Agents Under Attack: Threat Modeling Agentic AI
The term “Agentic AI” has recently gained significant attention. Agentic systems are set to fulfill the promise of Generative AI—revolutionizing our lives in unprecedented ways.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Data Weaponization: How Cyber Attacks Impact the Vulnerable
Welcome to the Data Security Decoded podcast by Rubrik Zero Labs. In this episode, our host Caleb Tolin speaks with Pavlina Pavlova, a researcher and cybersecurity advocate focusing on data weaponization and its disproportionate impact on vulnerable populations. Pavlina defines data weaponization as using data to manipulate, deceive, coerce, or attack someone to inflict harm. Her research investigates why cyber attacks and their impacts often have gendered dimensions, with certain populations experiencing more severe consequences.
AI-powered attacks are getting more sophisticated.
AI-powered attacks are getting more sophisticated. However, AI-powered defense is evolving even faster. At Cloudflare, AI is already detecting and stopping threats faster than human researchers ever could. How? Machine learning models analyze millions of attack patterns in real-time, identifying anomalies and blocking threats before they spread. AI detects novel attack patterns before they even make headlines AI reduces false positives, helping security teams focus on real risks AI learns from past incidents, adapting faster than traditional security tools.
Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks
A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft. The platform is operated by Chinese cybercriminals who offer access to the service under a subscription model. A Lucid subscription allows crooks to easily craft sophisticated, targeted phishing campaigns.
Detecting Fast Flux with Sysdig Secure and VirusTotal
On April 3, 2025, the National Security Agency and other partner agencies released a critical advisory about DNS and Fast Flux. They even called it a national security threat due to the potential dangers involved. In this article, we’ll go over what Fast Flux is and how Sysdig Secure detects this attack technique. We’ll also cover gathering potential Fast Flux domain names from VirusTotal.
Phishing Attacks Are Evolving - Is Your Email Security Keeping Up?
A strong email security posture is as much about culture as it is about technology. In the 2022-23 financial year, 78% of Australian businesses offered annual cybersecurity training to their entire workforce; however, only 39% of these businesses provided specialized training for privileged users who are authorized to perform security-relevant functions that ordinary users are not.
An Update on QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
Authors: Or Yair, Security Research Team Lead Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version.
API Attacks Up 150% - Here's Why You Should Care Now #APISecurity #APIAttacks #AIVulnerabilities
Even worse, 98.9% of AI vulnerabilities are tied to insecure APIs.. APIs are being discovered in under 30 seconds, according to Wallarm’s honeypot research. Weak authentication, broken access controls, and missing rate limits are opening the door. Now’s the time to take API security seriously. Learn how to protect your systems before it’s too late.
How Safe and Attack-Proof Are Encrypted Apps?
In today’s digital landscape, encrypted messaging apps are widely regarded as essential tools for secure communication. Businesses and individuals alike turn to platforms like Signal, WhatsApp, and Telegram to protect sensitive conversations from prying eyes. But how secure are these apps really? Are they truly attack-proof, or do they provide a false sense of security?
Top 7 Account Takeover Solutions
Due to compromised accounts, financial institutions lose billions annually in unauthorized transactions and account-related fraud. Airlines suffer millions in fraudulent ticket purchases, and retailers face widespread loyalty fraud and resold gift cards. Automated, bot-driven takeovers further amplify the issue, driving costly credential-stuffing attacks that inflate operational costs and burn through budgets. The list goes on, and the problem is only getting worse.