SecurityWeek

GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work.

Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data.

The startup is leveraging AI to prevent AI-powered attacks across applications, users, machines, and cloud workloads.

The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution.

Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool.

To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.

The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS.

The automotive analysis and data company is working with external experts to investigate the attack.

A researcher has disclosed the details of the AI attack method he has named ‘Comment and Control’.

In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden.

Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. 

The Israeli startup aims to secure AI agents at runtime, continuously monitoring their behavior to prevent unsafe actions.

Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments.

Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure.

Sophos’ Ross McKerchar discusses leadership at scale, retaining talent, defending against AI-enabled threats, and the industry’s growing trust problem.