Tag: cyber risk
27 articles

Criminal IP Enhances OpenCTI with Contextual Threat Intelligence Integration
Unlock the full potential of your threat intelligence with Criminal IP's integration with OpenCTI, providing rich contextual insights to supercharge investigation, correlation, and decision-making. By adding dual-perspective risk scoring, analysts gain a more nuanced view of IP risks, with separate signals for inbound and outbound threats.

Cybersecurity Awareness Outpaces Resilience
Despite having a high awareness of cyber risks, many organizations are struggling to build operational resilience, with gaps in visibility, capability, priorities, and culture hindering their ability to effectively manage threats. The 2026 Bitdefender Cybersecurity Assessment reveals a concerning disconnect between knowing the risks and taking action to mitigate them.

Threat Management Fails to Keep Pace with Visibility Gains
Most organizations are drowning in threat intelligence, with an average of 14 distinct feeds, yet struggle to turn that visibility into action, with 61% unable to identify which vulnerabilities are most likely to be exploited. As a result, security teams waste 42% of their time on low-priority risks, highlighting a critical gap between threat awareness and effective management.

Experts Push for Standardized AI Model Inventories to Mitigate Cyber Risk
Experts warn that without standardized AI model inventories, we risk a chaotic "fire, ready, aim" approach, where multiple incompatible solutions create more cyber threats than they mitigate. A new policy paper proposes an AI bill of materials (AIBOM) as a crucial step towards reducing cyber risk and improving transparency.

Boards Urged to Prioritize Cyber Risk Quantification
To make cyber risk more tangible and actionable, boards are advised to prioritize quantifying it in terms of dollar value, allowing managers across the organization to understand and address potential threats more effectively. By translating cyber risk into a clear financial impact, companies like BP are better equipping themselves to manage and mitigate digital threats.

Vulnerabilities Dwindle to Manageable Number in Supply Chain Risk Landscape
The good news on supply chain risk: out of 1,200 high-priority vulnerabilities in 2025, only 58 proved both highly exposed and easily exploitable, making them a manageable threat. By focusing on these urgent few, organizations can tackle their most immediate and impactful risks.

AI Tools Expose Healthcare to Rising Cyber Risk
The healthcare sector faces a rising cyber risk with the emergence of advanced AI tools like Anthropic's Claude Mythos, which could exponentially speed up vulnerability detection and exploitation. A leak of this powerful technology could create a force multiplier for cybercriminals, putting healthcare CISOs and security teams on high alert.

House Panel Scrutinizes Anthropic's Mythos Amid Cyber Risk Concerns
A recent closed-door briefing by Anthropic showed lawmakers firsthand how its advanced AI model, Mythos, can swiftly identify and reason through software vulnerabilities, highlighting the urgent need for federal agencies to access cutting-edge US models to stay ahead of cyber threats. This live demo reinforced the importance of responsible access to advanced AI for civilian cyber defenders to find and patch vulnerabilities before they can be exploited.

IMF Warns AI Exacerbates Cyber Risk to Financial Stability
The International Monetary Fund warns that artificial intelligence is supercharging cyber risk, transforming it into a potential threat to global financial stability. A single vulnerability exploited across multiple institutions could have devastating consequences for the entire financial ecosystem.

AI Adoption Outpaces Security Policies, Heightens Cyber Risk
Most organizations are already using AI tools, with 90% of digital trust professionals confirming employees are leveraging them, yet only 38% have a comprehensive policy in place to manage the risks. This disconnect leaves a staggering 25% of organizations with no AI policy at all, heightening cyber risk.

Cyber Risks Expose Organizations to Increased Threats
Organizations are facing a harsh reality: understanding cyber risk is only half the battle, as the real challenge lies in responding effectively when a threat strikes. Marsh's 2026 People Risks report reveals that cyber-related challenges, including cyber-threat literacy, top the list of people risks, ahead of technological change and skills shortages.

Ransomware Drives 90% of Manufacturing Cyber Losses
Ransomware is wreaking havoc on the manufacturing sector, responsible for a staggering 90% of total cyber losses - despite accounting for just a small fraction of claims. When ransomware strikes, the financial blow is severe, highlighting the urgent need for robust security measures.

Zero Trust Stalls at Data Movement Bottleneck
The moment data crosses a boundary, it's often assumed to be trustworthy - but that's exactly where attackers strike, exploiting this blind spot with alarming success. A recent Cyber360 survey reveals that 53% of security leaders still rely on manual processes to move sensitive data, leaving a gaping Zero Trust gap that's ripe for exploitation.

Kaspersky Report Exposes Shifting Cyberattack Landscape
Get ready to face the future of cyber threats! The Kaspersky Security Services report delivers eye-opening insights into the evolving cyberattack landscape, combining real-world incident response findings with hard data from its Managed Detection and Response service.

Modern Resource Management: Exclusive Best Practices
Modern Resource Management shows how federal teams can do more with less by replacing spreadsheets with systems—using outcomes-based metrics, integrated analytics, and agile workforce planning to protect readiness and deliver measurable public benefits. Get exclusive best practices for balancing short-term pressures with equitable, long-term mission gains.

cyber risk management: Must-Have Best Legal Defense
Cyber incidents aren’t just IT headaches — they’re legal minefields that can trigger fines, lawsuits and boardroom liability. Align contracts, AI governance, vendor controls and BYOD policies so technical breaches don’t become costly legal crises.

machine learning and generative AI: Must-Have Cyber Risks
When a single ransomware strike toppled 158‑year‑old Passwork KNP and put 700 people out of work, it exposed how machine learning and generative AI have made powerful cyberattacks cheap and easy; consider this a wake‑up call to harden defenses, test backups, and treat cyber risk as core operational priority.

board-level readiness: Must-Have Critical Wake-Up
The NCSC and ministers have warned FTSE 350 chiefs that many boards are leaving the digital front door wide open—it’s time for executives to treat cyber as a strategic priority, not an IT problem. Stronger board-level accountability, realistic testing and smarter supplier checks can stop breaches from becoming boardroom crises.

Libraesva ESG Urgent Patch: Critical Risk Exposed
A newly patched command-injection flaw in Libraesva’s Email Security Gateway was reportedly exploited by state-sponsored actors, putting email perimeters at risk of lateral movement and data theft. If you run ESG, update immediately, segment management interfaces, and hunt for signs of compromise.

London tube attack: Shocking Exclusive Charges Spark Risk
Nearly a year after an August 2024 cyberattack that snarled the Tube, two teenagers have been charged in a case that highlights how fragile modern transit systems can be. The prosecution raises fresh questions about cyber resilience, juvenile culpability and the stakes for everyday commuters.

authentication tokens Risky Fallout: Stunning Wake-Up
When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.

Salesloft Drift integration: Risky Must-Have Fixes
A widely used Salesloft–Drift integration meant to speed workflows is being abused to pivot into Google Workspace accounts—now’s the time to audit OAuth permissions, enforce least privilege, and revoke any unnecessary app access before attackers do.

exploit code Exclusive: Risky Leak Spurs Policy Shift
After a SharePoint zero-day was weaponized, Microsoft quietly stopped sharing proof-of-concept exploit code with some Chinese firms — a pragmatic but politically fraught move that highlights the uneasy trade-off between helping defenders and giving attackers a roadmap. The incident makes clear we need faster patching, tighter disclosure controls, and better international norms to protect users without splintering cooperation.

SAP NetWeaver Critical Threat: Must-Have Patch Urgency
A public, weaponized exploit chaining two critical SAP NetWeaver flaws lets attackers bypass authentication and gain remote code execution. If you haven’t patched every NetWeaver instance, prioritize fixes, network segmentation and monitoring now to avoid data theft and disruption.