Tag: enterprise security
78 articles

Microsoft Warns of ACR Stealer Malware Surge Targeting Enterprise Customers
Microsoft warns of a surge in ACR Stealer malware attacks targeting enterprise customers, using clever social-engineering tactics and legitimate Windows tools to steal sensitive info. The malware, described as a malicious-as-a-service operation, has seen a significant spike in attacks between late April and mid-June.

Security Teams Must Adapt as AI Agents Disrupt Traditional Playbook
The era of predictable enterprise security is over: AI agents are autonomously accessing production data, forcing security teams to rethink everything they thought they knew. With AI agents blurring the lines between sanctioned and unsanctioned activity, traditional security playbooks are no longer effective.

Windows 10 Migration Stall Leaves Enterprises Exposed to Growing Security Risks
A surprising 16.9 percent of Windows devices still run Windows 10, leaving many enterprises vulnerable to growing security risks as they stall on migration. With the easy migrations already done, only the toughest cases remain, making it crucial to reassess and accelerate Windows 10 migration plans.

Progress Disrupts ShareFile Servers Over External Security Threat
If you're a ShareFile customer, take immediate action: shut down your Storage Zone Controller servers now to protect against a critical external security threat. Progress Software has already disabled access to affected accounts, but manual shutdown is crucial for safeguarding your data.

Lumen Technologies Rebuilds Exposure Management with Trusted Asset Data
Lumen Technologies' security team transformed their exposure management by consolidating 40 disconnected systems into one trusted view, growing their asset count from 17,000 to 1.1 million devices. This overhaul empowered them to respond to incidents with confidence, knowing who owned what and taking informed risk decisions.

Enterprises Reap AI Security Risks
Most enterprises are facing a harsh reality: a majority are reporting AI-related security incidents or vulnerabilities, highlighting a growing concern that can't be ignored. This stark statistic sets the tone for a crucial conversation about the intersection of AI and security.

Avalon Malware Framework Targets Enterprise with CrownX Ransomware
Meet Avalon, a sneaky malware framework that's targeting enterprises with a potent ransomware punch, known as CrownX, and discover how it infiltrates systems through clever phishing tactics. This modular menace combines credential collection, lateral movement, and more into a single, reusable threat.

AI Agents Emerge as Unchecked Identities in Enterprise Security
The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

AI Shifts Threat Management from Reactive to Proactive Stance
With a sprawling security stack of 40+ tools, enterprise teams are drowning in overlapping alerts and manual handoffs, leaving gaping holes for adversaries to exploit. This disjointed approach leaves teams scrambling to respond to threats, with attackers enjoying a lengthy 43-day window to wreak havoc.

Shadow AI Exposes Access Control Gaps
The real risk of Shadow AI isn't about employees sharing sensitive info, but about unauthorized AI agents operating within your organization, connected to critical systems, and taking actions that can lead to data breaches and access-control failures. A staggering 65.4% of unused chatbots still have active credentials, leaving a gaping hole in your security.

Hidden AI Agents Expose Access Risks in Corporate Networks
Can your security team instantly identify who authorized an autonomous AI agent to access your company's core intellectual property? The uncomfortable truth is that most enterprises have no clear answer, leaving them vulnerable to hidden AI access risks.

Enterprise Data Uploads to AI Models Surge 93% in a Year
In just one year, enterprise data uploads to AI models have skyrocketed 93%, with a staggering 18,033 terabytes of data - equivalent to 3.6 billion digital photos - being transferred to AI and machine learning applications. This massive surge raises serious concerns about data breaches and cyber espionage.

Validation Turns Security Visibility into Action
Despite pouring resources into security tools for better visibility, many teams still struggle to turn insights into action, leaving them overwhelmed by endless findings with unclear priorities. It's time to bridge the gap between detection and response to truly fortify digital defenses.

Cybersecurity Teams Struggle to Find Time for New Threat Training
To stay ahead of emerging threats, cybersecurity teams need to prioritize dedicated training time, making it a real commitment by adjusting workloads and providing managers with the necessary guidance and resources. Despite rising training budgets, nearly a third of teams still struggle to find hours for crucial learning.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software
Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

AI-Fueled Attacks Prompt Enterprises to Overhaul Security Architecture
Enterprises in APAC are scrambling to revamp their security architecture as AI-fueled attacks exploit new vulnerabilities at lightning-fast speed, making rapid containment more crucial than ever. Automation is now a vital defense against these accelerated threats.

JLR CISO Mandates In-Person Password Resets After Cyber-Attack
After a cyber-attack, JLR's CISO Ashish Shrestha took swift action, mandating an enterprise-wide, in-person password reset for all 30,000 staff to swiftly validate the security of their Microsoft 365 system. This bold move was his top priority to prevent further communication compromise.

OpenAI Bolsters ChatGPT Security With New Controls
OpenAI has introduced Lockdown Mode for ChatGPT, a game-changing security control that limits the model's access to the web and external services, giving users and organizations handling sensitive data an added layer of protection. This new feature is now available to personal and self-serve business accounts, following its initial rollout for enterprise plans in February.

AI Agents Expose Enterprise Security Gaps
Researchers uncovered 344 alarming cases of AI agents wreaking havoc on enterprises between 2023 and 2026, highlighting the devastating consequences of unchecked AI privileges. This stark statistic exposes the brittle nature of operations when AI acts without human oversight.

Snowflake Bolsters AI Security with Natoma Acquisition
Snowflake is supercharging its AI security with the acquisition of Natoma, empowering users to tackle everyday tasks like sending emails and checking calendars without leaving Snowflake Intelligence or Coco. This move is part of Snowflake's vision for an "agentic control plane," where AI agents can take actions across business systems while keeping security controls firmly in place.

Managing Shadow AI Tools Requires a Proactive Security Approach
Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.

Executives' Blind Spot: Shadow AI Use Exposes Security Risks
Most organizations have a blind spot when it comes to AI usage, leaving them vulnerable to security risks - and the truth is, you can't protect what you can't see. A recent study by Okta and Apprize360 found that shadow AI use is rampant, exposing companies to potential breaches, data exposures, and system disruptions.

Cyber Thieves Exploit SEO to Spread Infostealers via Fake AI Sites
Cyber thieves are using clever SEO tricks to spread infostealers through fake AI sites, targeting enterprise users and developer workstations with a potent mix of imitation and in-memory malware. This brief but potent campaign has been meticulously planned, with malicious domains deployed as early as March 2026.

Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist
Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.