%term

Attackers Abuse Grok to Spread Phishing Links

Oct 22, 2025 By KnowBe4 Team In KnowBe4

Threat actors are abusing X’s generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by tricking Grok into thinking it’s answering a question, and providing a link in its answer. “In this attack campaign, threat actors circumvent X’s ban on links in promoted posts (designed to fight malvertising) by running video card posts featuring clickbait videos,” ESET says.

Read Post

KnowBe4

Read more about Attackers Abuse Grok to Spread Phishing Links

Why We Built Evo - From My Heart

Oct 22, 2025 By Manoj Nair In Snyk

I’ve spent my career building and defending. I’ve seen the beauty of innovation and the brutality of cyber warfare. I’ve sat shoulder-to-shoulder with security engineers and platform teams in the trenches at 3AM responding to state-backed attacks where context and speed meant survival. In those moments, one truth becomes painfully clear: With AI, that gap just became a chasm. Agentic AI didn’t bend the rules of software — it rewrote them. Code now evolves in real time.

Read Post

Snyk

Read more about Why We Built Evo - From My Heart

Unleashing AI 60sec 01

Oct 22, 2025 By Netwrix In Netwrix

Join us for Day 6 of the Netwrix Innovation Week Podcast Series, part of Cybersecurity Awareness Month. In this episode, Grady Summers, Jordan Violet, Paul Stephens, and Whitney Daily share how innovation at Netwrix is powered by curiosity, collaboration, and accountability. They explore how AI is transforming both our technology and the way we work — from product development to customer experience.

View Video

Netwrix

AI
Security

Read more about Unleashing AI 60sec 01

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Oct 22, 2025 By Gaetan Ferry In GitGuardian

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

Read Post

GitGuardian

Read more about From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

What Technologies Make Online Money Transfers Secure?

Oct 22, 2025 By SecuritySenses In SecuritySenses

A 2022 report by the Bank for International Settlements suggests that about $7.5 trillion is transferred daily around the globe. For context, the U.S. federal government spent $7.01 trillion in its 2025 fiscal year, which ran from October 2024 to September 2025, according to the U.S. Treasury Fiscal Data. Basically, this implies that about 7% more money is traded on the foreign exchange market daily than the U.S federal government spends annually.

Read Post

SecuritySenses

Read more about What Technologies Make Online Money Transfers Secure?

Under The Light: ExPRT.AI

Oct 21, 2025 By CrowdStrike In CrowdStrike

n this episode of Under the Light, we take a closer look at ExPRT.AI—CrowdStrike’s approach to vulnerability prioritization that cuts through the noise. You’ll see how ExPRT.AI moves beyond static scoring models like CVSS, EPSS, and KEV by asking a better question: Will this vulnerability actually be exploited? We’ll break down: The three signals attackers rely on—and so does ExPRT.AI What makes a vulnerability worth their time A real-world story from Intermex that shows what this looks like in action And how all of it comes to life inside the Falcon platform.

View Video

CrowdStrike

Read more about Under The Light: ExPRT.AI

Zenity Labs & MITRE ATLAS Collaborate to Advance AI Agent Security with the First Release of Agent-Focused TTPs

Oct 21, 2025 By Marina Simakov In Zenity

Zenity Labs worked in collaboration with MITRE ATLAS to incorporate the first 14 agent-focused techniques and subtechniques, extending the framework beyond LLM threats to cover the unique risks posed by AI agents.

Read Post

Zenity

Read more about Zenity Labs & MITRE ATLAS Collaborate to Advance AI Agent Security with the First Release of Agent-Focused TTPs

AI at Work: How Egnyte Intelligence Goes Beyond Generic Tools

Oct 21, 2025 By Sanjay Kosuri In Egnyte

AI isn’t the future, it’s here. Your CEO’s talking about it in board meetings. Your manager wants to know if it'll save time or just add more work. And you? You're wondering if it's going to make your job easier or just add noise. The excitement is justified. McKinsey says nearly 80% of companies are using AI somewhere in their business. But here's what most people miss: very few have gotten it to work across their entire organization. Why?

Read Post

Egnyte

Read more about AI at Work: How Egnyte Intelligence Goes Beyond Generic Tools

CVE-2025-6515 Prompt Hijacking Attack - How Session Hijacking Affects MCP Ecosystems

Oct 21, 2025 By Ori Hollander In JFrog

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not support the video tag.

Read Post

JFrog

Read more about CVE-2025-6515 Prompt Hijacking Attack - How Session Hijacking Affects MCP Ecosystems

Are we only one prompt away from using AI for evil? #cybersecurity #ai #infosec

Oct 21, 2025 By LimaCharlie In LimaCharlie

Are we only one prompt away from using AI for evil? In this week's episode of The Cybersecurity Defenders Podcast, we explore a concerning reality about AI and cybersecurity. As AI becomes more prevalent within the threat actor community, exploits are being developed faster than humans can patch. The tools that help developers debug code can just as easily be used to weaponize vulnerabilities.

View Video