It's good to see #Microsoft starting to address some of the resilience challenges highlighted during the #crowdstrike incident as part of their Windows roadmap, including reducing the need for applications and drivers to run with admin privileges. blogs.windows.com/windowsexperie…

Blue Yonder, producing #supplychain software used by over 3k orgs, was subject to a #ransomware attack last week and have not yet provided a timeline for service restoration. Another reminder of the role of critical 3rd parties in #operationalresilience. cyberscoop.com/blue-yonder-ra…

The rise of #AWS S3 targeted #ransomware sees threats abusing AWS' own Key Management Service (KMS) to encrypt company AWS buckets (or any cloud provider). It's a good time for #cloudsecurity teams to sense check their current #cyber security posture. rhinosecuritylabs.com/aws/s3-ransomw…

There's been a lot of discussion around #deepseekR1, which promises equivalent performance of leading models, with potentially significantly less investment in expensive hardware. Questions remain around the actual chips used, as well as security/privacy reuters.com/technology/art…

The rapid rise of #AI has also led to a corresponding boom in the developer ecosystem. Alongside this, the unfortunate rise in #cyber threats. cyberscoop.com/hugging-face-p…

There's increasing concern around the impact of #AI on #cyber security, and while there definitely will be changes on both offense and defense sides in the future, for now organisations are often still best placed to focus on nailing good cyber hygiene thehackernews.com/2025/02/debunk…

Another ex. of a software supply chain breach, this one showing a novel malicious use of #github actions. Notable many affected orgs don't appear to have followed best practices, and didn't use trusted tags rather than hashes of vetted versions #cyber arstechnica.com/information-te…

This is another in recent major incidents in int'l airports, following on from Heathrow last week and Seattle, Japan and Mexico in the past 6mo. This brings home the importance of #operationalresilience and #crisis mgmt, especially with regards to CNI. therecord.media/malaysia-pm-sa…

#Google just released 'Sec-Gemini', a new AI model specifically for #cyber security use cases. No doubt going to be a huge number of such models being released; the trick is going to be how to uplift our workforce and op models to get the most benefit. security.googleblog.com/2025/04/google…

Effective #cyber security underpins trust in modern markets. All organisations at some point will suffer a breach, how they respond to it determines in part whether trust is sustained or eroded. wsj.com/finance/regula…

Japan’s FSA is warning around a sharp increase in the number of cases of unauthorized access through online trading services. Over 12 securities firms have reported breaches to customer accounts, with losses reaching ~$700M USD. #cybersecurity therecord.media/japan-warns-of…

#resilience of critical financial services continues to be a major focus for organisations and national regulators, given their importance to national security. reuters.com/business/finan…

Australia has become the first country in the world to require #ransomware victims to disclose to the gov't when they pay a ransom. It's uncertain at this point what behaviours this will drive, but other jurisdictions are following closely. #cyber therecord.media/australia-rans…

In order to supervise an automation tool (or another person!) effectively, you need to be able to do the same job yourself. Doesn't matter if you rarely ever do the job yourself (like a manager who no longer codes), you need to be *able* to do it.

A critical #sharepoint vulnerability is being weaponised on a large-scale campaign presently. In the absence of a patch, #Microsoft is currently advising to configure AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers #cyber thehackernews.com/2025/07/critic…

#risk and control frameworks have lagged behind the rapid development of #AI, and now that AI risks are starting to be realised in the 'real world' the need for sound governance and risk management, as well as independent assurance, is growing. ft.com/content/fe49f3…

#genAI usage has grown at a rapid pace over the past few years, for many people it has become an integral part of their lives. However, it has been evolving more quickly than either guardrails or regulation can keep up. #cyber #privacy arstechnica.com/tech-policy/20…

As #AI is rapidly deployed in every aspect of our digital lives, it's imperative that we push forward with proper governance and oversight frameworks. Relying on vague promises of vendors to protect data won't suffice. #cyber #privacy darkreading.com/endpoint-secur…

i never saw this coming

Gary Marcus I cannot tell you how many times I have had GenAI generate code and I have to ask it, “Isn’t that susceptible to a (x) attack?” and it replies, “Oh! Yes it is, do this instead:” These non-programmers are vibe coding garbage and deploying it to production. Poorly architected,