Technology

Science fiction has always been a genre sold on the imagination, and the best sci-fi movies have taken that to the next level. Instead of imagining what the future could look like, many of the greate… [+10456 chars]

<p>The post <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox">A Tale of Two States: The 2026 Cybersecurity Paradox</a> appeared first on Lohrmann on Cybersecurity.</p><p> </p><p><a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity">Lohrmann on Cybersecurity</a></p><h1>A Tale of Two States: The 2026 Cybersecurity Paradox</h1><h2>The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.</h2><div>May 03, 2026 •</div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><figure><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/dcd4c09/2147483647/strip/true/crop/5620x2930+0+816/resize/840x438!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Ff9%2F87%2Fabb1d87e4d94a80a63a14ea7fe2b%2F2604-nascio-philadelphia-051.jpg"><figcaption>From left to right, NASCIO Deputy Executive Director Meredith Ward; Kansas CISO John Godfrey; Massachusetts CISO and Chief Risk Officer Anthony O’Neill; and Mike Wyatt, partner/principal at Deloitte.</figcaption><div>Government Technology/David Kidd</div> </figure><div class="Page-articleBody RichTextBody"> <p>“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.”</p> </div><div>This famous quote, from the opening of <a href="https://www.goodreads.com/work/quotes/2956372"><i>A Tale of Two Cities</i></a> by Charles Dickens and written in 1859, could well describe the state of government technology and cybersecurity in mid-2026. As I attended sessions and networked with state CIOs and CISOs over the past week, I saw that there is a wide gap in the level of hope between different state leaders.</div><div> <p>From the opening Corporate Member Exchange Meeting to the State Meet and Greets session to coverage of the NASCIO-Deloitte Cybersecurity Study, everyone was talking about how <a href="https://www.govtech.com/security/state-cisos-are-losing-confidence-biennial-report-finds">state CISOs (and CIOs) are losing confidence</a> in their ability to stop and recover from cyber attacks against their governments.</p> </div><div> <p>Here are some of my notes from meetings and conversations with CIOs and CISOs:</p> <ul> <li>Their governor’s support is high. But how do we measure cyber success? Lowered incident response from six days to 10 minutes. Fear of “double-bubble” — how can we eliminate the old tools? We don’t want to pay for tools twice.</li> <li>Some states, like Texas, have a well-funded new <a href="https://www.govtech.com/security/retired-navy-admiral-is-first-to-lead-texas-cyber-command">Cyber Command</a> organization.</li> <li>Other states are seeing major budget cuts across the board.</li> <li>Leaders are hoping <a href="https://www.fema.gov/grants/preparedness/state-local-cybersecurity-grant-program">SLCGP Cyber Grants</a> are renewed. Also discussions on <a href="https://www.govtech.com/security/vermont-becomes-13th-state-to-purchase-ms-isac-membership">next steps for the MS-ISAC</a>, which I will cover in a late June blog.</li> <li>One state dealt with three ransomware attacks with locals in the past few months.</li> <li>All states are working on AI projects. Most are using an outcome-focused approach, looking for real downstream impact and asking how their AI projects work with improving or replacing existing systems. AI governance is top of mind for CIOs and CISOs.</li> <li>A lot of discussions about the recent <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/why-anthropics-mythos-is-a-systemic-shift-for-global-cybersecurity">developments with Anthropic’s Project Glasswing and Claude Mythos</a>, along with other new AI developments and the impact on government cybersecurity.</li> </ul> <p> </p> <h3>NASCIO-DELOITTE CYBERSECURITY STUDY</h3> </div><div>The full 2026 NASCIO-Deloitte Cybersecurity Study can be <a href="https://www.nascio.org/resource-center/resources/2026-nascio-deloitte-cybersecurity-study/">downloaded here for free</a>, and this year’s study includes insights from the CISOs of all 50 states, the District of Columbia and the U.S. Virgin Islands.</div><div> <p>Here are the five major themes outlined by Meredith Ward of NASCIO and Mike Wyatt from Deloitte:</p> <ul> <li>“Facing an evolving threat landscape: Rapid advances in attack sophistication are challenging state CISOs, with AI viewed as both an emerging threat vector and a powerful tool for cyber defense.</li> <li>Getting future-ready: CISOs are adopting new tools and regulatory frameworks to meet the evolving technology landscape.</li> <li>Looking at whole-of-state cybersecurity: The survey points to a growing interest in centralized state support for the cybersecurity efforts of local governments, public education and critical infrastructure.</li> <li>The expanding CISO role: The proliferation of AI and generative AI (GenAI), as well as a growing appreciation of the need to safeguard public data, is bringing new responsibilities to the CISO role.</li> <li>Dealing with a resource crunch: Compared with recent survey cycles, CISOs tell us that their funding shortfalls are growing more dire, while continuing to face challenges around maintaining a cyber workforce with the needed skills.”</li> </ul> <p>In my view, this is another great report that is a must-read for anyone who is serious about improving cyber defenses in state and local governments nationwide.</p> </div><div> <p>The “bad and ugly” parts, unfortunately, come in the next section of the joint biennial report, highlighting the “key takeaways”:</p> <ul> <li>“As threats become more sophisticated, far fewer CISOs expressed confidence in their ability to secure public data. The percentage of CISOs who characterized themselves as ‘extremely’ or ‘very confident’ has dropped dramatically, from 48 percent in 2022 to 22 percent in 2026 (figure 1).</li> <li>CISOs are significantly less confident in the ability of local government and public higher education to secure public data. The percentage of CISOs who described themselves as ‘not very confident’ in these entities rose significantly, from 35 percent in 2022 to 63 percent in 2026 (figure 2). This lack of confidence may explain why roughly one-fifth of CISOs indicated that their states were moving forward with a whole-of-state approach to cybersecurity.</li> <li>Generative AI also represents an area of increased responsibility, with 94 percent of CISOs indicating that they are actively involved with the development of GenAI security policies (figure 8).</li> <li>CISOs overall reported a rapidly deteriorating budget picture. In the 2026 survey, only 22 percent of CISOs reported a budget increase of 6 percent or more, down from 40 percent in 2024. Perhaps more concerning, 16 percent of CISOs reported reductions to their budgets in this survey, compared with none in 2024 (figure 21).</li> <li>Looking into the future, CISOs indicated their top three barriers to meeting cybersecurity challenges were: legacy infrastructure, increasing sophistication of threats and insufficient funding for cybersecurity (figure 7).”</li> </ul> <p> </p> <h3>OTHER HOT NASCIO MIDYEAR TOPICS</h3> </div><div> <p>There were many other topics of discussion (cyber and otherwise) at the NASCIO Midyear Conference, and here are some of the <i>GovTech</i> articles that flowed from the event:</p> <ul> <li><a href="https://www.govtech.com/security/how-trust-guided-nevada-through-its-cyber-incident">How Trust Guided Nevada Through Its Cyber Incident</a>:</li> <li><a href="https://www.govtech.com/workforce/pennsylvania-ciso-prioritizes-proactive-risk-management">Pennsylvania CISO Prioritizes Proactive Risk Management</a>: Andy Ritter took the reins as Pennsylvania’s new CISO earlier this year after nearly a decade supporting cybersecurity and risk management. As CISO, he is focused on constituent outcomes.</li> <li><a href="https://www.govtech.com/artificial-intelligence/indiana-rolls-out-genai-for-all-state-staff-and-leadership">Indiana Rolls Out GenAI for All State Staff — and Leadership</a>: CIO Warren Lenard describes how Indiana has made Microsoft Copilot available for any state employee who wants it, and a key part of the program is training. That training also extends to cabinet-level secretaries.</li> <li><a href="https://www.govtech.com/artificial-intelligence/an-ai-magic-moment-accelerates-it-development-in-utah">An AI ‘Magic Moment’ Accelerates IT Development in Utah</a>: Utah’s Director of AI Christian Napier on how piloting Claude Code at state agencies boosted developer productivity, saving 40 hours of work over a four-week period.</li> <li><a href="https://www.govtech.com/gov-experience/tremendous-change-for-colorados-it-department">‘Tremendous Change’ for Colorado’s IT Department</a>: CIO David Edinger describes a major restructuring of IT in Colorado aimed at flattening the organization and getting closer to the agencies it serves.</li> </ul> <p> </p> <h3>FINAL THOUGHTS</h3> </div><div>I realize that this piece is pretty depressing to read and comes across as a negative outlook for <i>Government Technology</i> readers and wider cyber initiatives in states.</div><div>Nevertheless, the networking camaraderie, relationships and coming together for a common set of government causes was also very evident throughout the conference.</div><div>There are now a record number of corporate members within NASCIO at over 280 companies (and some say too many members, which is a problem to be considered). But these numbers also show the interest and focus on governments solutions and reshaping the people, processes and technology for the public sector — again.</div><div> <p>I’ll end this blog with a more optimistic quote commonly attributed to C.S. Lewis: “You can’t go back and change the beginning, but you can start where you are and change the ending.”</p> </div><p><a href="https://www.govtech.com/tag/cybersecurity">Cybersecurity</a><a href="https://www.govtech.com/tag/nascio">NASCIO</a></p><p> </p><p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/7be6234/2147483647/strip/true/crop/343x343+77+0/resize/100x100!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Faa%2Fbe%2F66bbbc539526800857dd96f3c9d5%2Flohrman.jpg"></p><p> </p><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><div>Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.</div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">See More Stories by Dan Lohrmann</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/a-tale-of-two-states-the-2026-cybersecurity-paradox/" data-a2a-title="A Tale of Two States: The 2026 Cybersecurity Paradox"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="">Lohrmann on Cybersecurity</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Lohrmann on Cybersecurity">Lohrmann on Cybersecurity</a>. Read the original post at: <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox">https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox</a> </p>

<p><span style="font-weight: 400;">Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In </span><a href="https://cisowhisperer.com/tag/ciso-diaries/"><span style="font-weight: 400;">CISO Diaries</span></a><span style="font-weight: 400;">, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security leaders structure their days, where they focus their attention, and the habits that shape their approach to risk.</span></p><p><span style="font-weight: 400;">This series explores the human side of cybersecurity leadership, where judgment, patience, and operational clarity are often as important as technical controls. By spotlighting routines, leadership philosophies, and long-term perspectives, CISO Diaries offers a closer look at how modern CISOs navigate evolving threats while building programs that are resilient, pragmatic, and aligned with business priorities.</span></p><h3><span style="font-weight: 400;">About Victor-Andrei Nicolae</span></h3><p><a href="https://www.linkedin.com/in/victor-andrei-nicolae-027514220/" rel="noopener"><span style="font-weight: 400;">Victor-Andrei Nicolae</span></a><span style="font-weight: 400;"> is Chief Information Security Officer at </span><a href="https://www.rightclicksol.com/" rel="noopener"><span style="font-weight: 400;">RightClick Solutions</span></a><span style="font-weight: 400;">, where he leads enterprise information security and IT risk management strategy, working across business units to strengthen security governance, improve risk management processes, and enhance the organization’s information security framework. His experience spans a broad range of IT and security environments, from infrastructure design and cloud administration to enterprise security controls, compliance, and operational resilience.</span></p><p><span style="font-weight: 400;">With expertise across AWS, Microsoft environments, Trellix security solutions, and ISO 27001-aligned security management, Victor brings a practical, systems-oriented perspective to the CISO role. Known for his emphasis on disciplined execution and sustainable risk management, he focuses on building effective controls that support business operations while preparing organizations for emerging challenges, including the rise of AI-driven threats and the shift toward more adaptive, intelligent defense strategies.</span></p><h3><span style="font-weight: 400;">How do you usually explain what you do to someone outside of cybersecurity?</span></h3><p><span style="font-weight: 400;">I’m responsible for protecting the organization’s systems, data, and infrastructure by identifying risks, implementing security controls, and ensuring everything runs securely and reliably. This includes securing networks and systems, managing access, monitoring for threats, and responding to incidents to keep the business operating safely.</span></p><h3><span style="font-weight: 400;">What does a “routine” workday look like for you, if such a thing exists?</span></h3><p><span style="font-weight: 400;">A typical day involves monitoring systems and security alerts, reviewing logs and vulnerabilities, managing access and security configurations, and addressing any incidents or risks. It also includes coordinating with teams, improving security controls, and ensuring compliance with policies and standards.</span></p><h3><span style="font-weight: 400;">What part of your role takes the most mental energy right now?</span></h3><p><span style="font-weight: 400;">Balancing security requirements with business needs—prioritizing risks, making decisions on limited resources, and ensuring controls are effective without impacting operations—takes the most mental energy.</span></p><h3><span style="font-weight: 400;">What’s one security habit or routine you personally never skip? (Work or personal.)</span></h3><p><span style="font-weight: 400;">Ensuring all systems and applications—both work and personal—are consistently updated with the latest security patches is a habit I never skip.</span></p><h3><span style="font-weight: 400;">What does your own personal security setup look like? (Password manager, MFA, backups, devices, at a high level.)</span></h3><p><span style="font-weight: 400;">I use a password manager for all credentials, enforce MFA on all accounts, keep devices encrypted and regularly updated, and maintain secure, periodic backups to ensure data can be recovered if needed.</span></p><h3><span style="font-weight: 400;">What book, podcast, or resource has influenced how you think about leadership or security? (Doesn’t have to be technical.)</span></h3><p><span style="font-weight: 400;">Leadership and security cannot function without a strong sense of responsibility. Rather than being shaped by a specific book or resource, my approach has been influenced by observing my father and how he handles situations and responsibilities in his daily life, which has had a lasting impact on how I think and act.</span></p><h3><span style="font-weight: 400;">What’s a lesson you learned the hard way in your career?</span></h3><p><span style="font-weight: 400;">One key lesson I learned the hard way is the importance of patience. Rushing decisions or expecting immediate results—especially in security and infrastructure—can lead to mistakes or overlooked risks. Taking the time to properly assess situations and act thoughtfully leads to better, more sustainable outcomes.</span></p><h3><span style="font-weight: 400;">What keeps you up at night right now, from a security perspective?</span></h3><p><span style="font-weight: 400;">The rapid growth and accessibility of AI, particularly how it can be leveraged for more sophisticated attacks such as advanced phishing, social engineering, and automated exploitation, is a key concern. It significantly lowers the barrier for threat actors while increasing the complexity of detecting and mitigating risks.</span></p><h3><span style="font-weight: 400;">How do you measure whether your security program is actually working?</span></h3><p><span style="font-weight: 400;">I measure effectiveness through maintaining ISO 27001 certification, which requires regular audits, continuous risk assessments, and ongoing improvement of security controls. Successful audit outcomes and adherence to defined policies and KPIs indicate that the security program is functioning as intended.</span></p><h3><span style="font-weight: 400;">What advice would you give to someone stepping into their first CISO role today?</span></h3><p><span style="font-weight: 400;">Focus on understanding the business first, not just the technology. Build strong relationships across the organization, prioritize risks realistically, and communicate security in a way that supports business goals. Most importantly, stay pragmatic—perfect security doesn’t exist, but effective risk management does.</span></p><h3><span style="font-weight: 400;">What do you think will matter less in security five to ten years from now?</span></h3><p><span style="font-weight: 400;">Over time, purely perimeter-based security will matter less. With cloud adoption, remote work, and increasingly distributed systems, the focus is shifting away from defending a fixed network boundary toward identity, access control, and continuous verification (Zero Trust).</span></p><h3><span style="font-weight: 400;">Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?</span></h3><p><span style="font-weight: 400;">Security teams will spend significantly more time leveraging AI to defend against AI-driven threats. As attackers increasingly use automation and intelligent systems, defenders will need to adopt similar technologies to detect, respond, and adapt in real time, making AI-driven defense a core part of security operations.</span></p><p>The post <a rel="nofollow" href="https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/">CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/" data-a2a-title="CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by JJ Javier">JJ Javier</a>. Read the original post at: <a href="https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense">https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense</a> </p>

<div data-test-render-count="1"> <div class="group"> <div class="contents"> <div class="group relative relative pb-3" data-is-streaming="false"> <div class="font-claude-response relative leading-[1.65rem] [&amp;_pre&gt;div]:bg-bg-000/50 [&amp;_pre&gt;div]:border-0.5 [&amp;_pre&gt;div]:border-border-400 [&amp;_.ignore-pre-bg&gt;div]:bg-transparent [&amp;_.standard-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&amp;_.standard-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8 [&amp;_.progressive-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&amp;_.progressive-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8"> <div class="standard-markdown grid-cols-1 grid [&amp;_&gt;_*]:min-w-0 gap-3 standard-markdown"> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">What happened</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft incidents rose 18% in 2025, while the average value per theft grew 36% to $273,990, reflecting more selective targeting of high-value loads.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The FBI describes a multi-stage attack chain that has been active since at least 2024. Attackers first compromise freight broker or carrier accounts through phishing sites that install remote monitoring software, gaining persistent, undetected access. They then post fraudulent freight listings on load boards, tricking legitimate carriers into downloading malicious files, and accept real shipments under stolen carrier identities. Loads are rerouted to complicit drivers and stolen for resale. In some cases, criminals also demand ransoms for the location of diverted shipments.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The attack extends beyond the immediate theft. Threat actors alter the compromised carrier’s registration details with the Federal Motor Carrier Safety Administration and update insurance records, meaning legitimate companies often do not discover they have been compromised until brokers report missing shipments booked in their name. The Diesel Vortex threat group was identified in February as running a related campaign targeting freight and logistics operators in the US and Europe through phishing attacks using 52 domains, active since September 2025.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Who is affected</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Shippers, freight brokers, carriers, and logistics companies across the US and Canadian transportation sector are directly targeted. Insurers covering cargo and carriers whose identities are stolen and used to accept fraudulent shipments face secondary exposure. The FBI noted that companies involved in shipping, receiving, delivering, and insuring cargo are all within the threat actors’ targeting scope.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Why CISOs should care</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Cyber-enabled cargo theft has crossed into organized crime territory, with groups running multi-stage operations that combine credential theft, account compromise, identity fraud against federal carrier registries, and physical logistics manipulation. The modification of FMCSA registration records is a particularly significant escalation, as it weaponizes a government database to legitimize fraudulent operations and delay discovery.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">For security leaders in logistics, manufacturing, or any sector with significant freight dependencies, this FBI warning is a signal that supply chain risk now extends to the physical movement of goods through digitally compromised intermediaries.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">3 practical actions</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Implement MFA on all freight broker and carrier platform accounts and load board access:</strong> The attack chain begins with credential compromise through phishing. MFA on accounts with access to load boards, shipment systems, and carrier registration platforms directly interrupts the initial access phase of the documented attack pattern.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Establish out-of-band verification for all unexpected shipment requests and carrier communications:</strong> The FBI specifically recommends verifying shipment requests through secondary channels. Implement a policy requiring phone or in-person verification for any load booking, carrier identity confirmation, or routing change that arrives through email or digital platforms, particularly from unfamiliar contacts.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Monitor FMCSA registration records for unauthorized changes to your carrier profile:</strong> Attackers modify carrier registration details to legitimize fraudulent operations under stolen identities. Establish a routine check of your FMCSA carrier profile for unauthorized changes to contact information, insurance records, or operating authority, and set up alerts where the registry allows it.</p> </div> </div> </div> </div> <div class="flex justify-start" role="group" aria-label="Message actions"> <div class="text-text-300"> <div class="text-text-300 flex items-stretch justify-between"> <div class="w-fit" data-state="closed"> <div class="relative text-text-500 group-hover/btn:text-text-100"> <div class="absolute top-0 left-0 transition-all opacity-0 scale-50"> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Also in the news today:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/dayton-mayor-demands-accountability-after-license-plate-reader-data-breach/">Dayton Mayor Demands Accountability After License Plate Reader Data Breach</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ameriprise-financial-data-breach-exposes-personal-information-of-48000-customers/">Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/congress-punts-fisa-section-702-renewal-to-june/">Congress Punts FISA Section 702 Renewal to June</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/edtech-firm-instructure-discloses-cyber-incident-probes-impact/">Edtech Firm Instructure Discloses Cyber Incident, Probes Impact</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/consentfix-v3-automates-oauth-abuse-to-bypass-mfa-and-hijack-azure-accounts/">ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/1800-developers-hit-in-mini-shai-hulud-supply-chain-attack-across-pypi-npm-and-php/">1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div><p>The post <a rel="nofollow" href="https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/">FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/" data-a2a-title="FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks">https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks</a> </p>

<p>The financial services ecosystem in India is undergoing rapid digital transformation, and fintech organizations sit at the center of this evolution. With increasing cyber threats targeting digital payments, lending platforms, and financial data, regulatory oversight has intensified. The Reserve Bank of India mandates a strong RBI cybersecurity framework that fintechs must follow to ensure resilience, trust, and compliance.</p><p>NBFCs and Indian banks are navigating an increasingly hostile threat landscape in 2025. Cyberattacks on the BFSI sector are rising by nearly 25% year over year, with potential losses reaching ₹50,000 crore annually.</p><p>In this environment, the <strong>RBI Cybersecurity Compliance Checklist</strong> serves as a critical safeguard, strengthening operations, VAPT processes, and Zero Trust frameworks to defend against threats like ransomware and deepfake-driven attacks. This blog provides a data-backed roadmap aligned with the latest RBI regulations, helping organizations implement compliance effectively and turn it into a strategic advantage rather than just a mandate.</p><h2 class="wp-block-heading"><strong>RBI Cybersecurity Compliance Checklist</strong> </h2><p>The RBI cybersecurity framework checklist provides a structured framework for organizations to strengthen their security posture and ensure regulatory compliance. It outlines essential controls across governance, risk management, and technical security. Adhering to these guidelines helps organizations mitigate cyber risks and maintain operational resilience.</p><div class="wp-block-image"> <figure class="aligncenter size-large"><img fetchpriority="high" decoding="async" width="1024" height="532" src="https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1024x532.jpg" alt="RBI cybersecurity compliance checklist" class="wp-image-15154" srcset="https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1024x532.jpg 1024w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-300x156.jpg 300w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-150x78.jpg 150w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-768x399.jpg 768w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1536x798.jpg 1536w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-2048x1065.jpg 2048w" sizes="(max-width: 1024px) 100vw, 1024px"></figure> </div><h3 class="wp-block-heading"><strong>Security Controls &amp; Infrastructure Strengthening</strong></h3><p>Infrastructure Hardening Testing assesses the security posture of critical systems, networks, and applications to ensure alignment with established security baselines. This includes evaluating the effectiveness of network segmentation, endpoint protection mechanisms, server hardening practices, and application-level security configurations. Access Control Testing focuses on validating identity and access management mechanisms, including authentication processes, user permissions, and privilege governance. </p><p>Vulnerability Management Testing evaluates an organization’s capability to detect, prioritize, and remediate security vulnerabilities across systems and applications. This involves evaluating vulnerability scanning, patching, and how insights inform risk-based decisions.</p><h3 class="wp-block-heading"><strong>Governance, Risk, and Compliance (GRC)</strong></h3><p>Organizations must demonstrate that their cybersecurity policies are formally approved by the board and regularly updated to align with evolving business strategies and risk appetite. Assess cybersecurity governance, including the CISO’s authority and how cyber risk integrates into enterprise risk management.</p><p>Organizations must comply with RBI guidelines, industry standards, and applicable legal requirements. This involves validating internal audit mechanisms, external assessments, and continuous monitoring practices to maintain a consistent state of compliance.</p><p>Risk management testing ensures organizations can identify, assess, and respond to cyber risks effectively using a structured approach. This includes evaluating <a href="https://kratikal.com/blog/what-is-threat-modeling-a-detailed-overview/"><mark class="has-inline-color has-luminous-vivid-orange-color">threat modeling</mark></a> approaches, vulnerability management processes, and risk quantification frameworks that support informed and strategic decision-making.</p><h3 class="wp-block-heading"><strong>Information Security &amp; Data Privacy</strong></h3><p>Data Protection ensures that teams keep sensitive data secure at all times, whether they store, share, or process it. Within the RBI cybersecurity framework, it evaluates encryption strength, key management reliability, and secure data-handling practices to protect critical information. Data Classification and Handling Validation examines how effectively an organization understands and manages its data landscape. </p><p>Privacy Compliance Testing ensures that security efforts align with regulatory expectations under RBI cybersecurity framework, including mandates. It assesses consent management, data rights protection, and cross-border transfers to ensure compliance and build trust.</p><h3 class="wp-block-heading"><strong>Risk Identification &amp; Assessment</strong></h3><p>Financial institutions must conduct comprehensive cyber risk assessments that go beyond surface-level evaluations. This includes identifying and classifying critical assets based on sensitivity, mapping potential threat vectors, and performing detailed vulnerability assessments. Teams then translate these insights into structured mitigation strategies supported by well-defined policies and controls. At the governance level, CISOs play a pivotal role, operating independently of the IT function and reporting directly to risk leadership, ensuring that cybersecurity remains a strategic priority aligned with enterprise risk management.</p><h3 class="wp-block-heading"><strong>Vulnerability Assessment and Penetration Testing (VAPT)</strong></h3><p>Mandatory VAPT must be conducted annually, covering applications, APIs, and infrastructure, and must address vulnerabilities aligned with the <strong>OWASP Top 10</strong> and ensure proper remediation validation. Additionally, testing should be performed more frequently after any major system changes. Organizations should adopt continuous vulnerability management through automated scanning, structured patching, and risk-based prioritization to continuously identify and mitigate security risks.</p><p><strong>Is your organization ready to strengthen its defenses? Connect with us to confidently navigate the <a href="https://kratikal.com/rbi-compliance-audit"><mark class="has-inline-color has-luminous-vivid-orange-color">RBI cybersecurity framework</mark></a>.</strong></p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><p> <!-- IMPORTANT: SEO control --><br> <meta name="robots" content="noindex, nofollow"></p><p> </p><title>Blog Form</title><br><div class="containers"> <!-- Left Section --> <div class="left-section"> <p class="heading-wrap">Book Your Free Cybersecurity Consultation Today!</p> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <p> <!-- Right Section --></p> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get" onsubmit="return validateForm(this)"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required name="FullName" placeholder="Enter full name"> </div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required name="email" placeholder="your name @ example.com"> </div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required name="CompanyName" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input type="number" required name="Phone" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><!-- CSS Styles --></p><style> .containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; } .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; } .left-section .heading-wrap { font-size: 24px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; } .consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; } .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; } .form-containers { width: 100%; } .form-group { margin-bottom: 20px; } label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; } .right-section input { width: 88%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; } .submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; } /* Responsive */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; } .left-section, .right-section { width: 100%; } .left-section { height: 400px; } .consultation-image { height: 60%; } } @media (max-width: 480px) { .left-section { padding: 20px; height: 350px; } .left-section .heading-wrap { font-size: 17px; line-height: 28px;width: 80%; } .right-section { padding: 20px; } .right-section input, .submit-btnns { padding: 10px; } } </style><p><!-- JS Validation --><br> <script> function validateForm(form) { const inputs = form.querySelectorAll("input[type=text], input[type=email], input[type=number]"); for (let i = 0; i < inputs.length; i++) { if (/[<>]/.test(inputs[i].value)) { alert("Tags and attributes are not allowed in form fields!"); return false; // prevent submission } } return true; // allow submission } </script><br> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516" integrity="sha512-8DS7rgIrAmghBFwoOTujcf6D9rXvH8xm8JQ1Ja01h9QX8EzXldiszufYa4IFfKdLUKTTrnSFXLDkUEOTrZQ8Qg==" data-cf-beacon='{"version":"2024.11.0","token":"33edbdb5f462496f85e52978979b687b","server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9f5c0406bd1036c3',t:'MTc3Nzc3NzIyOQ=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></p><h3 class="wp-block-heading"><strong>Why is RBI Cybersecurity Framework Important for Fintech Organizations?</strong></h3><ul class="wp-block-list"> <li><strong>Regulatory Penalties and License Suspension</strong>: Non-compliance with guidelines issued by the Reserve Bank of India can lead to heavy financial penalties, operational restrictions, or even suspension of licenses. This can directly halt business operations and impact long-term sustainability.</li> </ul><ul class="wp-block-list"> <li><strong>Loss of Partnerships with Banks/NBFCs</strong>: Fintechs rely heavily on partnerships with regulated entities. Failure to comply with the RBI cybersecurity framework can result in termination of partnerships, limiting access to critical banking infrastructure and financial networks.</li> </ul><ul class="wp-block-list"> <li><strong>Reputational Damage and Customer Distrust</strong>: Security lapses or regulatory actions can severely damage brand credibility. In the fintech space, where trust is a key differentiator, even a single incident can lead to customer churn and reduced market confidence.</li> </ul><ul class="wp-block-list"> <li><strong>Increased Risk of Cyberattacks</strong>: Non-compliance often indicates weak security controls, making organizations easy targets for hackers. This increases exposure to data breaches, ransomware, and financial fraud.</li> </ul><ul class="wp-block-list"> <li><strong>Impact on Financial Stability and Data Protection</strong>: Fintech platforms handle sensitive financial data. Any compromise can disrupt financial transactions and expose customer information, leading to legal liabilities and regulatory scrutiny.</li> </ul><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h3 class="wp-block-heading"><strong>Common Compliance Gaps Observed</strong></h3><p>Organizations often fall short in the following areas under the <strong>RBI cybersecurity framework</strong>, which can weaken their overall security posture and audit readiness:</p><ul class="wp-block-list"> <li><strong>Delayed Incident Reporting</strong>: Many fintechs fail to report cybersecurity incidents within the stipulated timelines defined by the Reserve Bank of India. Delays not only violate regulatory requirements but also hinder timely response and containment, increasing the impact of breaches.</li> </ul><ul class="wp-block-list"> <li><strong>Weak Access Control Mechanisms</strong>: Inadequate implementation of Identity and Access Management (IAM), lack of multi-factor authentication (MFA), and excessive privileged access often lead to unauthorized system access and insider threats.</li> </ul><ul class="wp-block-list"> <li><strong>Lack of Network Segmentation</strong>: Flat network architectures without proper segmentation make it easier for attackers to move laterally across systems. This significantly increases the blast radius of a cyberattack.</li> </ul><ul class="wp-block-list"> <li><strong>Insufficient Logging and Monitoring</strong>: Lack of centralized logging and weak monitoring reduces visibility, delaying threat detection and response.</li> </ul><ul class="wp-block-list"> <li><strong>Irregular VAPT and Patch Management</strong>: Organizations often conduct <a href="https://kratikal.com/blog/vapt-testing-vulnerability-assessment-and-penetration-testing/"><mark class="has-inline-color has-luminous-vivid-orange-color">Vulnerability Assessment and Penetration Testing</mark> </a>(VAPT) as a one-time activity rather than an ongoing process. Delayed patching leaves known vulnerabilities exploitable.</li> </ul><h3 class="wp-block-heading">Conclusion</h3><p>Compliance with guidelines issued by the Reserve Bank of India is fundamental for fintech organizations operating in today’s high-risk digital environment. The <strong>RBI cybersecurity framework</strong> not only ensures regulatory alignment but also strengthens overall cyber resilience, safeguarding sensitive financial data and critical business operations. Organizations should treat compliance as an ongoing discipline, proactively strengthening resilience against evolving threats and regulations through strong security and audit readiness.</p><p>Ultimately, fintechs that embed cybersecurity into their core strategy gain more than compliance; they build trust, enhance operational stability, and secure a sustainable competitive advantage in India’s rapidly expanding digital financial ecosystem.</p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1777637254095"><strong class="schema-how-to-step-name"><strong>What is the role of IS (RBI) Audit in compliance?</strong></strong> <p class="schema-how-to-step-text"><strong>IS (RBI) Audit</strong> is a structured assessment that evaluates an organization’s IT governance, cybersecurity controls, and regulatory compliance. It helps identify gaps in security practices and ensures alignment with RBI guidelines.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777637267191"><strong class="schema-how-to-step-name"><strong>How often should VAPT be conducted under RBI guidelines?</strong></strong> <p class="schema-how-to-step-text">Vulnerability Assessment and Penetration Testing (VAPT) should be conducted at least annually and after any major system changes. It ensures that vulnerabilities are identified and remediated before they can be exploited.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777637283758"><strong class="schema-how-to-step-name"><strong>What happens if a fintech company fails RBI compliance?</strong></strong> <p class="schema-how-to-step-text">Non-compliance can result in regulatory penalties, suspension of operations, reputational damage, loss of partnerships with banks/NBFCs, and increased regulatory scrutiny.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/">RBI Cybersecurity Compliance Checklist for Fintech Organizations</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/" data-a2a-title="RBI Cybersecurity Compliance Checklist for Fintech Organizations"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shikha Dhingra">Shikha Dhingra</a>. Read the original post at: <a href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/">https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/</a> </p>

<p>The post <a href="https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks">Are Your AI Deployments Quantum-Resistant? How to Protect Against Future Cyberattacks</a> appeared first on <a href="https://www.gopher.security/blog">Read the Gopher Security's Quantum Safety Blog</a>.</p><p>Your AI deployments are sitting on a cryptographic foundation that is, quite frankly, a ticking time bomb. If you’re still betting the farm on standard RSA or ECC encryption to protect your proprietary model weights, training data, or agent-to-agent chatter, you’re already losing. </p><p>Forget the "quantum apocalypse" predicted for the 2030s. That’s a convenient fairy tale for people who want to sleep at night. The real threat—the Store Now, Decrypt Later (SNDL) threat—is happening right under your nose. Adversaries are harvesting your encrypted data this very second. They’re hoarding it in massive server farms, waiting for the day they can flip the switch on a quantum computer and unlock your most guarded intelligence. If your infrastructure isn’t quantum-resistant, your competitive advantage is being exfiltrated in plain sight.</p><h2>Why Traditional Encryption is Failing Your AI Strategy</h2><p>Modern cybersecurity is built on a specific, fragile assumption: that certain math problems—like integer factorization—are impossible to solve. RSA and Elliptic Curve Cryptography (ECC) depend entirely on this premise. It worked for decades. But then came Shor’s algorithm, and suddenly, the math doesn't look so impossible anymore. A cryptographically relevant quantum computer (CRQC) can tear through these problems in polynomial time.</p><p>When you look at how AI stacks are actually built—massive, centralized data lakes and high-speed pipelines—the vulnerability becomes terrifying. The SNDL threat turns today’s encrypted traffic into tomorrow’s open book. If your AI strategy involves keeping data for more than a few years, or if you’re moving intellectual property across distributed nodes, you’re essentially handing a "time-locked" gift to future adversaries. Relying on current standards isn't a "risk-management choice." It’s just negligence.</p><h2>The MCP Vulnerability: How AI Interoperability Creates New Risk</h2><p>The <a href="https://modelcontextprotocol.io/">Model Context Protocol (MCP)</a> has quickly become the industry standard for wiring AI agents to data sources and tools. Think of it as the "USB-C" of the AI era—a unified, standardized interface that makes everything talk to everything else. It’s a massive win for productivity, but from a security perspective? It’s a nightmare.</p><p>By standardizing the transport layer, MCP creates a "golden path" for hackers. If someone taps into your MCP bus, they aren't just seeing raw data; they’re seeing the context, the function calls, and the sensitive logic passing between your agents. In a standard setup, this traffic is protected by TLS 1.3. Which, as we’ve established, is just as vulnerable to quantum threats as everything else.</p><pre><code class="language-mermaid">graph LR subgraph "Vulnerable Standard Path" A[AI Agent] -- TLS 1.3/RSA --&gt; B[MCP Server] B -- "Interceptable Data" --&gt; C[Attacker] end subgraph "Quantum-Resistant Path" D[AI Agent] -- "PQC-Wrapped Tunnel" --&gt; E[MCP Server] end style C fill:#f9f,stroke:#333,stroke-width:2px style D fill:#bbf,stroke:#333 style E fill:#bbf,stroke:#333 </code></pre><p>When your agents chat via MCP, they’re basically broadcasting their internal state to anyone listening. Without a quantum-resistant tunnel, that state is perpetually at risk.</p><h2>How Can You Achieve Cryptographic Agility in 2026?</h2><p>Cryptographic agility sounds like a buzzword, but it’s actually a survival skill. It’s the ability to swap out your encryption algorithms without tearing your entire tech stack down to the studs. In 2026, it’s the only way to stay ahead. You can’t afford to hard-code security protocols anymore. You need a modular approach that lets you pivot as NIST standards evolve.</p><p>The smartest path forward? <strong>Hybrid Encryption</strong>. This involves wrapping your classical encryption (RSA/ECC) with Post-Quantum Cryptography (PQC). Even if one layer fails—whether because of a classical flaw or a quantum breakthrough—the other keeps your data locked tight. If you’re trying to implement this at the transport level, <a href="https://www.gopher.security/blog/post-quantum-cryptographic-agility-mcp-transport">Post-Quantum Cryptographic Agility in MCP Transport</a> is the framework you need to keep performance high without leaving the front door wide open.</p><h2>What are the NIST Standards for Quantum-Resistant Defense?</h2><p>The National Institute of Standards and Technology (NIST) has finally laid out the map for <a href="https://csrc.nist.gov/projects/post-quantum-cryptography">NIST Post-Quantum Cryptography Standards</a>. They’re focusing heavily on Module-Lattice-Based Key-Encapsulation (ML-KEM) and digital signatures (ML-DSA). These algorithms are tough cookies because they rely on the Shortest Vector Problem in lattices—a puzzle that remains computationally miserable even for quantum computers.</p><p>But don't stop at key encapsulation. You have to consider the <em>execution</em> itself. How do you verify an AI agent is using your data correctly without exposing the data? Check out <a href="https://www.gopher.security/blog/zero-knowledge-proofs-privacy-preserving-ai-tool-execution">Zero-Knowledge Proofs for Privacy-Preserving AI</a>. ZKPs let your agents prove they have the right clearance or that a computation was run correctly—all without ever showing the underlying sensitive context to the network.</p><h2>Your 3-Phase Transition Plan to Quantum Readiness</h2><p>Transitioning to a quantum-resistant architecture isn't an overnight "rip and replace" job. You’ll kill your productivity if you try. It needs to be a systematic, three-stage evolution.</p><pre><code class="language-mermaid">gantt title 3-Phase Transition Plan to Quantum Readiness dateFormat YYYY section Phase 1: Audit Inventory AI Endpoints :active, a1, 2026-01-01, 2026-04-01 section Phase 2: Pilot Hybrid Encryption Testing :crit, p1, 2026-04-01, 2026-08-01 section Phase 3: Deploy PQC IAM Implementation :d1, 2026-08-01, 2026-12-31 </code></pre><ol> <li><strong>Audit:</strong> Map every single AI endpoint currently using the <a href="https://modelcontextprotocol.io/">Model Context Protocol</a>. You can’t protect what you don’t know you have.</li> <li><strong>Pilot:</strong> Run hybrid encryption in your testing environments. Keep a close eye on latency—measure how much ML-KEM impacts your AI agents to ensure they stay snappy.</li> <li><strong>Deploy:</strong> Move to a quantum-resistant Identity and Access Management (IAM) model. Ensure every autonomous agent is authenticated with post-quantum signatures so you don't get hit by impersonation or "man-in-the-middle" attacks.</li> </ol><h2>Conclusion: The Cost of Inaction</h2><p>The cost of doing nothing isn't just a "potential breach." It’s the immediate, quiet loss of control over your most valuable assets. If your models are being scraped today, the value of that IP is already being drained. Quantum readiness isn't some fancy "future-proofing" exercise; it’s a compliance mandate for anyone in finance, healthcare, or defense.</p><p>Building a <a href="https://www.gopher.security/faq/how-to-build-quantum-resistant-infrastructure-for-model-context-protocol-deployments">quantum-resistant infrastructure</a> is hard work, but it’s manageable if you’re disciplined. Don't wait for the headline announcing a quantum breakthrough. By the time that hits the news, your secrets will already be in the hands of people who have been waiting for the clock to strike zero.</p><h2>Frequently Asked Questions</h2><h3>Is my AI infrastructure really at risk if quantum computers aren't fully here yet?</h3><p>Yes. The primary threat is the "Store Now, Decrypt Later" (SNDL) strategy. Adversaries are actively intercepting and storing encrypted traffic today, betting that they will be able to decrypt it once fault-tolerant quantum hardware becomes available. If your data has a shelf life of more than a few years, it is vulnerable today.</p><h3>What is the Model Context Protocol (MCP), and why does it need quantum-resistant security?</h3><p>MCP is an open standard that enables AI agents to connect to various data sources and tools seamlessly. Because it acts as the primary conduit for AI-to-AI and AI-to-data communication, it is a high-value target. If the protocol's transport security is compromised, an attacker gains a "golden path" into your entire agent ecosystem.</p><h3>Do I have to rebuild my entire AI stack to be quantum-resistant?</h3><p>No. You do not need to rewrite your models or replace your infrastructure. By focusing on "cryptographic agility," you can implement hybrid encryption—a "wrapper" approach that uses PQC alongside your current standards. This allows you to achieve quantum resistance without a total system overhaul.</p><h3>What are the NIST-approved standards for post-quantum security in 2026?</h3><p>The current primary standards are ML-KEM (Module-Lattice-Based Key-Encapsulation) for secure key exchange and ML-DSA for digital signatures. These <a href="https://csrc.nist.gov/projects/post-quantum-cryptography">NIST-approved algorithms</a> are specifically designed to withstand the computational power of future quantum computers.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/are-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks/" data-a2a-title="Are Your AI Deployments Quantum-Resistant? How to Protect Against Future Cyberattacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.gopher.security/blog">Read the Gopher Security&amp;#039;s Quantum Safety Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Read the Gopher Security's Quantum Safety Blog">Read the Gopher Security's Quantum Safety Blog</a>. Read the original post at: <a href="https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks">https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks</a> </p>

<p><!-- content style : start --></p><style type="text/css" data-name="kubio-style"></style><p><!-- content style : end --></p><h1>Web application testing with Burp Suite: a practical guide for UK SMEs</h1><p>For many UK SMEs, web applications are now part of day-to-day business. They handle customer logins, staff portals, booking systems, supplier access, and internal admin tasks. That makes them valuable, but it also means they deserve regular security attention.</p><p>Burp Suite is a widely used tool for testing web applications in a controlled way. It helps security teams and developers see how an application behaves when requests are sent to it, how it handles sessions, and whether it exposes weaknesses that should be fixed. Used properly, it supports defensive testing. It is not a shortcut to security, and it is not a substitute for good development practices, but it can be a very useful part of a sensible review process.</p><p>This guide is written for UK SMEs that want practical self-help guidance. It focuses on authorised testing of your own systems, with clear boundaries and business-focused interpretation of findings.</p><h2>What Burp Suite is and where it fits in web application testing</h2><p>Burp Suite is a web application testing platform. In plain English, it lets you observe, inspect, and modify traffic between a browser and a web application so you can understand how the application responds. That makes it useful for checking whether the application behaves as expected, whether controls are working properly, and whether there are gaps that need attention.</p><h3>Core features in plain English</h3><p>The most useful parts for a small business are usually the proxy, site map, and history views. The proxy lets you place Burp between your browser and the application so you can see requests and responses. The site map helps you understand the structure of the application, including pages, parameters, and endpoints. The history view shows what has been sent and received, which is helpful when you are tracing a user journey or reproducing a problem.</p><p>Other features can support deeper testing, but SMEs do not need to use every function to gain value. In practice, the tool is most helpful when you want to understand how the application handles login, session management, forms, file uploads, and access to different areas of the system.</p><h3>When SMEs might use it as part of a wider security review</h3><p>Burp Suite is most useful when you already have a legitimate reason to test an application. That might be before a release, after a significant change, during a supplier review, or as part of a periodic security check. It can also help when a developer wants to confirm that a fix has worked.</p><p>For SMEs, the key point is that Burp Suite works best as part of a wider process. It is one input into risk management, not the whole answer. Findings should be considered alongside business impact, data sensitivity, user exposure, and how quickly the issue could be exploited in your environment.</p><h2>Before you start: scope, permission and safe testing boundaries</h2><p>Before any testing begins, define exactly what is in scope. This is important for safety, for clarity, and for avoiding disruption. Testing without clear permission can create avoidable problems, even when the intention is defensive.</p><h3>Why written authorisation matters</h3><p>Written authorisation gives everyone a shared understanding of what is allowed. It should cover the application or applications being tested, the time period, the accounts to be used, and any systems that must not be touched. It should also make clear who to contact if something unexpected happens.</p><p>For an SME, this does not need to be a long document. A short approval note can be enough if it is clear and specific. The important thing is that the business owner, system owner, or another appropriate decision-maker has agreed to the activity in advance.</p><h3>How to define systems, accounts and test windows</h3><p>Start by listing the exact URLs, environments, and user roles that are in scope. Separate production, staging, and development systems, because they may behave differently and may carry different risks. If you are testing production, be especially careful about timing and impact.</p><p>Use dedicated test accounts where possible. Avoid using real customer or staff accounts unless there is a strong reason and the account owner has agreed. Make sure you know what data those accounts can access, because that affects both the risk and the interpretation of any findings.</p><p>Agree a test window that suits the business. For example, you may want to avoid peak trading hours, payroll processing, or busy customer service periods. The aim is to test safely without creating unnecessary operational noise.</p><h2>Setting up a basic testing workflow</h2><p>A simple workflow is usually enough for an SME starting out. The goal is to observe normal behaviour first, then look for anything that seems inconsistent, overly permissive, or poorly controlled.</p><h3>Intercepting traffic and reviewing requests and responses</h3><p>When you browse the application through Burp Suite, the tool can capture the requests your browser sends and the responses the server returns. A request is the message sent to the application. A response is the reply. Reviewing both helps you understand what information is being exchanged.</p><p>Look at the structure of requests, the parameters being passed, and the cookies or tokens used to maintain a session. Check whether the application sends more data than it needs to, whether sensitive information appears in responses, and whether the application behaves consistently when inputs change.</p><p>This is often where small but useful observations appear. For example, a page may reveal more information than expected, or a form may accept data in a way that suggests validation is weak. On their own, these observations do not prove a serious issue, but they can point to areas that deserve closer review.</p><h3>Using the site map and proxy history to understand application behaviour</h3><p>The site map helps you build a picture of the application’s structure. It can show hidden pages, repeated patterns, and areas that are not obvious from the user interface alone. The proxy history helps you trace what happened during a session, which is useful when you are trying to understand a workflow or compare one user role with another.</p><p>For SMEs, this is especially helpful when applications have grown over time. Older systems often contain pages, parameters, or admin functions that are still reachable even if they are no longer prominent in the interface. Mapping the application carefully can reveal where controls are missing or where access paths are more complex than expected.</p><h2>Common issues Burp Suite can help identify</h2><p>Burp Suite is useful because it helps you see how the application behaves, not just how it looks. That makes it easier to spot issues that may not be visible through normal use.</p><h3>Authentication and session handling weaknesses</h3><p>Authentication is the process of proving who you are. Session handling is how the application keeps track of you after login. Weaknesses in either area can create unnecessary risk.</p><p>Examples include sessions that do not expire properly, login flows that behave inconsistently, or cookies that appear to be handled in a way that is not robust. You may also notice that the application does not react well to repeated failed logins, password resets, or changes in user state. These are not always critical problems, but they are worth understanding because they affect how trustworthy the application is.</p><h3>Input validation and access control concerns</h3><p>Input validation is the process of checking that data entered into the application is acceptable. Access control is the set of rules that decides what a user can see or do. Both are common areas for weaknesses in web applications.</p><p>Burp Suite can help you observe whether the application accepts unexpected input, whether it returns different results when values change, and whether one user role can reach data or functions intended for another. For an SME, the business question is simple: can the right people access the right information, and are the controls consistent?</p><p>It is also worth checking whether the application reveals too much detail in error messages or responses. Even when this does not create an immediate security incident, it can make later exploitation easier and can expose internal implementation details that the business would rather keep private.</p><h2>How to interpret findings without overreacting</h2><p>It is easy to overstate the importance of a technical finding, especially when it sounds alarming. A better approach is to assess each issue in context. Consider how easy it is to reach, what data or functions are affected, whether the issue is exposed to all users or only a small group, and what the business impact would be if it were misused.</p><h3>Separating low-risk issues from business-critical ones</h3><p>Some findings are useful but low risk. For example, a minor information disclosure may be worth fixing, but it may not justify urgent action. Other issues, such as broken access control or weak session handling on a customer-facing portal, may deserve much higher priority because they affect trust, confidentiality, or service continuity.</p><p>A practical way to think about it is to ask three questions. Could this issue expose data? Could it let someone do something they should not be able to do? Could it disrupt a key business process? If the answer to any of these is yes, the issue deserves proper attention.</p><h3>When to involve developers or a specialist tester</h3><p>Internal teams can often identify obvious issues and confirm whether a control is behaving as expected. However, if a finding is difficult to reproduce, affects multiple systems, or appears to involve deeper design weaknesses, it is sensible to involve a developer or a specialist tester.</p><p>That is not a sign of failure. It is a normal part of mature security practice. Some issues are straightforward to fix, while others need a broader review of architecture, authentication design, or business logic. The earlier the right people are involved, the easier it is to resolve the issue in a controlled way.</p><h2>Making testing useful for the business</h2><p>Security testing only creates value when the results are turned into action. For SMEs, that means translating technical observations into a prioritised plan that the business can actually follow.</p><h3>Turning findings into a prioritised remediation plan</h3><p>Start by grouping findings by business impact rather than by technical detail alone. A simple plan might separate urgent fixes, medium-priority improvements, and items that can be scheduled into normal development work. Include the affected system, the owner, the expected fix, and a realistic target date.</p><p>It also helps to note any compensating controls. For example, if a weakness exists but the application is only available to a small internal group, that changes the risk picture. The aim is not to minimise the issue, but to make sure the response is proportionate.</p><h3>Linking web testing to wider risk management and secure development</h3><p>Web application testing should not sit in isolation. Findings often point to broader themes such as weak change control, inconsistent input handling, or gaps in development review. If the same type of issue appears more than once, it may indicate a process problem rather than a one-off defect.</p><p>That is where a wider risk management approach helps. Treat recurring findings as evidence that a control needs strengthening. Feed lessons back into secure development practices, code review, release checks, and supplier oversight where relevant. Over time, this reduces repeat work and makes the business more resilient.</p><h2>Practical limits and when to seek external support</h2><p>Burp Suite is a useful tool, but it has limits. It can help you observe behaviour and spot weaknesses, but it does not replace experience, judgement, or a structured testing approach.</p><h3>What internal teams can reasonably do</h3><p>Internal teams can usually handle basic observation, simple workflow mapping, and confirmation that known fixes behave as expected. They can also use Burp Suite to support developer testing before a release, provided the scope is clear and the activity is authorised.</p><p>What they should avoid is treating the tool as a way to improvise deeper security testing without the right experience. If the team is not confident about interpreting the results, or if the application is business-critical, it is better to slow down and get support than to draw the wrong conclusion.</p><h3>When a broader penetration test is more appropriate</h3><p>If the application is customer-facing, handles sensitive data, or supports important business processes, a broader penetration test may be more appropriate than ad hoc testing. That is especially true where there are multiple applications, complex integrations, or a history of repeated issues.</p><p>A broader test can combine web application review with other relevant checks, giving the business a more complete picture of risk. For many SMEs, that is a better use of time and budget than trying to test everything internally.</p><p>Used well, Burp Suite can help an SME understand its web application risk in a practical way. The main discipline is to keep testing authorised, focused, and proportionate. If you want help turning findings into a sensible remediation plan, or you need support designing a risk-based testing approach, speak to a consultant.</p><p>Speak to a consultant: <a href="https://clearpathsecurity.co.uk/contact-page/">https://clearpathsecurity.co.uk/contact-page/</a></p><p>The post <a href="https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/">Web application testing with Burp Suite: a practical guide for UK SMEs</a> appeared first on <a href="https://clearpathsecurity.co.uk/">Clear Path Security Ltd</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/" data-a2a-title="Web application testing with Burp Suite: a practical guide for UK SMEs"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://clearpathsecurity.co.uk/">Clear Path Security Ltd</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Clear Path Security Ltd">Clear Path Security Ltd</a>. Read the original post at: <a href="https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/">https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/</a> </p>

<p>The post <a href="https://xkcd.com/3223/">Randall Munroe’s XKCD 'Inflation Timeline'</a> appeared first on <a href="https://www.infosecurity.us/">Infosecurity.US</a>.</p><figure class=" sqs-block-image-figure intrinsic "> <p> <a class=" sqs-block-image-link " href="https://xkcd.com/3223/"></a></p> <p> <img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png" data-image-dimensions="304x333" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1000w" width="304" height="333" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"></p> <p> <figcaption class="image-caption-wrapper"> <p class=""><strong>via the comic artistry and dry wit of Randall Munroe, creator of XKCD</strong></p> </figcaption></p></figure><p><a href="https://www.infosecurity.us/blog/2026/5/1/randall-munroes-xkcd-inflation-timeline">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/randall-munroes-xkcd-inflation-timeline/" data-a2a-title="Randall Munroe’s XKCD ‘Inflation Timeline’"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3223/">https://xkcd.com/3223/</a> </p>

<p><span data-contrast="none">China may be trying to stem the tide of scams coming out of Southeast Asia, but it seems the country is doing so selectively, focusing primarily on those that affect their citizens but not the ones that target Americans.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That’s a failing that has “led </span><span data-contrast="none">to a wave of scam center ‘alumni’ setting up shop in China,” according to a </span><a href="https://www.uscc.gov/research/protecting-americans-china-linked-scam-centers-update-emerging-trends" target="_blank" rel="noopener"><span data-contrast="none">report from the U.S.-China Economic and Security Review Commission</span></a><span data-contrast="none">.   </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The commission notes that “in 2024, Chinese authorities prosecuted approximately 78,000 people for online fraud—a 54% increase over the previous year.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">It’s difficult not to see China’s selective approach as anything but political, and there is some truth to that. The report says as much. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But it is also true that the flood of scams is too great for the country—or any country—to dam. And despite publishing a list of 100 high-level criminals wanted for scams that targeted Chinese citizens and offering a reward for information, the country is failing to stem the tide. Though the efforts did help China snare notorious scam “kingpin” Chen Zhi, who was indicted by the U.S., after the “most wanted” list and reward were posted, Chinese officials were able to get him extradited from Cambodia. “</span><span data-contrast="none">However, Beijing continues to turn a blind eye to criminal activity targeting foreigners,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That troubles American authorities, who saw American losses from Chinese criminal group-operated industrial-scale scam centers top $10 billion in 2024. So the U.S. government has taken matters into its own hands, sanctioning criminal leaders and creating an Interagency Scam Center Strike Force. But even that can’t pull authorities ahead of the scammers who “are embracing advanced technologies and exploiting cryptocurrency to launder stolen assets across national borders with virtual impunity,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And of course, AI is making it easier for the cybercriminals, who are using it to scale operations, boost the sophistication of scams, and evade tried and true detection methods. </span><span data-contrast="none">These AI-powered scams, the report found, make it difficult for even the most discerning potential victims to distinguish fact from fraud.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Noting that “Chinese-nexus cyber activity has evolved in four phases over the past two decades,” </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">research from Darktrace</span></a><span data-contrast="none"> shows today it is “defined by scale, operational restraint, and persistence.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While “attackers are establishing access, evaluating its strategic value, and maintaining it over time,” the research finds “a broader shift: cyber operations are increasingly integrated into long-term economic and geopolitical strategies. Access to digital environments, specifically those tied to critical national infrastructure, supply chains, and advanced technology, has become a form of strategic leverage for the long-term.”  </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Trey Ford, chief strategy and trust officer at Bugcrowd, says China “has built a proof of concept for adversarial industrialization: Scripted social engineering at scale, multilingual workforce expansion, and money laundering infrastructure embedded in legitimate financial systems.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And that can’t be stopped by a configuration change. “What stops it is continuous human intelligence, behavioral detection at the transaction layer, and law enforcement cooperation that doesn’t depend on one actor’s domestic political incentives,” he says.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Nathaniel Jones, vice president, security and AI strategy and field CISO at Darktrace, says the company’s </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">recent research</span></a><span data-contrast="none"> shows that Chinese-nexus activity follows two operational models–“smash and grab” and low and slow. The former “are short-horizon intrusions optimized for speed. Attackers move quickly – often exfiltrating data within 48 hours – and prioritize scale over stealth. The median duration of these compromises is around 10 days. It’s clear they are willing to risk detection for short-term gain,” he says.  </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The latter operations were less prevalent in Darktrace’s dataset, “but potentially more consequential,” with attackers prioritizing “persistence, establishing durable access through identity systems and legitimate administrative tools, so they can maintain access undetected for months or even years.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The scams most dangerous to U.S. citizens are “pig-butchering (investment fraud layered on manufactured romantic trust) and crypto investment fraud, says Ford.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But “China isn’t targeting those because the incentive structure doesn’t require it,” he explains. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">“As one U.S.-China Economic and Security Review Commission member put it at a Senate hearing, Beijing has ‘selectively’ cracked down, “largely turning a blind eye to scam centers victimizing foreigners,” with the result that Chinese criminal syndicates have been incentivized to shift toward targeting Americans,” says Ford. “Framed differently: this is not ambivalence, it is a rational enforcement strategy calibrated to domestic political risk.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While the U.S. government has taken some action, “what hasn’t happened is sustained diplomatic pressure that changes Beijing’s incentive calculation,” he says, explaining that “targeted sanctions and individual indictments do not alter the underlying governance structure that makes these operations viable.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Because the U.S. leverage on China in this domain “is constrained by the same geopolitical dynamics shaping every other bilateral conversation,” Ford says, “organizations should not plan around a near-term diplomatic fix.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none"> Instead, he says, they should:</span><span data-ccp-props='{"335557856":16777215}'> </span></p><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Treat social engineering as an infrastructure problem, not a training problem. Pig-butchering attacks operate over weeks or months, building trust before any financial ask appears. Annual phishing awareness sessions don’t address that threat model.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Harden the financial transaction layer specifically. The terminal event in almost every investment fraud scheme is a wire transfer or crypto send that could have been interrupted with verification controls.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1"><span data-contrast="none">Brief employees on the specific mechanics: manufactured relationship, engineered urgency and off-platform movement to private apps. The playbook is consistent. Recognizing the pattern is the control. Most corporate trainings don’t go far enough in training how to detect these patterns.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1"><span data-contrast="none">For executive and high-net-worth individuals, the personal and professional attack surfaces are no longer separate. These scams increasingly target people in their personal lives to create leverage or access in their professional ones.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="5" data-aria-level="1"><span data-contrast="none">Consider continuous third-party validation of your organization’s social engineering exposure, not self-assessed controls – there is scale economy in terms of diversity of perspective, keeping content fresh, and making all of this more effective.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/china-has-its-sights-set-on-scammers-just-not-those-targeting-americans/" data-a2a-title="China Has its Sights Set on Scammers, Just Not Those Targeting Americans "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">Actively exploited cPanel bug exposes millions of websites to takeover</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Security researchers are <a href="https://techcrunch.com/2026/04/30/hackers-are-actively-exploiting-a-bug-in-cpanel-used-by-millions-of-websites/" rel="noreferrer noopener nofollow">warning</a> about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). </p><p>This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface without credentials, potentially take over servers and all hosted sites.</p><p>The vulnerability, tracked as <a href="https://www.cve.org/CVERecord?id=CVE-2026-41940" rel="noreferrer noopener nofollow">CVE-2026-41940</a>, has been added to the <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" rel="noreferrer noopener nofollow">Known Exploited Vulnerabilities catalog</a> by the Cybersecurity and Infrastructure Security Agency (CISA), meaning there is evidence it is being used in real-world attacks.</p><p>Because cPanel/WHM is used by over <a href="https://trends.builtwith.com/websitelist/CPanel">a million si</a><a href="https://trends.builtwith.com/websitelist/CPanel" rel="noreferrer noopener nofollow">t</a><a href="https://trends.builtwith.com/websitelist/CPanel">es</a> worldwide, including banks and health organizations, the potential impact is huge. In simple terms, the bug can act like a front‑door key to a big chunk of the web’s hosting infrastructure.</p><p><a href="https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026" rel="noreferrer noopener nofollow">cPanel released patches</a> on April 28, 2026, and urged all customers and hosts to update. It said all supported versions after 11.40 are affected, including DNSOnly and WP Squared.</p><p>Hosting providers including <a href="https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026/" rel="noreferrer noopener nofollow">Namecheap</a>, HostGator, and KnownHost temporarily blocked access to cPanel interfaces while patching, treating this as a critical authentication bypass and reporting exploit attempts going back to late February 2026.</p><h2 class="wp-block-heading" id="h-how-to-stay-safe">How to stay safe</h2><p>While it’s up to the hosting companies and website owners to patch as quickly as possible, there are ways to reduce your risk if a site you use is compromised.</p><p>As always, limit the data you share with websites to what’s absolutely necessary. Data they don’t have can’t be stolen.</p><p>When ordering from an online retailer, don’t tick the box to save your card details for future purchases as they will be stored on the server.</p><p>If there’s an option to check out as a guest, use it. It reduces the amount of personal data tied to an account.</p><p>Don’t reuse passwords. When one site is compromised, having the same credentials in several places turns it into a multi‑account takeover problem. A password manager can help you create complex unique passphrases, and remember them for you.</p><p>Where possible, pay by credit card. In many regions, this gives you stronger fraud protection.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:15%"> <figure class="wp-block-image aligncenter size-large is-resized"><img decoding="async" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/08/PersonalDataRemover-noinfo-icon-blue.svg?w=1024" alt="Personal Data Remover" class="wp-image-115567" style="width:70px"></figure> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-container-core-column-is-layout-10073889 wp-block-column-is-layout-flow" style="padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);flex-basis:60%"> <h3 class="wp-block-heading has-dark-blue-color has-text-color has-link-color wp-elements-2afe8cc7c9b6e1e46c9a35aecba313a2" id="h-your-details-are-probably-already-for-sale">Your details are probably already for sale. </h3> </div> <div class="wp-block-column is-vertically-aligned-center has-global-padding is-content-justification-right is-layout-constrained wp-container-core-column-is-layout-f1f2ed93 wp-block-column-is-layout-constrained" style="flex-basis:30%"> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-a2b2e60f-b6c4-45fc-8aac-20ae3cf27e09"> <div class="mb-button__row u-justify-content-center"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/personal-data-remover" data-type="link" data-id="https://www.malwarebytes.com/scamguard" rel="noreferrer noopener">FIND OUT HERE</a></p> </div> </div> </div> </div> </div><hr class="wp-block-separator aligncenter has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><h2 class="wp-block-heading" id="h-when-a-site-you-trust-gets-hacked">When a site you trust gets hacked</h2><p>If you think you’ve been <a href="https://www.malwarebytes.com/blog/personal/2023/09/involved-in-a-data-breach-heres-what-you-need-to-know" rel="noreferrer noopener">affected by a data breach</a>, take the following steps: </p><ul class="wp-block-list"> <li><strong>Check the company’s advice.</strong> Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.</li> <li><strong>Change your password.</strong> You can make a stolen password useless to thieves by changing it. Choose a <a href="https://www.malwarebytes.com/computer/how-to-create-a-strong-password" rel="noreferrer noopener">strong password</a> that you don’t use for anything else. Better yet, let a <a href="https://www.malwarebytes.com/what-is-password-manager" rel="noreferrer noopener">password manager</a> choose one for you.</li> <li><strong>Enable <a href="https://www.malwarebytes.com/blog/news/2023/10/multi-factor-authentication-has-proven-it-works-so-what-are-we-waiting-for" rel="noreferrer noopener">two-factor authentication (</a><a href="https://www.malwarebytes.com/cybersecurity/basics/2fa" rel="noreferrer noopener">2FA</a></strong><strong>).</strong> If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.</li> <li><strong>Watch out for impersonators.</strong> The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.</li> <li><strong>Take your time.</strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.</li> <li><strong>Consider not storing your card details</strong>. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.</li> <li><strong>Set up <a href="https://www.malwarebytes.com/cybersecurity/basics/dark-web-monitoring" rel="noreferrer noopener">identity monitoring</a></strong>, which alerts you if your <a href="https://www.malwarebytes.com/cybersecurity/basics/pii" rel="noreferrer noopener">personal information</a> is found being traded illegally online and helps you recover after.</li> </ul><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-0884d4d2 wp-block-columns-is-layout-flex" style="margin-top:var(--wp--preset--spacing--50);margin-bottom:var(--wp--preset--spacing--50)"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:85%"> <p><strong>What do cybercriminals know about you?</strong></p> <p> Use Malwarebytes’ free <strong>Digital Footprint scan </strong>to see whether your personal information has been exposed online.</p> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-9fb76ce6-e9be-4800-a515-474eb985c2be"> <div class="mb-button__row u-justify-content-flex-start"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/digital-footprint" rel="noreferrer noopener">SCAN NOW</a></p> </div> </div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover/" data-a2a-title="Actively exploited cPanel bug exposes millions of websites to takeover"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover</a> </p>

<p>The paradox of edge security describes how technologies designed to strengthen network defenses can also create new vulnerabilities. Edge devices improve performance and support localized threat detection by processing data closer to its source, yet modern enterprise environments often operate thousands of distributed endpoints.</p><p>This rapid expansion of edge infrastructure increases the number of systems that security teams must monitor and protect. As a result, the same devices that improve operational efficiency can also widen the attack surface when security controls fail to keep pace with deployment.</p><h3><strong>Why Edge Devices Have Become Attractive Targets</strong></h3><p>Default credentials and weak authentication controls remain common weaknesses in many edge environments. Security teams must also manage increasingly complex technology stacks, with organizations now juggling an <a href="https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/unified-cybersecurity-platform">average of 83 different security solutions</a> from 29 vendors, which complicates consistent policy enforcement.</p><p>Unpatched firmware and outdated operating systems further increase exposure because many edge devices receive updates less frequently than traditional endpoints. Misconfigured firewalls and poorly secured remote management interfaces add additional risk, giving attackers potential entry points into distributed networks.</p><h3><strong>The Operational Challenges Behind Edge Security</strong></h3><p>Information technology (IT) teams manage distributed devices across offices and remote facilities. Many organizations struggle to maintain full visibility into every edge asset connected to their networks. Data exposure often <a href="https://www.synaptics.com/company/blog/security-at-the-edge-why-it-starts-with-the-silicon">represents the most serious vulnerability</a>, as personal or sensitive information can leak during collection, processing or storage.</p><p>Strong security programs protect confidentiality throughout the entire data life cycle. The challenge becomes greater when patch management involves devices running different firmware versions or relying on multiple vendor platforms. These operational constraints slow vulnerability remediation across large environments.</p><h3><strong>Strategies to Reduce Risk in Edge Environments</strong></h3><p>The paradox of edge security requires organizations to rethink how they protect distributed infrastructure. Security teams must combine strong governance and consistent controls to reduce risk in edge environments.</p><h3><strong>1.   Maintain Comprehensive Edge Asset Visibility</strong></h3><p>Continuous discovery tools allow organizations to identify all devices in edge environments. Security teams gain clearer visibility into gateways and sensors operating outside traditional network boundaries. These platforms also track firmware versions, device configurations and known vulnerabilities.</p><p>Improved asset awareness helps teams maintain stronger oversight of complex edge infrastructure. Consistent visibility supports faster detection of security gaps and more informed risk management decisions.</p><h3><strong>2.   Implement Zero Trust Network Principles</strong></h3><p>Zero-trust principles treat every edge device as untrusted until its identity and behavior are verified. This approach requires strict authentication controls and least-privilege access policies before any system can interact with the network.</p><p>Zero-trust architecture also <a href="https://rehack.com/cybersecurity/zero-trust-architecture/">provides improved visibility and control</a> over network activity, which allows organizations to monitor traffic and respond to suspicious behavior in real time. Continuous verification helps reduce the risk of compromised devices gaining persistent access to critical systems.</p><h3><strong>3.   Automate Firmware and Patch Management</strong></h3><p>Centralized patch deployment helps organizations reduce the window of vulnerability across distributed edge environments. Automated update systems enable security teams to apply firmware and software patches consistently across large device fleets.</p><p>This approach improves protection by ensuring critical security fixes reach edge devices quickly. Consistent patching also reduces the risk of attackers exploiting outdated firmware or unsupported operating systems. Centralized update platforms also simplify patch tracking across multiple vendors and device types.</p><h3><strong>4.   Segment Edge Networks</strong></h3><p>Network segmentation helps limit lateral movement if an edge device becomes compromised. Critical systems remain isolated from less secure Internet of Things (IoT) endpoints and operational technology devices, thereby reducing the likelihood that attackers can reach sensitive assets.</p><p>Despite these benefits, adoption remains limited. Research shows that only <a href="https://zeronetworks.com/resource-center/white-papers/network-segmentation-zero-trust-architectures-survey-of-it-security-professionals">5% of IT and security professionals</a> report that their organizations currently microsegment their networks. Broader implementation of segmentation strategies can therefore strengthen protection across distributed environments.</p><h3><strong>5.   Strengthen Monitoring and Telemetry</strong></h3><p>Edge devices should send logs and telemetry to centralized security platforms for continuous monitoring. Centralized visibility allows security teams to analyze activity across distributed infrastructure more effectively. Behavioral analytics tools can detect unusual traffic patterns or abnormal device behavior that may indicate a potential breach.</p><p>These systems also <a href="https://www.researchgate.net/publication/392267675_AI_and_Behavioral_Analytics_in_Enhancing_Insider_Threat_Detection_and_Mitigation">automatically respond to newly discovered threats</a>, often without the need for immediate human intervention. Faster detection and response help organizations reduce the impact of emerging edge security threats.</p><h3><strong>Strengthening Security in Edge Environments</strong></h3><p>Edge infrastructure improves performance and operational flexibility while introducing new security challenges in distributed environments. The paradox of edge security shows how technologies designed to protect networks can become vulnerable entry points when governance and monitoring fall behind deployment. Cybersecurity teams that prioritize visibility and automated security controls strengthen protection in edge networks.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/addressing-the-edge-security-paradox/" data-a2a-title="Addressing the Edge Security Paradox"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p style="font-weight: 400;">A pair of tightly executed cyberattacks have become milestones in cryptocurrency theft in 2026 due to their sheer size. These two incidents, targeting Drift Protocol and KelpDAO, account for roughly three quarters of all recorded crypto losses through April, revealing a shift toward fewer, higher-dollar operations.</p><p style="font-weight: 400;">Based on a report from TRM Labs, security researchers attribute both attacks to North Korean state-backed actors, continuing a multi-year pattern. Since 2017, these groups have extracted more than $6 billion from the crypto ecosystem, with their totals climbing sharply from marginal levels earlier in the decade to a dominant position today.</p><h3 style="font-weight: 400;"><strong>Hundreds of Millions in Losses </strong></h3><p style="font-weight: 400;">The Drift Protocol breach, which resulted in approximately $285 million in losses, reflects a remarkable level of preparation. Investigators describe a prolonged campaign involving direct engagement with personnel, including in-person interactions over several months. This approach, combined with manipulation of transaction authorization mechanisms, allowed attackers to pre-stage withdrawals that were executed rapidly once conditions were prepared. The asset drain was completed in minutes.</p><p style="font-weight: 400;">In contrast, the $292 million exploit targeting KelpDAO relied on a structural weakness in cross-chain verification. By compromising internal infrastructure and manipulating data inputs, attackers were able to convince the system that assets had been legitimately transferred, enabling unauthorized withdrawals at a vast scale. The incident highlights the risks in designs that depend on a single validation source.</p><p style="font-weight: 400;">While the technical methods differed, both attacks highlight a strategic emphasis on identifying systemic vulnerabilities, whether in governance or bridge architectures, where a single point of failure can yield disproportionate returns.</p><p style="font-weight: 400;">Post-breach behavior further distinguishes the operations. Funds taken from Drift Protocol were quickly converted and redistributed but have since remained inactive, suggesting a delayed liquidation strategy. This measured approach has become a pattern, with stolen assets often held for extended periods before being gradually monetized.</p><p style="font-weight: 400;">The KelpDAO proceeds took a more immediate path. After an initial disruption that froze a portion of the funds, the remaining assets were rapidly moved across chains and converted into Bitcoin, primarily through decentralized liquidity protocols. This is a more reactive laundering model, one designed to adapt quickly when obstacles arise.</p><h3 style="font-weight: 400;"><strong>Lack of Centralized Oversight</strong></h3><p style="font-weight: 400;">A consistent element across both cases is the use of cross-chain infrastructure that operates without centralized oversight. These platforms have become critical conduits for moving large volumes of illicit funds, particularly when other channels impose restrictions or compliance checks. This becomes a structural challenge for law enforcement, as decentralized systems limit the ability to intervene once transactions are initiated.</p><p style="font-weight: 400;">The concentration of losses in a small number of events also reveals a shift in attack strategy. Rather than increasing activity, threat actors appear to be refining target selection and execution. This change may be supported by more advanced reconnaissance techniques that use automated tools to map vulnerabilities and discover the best timing.</p><p style="font-weight: 400;">This year’s high-dollar losses in the crypto sector demonstrate that security models that rely on assumptions of distributed trust or limited exposure are being tested by hackers willing to invest time and resources into breaching them. The Drift and KelpDAO incidents suggest that defenses must account not only for technical exploits but also for coordinated, multi-phase campaigns that blend social engineering with protocol-level manipulation.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/north-koreas-enormous-crypto-hacks-redefine-scale-and-strategy/" data-a2a-title="North Korea’s Enormous Crypto Hacks Redefine Scale and Strategy"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next">The Mythos AI Vulnerability Storm: What to Do Next</a> appeared first on <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a>.</p><div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_mythos_webinar.png" alt="Image containing three different hexagon shapes, one with a lock icon, one with a mini screen and a caret for code writing, and one with a map icon." class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>AI is transforming bo<span style="text-decoration: none;">th </span><a href="https://www.sonatype.com/blog/autonomous-development-and-ai-speed-vs.-security" style="text-decoration: none;"><span style="color: #1155cc;">software development and software risk</span></a>.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/the-mythos-ai-vulnerability-storm-what-to-do-next/" data-a2a-title="The Mythos AI Vulnerability Storm: What to Do Next"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next">https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next</a> </p>

<p>Scams that start on social media are gaining steam, with Americans last year <a href="https://www.ftc.gov/news-events/news/press-releases/2026/04/new-ftc-data-show-people-have-lost-billions-social-media-scams" target="_blank" rel="noopener">losing $2.1 billion</a> to such schemes, more than the amounts lost through scams that used other methods to reach consumers, according to the Federal Trade Commission.</p><p>The money lost in 2025 is eight times more than what was stolen through social media in 2020. About 30% of those who reported losing money in a scam said the trouble began on social media. Most of the money Americans lost to scammers – about $794 million – began on Facebook, followed by WhatsApp ($425 million) and Instagram ($234 million). All three social media sites are owned by tech giant Meta.</p><p>Scams starting on other social media sites accounted for about $599 million.</p><p>Other methods scammers used resulted in fewer losses, with phone calls and website or apps resulting in $1.1 billion each. Others included text ($639 million) and email ($569 million).</p><p>“Social media can be a great way to connect, but can also make a scammer’s job easier,” the agency wrote in its <a href="https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2026/04/reported-losses-scams-social-media-eight-times-higher-2020" target="_blank" rel="noopener">Data Spotlight report</a>. “They might hack into your account to scam your friends or even create entirely fake profiles. Or they might use what you post to figure out how to target you. And by buying ads, they get the same tools real businesses use to target you by age, interests, or shopping habits. At very little cost, scammers can reach billions of people from anywhere in the world.”</p><h3>Shopping Scams are Common</h3><p>The cybersecurity industry and other sectors have been warning consumers for years about the amount and kinds of scams that originate on social media. Data protection specialist Forta last year listed <a href="https://www.terranovasecurity.com/blog/examples-social-media-scams" target="_blank" rel="noopener">eight examples of scams</a> that are common on social media, ranging from phishing through direct messages and quizzes or personality tests to fake giveaways and contests and get-rich-quick investment schemes.</p><p>According to the FTC, shopping scams were the most reported on social media, with more than 40% of people who lost money to a social media-based scam saying it started when they ordered something they’d seen in an ad, such as clothes, makeup, car parts, and puppies.</p><p>“Many ads led to unfamiliar websites, while others sent people to sites impersonating well-known brands offering big discounts,” the agency wrote. “Most people said they paid for things that simply never arrived. When orders did show up, people often reported that the items were counterfeits or very different from what was advertised. Reports show that these products were often shipped from China, with high return shipping costs making returns unworkable.”</p><h3>Most Money Lost in Investment Scams</h3><p>While shopping scams were the most reported, it was investment scams that caused the largest losses. In all, $1.1 billion – more than half the total amount lost by U.S. consumers in 2025 – was stolen through investment scams.</p><p>Investment scams come in forms, with some starting with an ad or social media post offering a program to teach people how to invest, while other scammers pose as financial advisors or create WhatsApp groups of “successful investors” giving positive but fake testimonials.</p><p>“They directed people to fake – but real-looking – investment platforms,” the FTC wrote. “There, people create an account, see fake profits, and maybe even withdraw a small amount – this builds trust, so people invest more. But there never was any real investment and, worse still, some people who lost money this way reported secondary losses to scammers who said they could trace and recover lost money … for a fee.”</p><h3>Romance Scams a Threat</h3><p>Romance scams often are another avenue for bad actors to steal money. Almost 60% of those who lost money to a romance scam said it started on a social media platform. The scammers approach people through social media, develop a relationship of sorts, and eventually – and it can take weeks or months – offer investment advice and help or invent a crisis that requires money.</p><p>Romance and other investments are becoming a larger threat as crime syndicates run <a href="https://securityboulevard.com/2026/04/fbi-and-international-agencies-shut-down-scam-centers-arrest-276-people/" target="_blank" rel="noopener">industrial-sized scam compounds</a> in remote parts of Southeast Asia, filled with hundreds of people forced to run these scams.</p><p>“While social media has become central to our routines, its vast reach and anonymity provide certain risks – they’ve become a breeding ground for scammers,” Forta wrote in its report. “Awareness is key to protecting yourself against social media scams.”</p><h3>A Matter of Trust</h3><p>A <a href="https://www.sciencedirect.com/science/article/pii/S2949791425000016" target="_blank" rel="noopener">study</a> published last year by the Journal of Economic Criminology found that phishing scams are particularly effective because they target people through psychological manipulation, rather than trying to exploit software protections. The authors outlined how scammers will create fake profiles or hack legitimate accounts, then use social engineering to play on people’s emotions, like stress or empathy.</p><p>“This trust is leveraged by scammers to request help from victims, often in the form of money or personal information such as passwords,” they wrote. “Phishing is particularly effective due to the human tendency to act on trust, which is easily forged online.”</p><p>The report said social media users educated through training sessions about the dangers of phishing found the information helpful for protecting themselves online, but that people often don’t embrace such training because of time constraints or the belief it is boring or irrelevant.</p><p>The FTC said people should limit who can see their social media posts and contacts, never let someone they met on social media direct their investments, and check out a company to ensure they’re legitimate before buying anything from them. Users should search online for the company name, adding the words “scam” or “complaint” to the search.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/u-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says/" data-a2a-title="U.S. Consumers Lost $2.1 Billion in Social Media Scams in 2025, FTC Says"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p><span data-contrast="none">Browser extensions are collecting and reselling user data—perfectly legally—and opening up a slew of privacy and security issues.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">They’re not malicious extensions, and they’re upfront about what they’re doing, but their proliferation is a big problem for defenders. </span><a href="https://layerxsecurity.com/blog/your-extensions-sell-your-data-and-its-perfectly-legal/" target="_blank" rel="noopener"><span data-contrast="none">LayerX recently found</span></a><span data-contrast="none"> multiple networks of these extensions — more than 80, including 24 media extensions — installed on 800,000 browsers, collecting viewing data and demographic information</span><span data-contrast="none"> from Netflix, Hulu, Disney+, Amazon Prime Video, HBO, Apple TV, and other streaming platforms.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The company also discovered 12 ad blockers openly selling user data—combined, they had a base of 5.5 million users. And nearly 50 other extensions were found to be collecting and reselling the browser data of more than 100,000 users.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">For consumers, these extensions, which operate unregulated, represent potential exposure of private information, including viewing history, content preferences, platform subscriptions, downloaded content and streaming behavior. That’s in addition to the typical data collected around age and gender. Alarmingly, they do it without users ponying up any of that data—to fill any gaps in information, the extension developers simply match email addresses against third-party demographic databases.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“At a certain point in time, not too long ago, these types of extensions were properly being flagged for what they were – spyware,” says Mark Odom, senior solutions engineer at Black Duck. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The problem is that the frequency and depth of this spyware has rebranded as ‘analytics’ in most cases,” and “as new generations grow up, many are being exposed to this level of tracking for nearly their entire lives and just grow used to it; however, that doesn’t decrease the threat level that this brings to the table,” he says. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Odom contends that collecting user data “has been getting out of hand for a long time,” with the larger problem that the bigger “databases already have tons of different data points on individual users.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And the more data collected, Odom says, “the easier it is to identify a person at any given time.”</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">If businesses think they’re off the hook, they need to consider that of the 82 sellers LayerX discovered, 29 are B2B sales intelligence tools that reside on corporate machines. So, employees within organizations may be unwittingly giving up URLs, SaaS dashboards, and research activity that provide entrée into workflows that can then be sold to competitors. That kind of corporate data leakage is unlikely to have eyes on it internally.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“</span><span data-contrast="none">The risk isn’t about users being deceived. It’s about corporate data leaving through a channel nobody is watching,” LayerX wrote.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The researchers noted that “most extension security evaluations focus on permissions or known malicious indicators – flagging extensions that request excessive access or match threat intelligence,” which might catch malware but “doesn’t catch an extension that openly reserves the right to sell your browsing data,” they said.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And AI is only amplifying the issues. “As organizations rapidly adopt agentic AI, Model Context Protocol (MCP), and autonomous browsing capabilities, we’re seeing a pattern develop: AI-native browsers are introducing system-level behaviors that traditional browsers have intentionally restricted for decades,” says Randolph Barr, CISO at Cequence Security. “That shift breaks long-standing assumptions about how secure a browser environment is supposed to be.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">But, he notes, “the real exposure emerges when individuals install AI browsers on their personal devices,” with curiosity driving rapid experimentation. “Once users become comfortable with these tools at home, those behaviors inevitably bleed into the workplace through BYOD access, browser sync features, or personal devices used for remote work,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Barr is particularly concerned about AI browsers’ ability to detect and “how quickly adversaries can scale that detection,” explaining that “AI browsers introduce unique fingerprints in their APIs, extensions, DOM behavior, network patterns, and agentic actions. Attackers can identify them with a few lines of JavaScript or by probing for AI-specific behaviors that differ from traditional browsers.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">With AI-driven classification models in play, bad actors can now “fingerprint AI browsers across millions of sessions automatically. At scale, that enables targeted attacks against users running these higher-risk, agent-enabled environments,” says Barr, who stresses enterprises must remain cautious.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“AI browsers are evolving faster than the guardrails that traditionally protect end users and corporate environments,” making transparency around system-level capabilities, independent audits, and the ability to fully control or disable embedded extensions “table stakes if these browsers want to be considered for regulated or sensitive workflows,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">To better protect their organizations’ browser extensions, security teams should ask three questions, LayerX says:</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><ol><li><span data-contrast="none">What extensions are installed across employee browsers? </span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li><li><span data-contrast="none">What data do those publishers claim the right to collect or sell? </span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li><li><span data-contrast="none">Could corporate browsing activity be flowing into commercial datasets?</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li></ol><p><span data-contrast="none">“If you don’t have an extension governance policy, that’s the first step. If you do, add privacy policy review to the evaluation criteria. Permissions alone don’t tell you enough,” the researchers advise.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">A good rule of thumb, Odom says, “is to always assume the worst-case scenario: that the data will not be properly secured” and a bad actor gets their hands on this data, “they have information about an employee, internal URLs, activity, and probably more; all of which can be used to target an individual employee and gain access to an important business system.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Remember that bad actors also can search email addresses in databases of breached passwords, says Odom, who recommends the use of MFA “first and foremost” and perhaps DNS filtering to block domains from receiving data.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Defense</span><span data-contrast="none"> in depth is the key to protecting both your employees and organizations against this new age of spyware,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/networks-of-browser-extensions-are-spyware-in-disguise/" data-a2a-title="Networks of Browser Extensions Are Spyware in Disguise "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>Key Takeaways</h2><ul> <li aria-level="1"><b>Agent user identities now outnumber human identities at an astounding rate</b>. Each new autonomous agent introduces a new identity, a new credential path, and a new surface area for attackers to exploit.</li> <li aria-level="1"><b>Agent sprawl compounds classic identity security failures: over-provisioned OAuth scopes, reused service accounts, and long-lived tokens. </b>Traditional IAM tooling was never designed to contain all of these at the rate they’re occurring.</li> <li aria-level="1"><b>Privilege drift in agentic systems does not happen gradually </b>the way it does with human roles. It accelerates, and without runtime enforcement of ephemeral, task-scoped permissions, containment becomes structurally impossible.</li> <li aria-level="1"><b>AI Identity Gateways ,</b> enabling a purpose-built control plane for agentic identities, is the only approach that enforces policy at the speed and scale agents operate.</li> </ul><h2>The Scope of the Problem Nobody Planned For</h2><p>Enterprises did not plan for agent sprawl. They planned for AI use cases, and the sprawl arrived as a side effect of shipping those use cases quickly. Development teams provisioned service accounts because proper identity setup felt like friction. OAuth scopes got over-provisioned because the demo needed to work before the sprint ended. Nobody wrote a revocation policy because the first priority was getting the agent to function at all.</p><p>The result is a class of identity risk that has no precedent in enterprise security. <a href="https://www.gartner.com/en/newsroom/press-releases/2024-10-21-gartner-identifies-the-top-10-strategic-technology-trends-for-2025">Gartner named agentic AI the top technology trend of 2025</a> and projects that 33% of enterprise applications will include agentic AI by 2028, up from less than 1% in 2024. Organizations are expected to have 50x to 80x more agents than human users in their environments within that same window.</p><p>Each one of those agents carries credentials, scopes, and access paths into databases, APIs, and internal services. These agentic tokens are already exposed in the wild, surfacing across Jira tickets, Teams messages, Confluence pages, and code commits. This is an active exposure, not a future risk, that most security teams lack the tooling to even quantify.</p><h2>What Agent Sprawl Actually Means in Practice</h2><p>Agentic sprawl, or agent sprawl, describes the uncontrolled proliferation of AI agents, their associated credentials, and their accumulated access rights across an enterprise environment. The term borrows from “tool sprawl” and “secret sprawl,” both of which are familiar problems for platform and security teams. But agent sprawl compounds both simultaneously.</p><p>When a development team builds an AI agent to automate a procurement workflow, that agent receives API keys, OAuth tokens, and service account credentials to interact with the systems it touches. When a second team builds an agent for HR automation, the same pattern repeats, often without coordination with the identity or security team. When a third team reuses an existing service account because creating a new one takes too long, the blast radius of that account expands silently.</p><p><a href="https://www.strata.io/blog/zero-standing-privileges-the-only-way-to-stop-agent-privilege-drift/">Privilege drift</a> sets in at this stage. In Human IAM, privilege drift occurs slowly as roles expand through job changes and organizational restructuring. With agents, it happens at development speed. No single overprovision looks alarming, but the aggregate exposure is what creates catastrophic risk. Consider that many agents are shared across more than one application, and are not rotated within recommended time frames. Also, a significant number of former employee tokens remain active long after the access should have been terminated. Any one of these conditions is a governance failure. All three occurring simultaneously, across hundreds of agents, represents a structural breakdown.</p><h2>Why Traditional IAM Tools Cannot Keep Up</h2><p>Static IAM tooling was designed around a specific assumption: that identities are persistent, that roles change slowly, and that access policies can be reviewed and updated on a human schedule. Agents invalidate every part of that assumption.</p><p>Agents do not follow fixed workflows. They reason, adapt, and make decisions at runtime. What any given agent will need to access during a specific task is not always knowable in advance. Designing least-privilege access up front for a system that reasons and plans at execution time requires a level of prediction that is not realistic in practice. That design gap leads to overpermissioning, which becomes drift, which becomes standing privileges that apply across all contexts regardless of task, time, or risk level.</p><p>Standing privileges in agentic systems create a containment problem with no manual solution. Long-lived tokens issued to agents remain valid for hours or days, giving attackers a substantial exploitation window when those tokens are compromised or leaked. When agents bypass sanctioned access paths, as happens when a developer builds a shortcut connector to avoid governance overhead, audit trails disappear entirely. <a href="https://www.strata.io/blog/agentic-identity/prevent-mcp-bypass/">MCP bypass</a> means losing intent, losing policy enforcement, and losing the ability to detect when an agent is operating outside its authorized scope.</p><h2>The Technical Requirements for Governing Agent Sprawl</h2><p>Governing an agentic environment requires enforcing policy at the layer where agents actually operate: at runtime, against ephemeral credentials, with scope clearly defined to the specific task being executed. This is the core principle behind <a href="https://www.strata.io/blog/zero-standing-privileges-the-only-way-to-stop-agent-privilege-drift/">Zero Standing Privileges</a>, and it applies to agents more forcefully than to any other identity class.</p><p>Agents should never hold standing access. Every access grant should be token-bound to a specific task, a specific tool invocation, and the authority of whoever initiated the request. When the task completes, the token expires automatically. No revocation workflow is needed because there is nothing persistent to revoke. Privilege drift becomes structurally impossible when there is nothing to drift.</p><p>Cryptographically verifiable agent identity is the prerequisite for this model. <a href="https://oauth.net/2/dynamic-client-registration/">OAuth Dynamic Client Registration (DCR)</a>, <a href="https://oauth.net/2/pkce/">PKCE flows</a>, and SPIFFE/SVID certificates ensure that only known, registered agents can authenticate, and only through sanctioned access paths. Identity-aware proxies positioned in front of every API reject any request that does not carry the right attestation, closing the bypass routes that shadow connectors and headless browser automation exploit. Continuous Access Evaluation adds a runtime layer that can pull an agent’s token mid-session if behavior deviates from <a href="https://www.strata.io/blog/agentic-identity/over-scoped-agents/">authorized scope</a>, without waiting for a token expiry.</p><p><a href="https://www.strata.io/blog/agentic-identity/why-identity-simulation-matters-more-than-unit-tests/">Identity simulation testing</a> adds another enforcement layer by validating how agents behave across identity boundaries before they reach production, catching privilege misconfigurations that would otherwise surface as incidents.</p><h2>How Strata’s Maverics Platform Addresses Agent Sprawl</h2><p>The <a href="https://www.maverics.ai/">Maverics Identity Orchestration Platform</a> was built on the premise that identity must be decoupled from applications and managed through a distributed orchestration layer that spans every environment where identities operate. That architecture maps directly onto the requirements of agentic governance.</p><p>Maverics treats every AI agent as a first-class identity, governed with the same rigor applied to human users, and enforces zero-trust policy without requiring changes to existing applications or microservices. The platform’s identity fabric architecture provides the abstraction layer that eliminates the custom identity integrations that typically drive agent credential sprawl. Rather than each development team provisioning its own credentials through its own paths, every agent identity flows through a consistent control plane that enforces policy and produces auditable records.</p><p>The <a href="https://www.strata.io/maverics-platform/identity-orchestration-for-ai-agents/">AI Identity Gateway</a> component of the Maverics architecture sits between agents and the tools they access, downscoping tokens before agents touch resources and preventing drift by design. Because Maverics issues no standing access, the conditions that allow credential sprawl to compound are removed at the architectural level rather than managed through periodic review cycles that always run behind the rate of agent deployment.</p><p>Agent sprawl is an identity governance problem, and identity orchestration is how it gets solved. If your organization is scaling agentic workloads without a purpose-built control plane for agent identities, the access inventory you think you have is already incomplete. <a href="https://www.strata.io/resources/">Explore Strata’s resources</a> to understand how identity orchestration closes the governance gap before your agent program outgrows your ability to manage it.</p><p> </p><p>The post <a href="https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/">A Guide to Agentic Sprawl: How to Govern Your Program</a> appeared first on <a href="https://www.strata.io/">Strata.io</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/a-guide-to-agentic-sprawl-how-to-govern-your-program/" data-a2a-title="A Guide to Agentic Sprawl: How to Govern Your Program"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.strata.io/">Strata.io</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Mark Callahan">Mark Callahan</a>. Read the original post at: <a href="https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/">https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/</a> </p>

<p>We always think we are more vulnerable than our fellow contemporaries! In general sense, this shows lack of confidence, but when you are dealing with security, this is one of the best traits you can have! Sounds strange, right! Let’s be honest, most security teams aren’t short on vulnerability data. They’re drowning in it. Scan a mid-size enterprise environment on any given Tuesday and you’ll likely surface hundreds, sometimes thousands, of flagged issues. Critical. High. Medium. Low. The alerts keep piling up, the spreadsheets keep growing, and somewhere buried in all that noise is the one flaw that an attacker is already looking at. Your insecurity questions the most important factor of security – <strong>which vulnerabilities actually matter right now, in your specific environment, given your specific risk profile?</strong> That’s the problem AutoSecT AI pentesting tool was built to solve.</p><h2 class="wp-block-heading">AutoSecT – AI Pentesting Tool Was Born Because The Old Way Wasn’t Working!</h2><p>Conventional vulnerability management methods were built on a simple premise: scan everything, report everything, patch everything. It sounds thorough and right decades back. Today, it’s paralyzing!</p><p>Let’s take a practical scenario!</p><p>Static CVSS scores tell you a vulnerability has a severity rating of 9.8, but they don’t tell you – </p><ul class="wp-block-list"> <li>whether that CVE can be exploited in your environment.</li> <li>whether hackers are actively weaponizing it in the wild.</li> <li>whether it’s behind a compensating control.</li> </ul><p>Without that context, your security team ends up playing whack-a-mole.How? Patching low-hanging fruit while genuinely dangerous exposures quietly sit unaddressed.</p><p>Take away is that, manual security simply can’t keep up with the volume and velocity of today’s threat landscape. And organizations that rely on periodic, point-in-time assessments are essentially driving with their eyes closed between audits.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><p> <!-- IMPORTANT: SEO control --><br> <meta name="robots" content="noindex, nofollow"></p><p> </p><title>Blog Form</title><br><div class="containers"> <!-- Left Section --> <div class="left-section"> <p class="heading-wrap">Book Your Free Cybersecurity Consultation Today!</p> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <p> <!-- Right Section --></p> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get" onsubmit="return validateForm(this)"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required name="FullName" placeholder="Enter full name"> </div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required name="email" placeholder="your name @ example.com"> </div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required name="CompanyName" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input type="number" required name="Phone" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><!-- CSS Styles --></p><style> .containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; } .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; } .left-section .heading-wrap { font-size: 24px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; } .consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; } .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; } .form-containers { width: 100%; } .form-group { margin-bottom: 20px; } label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; } .right-section input { width: 88%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; } .submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; } /* Responsive */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; } .left-section, .right-section { width: 100%; } .left-section { height: 400px; } .consultation-image { height: 60%; } } @media (max-width: 480px) { .left-section { padding: 20px; height: 350px; } .left-section .heading-wrap { font-size: 17px; line-height: 28px;width: 80%; } .right-section { padding: 20px; } .right-section input, .submit-btnns { padding: 10px; } } </style><p><!-- JS Validation --><br> <script> function validateForm(form) { const inputs = form.querySelectorAll("input[type=text], input[type=email], input[type=number]"); for (let i = 0; i < inputs.length; i++) { if (/[<>]/.test(inputs[i].value)) { alert("Tags and attributes are not allowed in form fields!"); return false; // prevent submission } } return true; // allow submission } </script><br> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516" integrity="sha512-8DS7rgIrAmghBFwoOTujcf6D9rXvH8xm8JQ1Ja01h9QX8EzXldiszufYa4IFfKdLUKTTrnSFXLDkUEOTrZQ8Qg==" data-cf-beacon='{"version":"2024.11.0","token":"33edbdb5f462496f85e52978979b687b","server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9f5c03efbfdcac63',t:'MTc3Nzc3NzIyNg=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></p><h3 class="wp-block-heading">AutoSecT Changes the Question Being Asked</h3><p>AutoSecT, our AI pentesting tool built by Kratikal, flips the script. Instead of knowing <em>“what vulnerabilities exist?”</em>, you get to know <em>“which vulnerabilities pose a real threat to this specific business right now?”</em></p><h2 class="wp-block-heading">How AutoSecT Uses AI to Find The Impactful Vulnerabilities</h2><p>As the most advanced AI-agentic vulnerability scanner in the market, AutoSecT uses active AI reasoning to go well beyond pattern matching. It doesn’t just detect – it understands. It correlates. It prioritizes.</p><h3 class="wp-block-heading">#1 AI-Driven Real-Time Vulnerability Analysis</h3><p>For B2B organizations managing complex, multi-layered environments, cloud infrastructure, web apps, mobile apps, API endpoints and networks all running simultaneously, this kind of signal clarity isn’t a nice-to-have. It’s the difference between a functioning security program and a reactive firefighting operation.</p><p>One of the most critical standout features in AutoSecT is what happens after a vulnerability is flagged. Where most tools end their work at detection, AutoSecT <a href="https://kratikal.com/blog/how-autosect-vmdr-tool-simplifies-vulnerability-management/"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">VMDR Tool</mark></strong></a> actively validates whether a detected vulnerability is actually exploitable in your environment before it ever reaches your team’s queue.</p><p>This is the near-zero false positive promise. Instead of your concerned team spending hours chasing ‘not-so-real’ threats, AutoSecT’s AI verification layer ensures that what lands in your dashboard is real, confirmed, and actionable. When a team receives an alert, they know it’s worth acting on.</p><h3 class="wp-block-heading">#2 Context-Aware Risk Prioritization</h3><p>If two vulnerabilities share the same CVSS score, but one sits on an externally exposed API endpoint actively targeted by known threat actors while the other sits on an internal development server, AutoSecT knows the difference. Your team sees that difference immediately, and remediation priorities are set accordingly.</p><p>AI-driven AutoSecT AI treats every vulnerability detected differently. Rather than applying a static risk score in isolation, it conducts predictive, context-aware risk analysis. It takes into consideration factors like exploitability, business impact, asset criticality, and real-world threat intelligence. It helps surface the vulnerabilities that pose the greatest danger to your specific environment.</p><h3 class="wp-block-heading">#3 AI-Driven Patch Recommendations That Go Beyond “Update Your Software”</h3><p>Finding a vulnerability is only half the job. The other half is knowing what to do about it, fast. AutoSecT doesn’t just surface the issue; it delivers AI-based patch recommendations tailored to what was found. These recommendations go beyond the generic advisories your security team has memorized on the back of their head, same for all the vulnerabilities. They’re tied to the specific vulnerability, the asset configuration, and the risk context that’s immediately actionable rather than requiring additional research.</p><p>Combined with bi-directional JIRA integration and seamless connections to Slack, Microsoft Teams, Zoho Cliq and Google Chat, <a href="https://kratikal.com/autosect"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">AutoSecT</mark></strong></a> ensures that the right fix reaches the right person at the right time. </p><p>Vulnerabilities don’t sit in a report, rather they move through a workflow.</p><div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img fetchpriority="high" decoding="async" width="512" height="512" src="https://kratikal.com/blog/wp-content/uploads/2026/05/image.jpeg" alt="" class="wp-image-15131" style="width:798px;height:auto" srcset="https://kratikal.com/blog/wp-content/uploads/2026/05/image.jpeg 512w, https://kratikal.com/blog/wp-content/uploads/2026/05/image-300x300.jpeg 300w, https://kratikal.com/blog/wp-content/uploads/2026/05/image-150x150.jpeg 150w" sizes="(max-width: 512px) 100vw, 512px"></figure> </div><h2 class="wp-block-heading">AutoSecT AI Pentesting Tool Gives Full Coverage Across Your Entire Attack Surface</h2><p>One of the reasons vulnerabilities slip through is fragmentation. Organizations often use different tools for web app scanning, mobile app testing, cloud configuration reviews, and network security and none of them talk to each other. The result is blind spots.</p><p>AutoSecT was designed to eliminate that fragmentation entirely. A single platform covers:</p><figure class="wp-block-table"> <table class="has-fixed-layout"> <tbody> <tr> <td><strong>Assets</strong></td> <td><strong>Highlights</strong></td> </tr> <tr> <td>Web Application Pentesting</td> <td>Automated scanning from a single URL across all pages, forms, scripts, APIs, and endpoints</td> </tr> <tr> <td>Mobile App Security</td> <td>Deep APK and IPA analysis for both Android and iOS</td> </tr> <tr> <td>Cloud Security</td> <td>Continuous automated scanning of AWS, GCP, and Azure for misconfigurations and insecure settings</td> </tr> <tr> <td>API Security</td> <td>Static and dynamic analysis detecting SQLi, XSS, broken authentication, and more</td> </tr> <tr> <td>Network Security</td> <td>IP and MAC-based scanning with real-time exploit validation</td> </tr> </tbody> </table> </figure><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h2 class="wp-block-heading">What As An Organization You Should Know About Our AI Pentesting Tool</h2><p>Understand your current approach to vulnerability management. AutoSecT, as <a href="https://kratikal.com/blog/ai-driven-vulnerability-management-as-a-solution-for-new-era/"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">VMaaS</mark></strong> </a>runs periodic scans, generates real-time reports helping your security team to work beyond the never-ending queue. It guides your team through patching the ones that need real attention, thus, letting you stay forward rather than behind. AutoSecT has proven that AI-driven vulnerability management at scale is not just possible, it’s the new standard. Finding vulnerabilities isn’t the hard part anymore. Finding the ones that actually matter and fixing them before an attacker does is where AutoSecT changes the game entirely.</p><p>Kratikal offers a 15-day free trial. Visit <a href="http://kratikal.com/autosect/pricing"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">kratikal.com/autosect/pricing</mark></strong></a> to get started.</p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1777617940886"><strong class="schema-how-to-step-name"><strong>How does AI help in vulnerability management?</strong></strong> <p class="schema-how-to-step-text">AI helps by analyzing vulnerabilities in real time, validating whether they are exploitable, and prioritizing them based on actual risk, reducing noise and false positives.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777617957115"><strong class="schema-how-to-step-name"><strong>Why are traditional vulnerability scanning methods ineffective today?</strong></strong> <p class="schema-how-to-step-text">Traditional methods rely on static scoring systems like CVSS, which lack context about exploitability, real-world threats, and business impact, leading to inefficient prioritization.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777617966033"><strong class="schema-how-to-step-name"><strong>What makes AutoSecT different from other vulnerability management tools?</strong></strong> <p class="schema-how-to-step-text">AutoSecT AI pentesting tool uses AI-driven reasoning to validate, prioritize, and recommend fixes for vulnerabilities based on context, ensuring teams focus only on threats that truly matter.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/">How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/" data-a2a-title="How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Puja Saikia">Puja Saikia</a>. Read the original post at: <a href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/">https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/</a> </p>

Digital security company DigiCert Inc. today introduced a new AI Trust framework to help organizations secure AI systems and their outputs, along with new capabilities to help secure autonomous agent… [+4047 chars]

Dublin, April 30, 2026 (GLOBE NEWSWIRE) -- The "Germany Data Center Colocation Market Size and Forecast by Revenue, Capacity, and 70+ Performance Metrics Across Service Type, Facility Architecture, C… [+6873 chars]

If the Arab Spring was defined by optimism about what the internet could do, the years since have been marked by a more sober understanding of what it takes to defend it.  Back in 2011, the term dig… [+11410 chars]

<p>We continue to talk about “computer crime” as if the computer were the thing we are trying to protect. It is not. The real object of protection is information—its confidentiality, its integrity, and its availability. The computer is merely the medium. The law, however, still speaks in the language of theft, conversion, and fraud—concepts developed for tangible property—and then struggles to apply those concepts to something that can be copied, transmitted, and retained simultaneously by multiple parties without depletion.<br><br>Two recent federal indictments illustrate the problem with unusual clarity. One <a href="https://www.justice.gov/opa/media/1437146/dl" target="_blank" rel="noopener">involves a U.S. Army insider</a> (the Van Dyke matter), and <a href="https://www.justice.gov/usao-sdny/media/1437781/dl" target="_blank" rel="noopener">the other</a> charges the Southern Poverty Law Center (SPLC) with, among other things, participating in the acquisition and copying of internal documents from an extremist organization. The charging documents themselves are available from the Department of Justice. What is striking about both is not simply the conduct alleged, but the legal theory underlying the allegations.<br><br>In the Van Dyke indictment, based on insider trading in Polymarket based on inside information about the Maduro raid, the government reportedly asserts that “all information” to which the defendant obtained access “is now and will remain the property of the United States Government.” Not classified information. Not sensitive operational data. All information. That is not a duty of confidentiality; it is a claim of universal ownership. Under that formulation, everything from mission-critical intelligence to the most trivial observations becomes government property subject to criminal conversion if used inconsistently with government interests. A soldier who remarks, “Sure is hot out” — “yeah, Africa hot” could be prosecuted for improper use of “government information.” <br><br>That is a remarkable expansion of property concepts. Traditional national security prosecutions—under the Espionage Act, 18 U.S.C. §§ 793–798—focus on unauthorized disclosure, retention, or transmission. The harm is exposure. But the Van Dyke theory is not centered on disclosure. It is centered on use. The alleged wrongdoing is not simply that information was revealed, but that it was used for personal benefit. That is a conversion theory.<br><br>The problem, of course, is that conversion presupposes property that can be “taken” in a way that deprives the owner of possession. Information does not behave that way. It is non-rivalrous. It can be copied without dispossession. The government still has the information. Nothing has been “stolen” in the traditional sense. So it ultimately relates to some breach of a duty of loyalty, not a “theft” in the traditional sense.<br><br>The Supreme Court recognized this tension in <a href="https://supreme.justia.com/cases/federal/us/473/207/" target="_blank" rel="noopener">Dowling v. United States</a>, 473 U.S. 207 (1985), where it rejected the application of the National Stolen Property Act to bootleg recordings, emphasizing that infringement “does not easily equate with theft, conversion, or fraud.” Id. at 216. The Court drew a line between tangible property crimes and intellectual property regimes, noting that Congress had crafted distinct statutory frameworks to address the latter.<br><br>Even where the Court has permitted criminal liability for misuse of information, it has done so by reframing the conduct. In <a href="https://supreme.justia.com/cases/federal/us/484/19/" target="_blank" rel="noopener">Carpenter v. United States</a>, 484 U.S. 19 (1987), the misappropriation of confidential business information was treated as a scheme to defraud grounded in breach of fiduciary duty, not as simple theft. The “property” interest was the employer’s right to exclusive use of the information, and the mechanism was deception.<br><br>More recent decisions show increasing resistance to expanding property-based theories. In <a href="https://supreme.justia.com/cases/federal/us/590/18-1059/" target="_blank" rel="noopener">Kelly v. United States</a>, 140 S. Ct. 1565 (2020), the Court rejected an effort to recast regulatory decisions as property fraud. In <a href="https://supreme.justia.com/cases/federal/us/598/21-1170/" target="_blank" rel="noopener">Ciminelli v. United States</a>, 143 S. Ct. 1121 (2023), it unanimously rejected the “right to control” theory, holding that deprivation of accurate information does not constitute property fraud. And in <a href="https://supreme.justia.com/cases/federal/us/593/19-783/" target="_blank" rel="noopener">Van Buren v. United States</a>, 141 S. Ct. 1648 (2021), the Court narrowed the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, to exclude mere misuse of information obtained through authorized access, warning that a broader interpretation would criminalize ordinary policy violations.<br><br>Against that backdrop, the Van Dyke indictment’s assertion that all accessed information is government property appears doctrinally aggressive. It effectively collapses the distinction between protected information and trivial data, and between misuse and theft. If all information is property, then any unauthorized use becomes a potential conversion. That is precisely the overbreadth the Supreme Court has been attempting to constrain.<br><br>The SPLC indictment presents the same conceptual problem from the opposite direction. According to the charging document, an informant allegedly “stole 25 boxes of documents” from a violent extremist organization, copied them, returned them, and the information was then used for publication. If the documents were returned, what was stolen? The tangible property was not permanently deprived. The organization retained its records. What was “taken” was the information—and even then, only in the sense that it was duplicated.<br><br>This is not theft in the classical sense. It is copying. The law has struggled with this distinction for decades. In <a href="https://casetext.com/case/us-v-aleynikov" target="_blank" rel="noopener">United States v. Aleynikov</a>, 676 F.3d 71 (2d Cir. 2012), <br>the Second Circuit reversed a conviction where a programmer copied proprietary source code, holding that intangible code did not constitute “goods” under the National Stolen Property Act. Similarly, in <a href="https://casetext.com/case/us-v-nosal-5" target="_blank" rel="noopener">United States v. Nosal</a>, 676 F.3d 854 (9th Cir. 2012) (en banc), the court rejected an expansive reading of the CFAA that would have criminalized misuse of information obtained through authorized access, warning against transforming the statute into a general-purpose misappropriation law.<br><br>The SPLC case also raises First Amendment considerations. In <a href="https://supreme.justia.com/cases/federal/us/532/514/" target="_blank" rel="noopener">Bartnicki v. Vopper</a>, 532 U.S. 514 (2001), the Court held that the publication of lawfully obtained information on matters of public concern is protected, even where the source acquired it unlawfully. The SPLC allegations differ because the organization is accused of participating in the acquisition, but the underlying conceptual issue remains: copying information is not the same as stealing property. If, instead of copying the physical documents, the informant merely disclosed what he learned from them, would this have been a crime?<br><br>These cases expose a basic truth that the law has been reluctant to articulate clearly. When we talk about “theft” of information, we are rarely talking about theft. We are talking about misuse. When an employee leaves a company, they take with them knowledge, relationships, strategies—information stored in their head. That is not theft. It cannot be prevented, and it cannot be undone. What becomes actionable is when that information is used in a way that violates a duty—contractual, fiduciary, or statutory.<br><br>The same principle applies across the modern data economy. When a company collects personal information and uses it inconsistently with its representations, regulators do not typically charge theft. They charge deception under § 5 of the Federal Trade Commission Act, 15 U.S.C. § 45. The harm is not that the company “took” information; it already had it. The harm is that it was misused.<br><br>Yet the rhetoric of theft persists, and with it the temptation to stretch criminal statutes designed for tangible property to cover intangible harms. That approach creates doctrinal instability and risks overcriminalization. If every unauthorized use of information is a theft, then every policy violation becomes a crime. Every employee departure becomes suspect. Every investigative journalist who receives leaked material becomes a potential defendant. In the VanBuren case, the Supreme Court distinguished between a person who accesses a database with authorization to obtain information they would have been entitled to access, but then uses the data for an improper purpose, from an “unauthorized access” to that same database. <br><br>The Supreme Court’s recent decisions suggest a different trajectory. By narrowing the CFAA and rejecting expansive property theories, the Court has signaled that not all valuable information is “property” for purposes of criminal law, and not all misuse is criminal. The focus, instead, should be on specific harms: Unauthorized access, deception, breach of duty, or violation of statutory confidentiality obligations.<br><br>The Van Dyke and SPLC indictments show how far current practice has drifted from that framework. They attempt to solve an information problem with proprietary tools. Sometimes that works, particularly where tangible media or clearly defined trade secrets are involved. Often it does not.<br><br>We would do better to acknowledge what these cases implicitly recognize: That modern “computer crime” is really about information. The relevant questions are not who “owns” it, but who may access it, how it may be used, and what obligations attach to it. Until the law is structured around those questions, rather than metaphors of theft and conversion, we will continue to see cases that strain doctrine—and invite the very constitutional limits the Supreme Court has begun to enforce.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/its-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information/" data-a2a-title="It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of “Theft” of Information."><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fits-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information%2F&amp;linkname=It%E2%80%99s%20Not%20the%20Computer%2C%20Stupid.%20It%E2%80%99s%20the%20Information%20in%20It.%20Two%20Recent%20Indictments%20Stretch%20the%20Limits%20of%20%E2%80%9CTheft%E2%80%9D%20of%20Information." title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fits-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information%2F&amp;linkname=It%E2%80%99s%20Not%20the%20Computer%2C%20Stupid.%20It%E2%80%99s%20the%20Information%20in%20It.%20Two%20Recent%20Indictments%20Stretch%20the%20Limits%20of%20%E2%80%9CTheft%E2%80%9D%20of%20Information." title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fits-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information%2F&amp;linkname=It%E2%80%99s%20Not%20the%20Computer%2C%20Stupid.%20It%E2%80%99s%20the%20Information%20in%20It.%20Two%20Recent%20Indictments%20Stretch%20the%20Limits%20of%20%E2%80%9CTheft%E2%80%9D%20of%20Information." title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fits-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information%2F&amp;linkname=It%E2%80%99s%20Not%20the%20Computer%2C%20Stupid.%20It%E2%80%99s%20the%20Information%20in%20It.%20Two%20Recent%20Indictments%20Stretch%20the%20Limits%20of%20%E2%80%9CTheft%E2%80%9D%20of%20Information." title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fits-not-the-computer-stupid-its-the-information-in-it-two-recent-indictments-stretch-the-limits-of-theft-of-information%2F&amp;linkname=It%E2%80%99s%20Not%20the%20Computer%2C%20Stupid.%20It%E2%80%99s%20the%20Information%20in%20It.%20Two%20Recent%20Indictments%20Stretch%20the%20Limits%20of%20%E2%80%9CTheft%E2%80%9D%20of%20Information." title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.mend.io/blog/linux-copy-fail-lpe-cve-2026-31431/">CVE-2026-31431 (Copy Fail): Linux Kernel LPE</a> appeared first on <a href="https://www.mend.io">Mend</a>.</p><p>A new <a href="https://www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/" rel="noreferrer noopener">Linux kernel LPE</a> disclosed by <a href="https://theori.io/products/xint" rel="noreferrer noopener">Theori/Xint</a> lets any unprivileged local user become root with a 732-byte Python script. Works first try, no race, no per-kernel offsets. CVSS 7.8 (High), effectively critical for shared-kernel and multi-tenant environments.</p><h2 class="wp-block-heading" id="the-bug"><strong>The bug</strong></h2><p>A logic flaw in the <a href="https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html" rel="noreferrer noopener">kernel’s algif_aead</a> (introduced in 4.14, July 2017), reached via AF_ALG and splice(), gives a deterministic 4-byte write into the page cache of any readable file, including setuid binaries.</p><ul class="wp-block-list"> <li>No race, no per-kernel offsets, works first try.</li> <li>On-disk file is unchanged, so file-integrity tools won’t catch it.</li> <li>Page cache is shared across the host, making this a container escape primitive on Kubernetes nodes from any pod that can create AF_ALG sockets.</li> </ul><h2 class="wp-block-heading" id="whos-affected"><strong>Who’s affected</strong></h2><p>Every kernel from 4.14 until the fix. Theori verified root on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. The same exploit works unmodified on Debian, Fedora, Rocky, Alma, Oracle, Arch. Fixed in 6.18.22, 6.19.12, and 7.0.</p><h2 class="wp-block-heading" id="what-to-do"><strong>What to do</strong></h2><p>Most distros had not shipped patched kernels at disclosure. Mitigate first, patch when available.</p><ol class="wp-block-list"> <li>Disable algif_aead on every host:</li> </ol><pre class="wp-block-code"><code>echo "install algif_aead /bin/false" &gt; /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2&gt;/dev/null || true</code></pre><p>Safe to apply: does not affect dm-crypt, kTLS, IPsec, OpenSSL, SSH, or kernel keyring crypto. Only impacts apps explicitly using the OpenSSL afalg engine.</p><ol start="2" class="wp-block-list"> <li>Block AF_ALG via seccomp for untrusted workloads, such as K8s pods, CI runners, and agent sandboxes.</li> <li>Patch the kernel as soon as your distro ships the fix, then reboot.</li> <li>Prioritize: multi-tenant K8s nodes, then CI runners, then production servers, then workstations.</li> </ol><h2 class="wp-block-heading" id="for-cloud-native-teams"><strong>For cloud-native teams</strong></h2><p>Kernel CVEs don’t appear in image SBOMs, so detection belongs at the node layer. Workloads running under hardware virtualization (Firecracker for Lambda, Fargate) or kernel reimplementations (gVisor, V8 isolates) are not exposed to the host kernel’s AF_ALG path.</p><h2 class="wp-block-heading" id="references"><strong>References</strong></h2><ul class="wp-block-list"> <li><a href="https://copy.fail/" rel="noreferrer noopener">https://copy.fail/</a></li> <li><a href="https://xint.io/blog/copy-fail-linux-distributions" rel="noopener">https://xint.io/blog/copy-fail-linux-distributions</a></li> <li><a href="https://www.openwall.com/lists/oss-security/2026/04/29/23" rel="noreferrer noopener">https://www.openwall.com/lists/oss-security/2026/04/29/23</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-31431" rel="noreferrer noopener">https://nvd.nist.gov/vuln/detail/CVE-2026-31431</a></li> </ul><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/cve-2026-31431-copy-fail-linux-kernel-lpe/" data-a2a-title="CVE-2026-31431 (Copy Fail): Linux Kernel LPE"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcve-2026-31431-copy-fail-linux-kernel-lpe%2F&amp;linkname=CVE-2026-31431%20%28Copy%20Fail%29%3A%20Linux%20Kernel%20LPE" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcve-2026-31431-copy-fail-linux-kernel-lpe%2F&amp;linkname=CVE-2026-31431%20%28Copy%20Fail%29%3A%20Linux%20Kernel%20LPE" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcve-2026-31431-copy-fail-linux-kernel-lpe%2F&amp;linkname=CVE-2026-31431%20%28Copy%20Fail%29%3A%20Linux%20Kernel%20LPE" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcve-2026-31431-copy-fail-linux-kernel-lpe%2F&amp;linkname=CVE-2026-31431%20%28Copy%20Fail%29%3A%20Linux%20Kernel%20LPE" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcve-2026-31431-copy-fail-linux-kernel-lpe%2F&amp;linkname=CVE-2026-31431%20%28Copy%20Fail%29%3A%20Linux%20Kernel%20LPE" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.mend.io">Mend</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Dor Hayun">Dor Hayun</a>. Read the original post at: <a href="https://www.mend.io/blog/linux-copy-fail-lpe-cve-2026-31431/">https://www.mend.io/blog/linux-copy-fail-lpe-cve-2026-31431/</a> </p>

<p>The post <a href="https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation">Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability</a> appeared first on <a href="https://www.tenable.com/">Tenable Blog</a>.</p><div morss_own_score="2.4836065573770494" morss_score="110.2036106043162"> <p><strong>A flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably.</strong></p> <h2>Key Takeaways</h2> <ol> <li>CVE-2026-31431 is a high severity local privilege escalation vulnerability in the Linux kernel reportedly affecting virtually every major distribution released since 2017.<br> </li> <li>A public exploit is available and reported to be reliable, drawing comparisons to previous high-profile Linux kernel privilege escalation flaws.<br> </li> <li>Patched kernel versions are available, though some major distributions have not yet shipped updates.</li> </ol> <h2>Background</h2> <p>Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2026-31431, a Linux kernel local privilege escalation vulnerability dubbed “Copy Fail.”</p> <h2>FAQ</h2> <p><strong>When was Copy Fail first disclosed?</strong></p> <p>On March 23, researcher Taeyang Lee of <a href="https://theori.io/"><u>Theori</u></a> reported the vulnerability to the Linux kernel security team. The flaw was discovered in part using Theori’s AI-assisted security scanning tool, Xint Code. A mainline patch was <a href="https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"><u>committed on April 1</u></a>, CVE-2026-31431 was assigned on April 22 and <a href="https://www.openwall.com/lists/oss-security/2026/04/29/23"><u>public disclosure</u></a> occurred on April 29.</p> <p><strong>What is CVE-2026-31431?</strong></p> <p><a href="https://www.tenable.com/cve/CVE-2026-31431"><u>CVE-2026-31431</u></a> is a local privilege escalation vulnerability in the Linux kernel’s cryptographic subsystem. It was assigned a CVSSv3 score of 7.8.</p> <table> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>CVSSv3</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2026-31431"><u>CVE-2026-31431</u></a></td> <td>Linux Kernel Local Privilege Escalation Vulnerability</td> <td>7.8</td> </tr> </tbody> </table> <p>The flaw allows a local user to modify the kernel’s cached copy of a file in memory without changing the file on disk. By targeting a privileged binary, an attacker can gain root access. Because the modification exists only in the page cache, the underlying file on disk remains unchanged. Standard disk forensics would not detect the alteration, and clearing memory through a reboot or resource pressure causes the cache to reload from the original file. For a detailed technical breakdown, refer to the <a href="https://xint.io/blog/copy-fail-linux-distributions"><u>Xint Code blog post</u></a>.</p> <p><strong>How does Copy Fail compare to Dirty Cow and Dirty Pipe?</strong></p> <p>Copy Fail has drawn comparisons to two other well-known Linux kernel privilege escalation vulnerabilities: Dirty Cow (<a href="https://www.tenable.com/cve/CVE-2016-5195"><u>CVE-2016-5195</u></a>) and Dirty Pipe (<a href="https://www.tenable.com/cve/CVE-2022-0847"><u>CVE-2022-0847</u></a>). Both are in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog.</p> <p>Dirty Cow relied on a race condition, which meant exploitation could fail or require multiple attempts. Dirty Pipe had constraints around how data could be written and where in a file it could be modified. Copy Fail reportedly works consistently across distributions without relying on a race condition or write-position constraints.</p> <p><strong>How severe is CVE-2026-31431?</strong></p> <p>Any local user on a system running a vulnerable kernel can exploit this flaw to gain root access. The exploit uses kernel features that are enabled by default on most distributions and does not require special privileges or configuration.</p> <p>The highest risk environments are those where multiple users or workloads share a Linux kernel: cloud and multi-tenant systems, container clusters and CI/CD pipelines that run untrusted code. Because the exploit targets the kernel’s shared file cache, it can also cross container boundaries. On single-user systems, the risk is lower since an attacker would already need local access.</p> <p><strong>Which Linux distributions are affected?</strong></p> <p>Any Linux distribution shipping kernel 4.14 or later is affected. The vulnerability was introduced in 2017 and persisted across nearly a decade of kernel releases. Distribution patch status as of April 30:</p> <table> <thead> <tr> <th><strong>Distribution</strong></th> <th><strong>Patch Status</strong></th> </tr> </thead> <tbody> <tr> <td>Ubuntu</td> <td>Patching</td> </tr> <tr> <td>Red Hat</td> <td><a href="https://access.redhat.com/security/cve/cve-2026-31431"><u>Patching</u></a></td> </tr> <tr> <td>Debian</td> <td><a href="https://security-tracker.debian.org/tracker/CVE-2026-31431"><u>Vulnerable</u></a></td> </tr> <tr> <td>Amazon Linux</td> <td><a href="https://explore.alas.aws.amazon.com/CVE-2026-31431.html"><u>Vulnerable</u></a></td> </tr> <tr> <td>Arch Linux</td> <td><a href="https://security.archlinux.org/CVE-2026-31431"><u>Patched</u></a></td> </tr> </tbody> </table> <p><strong>Is there a proof-of-concept (PoC) available?</strong></p> <p>Yes. A public PoC was <a href="https://github.com/theori-io/copy-fail-CVE-2026-31431/"><u>released on GitHub</u></a> alongside the disclosure. The exploit is a short Python script that modifies a privileged binary in memory and then executes it to obtain root. It is reported to work reliably without requiring multiple attempts or precise timing.</p> <p><strong>Are there other vulnerabilities related to Copy Fail?</strong></p> <p>According to <a href="https://xint.io/blog/copy-fail-linux-distributions"><u>Theori</u></a>, the same research effort that uncovered Copy Fail found additional security flaws in the kernel, at least one of which is also a privilege escalation issue. Those findings remain under coordinated disclosure. This blog will be updated if and when additional information becomes available.</p> <p><strong>Are patches or mitigations available?</strong></p> <p>Patched kernel versions have been released:</p> <table> <thead> <tr> <th><strong>Affected Kernel Version Range</strong></th> <th><strong>Fixed Kernel Version</strong></th> </tr> </thead> <tbody> <tr> <td>4.14</td> <td>N/A</td> </tr> <tr> <td>5.10.*</td> <td><a href="https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"><u>5.10.254</u></a></td> </tr> <tr> <td>5.15.*</td> <td><a href="https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"><u>5.15.204</u></a></td> </tr> <tr> <td>6.12.*</td> <td><a href="https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"><u>6.12.85</u></a></td> </tr> <tr> <td>6.18.*</td> <td><a href="https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"><u>6.18.22</u></a></td> </tr> <tr> <td>6.19.12</td> <td><a href="https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"><u>6.19.12</u></a></td> </tr> <tr> <td>&gt;7.0</td> <td><a href="https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"><u>7.0</u></a></td> </tr> </tbody> </table> <p>The fix removes the 2017 optimization that allowed the vulnerability, restoring a safer separation between read and write operations in the kernel’s crypto interface.</p> <p>For systems where an immediate kernel update is not feasible, two workarounds are available depending on kernel configuration.</p> <p>If the module is loaded dynamically (CONFIG_CRYPTO_USER_API_AEAD=m):</p> <pre><code>echo "install algif_aead /bin/false" &gt; /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2&gt;/dev/null || true</code></pre> <p>If the module is compiled into the kernel (CONFIG_CRYPTO_USER_API_AEAD=y), which is the case on some enterprise kernels, the above will not work. Contributors on the <a href="https://seclists.org/oss-sec/2026/q2/287"><u>oss-security mailing list</u></a> have reported that adding the following to the kernel boot parameters and rebooting blocks the exploit:</p> <pre><code>initcall_blacklist=algif_aead_init</code></pre> <p>Discussion on the <a href="https://seclists.org/oss-sec/2026/q2/290"><u>oss-security mailing list</u></a> has also identified several userspace applications that use the affected kernel interface, including but not limited to, cryptsetup and firefox-esr. In practice, initial testing by contributors on the thread has not caused these applications to fail, but the impact may vary by workload. Testing in a non-production environment before deploying either workaround is advisable.</p> <p><strong>Historical exploitation of Linux kernel vulnerabilities</strong></p> <p>The Linux kernel has a long history as a target for privilege escalation attacks. CISA’s KEV catalog contains over 20 entries for Linux kernel flaws, including the two flaws most commonly compared to Copy Fail:</p> <table> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>Date Added to KEV</strong></th> <th><strong>Known Ransomware Use</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2016-5195"><u>CVE-2016-5195</u></a></td> <td>Linux Kernel Race Condition (Dirty Cow)</td> <td>2022-03-03</td> <td>Unknown</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2022-0847"><u>CVE-2022-0847</u></a></td> <td>Linux Kernel Improper Initialization (Dirty Pipe)</td> <td>2022-04-25</td> <td>Unknown</td> </tr> </tbody> </table> <p>As of April 30, CVE-2026-31431 is not listed in the KEV catalog.</p> <p><strong>Has Tenable Research classified this as part of Vulnerability Watch?</strong></p> <p>Yes, we classified CVE-2026-31431 as a Vulnerability of Interest under <a href="https://www.tenable.com/blog/reducing-remediation-time-remains-a-challenge-how-tenable-vulnerability-watch-can-help"><u>Vulnerability Watch</u></a> due to the availability of a public proof-of-concept exploit and historical exploitation of similar Linux kernel vulnerabilities like Dirty Cow and Dirty Pipe that were exploited in the wild.</p> <p><strong>Has Tenable released any product coverage for this vulnerability?</strong></p> <p>A list of Tenable plugins for this vulnerability can be found on the <a href="https://www.tenable.com/cve/CVE-2026-31431/plugins"><u>CVE-2026-31431</u></a> page as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our <a href="https://www.tenable.com/plugins/pipeline"><u>Plugins Pipeline</u></a>.</p> <h3>Get more information</h3> <p><em><strong>Join</strong></em> <em><strong>on the Tenable Community.</strong></em></p> <p><em><strong>Learn more about</strong></em> <em><strong>, the Exposure Management Platform for the modern attack surface.</strong></em></p> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability/" data-a2a-title="Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcopy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability%2F&amp;linkname=Copy%20Fail%20%28CVE-2026-31431%29%3A%20Frequently%20asked%20questions%20about%20Linux%20kernel%20privilege%20escalation%20vulnerability" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcopy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability%2F&amp;linkname=Copy%20Fail%20%28CVE-2026-31431%29%3A%20Frequently%20asked%20questions%20about%20Linux%20kernel%20privilege%20escalation%20vulnerability" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcopy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability%2F&amp;linkname=Copy%20Fail%20%28CVE-2026-31431%29%3A%20Frequently%20asked%20questions%20about%20Linux%20kernel%20privilege%20escalation%20vulnerability" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcopy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability%2F&amp;linkname=Copy%20Fail%20%28CVE-2026-31431%29%3A%20Frequently%20asked%20questions%20about%20Linux%20kernel%20privilege%20escalation%20vulnerability" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcopy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation-vulnerability%2F&amp;linkname=Copy%20Fail%20%28CVE-2026-31431%29%3A%20Frequently%20asked%20questions%20about%20Linux%20kernel%20privilege%20escalation%20vulnerability" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.tenable.com/">Tenable Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Satnam Narang">Satnam Narang</a>. Read the original post at: <a href="https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation">https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation</a> </p>

<p>Artificial intelligence has quickly become both a force multiplier and a source of friction for modern enterprises. On one hand, AI tools are helping employees move faster: automating workflows, accelerating development, and unlocking insights from data. On the other hand, they are introducing new risks that many organizations are still struggling to fully understand, let alone control.</p><p>For CISOs, this tension is familiar. Any new technology introduced into the enterprise must be vetted, governed and monitored. Sensitive data must be protected, and regulatory obligations must be met. But AI adoption is happening faster than most governance models can keep up with. And as adoption accelerates, so do concerns around compliance. In fact, <a href="https://go.a-lign.com/Benchmark-Report-2026" target="_blank" rel="noopener">recent research</a> shows that 72% of organizations are concerned about AI’s impact on compliance, up from 58% just a year prior.</p><p>The result is a growing disconnect: while organizations debate policies and frameworks, employees are already using AI tools in their day-to-day work, often without oversight.</p><p>That gap is where shadow AI takes root—and is a CISO’s worst nightmare.</p><h3><strong>The Call Is Coming from Inside the House</strong></h3><p>Shadow AI isn’t a hypothetical risk; it’s already embedded in enterprise workflows.</p><p>Consider a developer troubleshooting an issue in proprietary code. Under pressure to deliver quickly, they paste that code into a public AI assistant to get help. The tool provides a useful response, the task gets completed, and the workflow feels more efficient.</p><p>But what happens next is far less visible. That code may now be retained, processed, or learned from by an external system. Depending on the tool and its terms, sensitive intellectual property could be exposed beyond organizational boundaries. What feels like a harmless shortcut becomes a potential data leak.</p><p>This is the core challenge: shadow AI often emerges not from negligence, but from productivity.</p><p>Employees aren’t trying to bypass security, they’re trying to get their jobs done. When governance is unclear or absent, they default to the path of least resistance. And today, that path increasingly leads to widely accessible AI tools like ChatGPT, Copilot or Gemini.</p><p>The issue here is shadow AI at scale. According to recent data, 36% of organizations still don’t have an AI compliance policy in place. Without proper guardrails or training in place, it’s common for employees to use AI tools through their own personal accounts. And with compromised credentials responsible for <a href="https://ciso.economictimes.indiatimes.com/news/cybercrime-fraud/sophos-report-in-56-of-cases-attackers-logged-in-with-valid-credentials-rather-than-hacking-in/119965235" target="_blank" rel="noopener">more than half of data breaches in 2025</a>, those using shadow AI are unknowingly leaving the door wide open for risks.</p><p>Without clear policies, employees make their own decisions about what’s acceptable. Without visibility, security teams are left guessing where AI is being used and how. This creates a fragmented environment where:</p><ul><li>Sensitive data may be shared with unvetted third-party tools</li><li>Personal accounts are used for work-related AI interactions</li><li>API connections between external tools and internal systems go unmonitored</li><li>Regulatory obligations become harder to track and enforce</li></ul><p>In other words, a lack of compliance strategy at the top cascades into inconsistent and risky behavior across the organization.</p><h3><strong>When Compliance Gaps Become Behavior</strong></h3><p>Too often, AI governance is treated as something to address later, after use cases are proven, after tools are adopted, after productivity gains are realized. But by that point, shadow AI is already entrenched.</p><p>CISOs need to reframe compliance not as a constraint, but as an enabler of safe adoption. A well-defined compliance strategy gives employees clarity. It sets boundaries without blocking innovation. And most importantly, it reduces the likelihood that employees will seek unsanctioned alternatives.</p><p>Established frameworks can provide a useful starting point. Standards like ISO 42001 offer guidance for building structured, auditable approaches to AI governance. But frameworks alone aren’t enough; they need to be operationalized quickly and pragmatically.</p><p>In the first 90 days of formalizing an AI governance approach, organizations should focus on a few critical priorities:</p><ul><li><strong>Establish accountability: </strong>Define who owns AI governance across security, compliance and business units. Without clear ownership, efforts stall.</li><li><strong>Create visibility: </strong>Inventory all AI usage across the organization—not just approved tools, but shadow usage as well. Understanding what employees are using (and why) is essential to managing risk.</li><li><strong>Assess and prioritize risk:</strong> Not all AI use cases carry the same level of exposure. Identify high-risk scenarios, such as those involving sensitive data, and address them first.</li><li><strong>Conduct an assessment with an audit partner: </strong>Analyze the regulatory, reputational, and compliance risks associated with each deployment.</li><li><strong>Implement interim controls: </strong>Even before policies are finalized, introduce guardrails for high-risk activities to reduce immediate exposure.</li></ul><p>That said, there is no one-size-fits-all solution. While 77% of companies plan to pursue an AI certification in the next 12 months, that’s not the only path to compliance. Many are choosing a blended approach, and plan to address AI risk with ISO 42001 (60%), self-assessments (50%), and/or adding AI controls to other assessments (56%).</p><p>What matters is not the specific approach, but the presence of a proactive, intentional strategy.</p><h3><strong>The Power of Policy: Promoting Acceptable Use </strong></h3><p>Technology alone won’t solve shadow AI. Blocking tools or restricting access may reduce some risk, but it doesn’t address the underlying driver: employees need efficient ways to do their work. If sanctioned options are too limited, too slow or too unclear, employees will find alternatives. That’s why education and enablement are just as important as policy.</p><p>CISOs should focus on building a culture where employees understand both the value and the risks of AI. This starts with clear, practical guidance, not abstract policies buried in documentation.</p><p>Effective approaches include:</p><ul><li><strong>Defining acceptable use clearly:</strong> Employees should know what types of data can and cannot be used with AI tools, and in which contexts.</li><li><strong>Providing real-world training: </strong>Use scenarios employees actually encounter, like debugging code or summarizing documents, to illustrate safe vs. unsafe practices.</li><li><strong>Offering approved alternatives:</strong> If employees have access to secure, vetted AI tools, they’re far less likely to seek out shadow options.</li><li><strong>Reinforcing accountability: </strong>Make it clear that AI usage is part of the organization’s broader security posture, not an exception to it.</li></ul><p>When employees understand the “why” behind the rules and have viable ways to work within them, compliance becomes far more sustainable.</p><h3><strong>Bringing AI Out of the Shadows</strong></h3><p>Shadow AI is ultimately a symptom of misalignment. It reflects a gap between how organizations think AI should be used and how employees are actually using it. Closing that gap requires more than reactive controls and CISOs are uniquely positioned to lead this effort as both protector and enabler.</p><p>AI isn’t going away. Neither is the pressure to move faster. The CISOs that succeed will demand visibility, establish clear governance and a willingness to meet employees where they are.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/what-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai/" data-a2a-title="What We Do in the Shadows: How CISOs Can Crack Down on Shadow AI"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai%2F&amp;linkname=What%20We%20Do%20in%20the%20Shadows%3A%20How%20CISOs%20Can%20Crack%20Down%20on%20Shadow%20AI" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai%2F&amp;linkname=What%20We%20Do%20in%20the%20Shadows%3A%20How%20CISOs%20Can%20Crack%20Down%20on%20Shadow%20AI" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai%2F&amp;linkname=What%20We%20Do%20in%20the%20Shadows%3A%20How%20CISOs%20Can%20Crack%20Down%20on%20Shadow%20AI" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai%2F&amp;linkname=What%20We%20Do%20in%20the%20Shadows%3A%20How%20CISOs%20Can%20Crack%20Down%20on%20Shadow%20AI" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-we-do-in-the-shadows-how-cisos-can-crack-down-on-shadow-ai%2F&amp;linkname=What%20We%20Do%20in%20the%20Shadows%3A%20How%20CISOs%20Can%20Crack%20Down%20on%20Shadow%20AI" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://javvadmalik.com/2026/04/30/the-slop-problem-isnt-what-you-think/">The Slop Problem Isn’t What You Think</a> appeared first on <a href="https://javvadmalik.com">Javvad Malik</a>.</p><p class="wp-block-paragraph">There’s a bloke on Twitter who spent three hours writing a passionate thread about AI ruining the internet. There was quite the debate, and someone asked if he’d ever used Grammarly.</p><p class="wp-block-paragraph">That’s the whole story, really.</p><p class="wp-block-paragraph">People call AI content “slop” with contempt reserved for microwaving fish at the office. But there’s plenty of human slop too. The “I hired a homeless person and now they’re my CEO” posts. The security vendors promising quantum AI blockchain zero trust salvation. Or the one I hate the most, posts which end with “thoughts?”</p><p class="wp-block-paragraph">I think people hate AI writing because writing is supposed to hurt. You delete everything at 2am, question your existence, publish something you’re still not happy with. AI skips the suffering, and that feels like cheating.</p><p class="wp-block-paragraph">Which is mad. We’ve been automating writing forever. Spell checkers, grammar tools, templates. Nobody’s drafting security policies by candlelight on principle.</p><p class="wp-block-paragraph">A lot of AI writing is terrible. Soulless, repetitive, generic. But so is a lot of human writing. I’ve sat through vendor whitepapers with seven listed authors that would embarrass a school newspaper.</p><p class="wp-block-paragraph">We’re not actually angry about quality. We’re angry about dues. Did you suffer enough? Did you earn it?</p><p class="wp-block-paragraph">Use AI to skip thinking entirely and yes, that’s slop. But humans were producing thoughtless slop long before the models showed up.</p><p class="wp-block-paragraph">The slop was coming from inside the house all along.</p><p class="wp-block-paragraph">Thoughts?</p><p class="wp-block-paragraph"> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/the-slop-problem-isnt-what-you-think/" data-a2a-title="The Slop Problem Isn’t What You Think"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fthe-slop-problem-isnt-what-you-think%2F&amp;linkname=The%20Slop%20Problem%20Isn%E2%80%99t%20What%20You%20Think" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fthe-slop-problem-isnt-what-you-think%2F&amp;linkname=The%20Slop%20Problem%20Isn%E2%80%99t%20What%20You%20Think" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fthe-slop-problem-isnt-what-you-think%2F&amp;linkname=The%20Slop%20Problem%20Isn%E2%80%99t%20What%20You%20Think" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fthe-slop-problem-isnt-what-you-think%2F&amp;linkname=The%20Slop%20Problem%20Isn%E2%80%99t%20What%20You%20Think" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fthe-slop-problem-isnt-what-you-think%2F&amp;linkname=The%20Slop%20Problem%20Isn%E2%80%99t%20What%20You%20Think" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://javvadmalik.com">Javvad Malik</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by j4vv4d">j4vv4d</a>. Read the original post at: <a href="https://javvadmalik.com/2026/04/30/the-slop-problem-isnt-what-you-think/">https://javvadmalik.com/2026/04/30/the-slop-problem-isnt-what-you-think/</a> </p>