OpenAI has published a new roadmap for “democratizing AI-powered cyber defense,” where it vows to expand its Trusted Access for Cyber (TAC) program to governments “at every level.” The document, titled Cybersecurity in the Intelligence Age, was published by OpenAI’s… Read More "OpenAI To Extend Cyber Program to Government Agencies"
%20(1).png?w=1140&resize=1140,855&ssl=1 "8 Steps to Cultivate a Culture of Risk Awareness in Higher Education")
Over the last few years, the education industry has increased its dependency on third-party service providers, expanding the average attack surface and escalating the importance of comprehensive risk awareness. Higher education institutions that rely on large vendor ecosystems must develop… Read More "8 Steps to Cultivate a Culture of Risk Awareness in Higher Education"
The Federal Trade Commission announced on Thursday that Cox Media Group and two other marketing companies, MindSift LLC and 1010 Digital Works, have agreed to collectively pay nearly $1 million to settle allegations that they deceived their customers—other businesses—by claiming… Read More "‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says"
The number of Chrome vulnerabilities discovered by Google has surged over the past month, likely driven by the company’s use of AI. Chrome security advisories published by Google in late March and early April mentioned a handful of vulnerabilities “reported… Read More "Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI"
The US defense industrial base (DIB) has become a prime target for nation-state hacking groups, yet small defense contractors critically lack network telemetry to detect these threats, a Team Cymru security analyst has argued. In an article published on April… Read More "Small Defense Firms Lack Network Data to Stop Nation-State Hackers"
Creating and implementing a Third-Party Risk Management program might seem like the most difficult part of the vendor risk management process for many higher education institutions. However, after implementing a TPRM program, organizations must continue to manage their third-party risk… Read More "TPRM in Higher Education: Post-Implementation Best Practices"
Microsoft this week released patches for two vulnerabilities in Defender, warning they have been exploited in the wild as zero-days. The first, tracked as CVE-2026-41091 (CVSS score of 7.8), is described as a link-following issue that allows attackers to elevate… Read More "Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days"
A nine-year-old logic flaw in the Linux kernel’s process trace (ptrace) path has been discovered that could let unprivileged local users read sensitive files, including secure shell host (SSH) private keys and the system password hash, on default installations of… Read More "Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes"
.png?w=1140&resize=1140,855&ssl=1 "Higher Education Community Vendor Assessment Toolkit (Free Template)")
The HECVAT 4 questionnaire is an effective means of determining how safe your student data is in the hands of your vendors. Use this HECVAT template to understand the scope of questions covered in a typical HECVAT assessment. For brevity,… Read More "Higher Education Community Vendor Assessment Toolkit (Free Template)"
Supply chain protection provider Socket has announced raising $60 million in a Series C funding round that brings the total raised by the company to $125 million and its valuation to $1 billion. The new investment round was led by… Read More "Socket Raises $60 Million at $1 Billion Valuation"
