#secret-protection
#secret-protection

Information security

AI hacking tools like Mythos can be 'net positive' says top cyber official

fromwww.cbc.ca

Anthropic's latest AI model is sparking fears from cybersecurity experts and the banking sector. Here's why. | CBC News

Mythos, Anthropic's advanced AI model, poses cybersecurity risks by uncovering vulnerabilities faster than they can be fixed.

fromMedium

Artificial intelligence

How to mitigate the risk of AI implementation in enterprise environments

fromTechzine Global

1 week ago

Information security

Runtime security becomes critical as AI accelerates threats

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

fromwww.cbc.ca

Anthropic's latest AI model is sparking fears from cybersecurity experts and the banking sector. Here's why. | CBC News

Mythos, Anthropic's advanced AI model, poses cybersecurity risks by uncovering vulnerabilities faster than they can be fixed.

fromMedium

How to mitigate the risk of AI implementation in enterprise environments

Only about 5% of AI projects deliver measurable business value despite high expectations.

fromTechzine Global

1 week ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

France news

Warning over cyber-attack on French government's ANTS platform

Careers

Advance Your Cybersecurity Career

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Privacy professionals

Crook claims to leak 'video surveillance footage' of firms

16 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

Anthropic withheld public release of Mythos due to its ability to exploit security vulnerabilities, providing it instead to select organizations for testing.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

Careers

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

16 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Information security

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

more#cybersecurity

#meta

fromFortune

Meta will start tracking employees' screens and keystrokes to train AI tools | Fortune

Meta is implementing tracking software on employee computers to gather data for AI training.

19 minutes ago

Meta to track workers' clicks and keystrokes to train AI

Meta will track employee keystrokes and mouse clicks to train AI models, raising concerns among workers about privacy and job security.

fromArs Technica

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

fromFortune

Meta will start tracking employees' screens and keystrokes to train AI tools | Fortune

Meta is implementing tracking software on employee computers to gather data for AI training.

19 minutes ago

Meta to track workers' clicks and keystrokes to train AI

Meta will track employee keystrokes and mouse clicks to train AI models, raising concerns among workers about privacy and job security.

fromArs Technica

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

Addressing the challenges of unstructured data governance for AI

Enterprises must enhance data governance for unstructured data as AI transforms data management practices.

Business intelligence

5 hours ago

Scaling agentic AI demands a strong data foundation - 4 steps to take first

Trusted quality data is essential for scaling agentic AI adoption in organizations.

#privacy

Privacy technologies

Claude Desktop changes software permissions without consent

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

fromElectronic Frontier Foundation

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy technologies

How Push Notifications Can Betray Your Privacy (and What to Do About It)

Push notifications can reveal personal information, and both Apple and Google have restrictions on sharing this data with law enforcement.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Claude Desktop changes software permissions without consent

Claude Desktop installs files affecting other apps without consent, violating privacy laws and raising concerns about its classification as spyware.

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

fromElectronic Frontier Foundation

How Push Notifications Can Betray Your Privacy (and What to Do About It)

Push notifications can reveal personal information, and both Apple and Google have restrictions on sharing this data with law enforcement.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

fromElectronic Frontier Foundation

Ex-parliamentary employee arrested under anti-hacking law

We are aware of the arrest of an individual under the Computer Misuse Act 1990, but as this is a live police investigation we are unable to comment further.

EU data protection

Social justice

23 hours ago

Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story

Palantir's human rights commitments are undermined by its continued partnership with ICE, which is linked to abusive immigration enforcement practices.

DevOps

fromwww.bankingdive.com

How proactive DEX strengthens IT compliance in financial services

Proactive DEX management helps financial services organizations address compliance challenges by continuously monitoring and improving the digital workplace.

European startups

fromTechzine Global

Cisco Sovereign Critical Infrastructure now available in Europe

Cisco launches Sovereign Critical Infrastructure across EMEA, enabling organizations to innovate while maintaining control over their data and infrastructure.

#anthropic

Intellectual property law

Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist

fromEngadget

The NSA is reportedly using Anthropic's new model Mythos

The NSA is using Anthropic's Mythos Preview despite ongoing tensions with the Pentagon over military use safeguards.

Intellectual property law

Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist

fromEngadget

The NSA is reportedly using Anthropic's new model Mythos

The NSA is using Anthropic's Mythos Preview despite ongoing tensions with the Pentagon over military use safeguards.

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

#data-breach

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

23 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

23 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

Privacy professionals

A data removal service helped me reclaim my privacy - see if you need one, too

EU data protection

fromThedrum

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

more#data-privacy

How to easily encrypt files on an Android phone - and the free app I use to do it

If you take mobile security seriously (and you should), then you might want to consider file encryption. This is all about encrypting files that you can either leave on your device and view when needed or share with others, knowing they can be viewed only by the recipient.

Privacy technologies

4 hours ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

#cyber-security

EU data protection

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

EU data protection

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

more#cyber-security

fromWIRED

13 hours ago

They Built a Legendary Privacy Tool. Now They're Sworn Enemies

GrapheneOS is highly regarded for mobile security, but its creator, Daniel Micay, has a controversial and enigmatic reputation within the cybersecurity community.

#ai-security

Artificial intelligence

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

more#ai-security

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

fromEngadget

AI company deletes the 3 million OKCupid photos it used for facial recognition training

Clarifai deleted 3 million profile photos from OkCupid after a settlement with the FTC for violating privacy policies.

US Security Agency Leverages Claude Mythos Despite Pentagon Blacklist

The Pentagon has designated Anthropic as a supply-chain risk, yet the NSA is using its new model, Claude Mythos Preview.

fromAbove the Law

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.

fromInfoWorld

14 hours ago

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

fromPrivacy International

What is digital fingerprinting: Is my device ever truly anonymous?

Digital fingerprinting is a tracking technique that monitors how browsers and devices communicate online.

fromKotaku

MindsEye Developer Under Fire From Employees For Surveillance Software

Employees of Build a Rocket Boy are suing for installing invasive surveillance software without consent and mishandling redundancy processes.

NSA spies are reportedly using Anthropic's Mythos, despite Pentagon feud | TechCrunch

The NSA is reportedly using Anthropic's Mythos model for cybersecurity despite previous tensions over access to AI capabilities.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

fromtechsciencetoday

3 days ago

LinkedIn Accused of Spying on Its Users

LinkedIn faces serious allegations of corporate espionage, claiming it collects user data without consent through hidden code.

fromThe Verge

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

fromFast Company

3 days ago

How to hide your sensitive info (for real) when using ChatGPT and other AI chatbots

Chatbots can be useful for summarizing complex information, but sensitive data must be properly redacted to ensure privacy.

10 hours ago

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Mental health

Security Insights Delivered Through Podcasts

Security professionals face significant mental-health risks and team burnout, requiring leaders to integrate empathetic practices and psychological safety into security operations.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

fromThe Verge

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

fromThe Verge

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

fromInfoWorld

4 weeks ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

fromMedCity News

1 month ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

fromHarvard Gazette

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

fromInfoWorld

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.

1 week ago

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

3 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromEntrepreneur

AI Can Delete Your Data. Here's Your Prevention Plan.

Never feel that you are totally safe. In July 2025, one company learned the hard way after an AI coding assistant it dearly trusted from Replit ended up breaching a "code freeze" and implemented a command that ended up deleting its entire product database. This was a huge blow to the staff. It effectively meant that months of extremely hard work, comprising 1,200 executive records and 1,196 company records, ended up going away.

Artificial intelligence

Security in the Dark: Recognizing the Signs of Hidden Information

Withholding accurate or complete data undermines security decisions and increases organizational risk.

fromEntrepreneur

How to Keep Your Company's Data Out of the Wrong Hands

Data security requires keeping sensitive data local, restricting access strictly, and holding vendors to higher standards to prevent breaches, leaks, and legal exposure.