Browsing: Security

A new form of AI prompt manipulation, dubbed “AI recommendation poisoning,” is being used by companies to embed biased prompts into enterprise chatbots through seemingly innocuous ‘Summarize with AI’ buttons, influencing future AI responses without user knowledge.

California has imposed a $2.75 million fine on Disney and mandated a comprehensive privacy program. This action stems from allegations that the company made it excessively difficult for consumers to opt out of data sharing and sales, violating the state’s privacy law. This marks the largest fine ever levied under the California Consumer Privacy Act (CCPA).

Breach & Attack Simulation (BAS) tools represent a significant investment, making the selection of the right product crucial. These solutions help organizations understand their security posture by automating the testing of specific threat vectors, often based on frameworks like MITRE ATT&CK or the Cyber Kill Chain. This guide assists in navigating the market and choosing the most suitable BAS solution.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to U.S. critical infrastructure owners following a significant cyberattack on Poland’s power grid. This incident underscored the vulnerabilities of edge devices, operational technology (OT), and industrial control systems (ICS).

Ahead of the 2026 Milano Cortina Winter Olympics, the presence of various international security forces, including US Immigration and Customs Enforcement (ICE) and Qatari public security officers, has sparked significant public and political debate across Italy.

Mobile devices introduce unique security challenges for enterprises, often operating outside traditional network perimeters. Samsung Knox offers specialized solutions like a granular firewall and a Zero Trust Network Access framework to secure these devices effectively, integrating seamlessly with existing infrastructure and providing comprehensive visibility and control.

A critical security flaw, dubbed DockerDash by Noma Labs, has been patched in Ask Gordon, the AI assistant built into Docker Desktop and CLI. This vulnerability could have allowed attackers to execute code remotely and exfiltrate sensitive data by embedding malicious instructions in Docker image metadata. Docker addressed the issue with the release of version 4.50.0 in November 2025.

A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent years.

Following the fatal shooting of Alex Pretti by a federal immigration officer in Minneapolis, a swift and coordinated smear campaign emerged from the Trump administration and conservative media figures. Pretti, a 37-year-old American citizen and registered nurse, was quickly labeled a ‘terrorist’ and ‘lunatic,’ despite conflicting evidence regarding the incident.

Microsoft’s January 2026 Patch Tuesday addresses 113 security flaws, including eight critical vulnerabilities and an actively exploited zero-day (CVE-2026-20805) in Desktop Window Manager. The update also removes legacy modem drivers due to known exploits and highlights a critical Secure Boot bypass (CVE-2026-21265) linked to expiring certificates. Additionally, browser updates for Firefox, Chrome, and Edge are noted.