Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined rapid weaponization with long-term exposure spanning infrastructure, identity systems, and user workflows. Top-targeted vulnerabilities show speed and persistence Newly disclosed vulnerabilities moved into active exploitation with little delay. React2Shell became the most targeted vulnerability of … More →
The post Vulnerabilities from years ago still opening doors for attackers appeared first on Help Net Security.
Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025 OWASP guidance for LLM applications. “Detecting abuse is challenging because it exploits natural language, such as subtle differences in phrasing, which can manipulate AI behavior while leaving little or no obvious trace. Without proper logging … More →
The post Microsoft details AI prompt abuse techniques targeting AI assistants appeared first on Help Net Security.
There is a version of threat monitoring that looks impressive on paper and fails in practice. High log ingestion volumes. Hundreds of detection rules. A dashboard full of metrics. And yet, attackers dwell in the environment for weeks or months completely undetected, moving laterally, exfiltrating data, preparing a payload. The problem is not a lack of […]
The post Why Your Monitoring Program Is Letting Attackers Win appeared first on Cyber Security News.
GPU-accelerated AI workloads now run on Kubernetes in the large majority of enterprise environments. Managing those workloads at scale has required specialized tooling that, until now, remained under vendor control. NVIDIA moved to change that at KubeCon Europe in Amsterdam this week, donating its Dynamic Resource Allocation (DRA) Driver for GPUs to the Cloud Native Computing Foundation (CNCF). The transfer shifts ownership of the driver from NVIDIA to the broader Kubernetes project community. Developers across … More →
The post NVIDIA puts GPU orchestration in community hands appeared first on Help Net Security.
Check Point has announced the Check Point AI Defense Plane, a unified AI security control plane designed to help enterprises govern how AI is connected, deployed, and operated across the business. As AI systems move from assistants to autonomous actors that access data, invoke tools, and take action, the AI Defense Plane provides the intelligence layer needed to secure these systems. “The enterprise is entering the agentic era. AI is no longer limited to generating … More →
The post Check Point unveils AI Defense Plane to govern and secure enterprise AI systems appeared first on Help Net Security.
Microsoft Intune manages endpoints at scale. It pushes apps, enforces security baselines, and configures devices across your entire organization. That […]
The post Securing Microsoft Intune: Why Your Endpoint Management Platform Is Also an Attack Surface appeared first on HawkEye.
The rapid rise of generative AI has brought new security concerns that organizations can no longer afford to overlook. Microsoft has now outlined a detailed framework of security safeguards designed to protect generative AI models hosted on its Azure AI Foundry platform, addressing a growing threat that sits squarely at the intersection of software supply […]
The post Microsoft Details New Security Safeguards for Generative AI Models on Azure AI Foundry appeared first on Cyber Security News.
Protos Labs has announced the launch of a freemium edition of Protos AI, a platform that deploys specialized AI agents augmenting cyber threat intelligence (CTI) analyst teams by executing structured investigations from planning to reporting. The new tier enables security teams to operationalize AI-driven investigations without committing to closed vendor ecosystems or overhauling existing security stacks. As AI adoption accelerates across cybersecurity, many organizations face a gap between experimentation and practical implementation. ISC2’s 2024 Cybersecurity … More →
The post Protos AI delivers agent-driven threat intelligence without vendor lock-in appeared first on Help Net Security.
AiStrike has launched Continuous Detection Engineering, a capability that transforms how security operations teams manage detections, shifting from reactive alert triage to proactive, intelligence-driven optimization. The detection quality gap Security teams today are overwhelmed by alerts, but the root cause is not volume, it’s detection quality. AiStrike’s analysis across enterprise environments revealed that: More than 80% of alerts lead to dead ends Fewer than 20% of detection rules ever trigger alerts Under 5% of rules … More →
The post AiStrike cuts alert noise with Continuous Detection Engineering appeared first on Help Net Security.