Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised. The findings, shared exclusively with SecurityWeek ahead of the expected public release of the research on Tuesday, were uncovered by Enclave, an AI-powered… Read More "Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk"
The gap between what enterprise endpoint security platforms can do and what most organizations actually do with them is consistent across the industry. It is not a technology problem. The platforms carry the capability. The gap is program investment, operational… Read More "Overlooked EDR Use Cases in Enterprises Security"
The rapidly evolving threat landscape and the way threat actors are leveraging AI to enhance attacks means that defenders no longer have a choice and must also use AI to help defend networks from from cyber threats – otherwise they… Read More "Infosecurity Europe: Cybersecurity “Doomed to Fail” without AI"
Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks. The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity privilege escalation issue affecting Android’s… Read More "Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities"
“AI developer tooling is becoming a high-value target precisely because the tokens are powerful and long-lived,” Aikido said. “A stolen Codex refresh_token goes beyond access to a chat interface — it’s persistent, silent access to whatever that account can do.”… Read More "Attack targeting OpenAI Codex users exposes AI software supply chain risks"
AI is shaping Bayer’s approach to security as the life sciences firm aims to become one of Europe’s leading agentic deployment organizations in the pharmaceutical industry. At Infosecurity Europe 2026, Kevin Jones, Bayer’s CISO, told attendees that the company has… Read More "Bayer Reinvents Security Awareness Training to Counter AI Threats"
One of the most dangerous outcomes of the rise of AI in cybersecurity is the rise of the zero-knowledge threat actor. A threat actor who has negligible technical expertise but enough malicious intent. This actor can leverage AI, turn limited… Read More "The Zero-Knowledge Threat Actor and the End of Responsible Disclosure"
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed… Read More "AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It."
The campaign, which Wiz researchers are tracking as Miasma, is thought to be the latest evolution of Shai-Hulud, a self-propagating malware family that has repeatedly surfaced in software supply chain attacks targeting the npm ecosystem. “Investigation revealed that at least… Read More "Infected Red Hat npm packages expose developer credentials"
Red Hat’s official npm namespace has been hijacked to push backdoored package versions built to steal cloud and developer credentials, in a fast-moving supply chain attack against widely used software. According to new analysis by ReversingLabs, an attacker published malicious… Read More "Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets"
