
If your developers are using Copilot or Claude Cowork heavily, how are you handling the security side? Code context Internal repos Sensitive data exposure Feels like a lot of organizations adopted these tools before really thinking through the guardrails. What are you doing to protect...
AI Is Essential to Counter AI-Driven Cyberattacks
You can’t defend against AI-driven cyberattacks without AI. Attackers move faster and automate everything. Humans alone can’t keep up. AI agents speed up detection, pattern analysis, and reporting—so CISOs focus on decisions, not dashboards. Learn More: https://bit.ly/4s2Is77 #ElasticPartner #Elastic #ArtificialIntelligence #CyberSecurity #Security #DigitalTransformation
Age Verification Mandates Threaten Online Privacy
Will everyone have to share their age to exist on the internet in the future? It’s a trap: strong enforcement of age rules undermines data privacy. https://spectrum.ieee.org/age-verification
AI Amplifies Both Threats and Defenses in Cybersecurity
I got asked on the news today is Cybersecurity a field that is being impacted by AI or is it a safe field? I explained how I struggle with this personally as well - there's a lot of fear, uncertainty and...
2026 Unit 42 Report Reveals AI-Driven Cyber Threat Surge
Please read my article highlighting critical findings from the 2026 Unit 42 Global Incident Response Report (Link to full report incl) #AI #Cybersecurity #CISO @PaloAltoNtwks Unit 42 Link here👇 https://t.co/CT5ozHHKhM #AI #cybersecurity #CISO #PalAltoPartner #CybersphereGroup
Banking Apps Leaked Other Customers' Transaction Details
Lloyds, Bank of Scotland and Halifax apps showed customers other users' transactions https://t.co/eOyyiGggxP Can an informed person explain what actually went wrong here? I am so curious https://t.co/RE7RR6W41z
AI Redefines Cyberwar: From Iran to Code
NEW ODD LOTS - CYBERWAR AND AI Legendary hacker @msuiche talks to me and @TheStalwart about cyber warfare in the age of AI. We talk: - Iran's capabilities - The intersection of kinetic & digital warfare - The impact of AI on coding, hacking, SaaS...
Secure Internal Collaboration: Best Practices for Companies
How To Ensure Secure Internal Collaboration in Your Company by @antgrasso #CyberSecurity #Infosec #IT #Technology https://t.co/gRUVC0kIFY
Apple Urges iPhone Users to Restart Amid Security Threat
Apple warns iPhone users of serious security risk, asks millions to restart devices. (MSN:Times Now) #Mobile #Security https://t.co/Cixh5A4GHc https://t.co/xLNE8J8ugk
AI Use Risks NDA Violations and Data Exposure
Perplexity has changed my way of work. Love these guys. But not sure we use the word "secure" the same way. Strong protections on data, but both Perplexity and other models they exchange data with open up new threat...
FBI Server Hacked; Hacker Threatens to Expose Owner
We live in the worst timeline ever. The FBI got hacked, and the hacker, disgusted at the PDF file images they saw and not realizing that it's a law enforcement server, threatened to turn the "owner of the server" over...
Assessing Threat Detection Quality: Key Metrics and Methods
"How to Measure Threat Detection Quality for an Organization?" https://t.co/JKld8W1EsR <- this is OLD (2022), but I somehow keep thinking about it (this is from the pre-gen AI era BTW)
AI Needs Human Oversight, Not Blame for Outages
If you are distressed because AI is causing outages at AWS well… don’t jump to conclusions like everyone did with the whole slew of S3 bucket debacles. Yes there will be problems as people learn how to use this new...
OpenAI Builds AI Agents to Thwart Prompt Injection
Yep, the systems are evolving (like they have to...) OpenAI is addressing prompt injection inputs but also manipulation (social engineering) -> Designing AI agents to resist prompt injection Covers: *Social Engineering Model *Safe URL Mitigation *Source-Sink Analysis *Sandboxing *Safety training https://t.co/jduzjq6Ipk
Iran's IRGC Threatens US Tech Firms Linked to Israel
Iran's IRGC warns that offices/infrastructure of US firms with links to Israel or whose technology has been used to assist the military will be targeted for physical attack. This includes infrastructure of Google, Palantir, Microsoft, IBM, Nvidia, Oracle https://t.co/M5nw4IhpCK
DLP Reinvented: Jazz Uses NLP to Guard GenAI Data
Traditional DLP was built for email attachments and USB drives. That world is gone. Jazz raised $61M to rebuild DLP from scratch: natural language policies instead of regex. Every time someone pastes data into a GenAI tool, they create flows your DLP...
Secure Error Handling Prevents Sensitive Data Leaks
Do you think about security implications of your error handling in code? I do not, but that's because I'm a terrible developer who no longer ships production apps. But you probably are a good dev who avoids leaking info. Good @jetbrains...
AI Powers Both Cyber Attacks and Defenses
Hackers Are Automating Cyberattacks With AI. Defenders Are Using It to Fight Back. by @EddyTheGent https://t.co/SbgZ2RlWZg https://t.co/Dyw0vcKhD3
Deepfakes Cost Companies Millions; Traditional Security Fails
Deepfakes aren’t sci-fi. They’re real threats. Cheap, convincing fakes fooled even experts: a 2024 UK finance team lost $25M to AI-generated leaders. Traditional security can’t verify if video or images are real. https://t.co/CpIymYGaON
AI Code Generation Risks Demand Full‑Lifecycle Security
AI code generation is fast, but is it secure? "Vibe Coding" is creating a massive surface area for malicious injections. We need to move beyond just "testing" to protecting the entire dev lifecycle. Read more on the AVOA briefing: 🔗 https://t.co/6PIC4o7OmO #AppSec #DevSecOps...
Iranian Hacktivists Wipe Stryker Employee Devices in Cyberattack
US medical device maker Stryker hit with cyberattack from Iranian hacktivists who remotely wiped employee devices. "many employees have had their device data wiped and cannot access their accounts" Stryker makes surgical/imaging equipment, defibrillators https://t.co/PA2eBYjPfK
Day 2 Highlights: Crowd Prioritizes Critical Infrastructure Security
Kicking off Day 2 at CS4CA in Houston. Great crowd focused on securing our most critical infrastructure.
Criminals Pose as Officials to Phish Zoning Permits
Internet Crime Complaint Center (IC3) | Criminals Impersonating City and County Officials in Phishing Emails for Planning and Zoning Permits https://t.co/0OYWx6RyqL
Google Acquires Wiz to Boost Cloud Security
$GOOGL completes the Wiz acquisition. Sundar Pichai, CEO, Google: “Keeping people safe online has always been part of Google’s mission. This job is increasingly important today, as more companies and governments move their work to the cloud and broadly use generative...
Google Pays $32B for Wiz, Now $1B ARR
Google completes $32B acquisition of cloud cybersecurity startup Wiz A source familiar says Wiz crossed $1B in ARR in 2025. https://t.co/1vJmMDOHh1 via @techcrunch
Key Takeaways From 2026 Unit 42 Incident Report
Great conversation with @PaloAltoNtwks Unit 42, where we discussed critical insights from the 2026 Unit 42 Global Incident Response Report. 📍FULL episode here👇 https://t.co/FBcQYVqIr1 📍Read the Report👇 https://t.co/4qBLvLzTTF #cybersecurity #AI #CISO #AI #PaloAltoPartner https://t.co/v9lUBQfN3E
AI Era Demands Robust Security and Power Resilience
The Critical Importance of Security and Power Resilience for Data Centers in the AI Era by @ChuckDBrooks https://t.co/GZHzYef4B8 #datacenter #cybersecurity
Dutch Telecom Hack Exposes Millions of Personal Records
Hacking group begins leaking customer data in Dutch telecom Odido hack https://t.co/byTVBOsAmS "The theft… included names, telephone numbers, e-mail addresses, bank account numbers, birth dates and passport numbers." Every day, in every way, it gets worse. https://t.co/DSdcBeqfD7
AI-Generated Code Still Fails Critical Security Checks
OMG so much time telling LLMs 🤖to create two lambdas that ALWAYS verify Yubikey before taking actions and after many rounds of bug fixes like wrong database table names for example (would never work) they come up with a...
China Bans OpenClaw AI on Government Computers
Chinese authorities moved to restrict state-run enterprises and government agencies from running OpenClaw AI apps on office computers, acting swiftly to defuse potential security risks https://t.co/m8f5iz16vH
NightBeacon: AI‑Powered, Self‑Trained Security Platform Launches
Here's a demo on a project I've been developing and working on for the past 9 months. Called NightBeacon. Using it now in production, getting released fully this week. Our own internally trained models on our own infrastructure (no third party)....