SC Media

SC Media SC Media arms information security professionals with the in-depth, unbiased business and technical information they need.

The official page for all things IT security.

adoption is surging — but so are hallucinations. You can’t build on unreliable foundations without governance, says By...
12/11/2025

adoption is surging — but so are hallucinations. You can’t build on unreliable foundations without governance, says Bytewhisper Security's Kyle Hankins. Stop hoping models won’t fail and start building controls that can survive it.

If you’re part of an organization that’s currently rushing into the AI fray, do you have the controls and guidance in place to handle hallucinations when they come to call? Or are you trusting that your software or model will prevent them?

Your biggest risk isn’t the breach — it’s what happens after, says NETSCOUT's Jerry Mancini in this commentary. Internal...
12/11/2025

Your biggest risk isn’t the breach — it’s what happens after, says NETSCOUT's Jerry Mancini in this commentary. Internal blind spots let attackers sprint through your network. Only east-west visibility can stop them.

Internal east-west traffic often goes unmonitored, leaving attackers free to move undetected.

browsers boost productivity but expand risk, says Cato Networks' Guy Waizel. New threats like HashJack show why ident...
12/11/2025

browsers boost productivity but expand risk, says Cato Networks' Guy Waizel. New threats like HashJack show why identity-first controls, data-aware policies, and session isolation are essential for safe AI-powered browsing.

Govern with identity-first controls, data-aware policies, session isolation, and continuous validation.

Google resolved a weakness in Gemini Enterprise and Vertex AI Search that researchers said could have enabled the theft ...
12/10/2025

Google resolved a weakness in Gemini Enterprise and Vertex AI Search that researchers said could have enabled the theft of emails, calendars and documents via indirect prompt injection.

An indirect prompt injection could have exfiltrated data from emails, documents or calendars.

React2Shell took the security world by storm last week when Amazon Web Services researchers reported that the bug was ac...
12/10/2025

React2Shell took the security world by storm last week when Amazon Web Services researchers reported that the bug was actively exploited, and Cloudflare determined it was dangerous enough to have a 25-minute outage while adding protections against it.

10.0 RSC flaw actively exploited in the wild by China-based threat groups within hours of public disclosure leads the pack for December's Patch Tuesday.

DocuSign impersonation is the most common phishing threat hitting corporate inboxes, according to a recent StrongestLaye...
12/10/2025

DocuSign impersonation is the most common phishing threat hitting corporate inboxes, according to a recent StrongestLayer analysis shared with SC Media.

DocuSign was the most impersonated brand among phishing emails that bypassed secure email gateways.

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network found that total payments since 2013 have r...
12/10/2025

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network found that total payments since 2013 have reached $4.5 billion, according to a December 2025 study.

Even though there was a drop in 2024, the pace of ransomware payments accelerated.

Cloud Security Posture Management ( ) can’t keep up with today’s cloud. CISOs need real-time, AI-driven detection, autom...
12/09/2025

Cloud Security Posture Management ( ) can’t keep up with today’s cloud. CISOs need real-time, AI-driven detection, automated remediation, and outcome-focused security to cut noise and boost resilience.

CISO roundtable report argues that CSPM is necessary but insufficient on its own. To reduce real cloud risk under staffing and budget constraints, security teams must move from static posture snapshots to real-time, AI-informed detection and increasingly automated response that prioritizes what’s ...

Salesforce has outgrown its CRM roots — and unmanaged configs, excessive permissions, and rapid low-code development are...
12/08/2025

Salesforce has outgrown its CRM roots — and unmanaged configs, excessive permissions, and rapid low-code development are creating real risk. It’s time for policy-as-code governance.

In many companies, Salesforce instances are chaotic, unsecured messes. Here's how to tame them with proper governance and security controls.

An evolving fake resume scheme conducted by the threat group GOLD BLADE spreads RedLoader malware and QWCrypt , pilferi...
12/08/2025

An evolving fake resume scheme conducted by the threat group GOLD BLADE spreads RedLoader malware and QWCrypt , pilfering data in targeted campaigns, Sophos reported.

A threat group known as GOLD BLADE is evolving its tactics to deploy RedLoader and QWCrypt.

Startup 7AI announced Dec. 4 that it raised $130 million 10 months after emerging from stealth, stating the funding roun...
12/08/2025

Startup 7AI announced Dec. 4 that it raised $130 million 10 months after emerging from stealth, stating the funding round was the largest Series A in history for .

7AI’s record funding underscores rising confidence in agentic AI to transform security operations.

MCP servers are emerging as a major supply chain risk. Recent attacks show how privileged, unmonitored MCP components ...
12/06/2025

MCP servers are emerging as a major supply chain risk. Recent attacks show how privileged, unmonitored MCP components can be exploited. A new Open Worldwide Application Security Project guide says to lock down access, validate behavior, and monitor continuously.

Recent MCP breaches show how privileged servers enable data theft, stressing need for strict controls.

Address

400 Madison Avenue
New York, NY
10017

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Website

Alerts

Be the first to know and let us send you an email when SC Media posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category