%term

How to Detect and Prevent AI Insider Threats

Jun 11, 2026 By Teramind In Teramind

The rapid adoption of generative AI has transformed enterprise productivity, but it’s also quietly introduced a new, sophisticated vulnerability: the AI insider threat. For years, securing the internal perimeter meant watching for data exfiltration via USB sticks or unauthorized emails. Today, the risk looks entirely different.

Read Post

Teramind

Read more about How to Detect and Prevent AI Insider Threats

npm v12 delivers one of the biggest security improvements in years

Jun 11, 2026 By Dania Durnas In Aikido

npm's next major release, v12, scheduled to land July 2026, will stop running dependency install scripts by default. We’re relieved to hear it. Turning off install scripts is the most useful change npm could make to its defaults. The community suffered a barrage of supply chain attacks in the last year, like Nx s1ngularity and Shai-Hulud, that exploited postinstall scripts. This npm update is a long-awaited change that will shrink a huge supply chain attack vector.

Read Post

Aikido

Read more about npm v12 delivers one of the biggest security improvements in years

The Regulatory Cliff Edge

Jun 11, 2026 By Kroll In Kroll

How Agentic AI Is Outpacing the Compliance Frameworks Built to Contain It.

Read Post

Kroll

Read more about The Regulatory Cliff Edge

We Gave OpenClaw Red Team Tools (It Found Domain Admin)

Jun 11, 2026 By Sophos In Sophos

Our Red Team handed OpenClaw a penetration testing toolkit and pointed it at one of our own legacy Active Directory networks. 23 findings across 11 attack paths... But the findings aren't the interesting part. What's interesting is how it got there. Work that takes our human team three days took the agent three hours. Mid assessment it hit a wall, reasoned about its own limitations and proposed spinning up an EC2 GPU instance to crack a password hash. Nobody told it to.

View Video

Sophos

Read more about We Gave OpenClaw Red Team Tools (It Found Domain Admin)

Arctic Wolf Observes an Increase in Palo Alto Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257

Jun 11, 2026 By Arctic Wolf Labs In Arctic Wolf

In late May and early June 2026, Arctic Wolf began observing increased exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect and Prisma Access. The increase in CVE-2026-0257 exploitation began on May 30, 2026, following a smaller initial wave that had taken place between May 17 and May 21.

Read Post

Arctic Wolf

Read more about Arctic Wolf Observes an Increase in Palo Alto Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257

CISO's Corner - 6 Observations from Gartner SRM 2026

Jun 11, 2026 By Kory Daniels In LevelBlue

Artificial Intelligence continued to dominate the conversation, and content, but the key theme throughout the Gartner Security & Risk Management experience was a little bit more subtle. This year, CISOs from all across the globe came to connect, learn, and explore with peers, vendors, and Gartner, navigating individual and business resilience challenges.

Read Post

LevelBlue

Read more about CISO's Corner - 6 Observations from Gartner SRM 2026

How to Secure APIs Used in AI Applications?

Jun 11, 2026 By Mariyam Jameela In Protecto

Every AI application runs on APIs. They carry prompts, responses, customer data, and credentials between your models, databases, and third-party services. To secure APIs in AI applications, you need strong authentication, rate limiting, encryption, input validation, and continuous monitoring. But AI adds a layer most API security checklists miss: the data inside the API calls. That data needs protection too.

Read Post

Protecto

Read more about How to Secure APIs Used in AI Applications?

Analyzing SHEET#CREEP: SHEETCREEP is up again with different config obfuscation

Jun 11, 2026 By Shikha Sangwan, Akshay Gaikwad, Aaron Beardslee In Securonix

The Securonix Threat Research team has identified an ongoing espionage campaign, tracked as SHEETCREEP, where threat actors deliver a C# remote access trojan through a diplomatic-themed ISO phishing lure.

Read Post

Securonix

Read more about Analyzing SHEET#CREEP: SHEETCREEP is up again with different config obfuscation

Beyond Authorization: Why Intent-Aware Detection Is the New Control Plane for Agentic AI

Jun 11, 2026 By Chris Hughes In Zenity

Identity tells us an agent is allowed to act, intent tells us why it is acting. In an agentic world, only one of those questions actually predicts whether your environment is about to break.

Read Post

Zenity

Read more about Beyond Authorization: Why Intent-Aware Detection Is the New Control Plane for Agentic AI

The 7 Principles of Privacy by Design: Building Trust Into Modern AI and Data Systems

Jun 11, 2026 By Mariyam Jameela In Protecto

Data privacy is not just a checkbox for compliance requirements. It has become a core business expectation. Customers now want to know how companies collect, store, process, and protect their data. At the same time, global regulations like the GDPR and CCPA have made privacy a critical part of product development. According to a report by the Cisco Consumer Privacy Survey, 99% of companies saw measurable benefits by investing in privacy.

Read Post