Tag: AI

Cyber (In)Securities – Issue 140

Cyber (In)Securities – Issue 140

Information Security News Tariffs May Prompt Increase in Global CyberattacksDark Reading – Robert Lemos US Comptroller Cyber ‘Incident’ Compromises Org’s EmailsDark Reading – Kristina Beek Wyden Blocks Trump’s CISA Boss Nominee, Blames Cyber Agency for ‘Actively Hiding Info’ About Telecom InsecurityThe Register – Jessica Lyons 

Cyber (In)Securities – Issue 138

Cyber (In)Securities – Issue 138

Information Security News Disclosure Drama Clouds CrushFTP Vulnerability ExploitationDark Reading – Rob Wright CISA warns of Fast Flux DNS evasion used by cybercrime gangsBleepingComputer – Bill Toulas Google Quick Share Bug Bypasses Allow Zero-Click File TransferDark Reading – Tara Seals China-Linked Threat Group Exploits Ivanti 

Cyber (In)Securities – Issue 137

Cyber (In)Securities – Issue 137

Information Security News

1. Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed
The Register – Thomas Claburn
Read more

2. CoffeeLoader Malware Is Stacked With Viscous Evasion Tricks
Dark Reading – Becky Bracken
Read more

3. Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attack
BleepingComputer – Bill Toulas
Read more

4. DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme
Dark Reading – Kristina Beek
Read more

5. North Korean hackers adopt ClickFix attacks to target crypto firms
BleepingComputer – Bill Toulas
Read more

6. Russia-Linked Gamaredon Targets Ukraine with Remcos RAT
Security Affairs – Pierluigi Paganini
Read more

7. Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
The Hacker News – Ravi Lakshmanan
Read more

8. Australian Kaspersky ban triggered by detection in gov agency supply chain
itNews – Ry Crozier
Read more

9. Experts Warn of the New Sophisticate Crocodilus Mobile Banking Trojan
Security Affairs – Pierluigi Paganini
Read more

10. U.S. seized $8.2 million in crypto linked to ‘Romance Baiting’ scams
BleepingComputer – Bill Toulas
Read more

11. EU plans €1.3 billion to boost continent’s cybersecurity, AI skills
SC Media – Shaun Nichols
Read more

12. ‘Incel’ accounts using self-improvement language to avoid TikTok bans – study
The Guardian – Daniel Boffey
Read more

13. Threat actor in Oracle Cloud breach may have gained access to production environments
Cybersecurity Dive – David Jones
Read more

14. BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
The Hacker News – Ravi Lakshmanan
Read more

15. Malaysia PM Refuses to Pay $10M Ransomware Demand
Dark Reading – Kristina Beek
Read more

16. Hackers Bypass Windows Defender Security—What You Need To Know
Forbes – Davey Winder
Read more

17. ENISA space threat landscape report highlights cybersecurity gaps in commercial satellites, urges enhanced defense
Industrial Cyber News – Anna Ribeiro
Read more

18. FBI investigates cyberattack at Oracle, patient records breached
Cybernews/Reuters
Read more

19. DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System Collapse
Wired – Makena Kelly
Read more

ANALYSIS

20. Introduction to AI in Cyber Warfare: The Weaponisation of AI in Cyber Warfare – Part 1 of a 6 Part Series
PrivID (Substack)
Read more

21. Innovating to Improve Cybersecurity is Forever a Work in Progress
TN Global – James Ngyuen
Read more

22. Manufacturing Cybersecurity Threats Sharply Grew in 2024
Manufacturing Digital – Rachael Brown
Read more

23. Cybersecurity for Small and Medium Businesses in 2025: Challenges and Solutions
itWire – Ansel Murphy
Read more

24. The AI-Powered Erosion Of Reality: Closing The Human Vulnerability Gap In Cybersecurity
Forbes – Stephen Moore
Read more

25. Why Your Browsers Should Be At The Center Of Your Cybersecurity Strategy
Forbes – Anand Oswal
Read more

CyAN Special Feature: Behind the Keys – Women Who Secure the Future

26. Interview with Irene Corpuz, recognised as one of the ‘Top 20 Cybersecurity Woman of the World’ in 2024
CyAN Website
Read more

27. Interview with Daniela Fernandez, Division Director, Technology and Cyber Security Risk at Macquarie Group
CyAN Website
Read more

CyAN Members: NEWS

28. Dan Elliott on Behavioural Change in Cybersecurity
CyAN LinkedIn
Read more

29. CyAN Member Prabhat Pathak Passes His Certified Ethical Hacker Exam
CyAN LinkedIn – Member Spotlight
Read more

30. Bharat Raigangar to Speak at the Third Party and Supply Chain Cyber Security Summit (SCCS)
CyAN LinkedIn – Event Spotlight
Read more

Upcoming CyAN (and CyAN Partner) Global Events:

  • Supply Chain Cyber Security Summit (SCCS), Lisbon, Portugal: April 9–11 Read more
  • GITEX AFRICA, Marrakesh, Morocco: April 14–16 Read more
  • GITEX ASIA, Singapore (Marina Bay Sands): April 23–25 Read more
  • GISEC, Dubai World Trade Centre, UAE: May 6–8 Read more
  • The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK: May 8 Read more
  • CSG Awards 2025, Dubai: May 7 Read more
  • World AI Technology Expo, Dubai, UAE: May 14–15 Read more
  • CyAN 10th Anniversary Celebrations!
  • GITEX Europe Messe, Berlin, Germany: May 21–23 Read more
  • MaTeCC, Rabat, Morocco (The third annual North Africa cybersecurity event, hosted by CyAN partner École High-Tech): June 7–9, 2025 Read more
  • CyAN Q2 Community Call (APAC and the Gulf): June 11, 12:00 GST / 16:00 SGT / 18:00 AEST
  • CyAN Q2 Community Call (EMEA and the Americas): June 11, 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT
InSecurities Issue 137
👉 Visit us on LinkedIn – like and share!

Cyber (In)Securities – Issue 136

Cyber (In)Securities – Issue 136

Information Security News Italian government approved use of spyware on members of refugee NGO, MPs told The Guardian by Angela Giuffrida & Stephanie KirchgaessnerItalian lawmakers have been informed that spyware was authorised against members of a refugee NGO, sparking fierce backlash over potential human rights 

Cyber (In)Securities – Issue 134

Cyber (In)Securities – Issue 134

Information Security News Judge blocks Elon Musk’s Doge from accessing social security records The Guardian by Guardian Staff & AgenciesA federal judge has issued a restraining order preventing Elon Musk’s Department of Government Efficiency (Doge) from accessing Social Security Administration (SSA) records, citing privacy concerns 

Securing the Future: Innovative Cybersecurity for Agentic AI by Shantanu Bhattacharya

Agentic AI is when autonomous AI agents make decisions and execute tasks. It’s poised to revolutionize industries. But with this power comes new cybersecurity challenges. This blog explores the deployment architectures of agentic AI solutions and identifies key attack vectors, offering a glimpse into innovative cybersecurity defenses.

Agentic AI Deployment Architecture

Agentic AI systems typically employ a modular, layered architecture, where the core lies within five key layers:

  • AI Agents Layer: Houses the autonomous entities performing tasks, interacting with users, and collaborating using large language models (LLM).
  • Orchestration Layer: Manages the workflows of multi-agent framework. It keeps track of conversations and actions.
  • Security & Trust Layer: Here is where the Zero Trust architecture verifies all AI interactions. In this layer, the prompt injections are sanitized and filtered. The architecture incorporates role and attribute-based access control along with threat detection tools.
  • Data and Knowledge Layer: Here the agentic system stores persistent and non-persistent memories for improved reasoning. The structured and unstructured data is organized using vector databases and knowledge graphs.
  • Infrastructure Layer: Houses the cloud, edge, and on-premises computing resources. It also is responsible for the LLM’s and other key hosting and deployment.

Key Attack Vectors Unique to Agentic AI

  • Prompt Injection & Manipulation: Attackers exploit agentic AI’s greatest strength by tricking the system using malformed and subtle prompts. It can cause the system to carry out harmful actions. An example of this could be tricking a trading tool to make an unauthorized trade.
  • AI Supply Chain Attacks: Threat actors could compromise training data or pre-trained models, leading to biased or insecure agentic AI behaviors. Training data must be authenticated to prevent AI’s from leaning biased traits.
  • Model Inference & Data Extraction: Attackers could extract personally identifiable information (PII) or proprietary information by querying agentic AI models to extract data that would otherwise be inaccessible.
  • AI System Hijacking: Gaining full control of an autonomous AI agent, for example, disabling the security protocols of an incident response system.
  • AI-Driven Social Engineering: Scammers using advanced AI tools to craft hyper-personalized phishing attacks.
  • Decision Poisoning & Adversarial Attacks: Crafting inputs to manipulate AI outputs, such as tricking fraud detection systems into thinking fraud isn’t actually fraud.
  • Inter-Agent Collusion & AI Swarm Exploits: AI agents collaborating to create attacks or amplify risks. This could be an agent used for trading that starts to create artificial market fluctuations.

Innovative Cybersecurity Solutions for Agentic AI

  • AI Firewalls & LLM Guardrails: Intercept and sanitize prompts/outputs, ensuring Zero Trust AI.
  • AI Model Fingerprinting & Provenance Tracking: Verify model integrity and prevent poisoning using cryptographic fingerprints and blockchain.
  • AI Red-Teaming as a Service: Continuous adversarial testing using AI-driven red teams to simulate attacks.
  • Self-Healing AI Security Agents: Detect, adapt, and neutralize attacks in real-time, patching vulnerabilities autonomously.
  • Trust Layer for AI Communication: Cryptographic verification and AI-to-AI authentication.
  • AI-Governed Least Privilege Access Control: Dynamic access control based on real-time behavior analysis.
  • Synthetic Honeytokens for AI Deception: Detect unauthorized access attempts.
  • AI Behavioral Sandboxing: Isolate AI agents in controlled environments to limit decision-making risks.

Conclusion

Securing agentic AI requires a proactive, multi-layered approach. Innovative cybersecurity solutions, along with robust governance frameworks, are essential for harnessing the transformative power of AI while mitigating risks. As agentic AI becomes increasingly prevalent, prioritizing security will be critical for building trust and ensuring its responsible deployment.


About the Author

Shantanu Bhattacharya
Founder, CEO & CTO, 360Sequrity
LinkedIn Profile

🔗 Read the original article on RSAC Conference
Originally posted on March 10, 2025

Cyber (In)Securities – Issue 132

Information Security News Elon Musk’s Starlink Could Be Used to Transmit Australian Election Voting Results The Guardian by Josh TaylorThe Guardian reports that Elon Musk’s satellite internet service, Starlink, is being considered as a potential method to transmit voting results in Australian elections. This proposal 

Cyber (In)Securities – Issue 130

Information Security News House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies SecurityWeek by Eduard KovacsThe U.S. House of Representatives has recently passed a bill that mandates federal contractors to establish vulnerability disclosure policies. This legislative move aims to strengthen the security of 

Cyber (In)Securities – Issue 129

Information Security News

Latin American Orgs Face 40% More Attacks Than Global Average

Dark Reading by Nate Nelson
Organisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the region, exacerbated by rapid digital transformation and targeted attacks by sophisticated cybercriminals.
Latin American businesses are urged to significantly enhance their cyber defenses and implement comprehensive security strategies. Emphasising the need for advanced threat detection systems and robust cybersecurity training, these measures are crucial to mitigate escalating threats and protect vital infrastructures.
Read more

Nearly 12,000 API Keys and Passwords Found in AI Training Dataset

BleepingComputer by Ionut Ilascu
A concerning discovery in an AI training dataset has surfaced nearly 12,000 API keys and passwords, highlighting significant security vulnerabilities. This incident demonstrates the risks associated with using real-world data in machine learning projects without stringent verification and cleansing processes.
The inadvertent exposure of sensitive credentials could lead to substantial security breaches, emphasising the urgent need for robust data sanitisation protocols and enhanced privacy protection measures in AI development. Organisations must prioritize tightening their data handling practices to prevent similar vulnerabilities and protect sensitive information from potential cyber threats.
Read more

DHS Says CISA Won’t Stop Looking at Russian Cyber Threats

Cyberscoop by Tim Starks
The Department of Homeland Security (DHS) has reaffirmed its commitment to monitoring Russian cyber threats, as stated by the Cybersecurity and Infrastructure Security Agency (CISA). This comes amid escalating global tensions and increasing cyber activities from state-sponsored groups.
CISA emphasises the continuous need for vigilance and proactive measures to counter these threats effectively. The agency’s ongoing focus on Russian cyber operations underscores the critical importance of national cyber defence strategies in protecting U.S. infrastructures and maintaining cybersecurity resilience.
Read more

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

The Hacker News by Ravie Lakshmanan
Hackers are exploiting misconfigurations in Amazon Web Services (AWS), specifically targeting SES and WorkMail, to launch sophisticated phishing attacks. This tactic allows cybercriminals to send seemingly legitimate emails from trusted domains, significantly increasing the likelihood of successful scams.
The incidents highlight the critical vulnerabilities associated with cloud services and the necessity for stringent security practices. Organisations using AWS are urged to conduct regular security audits and tighten configurations to thwart these phishing schemes and protect sensitive data from being compromised.
Read more

EU’s New Product Liability Directive & Its Cybersecurity Impact

Dark Reading by Jatin Mannepalli
The EU’s New Product Liability Directive introduces significant changes with profound implications for cybersecurity across member states. This legislation extends liability to include digital products, compelling manufacturers to ensure higher security standards to avoid legal repercussions.
It’s designed to protect consumers from potential harms caused by digital products and services, including those related to cybersecurity breaches. This directive not only aims to enhance consumer protection but also pushes companies to adopt more rigorous cybersecurity measures, thereby elevating the overall security posture within the digital marketplace.
Read more

Microsoft Unveils Finalized EU Data Boundary as European Doubt Over US Grows

The Register by Richard Speed
Microsoft has officially finalized the EU Data Boundary, responding to increasing European concerns about data privacy and the handling of information by U.S. entities. This strategic move ensures that all personal data from European customers will be stored and processed within EU borders, aligning with stringent EU data protection regulations.
The implementation of this boundary aims to mitigate legal risks, enhance data sovereignty, and strengthen trust among European users. It reflects Microsoft’s commitment to addressing privacy concerns and adapting to global demands for more localised and secure data management practices.
Read more

UK Watchdog to Investigate TikTok and Reddit Over Use of Children’s Data

The Guardian by Robyn Vinter
The UK watchdog is set to investigate TikTok and Reddit for their handling of children’s data, raising significant concerns about privacy and protection online. This inquiry highlights potential violations of data protection laws intended to safeguard minors from misuse of their personal information on these platforms.
The investigation aims to ensure that both social media giants adhere strictly to legal standards, emphasising the importance of robust age verification processes and transparent data usage policies. This action underscores the growing urgency to protect young users in the digital landscape, where personal data is often vulnerable to exploitation.
Read more

C++ Creator Calls for Help to Defend Programming Language from ‘Serious Attacks’

The Register by Thomas Claburn
Bjarne Stroustrup, the esteemed creator of C++, has urgently called for support to defend the programming language from what he terms as ‘serious attacks’. These attacks compromise the integrity and efficiency of C++, potentially undermining its reliability and performance for developers globally.
Stroustrup emphasises the critical importance of rallying the programming community to protect C++ and maintain its foundational role in software development, impacting a vast array of applications across various industries. He stresses the potential long-term implications for technological innovation and software integrity if these challenges are not addressed effectively.
Read more

LinkedIn Scam Emails Warning

ITWire by Gordon Peters
Amid rising cybersecurity concerns, LinkedIn users are increasingly targeted by sophisticated scam emails that mimic official communications. These phishing attempts are designed to steal personal data by convincing users to click on malicious links that appear to be legitimate LinkedIn updates.
Security experts are sounding the alarm, highlighting the growing prevalence and sophistication of these scams. They strongly urge users to be vigilant, to verify the authenticity of messages, and to understand the risks to their personal information online amid these evolving cyber threats, emphasising the need for enhanced digital literacy.
Read more

Extreme Online Violence May Be Linked to Rise of ‘0 to 100’ Killers, Experts Say

The Guardian by Rachel Hall
Experts are increasingly concerned about the link between extreme online violence and the emergence of ‘0 to 100’ killers, individuals who rapidly escalate from no criminal background to committing severe acts of violence. This phenomenon is being studied as part of broader efforts to understand how digital environments influence offline behaviour.
Researchers are examining patterns in online activity that may predict these sudden violent outbursts, suggesting that early intervention could prevent potential tragedies. The focus is on creating tools and strategies to identify and mitigate these risks before they manifest in real-world violence.
Read more

Ransomware Gangs Exploit Paragon Partition Manager Bug in BYOVD Attacks

BleepingComputer by Bill Toulas
Ransomware gangs are exploiting a vulnerability in Paragon Partition Manager to conduct BYOVD (Bring Your Own Vulnerable Driver) attacks. This technique allows attackers to bypass security measures by using legitimate but flawed drivers.
Security researchers warn that this vulnerability is particularly dangerous because it enables ransomware to gain deep system access without immediate detection. The exploit has been used in several high-profile ransomware campaigns, highlighting the critical need for updates and patches to protect against such sophisticated cyber threats. Efforts are underway to mitigate the risk by providing timely security updates and educating users on the importance of maintaining software integrity.
Read more

Tarlogic Discovers Security Flaw Allowing Eavesdropping on Private Conversations via Bluetooth Headset Microphone

IT Security Guru by Daniel Tannenbaum
Tarlogic Security has uncovered a significant flaw in Bluetooth technology that allows eavesdropping on private conversations via Bluetooth headset microphones. This vulnerability can be exploited without alerting the device owner, making it a serious privacy concern.
Researchers at Tarlogic warn that this flaw not only breaches individual privacy but also poses a risk to corporate security if sensitive business discussions are intercepted. The discovery has prompted calls for immediate updates to Bluetooth security protocols to prevent such vulnerabilities and protect users from potential espionage.
Read more

SolarWinds CISO Says Security Execs Are ‘Nervous’ About Individual Liability for Data Breaches

Cyberscoop by Derek B. Johnson
Tim Brown, the CISO of SolarWinds, has voiced concerns that security executives are becoming increasingly nervous about being held personally liable for data breaches. This anxiety is driven by the rising frequency and severity of cyber attacks, which are putting immense pressure on security frameworks.
Brown emphasises the need for robust security measures and proactive risk management strategies to protect against potential breaches. Additionally, there is a call for clearer regulations and support systems to help security professionals manage these challenges without the fear of personal repercussions.
Read more

Attackers Could Hack Smart Solar Systems and Cause Serious Damage

Security Affairs by Pierluigi Paganini
Security researchers have raised alarms over vulnerabilities in smart solar systems that could be exploited by hackers to cause serious damage. These systems, integral to renewable energy grids, can be remotely accessed if not properly secured, allowing attackers to manipulate energy production or disrupt power supplies.
The potential for such attacks underscores the need for stringent security measures in the burgeoning smart energy sector. This threat not only poses risks to energy stability but also highlights broader implications for national security as reliance on renewable technologies increases.
Read more

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Dark Reading by Kristina Beek
A US soldier has signalled intentions to plead guilty to hacking into the systems of 15 telecom carriers, exposing significant vulnerabilities in telecommunications security. This case highlights the risk of insider threats where individuals exploit their technical skills and security clearances to access sensitive information, posing serious implications for national security.
The incident has prompted authorities to reevaluate and strengthen security protocols across the telecommunications industry, emphasising the need for rigorous access controls and ongoing surveillance to prevent future breaches.
Read more

Qilin Ransomware Claims Attack at Lee Enterprises, Leaks Stolen Data

BleepingComputer by Bill Toulas
Qilin ransomware has targeted Lee Enterprises, marking a significant breach in media cybersecurity. The group behind the attack has not only encrypted the company’s data but also begun leaking sensitive information to pressure for a ransom.
This incident highlights the increasing threat ransomware poses to the media sector, where disruptions can significantly impact operations and information integrity. Lee Enterprises is currently assessing the damage and coordinating with cybersecurity experts to mitigate the effects, reinforce their defenses, and prevent future attacks.
Read more

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

The Hacker News by Ravie Lakshmanan
Amnesty International has reported that a zero-day exploit in Cellebrite’s forensic technology was used to unlawfully access the Android phone of a Serbian activist. This breach underscores significant privacy concerns and the potential for misuse of surveillance tools.
The exploit enabled unauthorised access to sensitive personal data, exposing vulnerabilities in technologies that are commonly used by law enforcement worldwide. This incident has intensified calls for more stringent regulations on digital surveillance tools to prevent their use in political repression or other harmful activities, advocating for an international effort to protect digital rights and ensure privacy.
Read more

Meta Apologises Over Flood of Gore, Violence, and Dead Bodies on Instagram

The Guardian by Dan Milmo
Meta has issued an apology following a surge of disturbing content on Instagram, including graphic violence and images of deceased individuals. This influx has sparked widespread criticism and raised questions about the platform’s content moderation policies.
Meta has acknowledged the distress caused to users and is reviewing its algorithms and moderation practices to better detect and filter out such inappropriate content. The company has reiterated a commitment to improving its systems to ensure that Instagram remains a safe space for its community, emphasising the importance of safeguarding user experience against harmful content.
Read more

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

The Hacker News by Ravie Lakshmanan
Cybersecurity researchers have identified a new threat where fake CAPTCHA PDFs are being used to distribute Lumma Stealer malware across multiple domains, including Webflow and GoDaddy. This sophisticated scheme tricks users into downloading malware under the guise of verifying identity, exploiting trusted website functionalities.
The Lumma Stealer can extract a wide range of personal information, leading to significant privacy breaches. Experts are urging users to be cautious with downloads and to verify the authenticity of files and requests, especially when prompted by unexpected security checks.
Read more

Microsoft Disrupted a Global Cybercrime Ring Abusing Azure OpenAI Service

Security Affairs by Pierluigi Paganini
Microsoft has successfully disrupted a global cybercrime ring that was abusing its Azure OpenAI service. The operation involved cybercriminals using the service for malicious activities, including phishing and spreading malware.
Microsoft’s intervention highlights the ongoing battle against cyber threats exploiting cloud platforms. The company’s proactive measures have prevented further misuse, demonstrating the critical need for continuous monitoring and rapid response capabilities in cloud services. This event underscores the importance of vigilance and technological readiness in thwarting cybercriminal activities that leverage powerful cloud-based tools.
Read more

Farm and Food Cybersecurity Act Reintroduced to Protect Food Supply Chain from Cyber Threats

Industrial Cyber by Anna Ribeiro
The US Farm and Food Cybersecurity Act has been reintroduced to bolster cybersecurity across the food supply chain. This legislative push aims to protect critical infrastructure from cyber threats that could disrupt food production and distribution.
The act calls for enhanced security protocols, collaboration between government agencies and private sectors, and increased funding for cybersecurity measures. This initiative highlights the growing recognition of the vulnerability of the agricultural sector to cyber attacks, emphasising the importance of safeguarding this essential industry from potential disruptions.
Read more

Over 49,000 Misconfigured Building Access Systems Exposed Online

BleepingComputer by Bill Toulas
Over 49,000 building access control systems have been found exposed online due to misconfigurations, posing a significant security risk. These systems, which manage entry to facilities, could potentially allow unauthorised access if exploited by cybercriminals.
The exposure highlights a widespread issue in the security practices surrounding building management systems and underscores the need for stringent security audits and configurations. Cybersecurity experts are calling for immediate action to address these vulnerabilities to prevent potential breaches that could compromise both physical and data security.
Read more

ANALYSIS

Third-Party Risk Tops Cybersecurity Claims

Dark Reading by Robert Lemos
Recent findings reveal that third-party risks now lead as the primary cause of cybersecurity claims, underscoring the significant vulnerabilities associated with external collaborations. These risks stem from inadequate security measures among vendors and partners, potentially leading to data breaches and substantial financial losses.
The rise in such claims highlights the necessity for Organisations to enhance their third-party risk management protocols, ensuring rigorous security assessments and continuous monitoring of external entities. This proactive approach is essential to safeguard sensitive data and maintain robust cybersecurity defenses in an interconnected business environment.
Read more

Top 10 Most Probable Ways a Company Can Be Hacked

Dark Reading by Erich Kron
Cybersecurity expert Erich Kron has compiled a list of the top ten most probable ways companies can fall victim to hackers. This list serves as a crucial guide for businesses aiming to bolster their cyber defences.
The vulnerabilities range from phishing and malware to weak passwords and unsecured remote access. Kron emphasises the importance of awareness and proactive measures, such as regular updates, training employees, and implementing strong access controls. Highlighting these common vulnerabilities aims to empower companies to better protect themselves from increasingly sophisticated cyber threats.
Read more

This 5-Year Tech Industry Forecast Predicts Some Surprising Winners – and Losers

ZDNet by Joe McKendrick
A recent five-year forecast for the tech industry has identified potential winners and losers, shedding light on expected shifts in market dynamics. The report predicts that emerging technologies like artificial intelligence and blockchain will see significant growth, while traditional sectors may face challenges adapting to rapid technological changes.
Analysts stress the importance of innovation and flexibility for companies aiming to thrive in this evolving landscape. The forecast serves as a strategic guide for stakeholders to anticipate changes and strategically position themselves for success in the competitive tech arena.
Read more

3 Things to Know About AI Data Poisoning

Dark Reading by Arvind Nithrakashyap
AI data poisoning is emerging as a critical cybersecurity threat, allowing attackers to manipulate machine learning models by corrupting their training data. This technique can degrade AI performance, introduce biases, or even cause systems to make harmful decisions.
Security experts warn that as AI becomes more integrated into critical sectors like healthcare, finance, and cybersecurity, the risk of poisoned data grows. Organisations are urged to implement robust data validation, adversarial testing, and security protocols to safeguard AI integrity and prevent malicious exploitation of AI-driven technologies.
Read more

Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation

Financial IT by Chris Jacob
The financial sector is ramping up cybersecurity efforts by integrating threat intelligence and automation to combat increasingly sophisticated cyber threats. Experts highlight how automation enhances threat detection and response times, reducing reliance on manual processes that leave institutions vulnerable.
By leveraging AI-driven security measures, financial firms can better predict, prevent, and mitigate cyber attacks. As cybercriminal tactics evolve, industry leaders emphasise the necessity of real-time intelligence and automated defenses to protect sensitive financial data and maintain customer trust.
Read more

CyAN Members: Op Eds, Articles, etc:

The Cost of Silence: Enhancing Cyber Safety to Address Domestic Violence’s Impact on Women’s Employment and Education

Kim Chandler McDonald
CyAN Global VP Kim Chandler McDonald explores how technology-facilitated abuse disrupts women’s employment and education, limiting financial independence and career growth. She highlights the role of digital safety in preventing coercive control and ensuring that survivors can access opportunities without fear of online harassment.
The article advocates for stronger policies, employer awareness, and cybersecurity solutions that protect at-risk individuals. By addressing these challenges, Kim underscores the urgent need for systemic changes to create safer digital spaces and empower affected women.
Read more

Open Letter – Support for Responsible Cybersecurity Vulnerability Disclosure in Germany

CyAN Staff
CyAN staff have issued an open letter advocating for responsible cybersecurity vulnerability disclosure in Germany, emphasising the need for clear legal protections for security researchers. The letter highlights concerns that without proper safeguards, ethical hackers may face legal repercussions for exposing security flaws.
CyAN calls for legislation that encourages transparency, cooperation, and responsible reporting to strengthen Germany’s cybersecurity posture. The initiative aims to balance security needs with ethical considerations, ensuring researchers can contribute without fear of prosecution.
Read more

CyAN Member’s News

We at CyAN are ALWAYS overjoyed to celebrate our members’ successes and their contributions to the cybersecurity community!

We’re immensely proud to share that two esteemed members of the CyAN community, CyAN member Mohit Makhija and CyAN APAC Director Saba Bagheri, are finalists in the prestigious 2025 Australian Cyber Awards!

Mohit has been recognised in the Cyber Security Professional of the Year category, while Saba has earned accolades in both the Cyber Security Consultant of the Year – Enterprise and Cyber Security Professional of the Year – Government and Defence categories.

Their nominations are a testament to their outstanding contributions and dedication to the field of cybersecurity. Join us in congratulating Mohit and Saba—we are rooting for their success and celebrate their well-deserved recognition!

🔗 Mohit’s LinkedIn Post
🔗 Saba’s LinkedIn Post

And there’s more!

Please join us in celebrating our valued member Mohammed Shakil Khan, who has earned his Independent Director Certification from IICA and is now part of the Independent Director’s Databank of the Ministry of Corporate Affairs, Govt. of India.

Congratulations, Mohammed!

We’re excited to celebrate your achievement in earning the Independent Director Certification from the Indian Institute of Corporate Affairs (IICA) and becoming part of the Independent Director’s Databank under the Ministry of Corporate Affairs, Govt. of India.

This milestone reflects your dedication to corporate governance and leadership. Wishing you continued success in making an impact!

🔗 Mohammed’s LinkedIn Post

How MITRE ATT&CK Helps Us Understand and Stop Cyber Threats

Fel Gayanilo
CyAN General Secretary Fel Gayanilo explores how the MITRE ATT&CK framework enhances cybersecurity by providing a structured way to identify, analyse, and mitigate cyber threats. The framework helps security teams understand attacker tactics, techniques, and procedures, enabling more effective threat detection and response.
Gayanilo highlights its role in improving incident response, refining threat intelligence, and strengthening organisational security postures. As cyber threats evolve, he emphasises that leveraging frameworks like MITRE ATT&CK is crucial for staying ahead of adversaries and proactively defending critical systems.
Read more

Upcoming CyAN (and CyAN Partner) Global Events:

Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience webinar, March 6th (EST 6AM, CET 12PM, AEST 10PM)
Register here

CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence keynote by Dan Elliot, March 12, Peoplebank, Sydney
More info

Trust & Safety Forum at Forum INCYBER Europe (FIC), Lille, France: April 1-2
More info

GITEX AFRICA, Marrakesh, Morocco: April 14-16
More info

GITEX ASIA, Singapore (Marina Bay Sands): April 23-25
More info

GISEC, Dubai World Trade Center, Dubai, UAE: May 6-8
More info

The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK
More info

World AI Technology Expo UAE, Dubai, UAE: May 14-15, 2025
More info

MaTeCC, Rabat, Morocco: June 7-9, 2025
(The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.)
More info


📄 Download the full issue of CyAN Cyber (In)Securities Issue 12
Click here to view the PDF

Cyber (In)Securities – Issue 127

Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied uponBitdefender by Graham Cluley A significant security flaw discovered in stalkerware apps has exposed millions to potential spying, significantly compromising user privacy. This vulnerability allows