News

Phake phishing: Phundamental or pholly?

Bys s October 31, 2025

Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy

News

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Bys s November 19, 2025

Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist’s agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive

Read More ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
News

AI-Powered Social Engineering: Ancillary Tools and Techniques
Bys s February 14, 2025

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration….

Read More AI-Powered Social Engineering: Ancillary Tools and Techniques
News

Over 3 million applicants’ data leaked on NYU’s website
Bys s March 23, 2025

Dharma Niles, Krish Dev and Yezen Saadah report: A hacker took over NYU’s website for at least two hours Saturday morning to expose over 3 million applicants’ names, test scores, majors and zip codes, as well as information related to family members and financial aid dating back to at least 1989. The university’s website was…

Read More Over 3 million applicants’ data leaked on NYU’s website
News

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Bys s June 26, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-54085 (CVSS score: 10.0) – An authentication bypass by spoofing

Read More CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
News

Product Walkthrough: A Look Inside Pillar’s AI Security Platform
Bys s July 30, 2025

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new…

Read More Product Walkthrough: A Look Inside Pillar’s AI Security Platform
News

Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The data appear fake.
Bys s July 13, 2025

North Country HealthCare is a federally qualified community health center that provides comprehensive medical services in 14 locations in 11 communities throughout Northern Arizona. Their services include family medicine, pediatrics, obstetrics and gynecology, dental care, behavioral health services, telemedicine, health screenings, and more. An April 2022 article about them reported that North Country served 55,000…

Read More Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The data appear fake.

Similar Posts