%term

Safe Harbor: An Open Source "Abort Mission" Button for Your AI Agent

Dec 4, 2025 By Greg Zemlin In Zenity

AI agents are increasingly connecting to more systems and workflows. They read structured data, follow multi-step instructions, and can reach deep into applications and developer environments. The same capabilities that make them powerful also create new opportunities for attackers. As Zenity Labs continued to study these emerging attack classes, we noticed a pattern starting to appear.

Read Post

Zenity

Read more about Safe Harbor: An Open Source "Abort Mission" Button for Your AI Agent

The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials

Dec 4, 2025 By KnowBe4 Threat Lab In KnowBe4

Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employees’ Microsoft 365 credentials. The campaign has been engineered to bypass traditional email security defenses, such as secure email gateways (SEGs), and multi-factor authentication (MFA) tools.

Read Post

KnowBe4

Read more about The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials

Weekly Cyber Security News 04/12/2025

Dec 4, 2025 By Kevin In ionCube24

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! How are you going to REACT?

Read Post

ionCube24

Read more about Weekly Cyber Security News 04/12/2025

Your Browser is Becoming an Agent. Zenity Keeps It From Becoming a Threat.

Dec 4, 2025 By Greg Zemlin In Zenity

Agentic browsers are quickly becoming part of everyday work. Tools like ATLAS, Comet, and Dia can read web content, navigate SaaS tools, interpret instructions, and act on behalf of a user. They promise faster execution and higher productivity but they also introduce new risks that traditional security tools are not designed to see. As these browser-based agents spread across both managed and unmanaged devices, the enterprise attack surface grows in ways that most teams can’t quantify.

Read Post

Zenity

Read more about Your Browser is Becoming an Agent. Zenity Keeps It From Becoming a Threat.

The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Dec 4, 2025 By Wallarm In Wallarm

When data flows between two critical SaaS tools (like Salesforce and a CRM chatbot), you have zero visibility into that traffic. This leaves a gaping hole for attackers to exploit Business Logic Abuse. Since you can't see the traffic, you cannot monitor the attack. The Solution? Rigorous Vendor Management. Control Your Own Keys! The responsibility to protect your sensitive data is always yours, even in the cloud.

View Video

Wallarm

API
Security

Read more about The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

APIs are the Language of AI. Protecting them is Critical.

Dec 4, 2025 By A10 Networks In A10 Networks

APIs are the Language of AI. Protecting them is Critical. In this discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto explore the emerging impact of Agentic AI on the API security landscape. They delve into how AI agents, as new API consumers, are driving an explosion in endpoints and exacerbating existing security issues, pushing API protection higher up the security practitioners' priority list.

View Video

A10 Networks

Read more about APIs are the Language of AI. Protecting them is Critical.

Keeper Named a Global Cybersecurity Leader in G2's Winter 2026 Reports

Dec 4, 2025 By Devin Cooney In Keeper

Keeper Password Manager has been recognized as a global cybersecurity leader by users on G2, the world’s largest and most trusted software marketplace. The G2 Winter 2026 Reports highlight Keeper’s strong performance and continued growth across multiple complex cybersecurity categories and regions, including KeeperPAM’s debut in the Privileged Access Management (PAM) reports.

Read Post

Keeper

Read more about Keeper Named a Global Cybersecurity Leader in G2's Winter 2026 Reports

JS#SMUGGLER: Multi-Stage - Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery

Dec 4, 2025 By 1. Stage 1 Overview In Securonix

The Securonix Threat Research team has analyzed a sophisticated web-based multi-stage malware campaign. The attack chain unfolds across three distinct stages: (1) an obfuscated JavaScript loader injected into a compromised website, (2) a stealthy HTA (HTML Application) that executes encrypted PowerShell stagers via mshta.exe, and (3) a final PowerShell payload that downloads, extracts, executes, and establishes persistence for a Windows-based remote access Trojan.

Read Post

Securonix

Read more about JS#SMUGGLER: Multi-Stage - Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery

Learn How Veracode Helps Developers Deliver Fast Without Compromising Security with SVP Sarah Law

Dec 4, 2025 By VERACODE In Veracode

Hear from Veracode's SVP of Business Operations, Sarah Law, on how developers face immense pressure to deliver software quickly while security and compliance teams struggle to keep pace with constant changes. The Veracode platform addresses this challenge by discovering and organizing all technology assets across systems, then assessing the risk associated with each one. What sets Veracode apart is its built-in governance and unified, configurable policy framework that adapts to each customer's unique security posture and regulatory requirements.

View Video

Veracode

Read more about Learn How Veracode Helps Developers Deliver Fast Without Compromising Security with SVP Sarah Law

Learn How Veracode Stops Attackers from Exploiting Vulnerabilities from Founder Chris Wysopal.

Dec 4, 2025 By VERACODE In Veracode

Hear from Veracode's Founder and Chief Evangelist, Chris Wysopal, on how attackers compromise organizations by scanning applications for vulnerabilities in code, APIs, mobile integrations, and cloud environments. Vulnerabilities enter systems through feature updates, open-source components, and third-party code—creating constant exposure.

View Video