ShadowLeak Strikes ChatGPT: A Zero-Click Wake-Up Call for Vendors and CISOs
Another zero-day patched just in time for no one to notice. Welcome to the new era where a server-side data theft method can slip through with a whisper and a press release. The subject of today’s bite-sized drama is ShadowLeak, the zero-click attack that targets ChatGPT and the data it touches. Researchers describe it as […]
Shai-Hulud Supply Chain Attack: When 180 NPM Packages Go From Private to Public
Pour yourself a glass of something dark and bitter, because this week’s supply chain slapstick from the npm ecosystem is a reminder that we treat risk like a buzzword and not a control. The Shai-Hulud attack shows how a wormy little chain reaction can turn private secrets into public gossip faster than a vendor can […]
CrowdStrike buys Pangea to launch AI Detection and Response – the AIDR circus rolls on
Pour yourself a glass of bourbon, because once again the security industry is treated to a press release dressed up as a breakthrough. CrowdStrike has acquired Pangea to launch AI Detection and Response, or AIDR if you like three acronyms stacked on top of each other like a tequila shot line. This is the kind […]
689,000 Affected by Insider Breach at FinWise Bank — The Insider Risk Never Takes a Vacation
Pour yourself a dram of something smoky and settle in for the latest chapter in the ongoing soap opera of insider threats. A former FinWise employee gained access to American First Finance customer information, and now hundreds of thousands of people are being notified that their data wandered out of the organization’s hands. Great news, […]
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
Pour yourself a drink, this breach is dumber than last week’s. The top story in today’s Security News Newsletter reads like a case study in how not to secure your SaaS real estate. The FBI has issued a FLASH alert about UNC6040 and UNC6395, two threat clusters that apparently figured out how to make Salesforce […]
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
Pour yourself a glass of whiskey, because the security alarm has sounded again and your risk posture still looks like a punchline. The FBI’s flash alert about UNC6040 and UNC6395 reads like a card from the vendor sales deck — convincing enough to scare a junior analyst, not enough to stop the next breach. Salesforce […]
F5 to Acquire CalypsoAI for $180 Million: A Dram of Reality in the AI Security Fanfare
Pour yourself a whiskey, because the press release parade is back on stage and this time it comes with a shiny $180 million price tag. F5 Networks wants you to believe that acquiring CalypsoAI is the key to adaptive AI inference security, seamlessly woven into its Application Delivery and Security Platform. Spoiler: it’s mostly marketing […]
Stark Lessons From a Very EU Sanctions Show – The Bulletproof Host That Refuses to Break Character
Pour yourself a smoky glass of whiskey and brace for yet another chapter in the long, tired saga of security theater pretending to be policy. The latest headline from Krebs on Security details Stark Industries Evades EU Sanctions, a story that proves the only thing more flexible than EU rules is a bulletproof hosting outfit […]
Geordie Emerges From Stealth With $6.5M for AI Agent Security Platform
Pour yourself a dram of something strong and get ready for the latest installment of security theater funded by someone who clearly believes the phrase “deep visibility into AI agents” deserves a $6.5M round. Geordie’s stealthy ascent promises a platform that can tell you what your AI agents are doing, which is almost as important […]
Mitsubishi Electric Bets Big on Nozomi Networks, and the Rest of Us Get to Pay in Convenience Fees
Pour yourself a dram of whiskey and watch the dollars flow into the very kind of deal that makes board attendees nod approvingly while the rest of us count the cost in downtimes and questionable integration plans. Mitsubishi Electric is buying Nozomi Networks for nearly a billion, and suddenly we are supposed to believe this […]
