Infosec stories - Page 26

Intruder finds over 42,000 sensitive tokens hidden in JavaScript bundles, exposing a major blind spot in modern web app security tools.

HP reports a surge in convincing fake software updates and staged prompts that trick users into installing stealthy, rapidly evolving malware.

Kiteworks and Concentric AI join forces to tie AI-driven data discovery to automated controls on sensitive information shared externally.

Thales launches AI Security Fabric to shield enterprise LLM and agentic AI apps from runtime threats like prompt injection and data leakage.

OWASP has launched its first Top 10 list for agentic AI, warning autonomous systems act as a powerful but risky new digital workforce.

AI-native malware, deepfake fraud and attacks on connected devices will dominate enterprise cyber risk in 2026, VIPRE has warned.

iProov and HYPR integrate liveness checks with passwordless login to stop deepfake workers infiltrating enterprises at onboarding.

Just 1% of organisations fully use Just-in-Time privileged access, leaving AI agents and cloud systems exposed to “always-on” credentials.

Global cyber defence group FIRST reports record 2025 growth, topping 820 member teams and expanding technical, training and capacity work.

Barcelona cyber start-up Zynap raises EUR €6 million seed extension to scale its AI-driven preventive defence platform globally.

AI is set to transform procurement by 2026, making data governance, security and human-machine collaboration central to buying decisions.

Makop ransomware pivots to India with RDP brute force, privilege exploits and GuLoader as it leans on basic flaws over bespoke tools.

Yubico experts say 2026 will redefine authentication, with post-quantum security, digital ID wallets and AI-driven threats converging.

Keeper launches a zero-knowledge secrets manager extension for JetBrains IDEs, aiming to eliminate hardcoded credentials in codebases.

Proofpoint flags a sharp rise in Microsoft 365 account takeovers via device code phishing, hitting firms from finance to government.

Black Kite launches Product Analysis tool to expose hidden risks in third-party software, from SaaS subdomains to SBOM dependencies.

Nudge Security unveils expanded AI-in-SaaS controls to monitor chatbot use, browser activity and risky integrations across cloud apps.

AI-powered cyber attacks are outpacing thinly staffed security teams, as firms prioritise defence but starve programmes of people and budget.

Checkmarx snaps up AI start-up Tromzo to fold reasoning-based agents into its AppSec platform and speed autonomous code security.

Storm-0249 hijacks trusted security and Windows tools to stealthily broker high-value network access for ransomware operators.