SecurityWeek

The framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-centric values” and protect users’ privacy.

SurePath AI has raised $5.2 million in seed funding for a solution that helps enterprises securely use generative AI.

The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks.

Noteworthy stories that might have slipped under the radar: TSA proposes new cyber rules for pipelines and railroads, Google adds scam call detection to Android, SIM swappers arrested in US. 

Threat actors have hijacked over 70,000 domains, including known brands and government entities, because of failed domain ownership verification.

All sessions from the 2024 CISO Forum Virtual Summit are now available to watch on demand.

Bitfinex hacker Ilya Lichtenstein, who stole bitcoin worth billions of dollars at current prices, has been sentenced to five years in prison.

CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog.

Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access.

Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw.

The Chinese APT behind the LightSpy iOS backdoor has expanded its toolset with DeepData, a modular Windows-based surveillance framework.

Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware.

Cyber risk management solutions provider Bitsight is acquiring threat intelligence firm Cybersixgill for $115 million.

Security researcher investigated Microsoft Power Pages installations and found several with misconfigurations allowing unintentional access to confidential data.

Two Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies.

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.

Robert Purbeck was sentenced to 10 years in prison for stealing the personal information of over 132,000 people.

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.

NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.