Four security principles for agentic AI systems
Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions.
General
20 articles
4 steps teams can take to mitigate Iranian cyberattacks on critical infrastructure
Too many teams have not looked for Iranian pre-positioning into OT networks – here are some practical steps to take as the war escalates.
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters hackers claim they stole 3 million+ Cisco records via Salesforce and AWS, warning of a public leak if demands are not met by April 3, 2026.
Thousands of API credentials exposed on public websites
The study, detailed in a preprint paper by Standford University, University of California, Davis, and TU Delft researchers, utilized a tool called TruffleHog...
Exabeam expands platform to monitor AI agent activity
The expanded platform transforms AI agent services into sources of behavior telemetry, feeding directly into Exabeam's threat detection workflows.
Gartner report offers framework for evaluating AI SOC agents
A recent Gartner report, "Validate the Promises of AI SOC Agents With These Key Questions," provides a structured evaluation framework.
Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved...
Rethinking identity security for a borderless attack surface
Identity is the heart of modern security. Here's how to reshape your identity environment accordingly.
French Senate passes bill that would ban children under 15 from social media
If the French effort becomes law, it would make France the first European country to follow Australia’s lead by banning social media for young teenagers.
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
The bipartisan, bicameral Cyber Ready Workforce Act aims to cut into the country’s deficit of cybersecurity professionals. The post Lawmakers renew push for ...
Google Workspace’s continuous approach to mitigating indirect prompt injections
Posted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications wit...
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examine...
Residential proxies evaded IP reputation checks in 78% of 4B sessions
Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction betwe...
Medtech giant Stryker says it’s back up after Iranian cyberattack
The Handala group claimed responsibility for hitting the company with a wiper attack last month. The post Medtech giant Stryker says it’s back up after Irani...
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support
OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH impl...
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI. The post Cybersecurity M&A Roundup: 38 ...
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
Medtech giant Stryker fully operational after data-wiping attack
Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped ou...
New Red Hat subscription simplifies long-term enterprise Linux support
Red Hat has announced Red Hat Enterprise Linux Extended Life Cycle Premium, a new subscription that provides a predictable 14-year life cycle for major Red H...
The Identity Paradox: The Hidden Risks in Your Valid Credentials
Identity attacks are rising as trust expands — learn how to detect misuse, close gaps, and defend beyond authentication.