DeviceSecurity.io RSS Syndication

North Korean IT Workers Try, Try, Try Again

Nisos Links 166K Applications, 21K Interviews and 76 Job Offers to North Korea
North Korean IT worker scammers flooded hundreds of thousands of U.S. companies with applications in 2024 and 2025, appropriating identities and using AI to infiltrate technology sector. Nisos began looking into the scam after a suspected North Korean applied for a lead remote AI architect role.

HIPAA's No Joke: Gag Gift Firm's Health Plan Pays $450K Fine

Investigation of Spencer's Gifts Ransomware Breach Unearths Data Privacy Violations
The employer-sponsored health plan of novelty merchandise retailer Spencer Gift has paid a $450,000 HIPAA penalty and agreed to implement a corrective action plan to resolve findings of a federal breach investigation into a 2021 attack by now-defunct ransomware gang Conti.

France and Germany Boost Digital Sovereignty Push

Franco-German Plan Defines Digital Sovereignty, Paris Unveiles Tech Fund
Europe's push for technological sovereignty continues to accelerate, with France and Germany agreeing a common position and Paris announcing a fund totaling 13 billion euros - $14.9 billion - for French and European tech firms. France has been keen on tech sovereignty for quite some time.

ISMG Editors: Cyber Backlash Over the US Ban on Anthropic AI

Also: Why Smaller AI Models Are Gaining Ground, CISOs Navigating the AI Trust Gap
In this week's panel, four ISMG editors discussed the fallout from U.S. restrictions on Anthropic's most advanced AI models, the growing debate over frontier AI versus smaller models in cybersecurity and a preview of key themes emerging from upcoming ISMG roundtables.

Securing AI in Financial Services with Zero Trust

Beyond the Inbox: Defending Against AI-Enabled Social Engineering

When Agentic AI Exposes Hidden Enterprise APIs

OnDemand | When AI Agents and SecOps Teams Unite: What Actually Changes

Addressing Quantum Readiness in Healthcare Security

Healthcare organizations should prepare for post-quantum cryptography without overreacting to hype, said John Frushour, CISO of New York-Presbyterian Hospital. Stronger encryption standards, commercial software support and attention to medical devices can help providers manage emerging risks.

How FDA's Draft Guidance Shapes AI Medical Device Safety

FDA's draft guidance for AI-enabled medical devices reflects a major change in how regulators address software that changes over time, recognizing AI's ability to evolve while emphasizing patient safety, transparency and accountability, said Phil Englert of the Health-ISAC.

How AI Governance Protects Patient Care and Sensitive Data

Healthcare organizations face mounting pressure to govern AI without slowing innovation. Krista Arndt of St. Luke's University Health Network explains how agile governance, technical controls and collaboration can reduce data loss risks, protect patient care and strengthen AI security programs.

Why Hospitals Must Rethink Cyber Resilience

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

From Reflection to Shadow: AI, Us and the Space in Between

When AI Partnerships Deepen, Security Leaders Can Access Powerful Joint Cognition
Sustained dialogue with AI does more than reflect a mind back. It casts a shadow shaped by two minds moving together, opening a vantage point once reserved for the few. For security leaders, recognizing this joint cognition is operationally vital, and so is keeping the shadow attached before it slips free.

6 Ways to Contain Enterprise Risk in Model Context Protocol

Understand Agentic AI Risks and Secure All MCP Deployments
MCP has rapidly become the connective tissue of the agentic AI era and the standard for connecting AI agents to enterprise systems. But it also introduces new attack vectors, from tool poisoning to prompt injection. Here are six ways to reduce the risk.

Policy as Code: From Documents to Machine Intelligence

Policy as Code Turns Static Compliance Documents Into Enforceable, Auditable Policy
For decades, policies, standards and procedures have anchored security and compliance governance. But static documents can no longer keep pace with dynamic regulations and frontier technology. Policy as Code transforms them into machine-readable, enforceable, continuously verifiable rules that drive real business decisions.

Election Systems Are Now a Persistent Cyber Target

Long Dwell Times and Persistent Footholds Are Redefining the Election Threat Model
Election security has long been treated as a seasonal effort - defenses up before a vote, then scaled back after. But analysis of the 2024 global election cycle shows adversaries maintaining persistent access across jurisdictions, mapping ecosystems and positioning for future cycles.