Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One of the confidentiality concerns associated with AI is that third parties will use your data inputs to train their models. When companies use inputs for training, the inputs may later become or inform outputs, potentially exposing confidential information to other people.

Artificial intelligence isn’t just a buzzword in cybersecurity—it’s rapidly becoming the backbone of both offense and defense in the digital battlefield. From hyper-realistic deepfakes to machine learning-powered threat detection, AI is fundamentally changing how we manage cyber exposure.

The proliferation of AI has rapidly introduced many new software technologies, each with its own potential misconfigurations that can compromise information security. Thus the mission of UpGuard Research: discover the vectors particular to a new technology and measure its cyber risk. This investigation looks at llama.cpp, an open-source framework for using large language models (LLMs).

On April 4, 2025, The Australian Financial Review reported on a set of credential abuse attacks targeting multiple Austrian superannuation funds. These attacks were not breaches of the infrastructure of those companies, but compromises of individual customer accounts via stolen credentials. How were those customer credentials stolen?

Staying ahead of the game is a top concern for security teams as the cyber threat landscape continues to evolve rapidly. Every year seems to bring new technological advances, which also introduce new cybersecurity trends and significant risks. As organizations face these challenges, it’s essential to build proactive defenses, not reactive responses. The next big cyber threat is already here—ready or not.

All security professionals know third-party risk management doesn’t stop after one risk assessment. What about the next vendor? Or the future risks the vendors you’ve already evaluated will inevitably endure? While completing even a single risk assessment can feel like an arduous journey when done manually, all successful TPRM programs continue long after assessment.

It’s no secret that human error still plays a significant role in data breaches - despite ongoing security and awareness training. But how do we finally disrupt this trend? The answer lies in a new approach to human risk management.

If you’re a security analyst, you know the work never stops. Even after your team completes an extensive vendor risk assessment and remediation, you still need to write a report to share your findings with key stakeholders. And this work isn’t a walk in the park by any means. Writing a risk assessment report often requires hours (or even days) of summarizing information, repopulating graphs, and balancing technical details with clarity to cater to technical and non-technical stakeholders.

Organizations today move fast, but slow vendor approvals can grind everything to a halt. As companies increasingly rely on third-party vendors, slow vendor approvals create a serious security bottleneck. This slowdown costs organizations valuable time and resources—and leaves them open to security risks. It’s important to cohesively review and approve vendors to manage third-party risk, but organizations should be aware of just how long those approvals take.

Researchers have discovered a critical security vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures. The vulnerability, designated CVE-2025-29927, was discovered by Rachid Allam and Yasser Allam and since assigned a base CVSS score of 9.1. By skipping checks for authorization cookies, attackers can potentially gain access to restricted areas of applications like admin tools and dashboards.