Browsing: Security

A new open-source project, IronCurtain, introduces a unique method to secure and constrain AI assistant agents, preventing them from causing digital chaos. It uses isolated virtual machines and user-defined policies to mediate agent actions, offering a critical layer of control over AI behavior.

The rapid evolution of AI applications is driving an urgent need for data center modernization. This strategic imperative requires comprehensive solutions across infrastructure, from hardware to software, to equip IT leaders with the necessary strategies and tools for the AI age.

The U.S. Department of Justice recently announced the confiscation of $61 million in Tether, a cryptocurrency, believed to be connected to “pig butchering” investment frauds. These funds were traced through various cryptocurrency addresses used to launder money stolen from victims of these elaborate online scams.

A former U.S. Air Force officer, Gerald Eddie Brown, has been arrested for allegedly conspiring with a convicted Chinese hacker to provide advanced flight training to pilots in China’s People’s Liberation Army Air Force. Brown reportedly spent three years in China, offering combat aircraft training without proper authorization.

Microsoft is broadening the availability of its Windows restore feature, allowing more enterprise users to easily recover personal settings and Microsoft Store apps on new or reimaged Windows 11 devices. This “first sign-in restore experience,” part of Windows Backup for Organizations, now supports hybrid-managed environments and Windows 365 Cloud PCs.

Despite the growing importance of cybersecurity, a significant majority of Chief Information Security Officers (CISOs) still report to IT leaders like CIOs or CTOs. This traditional reporting line is increasingly seen as problematic due to inherent conflicts of interest, especially as the roles of CIOs and CISOs diverge with the rise of AI and evolving business risks. Experts suggest that a higher reporting line, or a focus on influence over structure, is crucial for effective enterprise security.

The UK Information Commissioner’s Office (ICO) has fined Reddit over $19.5 million for illegally collecting and using the personal data of children under 13. The social media platform failed to implement adequate age-verification systems until July 2025, despite its own terms of service prohibiting underage users. The ICO criticized Reddit’s subsequent age assurance measures as easily bypassable and insufficient, leading to concerns about children’s exposure to inappropriate content.

A new phishing-as-a-service called Starkiller is enabling cybercriminals to bypass traditional phishing defenses and multi-factor authentication (MFA). This sophisticated service proxies real login pages in real-time, capturing credentials and session tokens, making it easier for attackers to conduct highly effective phishing campaigns.

The Kimwolf botnet, a large network of compromised IoT devices, has caused significant disruptions to The Invisible Internet Project (I2P), an encrypted anonymity network. Kimwolf’s operators attempted to integrate 700,000 infected bots as I2P nodes, leading to a “Sybil attack” that overwhelmed the network. This incident highlights the botnet’s efforts to establish resilient command and control infrastructure, even as its overall numbers have recently declined due to operational errors.

Microsoft’s latest research reveals a new technique, dubbed “AI Recommendation Poisoning,” where businesses manipulate AI chatbots using “Summarize with AI” buttons. These buttons embed hidden instructions in URLs, causing AI assistants to remember specific companies as trusted sources or prioritize their recommendations, akin to SEO poisoning. This raises significant concerns about the neutrality and reliability of AI-generated information, especially in critical areas like health and finance.