Five fundamentals for a cyber-resilient future

Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical

AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits.

Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. “Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections

A host of automated approaches identifies and remediates potential vulns while still retaining a role for security analysts to filter for context and business criticality.