New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact. The post API Threats Grow in Scale as AI Expands the Blast Radius appeared first on SecurityWeek.
As nation-state actors, ransomware groups, and aging infrastructure collide, organizations must rethink how they defend critical operations through resilience, visibility, and modern security strategies. The post Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems appeared first on SecurityWeek.
Polish police said they found evidence of cybercrime on the 47-year-old suspect’s devices. The post Man Linked to Phobos Ransomware Arrested in Poland appeared first on SecurityWeek.
Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. “The threat actors cloned a legitimate Oura MCP Server – a tool that connects AIRead More »SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference“: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding)Read More »Side-Channel Attacks Against LLMs
Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish beforeRead More »Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting,Read More »My Day Getting My Hands Dirty with an NDR System
Industrial cybersecurity firm Dragos has published its 9th Year in Review OT/ICS Cybersecurity Report. The post 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos appeared first on SecurityWeek.
New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the MicrosoftRead More »Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
Researchers at ETH Zurich have tested the security of Bitwarden, LastPass, Dashlane, and 1Password password managers. The post Password Managers Vulnerable to Vault Compromise Under Malicious Server appeared first on SecurityWeek.
