SC Media

07/12/2025

In adding the so-called “Citrix Bleed 2” bug to its Known Exploited Vulnerabilities list July 10, the Cybersecurity and Infrastructure Security Agency gave federal agencies just 24 hours to patch the critical 9.3 flaw.

07/11/2025

A study of operational technology (OT) security by Fortinet found that 52% of organizations said the CISO or CSO is now directly responsible for OT security, a dramatic rise from just 16% in 2022.

Eight in 10 respondents plan to put OT security under CISOs in the next 12 months.

07/11/2025

The first and most critical defense for preventing sensitive information leaks via is not using such information in the first place, stresses the Open Worldwide Application Security Project's Top 10 LLM Applications 2025. That begins with careful data hygiene.

LLMs can’t forget what they’ve seen, but you can stop them from saying too much. Here’s how.

07/11/2025

Researchers initially accessed the test account from a log in page that was linked on the McHire website for restaurant owners, and successfully logged in by guessing the username and password, which were both “123456."

Paradox.ai, which built the McDonald’s “Olivia” chatbot, took responsibility for the issue.

07/11/2025

Sensitive information disclosures is one of the fastest emerging security threats in the age of , and is the second-ranked risk on the Open Worldwide Application Security Project's Top 10 for LLM Applications 2025.

From source code to secrets, AI can expose more than you expect, especially when business speed outpaces security readiness.

07/11/2025

🙃

Study: 97% Of Average American’s Day Spent Retrieving 6-Digit Codes
https://theonion.com/study-97-of-average-americans-day-spent-retrieving-6-digit-codes/

07/11/2025

Veterans approach problems differently than those who come up through traditional commercial careers, says Virtuo Group Corporation's Theresa Blackwell-Frank in this commentary.

How cybersecurity became a natural transition following military service for Theresa Blackwell-Frank.

07/10/2025

ServiceNow issued a CVE for a high-severity vulnerability — CVE-2025-3648 — that could lead to significant data exposure. It underscored that it issued patches in September 2024 and March 2025 to address the issue.

Varonis says attackers could easily expose ServiceNow data tables by combining enumeration techniques with common query filters.

07/10/2025

At the request of The United States Department of Justice, Italian police arrested a 33-year-old man believed to be a member of the China-based hacking operation Hafnian that stole research and intellectual property related to COVID-19.

Man believed to be a member of group that stole research and intellectual property from the U.S.

07/10/2025

JFrog researchers reported a critical RCE flaw in the open-source mcp-remote tool that could potentially lead to full system compromise when connecting an client to a malicious remote Model Context Protocol (MCP) server.

A malicious MCP server could have executed arbitrary commands on the victim’s machine.

07/10/2025

What if identity didn’t stop at the login screen? That’s the question driving the rise of continuous identity, a new model that treats identity not as a one-time check at the door, but as a living, context-aware stream of signals.

At Identiverse 2025, Disney’s Sean O’Dell and GM’s Andrew Cameron challenged the traditional login model, urging security teams to embrace identity as a dynamic, real-time conversation.

07/10/2025

Replacing a secure email gateway (SEG) doesn’t just reduce risk, says Abnormal AI's Mike Leach in this commentary. It enhances efficiency, improves visibility, and delivers measurable ROI.

Here are five features to look for in a modern AI-based email security tool.