DeviceSecurity.io RSS Syndication

New Cisco SD-WAN Zero-Day Grants Admin Access

Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access
A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism.

SecurityScorecard Buys Driftnet for More Internet Visibility

Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks
SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.

AI Doctors? Lawsuits Say No, Some Doctors Say Yes

License Frontier AI to Practice Medicine, Argues JAMA Article
Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

ISMG Editors: Should We Trust Ransomware Gangs?

Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud
In this week's panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks.

From AI Risk to Trusted Recovery: Building Resilient Incident Response

Webinar | The Hidden Identity Risks of AI Agents

Live Webinar | From AI Data Risk to Clean Recovery: A Practical CISO Playbook for Trusted Resilience Operations

Webinar | Exposing the Security Gaps Behind AI Agents and Shadow Identities

Why Hospitals Must Rethink Cyber Resilience

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

The Privacy Risks of Embedded, Shadow AI in Healthcare

Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP.

Why Data Security Standards in Cancer Innovation Matter

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

How Main Line Health Secures Devices With Microsegmentation

An identity-based microsegmentation deployment at Main Line Health in Philadelphia is helping to control how its roughly 60,000 devices communicate across the network in order to protect clinical operations and limit the impact of potential cyberattacks, said Main Line Health CISO Aaron Weismann.

Musk v. Altman: A Warning for Enterprise AI

3-Week Court Battle Exposes Dark Side of AI Vendors and Their Promises
The Musk v. Altman trial produced something more unsettling than a verdict. It revealed an AI industry built on promises that turned out to be negotiable, governed by people whose colleagues called them liars under oath. Enterprise buyers should be paying attention.

Upscale vs. Upskill: The Real Cybersecurity Gap

AI Adoption Is Accelerating, but Workforce Capability Isn't Keeping Pace
Technology will continue to evolve. AI will embed itself across enterprise environments and attack surfaces will expand regardless of organizational readiness. The real challenge lies on the upskilling side, where the gap is widening - often without immediate visibility.

Instructure Pays ShinyHunters Ransom to Little Likely Return

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Cybercrime's Human Trafficking Problem

Coerced Labor in Scam Compounds Is Reshaping How Enterprises Face Fraud Risks
Fraud operations in Southeast Asia increasingly rely on trafficked workers forced into scams. This reality challenges assumptions about threat actor behavior, complicates attribution and negotiation, and demands that enterprises rethink fraud prevention and disruption strategies.