The Emerging Identity Imperatives of Agentic AI | CSA
Examine the structure of AI agents, the identity gaps they expose, and the principles required to govern them as they take on a larger role in enterprises.
The year so far: How Burp Suite DAST is leveling up enterprise security in 2025
Enterprise security teams are under more pressure than ever to secure sprawling application estates, without slowing down delivery. That's why, over the first half of 2025, we've delivered some of our
Germany charges man over cyberattack on Rosneft subsidiary
German prosecutors charged a man with carrying out a damaging cyberattack on Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, in the weeks following Russia's invasion of Ukraine.
The UK May Be Dropping Its Backdoor Mandate - Schneier on Security
The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.
« Il n’y a pas de plan B », l’alliance franco-allemande face aux chamailleries autour du projet SCAF
Le SCAF apparaît enlisé dans sa phase 1B. La faute à des désaccords sur la gouvernance du projet entre les trois principaux acteurs industriels chargés de concevoir le système de combat aérien du futur. Les passes d’armes entre Dassault Aviation et les filiales allemande et espagnole d’Airbus se poursuivent, alors
News alert: Global security leaders to convene at OpenSSL 2025 — final week for early-bird rates
Newark, N.J., Aug. 25, 2025, CyberNewwire — Only 7 days left to secure the Early Bird registration at the OpenSSL Conference 2025, October 7 – 9 in Prague. The event will bring together lawyers, regulators, developers, and entrepreneurs to explore issues of security and privacy for everyone, everywhere. Attendees will have the opportunity to: •Meet
Storm-0501 hackers shift to ransomware attacks in the cloud
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.
Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say | CyberScoop
A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets.
Experimental PromptLock ransomware uses AI to encrypt, steal data
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.
FreePBX servers hacked via zero-day, emergency fix released
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense | CyberScoop
Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from S