Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its behavioural threat protection to safeguard Model Context Protocol (MCP) servers via AWS WAF. The announcements highlight the company’s growing focus on visibility, risk reduction and real-time defence in increasingly complex cloud and AI environments.

On 1 December, Salt launched “Ask Pepper AI”, a natural language interface designed to help security teams instantly query their entire API estate. Built on Amazon Bedrock, the tool allows users to ask plain-English questions (such as “Which of my APIs expose PII?” or “What APIs have the highest Risk Score?”) and receive immediate, actionable insights drawn from Salt’s API Discovery, Posture Governance and Threat Protection capabilities.

With organisations struggling for clarity in sprawling cloud environments, Salt’s H2 2025 State of API Security Report found that only 19% feel “very confident” in the accuracy of their API inventory, while 15% admit they do not know which APIs expose personal data. Salt says “Ask Pepper AI” helps close these gaps by democratising access to critical security information and accelerating both incident response and risk prioritisation.

“API security is complex, but understanding your risk shouldn’t be,” said Michael Nicosia, Co-Founder and COO at Salt Security. “‘Ask Pepper AI’ makes it simple. By using Amazon Bedrock, we’re putting powerful, intuitive security insights into the hands of everyone from SOC analysts to CISOs. When most organisations aren’t even sure what their API inventory looks like, the ability to just ask and get an immediate answer is a game-changer.”

Two days later, Salt announced a second major capability: the extension of its patented API behavioural threat protection to detect and block malicious intent targeting MCP servers. MCP servers allow LLMs and autonomous agents to execute tasks by calling APIs and tools, but their growing usage has outpaced security controls. Often deployed without central oversight and exposed to the internet, they are becoming a new target for attackers seeking access to sensitive data and system functionality.

Building on Salt’s recently released MCP Finder technology, the company now enables organisations to identify misuse or abuse of MCP servers and automatically block threats using AWS WAF, leveraging real-time behavioural intelligence from the Salt platform.

“Most organisations don’t even know how many MCP servers they have, let alone which ones are exposed or being abused,” said Nick Rago, VP of Product Strategy at Salt Security. “This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure.”

By combining MCP discovery with AWS WAF enforcement, customers can block attacks before they impact applications, uncover shadow or unmanaged MCP instances, extend edge protection to the AI action layer, and continuously update defences as attacker tactics change.

The post Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure appeared first on IT Security Guru.

Keeper Security has announced the appointment of Tim Strickland as Chief Revenue Officer (CRO). Strickland will lead Keeper’s global revenue organisation, driving go-to-market strategy, customer growth and channel expansion as demand accelerates globally for modern Privileged Access Management (PAM) and identity security solutions.

Strickland brings more than two decades of executive leadership experience scaling high-performance revenue teams at category-defining SaaS companies. Most recently, he served as Chief Revenue Officer at ZoomInfo, where he guided the company through a successful IPO, built its customer growth and strategic sales functions and oversaw the go-to-market integration of eight acquisitions.

Prior to ZoomInfo, Strickland held senior revenue leadership roles at Marketo, where he played an integral role in the company’s growth, its take-private acquisition by Vista Equity Partners and subsequent sale to Adobe. His responsibilities spanned enterprise sales, account management, customer success and global channel development.

“Tim is joining Keeper at a pivotal moment as organisations around the world confront unprecedented identity-based threats,” said Darren Guccione, CEO and Co-founder of Keeper Security. “He brings the kind of leadership that elevates teams, sharpens focus and accelerates impact. Tim understands the responsibility we have to our customers, and he shares our commitment to building secure, elegant solutions that drive meaningful outcomes. I’m confident he will help propel Keeper into its next chapter of growth while keeping our vision and our customers at the centre of everything we do.”

In his new role, Strickland will oversee Keeper’s global sales, customer success, revenue operations and channel ecosystem, with a focus on expanding market penetration for Keeper’s unified privileged access management platform. KeeperPAM® combines enterprise password management, secrets management, privileged session management, zero-trust network access, endpoint privilege management and remote browser isolation into a single cloud-native solution—designed to meet surging global demand for credential and identity-based threat protection.

“Identity and access security has never been more critical, and Keeper has built a revolutionary cybersecurity platform for organisations,” said Strickland. “The market opportunity is tremendous, and the company’s momentum reflects a deep commitment to innovation and customer value. I’m excited to help scale our impact globally and support customers in strengthening their security posture.”

Strickland also serves as an Advisory Partner with Summit Partners, where he helps high-growth technology companies navigate go-to-market transformation and scale with discipline. As Keeper continues to meet rising global demand for modern privileged access and identity security, Strickland’s leadership will help advance the company’s mission to deliver zero-trust and zero-knowledge solutions that protect the world’s most sensitive data and systems.

The post Keeper Security Appoints New Chief Revenue Officer appeared first on IT Security Guru.

KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive year and acknowledged specifically for its Ability to Execute and Completeness of Vision. 

KnowBe4 Cloud Email Security provides users with:    

• Advanced AI-enabled detection to mitigate the full spectrum of inbound phishing attacks and outbound data loss and exfiltration attempts 

• KnowBe4’s Agentic Detection Engine that leverages sophisticated natural language processing (NLP) and natural language understanding (NLU) models to protect inboxes from advanced phishing, impersonation and account takeover attacks  

• Integration in the KnowBe4 HRM+ platform that uses deep per-user behavioural analytics and threat intelligence to deliver personalized security at the point of risk 

• Continuous behavioural-based training delivered through real-time nudges 

A rise in advanced technology to address sophisticated phishing attacks and behaviour-led outbound data breaches has driven significant innovation in email security. According to the KnowBe4 2025 Phishing Threat Trends Report Vol. Six, there was a 15.2% increase in phishing email volume between March 1st – September 30th, 2025, compared to the previous six months.  

“We are honoured to be recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms,” said Bryan Palma, CEO, KnowBe4. “Email communication remains the primary attack vector for organisations globally. KnowBe4 plays an instrumental role in providing adaptive AI-enabled technology to build a stronger security culture for customers. In our opinion, this positioning validates our strategic vision and relentless focus on human and agent risk management that goes beyond detecting threats to preventing them before they reach employees’ inboxes.” 

This news follows several recent announcements which exemplify the strength of KnowBe4 Cloud Email Security, including the integration of Microsoft Defender O365 and recognition as a Gartner Peer Insights Customer’s Choice for email security platforms.  

Download a copy of the report.  

The post KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security appeared first on IT Security Guru.

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers.

Unlike many other APT groups, Librarian Ghouls does not rely on custom malware. Instead, they exploit legitimate third-party tools such as remote access software, archivers and SMTP utilities to craft near-perfect phishing campaigns, including password-protected files and polymorphic malware that adapts in real time. These tactics allow the attackers to slip past traditional detection controls almost unnoticed.

This incident is part of a broader and growing challenge when cybersecurity tools operate in silos, attackers exploit the gaps between them. Endpoint detection and response (EDR), firewalls, and authentication systems each play an important role, but without integration, they offer only partial visibility.

An EDR solution, for example, may overlook legitimate administrative tools if they do not exhibit overtly malicious behaviour. A firewall will flag anomalous outbound connections but often lacks the context to determine the originating user or endpoint. Authentication logs may capture a series of valid logins without recognising a lateral movement pattern.

The lesson from this is clear – integrated visibility across security layers is critical. Correlating signals from multiple tools is essential to detect complex, multi-stage attacks that no single solution can fully uncover on its own. Without this unified perspective, organisations risk missing the bigger picture until it’s too late.

With multiple security solutions generating alerts, many organisations operate with a false sense of security. Without integration, security is fragmented, leaving gaps for sophisticated attacks to exploit, sometimes for weeks or months.

How to protect against threats that evade detection

Organisations need a unified view of their environment and the ability to respond in real time. This is where Managed Detection and Response (MDR) come in. MDR combines advanced threat detection, analytics and human expertise to monitor, investigate, and respond to threats 24/7. Unlike traditional tools working in isolation, MDR correlates signals across endpoints, networks, cloud environments, and identity systems, enabling faster and more accurate detection of suspicious activity.

A strategic MDR approach gives organisations the ability to detect and respond to threats with a level of speed and accuracy that isolated tools cannot match. Firewalls might block unusual connections and EDRs may spot anomalous behaviour but when these signals operate independently, critical patterns can be missed. MDR leverages AI and automation to connect these disparate alerts, allowing real threats to be identified enabling the identification of real threats within minutes. It is effective even when attackers deliberately blend their activity with normal operations.

Once a genuine threat is detected, the speed of response is essential. By providing a unified view across network, endpoint and identity layers, MDR accelerates investigations, reduces operational disruption and helps maintain business continuity while protecting an organisation’s reputation. At the same time, AI-driven correlation filters out noise and false positives, highlighting only the most relevant alerts and providing the context security teams need to act decisively. This focus is particularly valuable in resource-constrained environments, where every second counts and alert fatigue can undermine effectiveness.

The Librarian Ghouls’ breach demonstrated that attackers could circumvent defences when solutions are uncoordinated. It’s like trying to find a needle in a haystack. MDR addresses this challenge by correlating disparate signals, filtering false positives and providing a unified view of infrastructure. By doing this, it amplifies the value of each security layer. EDRs gain the context to identify anomalies, firewalls better interpret network connections and identity systems more accurately flag suspicious access.

The post What your firewall sees that your EDR doesn’t appeared first on IT Security Guru.

Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents from accessing frontline services and raising fears of data exposure, according to reports.

While details remain limited, the incident is already prompting renewed warnings from cybersecurity experts about structural weaknesses across the UK public sector, particularly where councils rely on shared platforms, legacy systems, and under-resourced IT teams.

Simon Pamplin, CTO at Certes Networks, said the attacks underscore how deeply such incidents can affect everyday life.  “These suspected cyberattacks on several of London’s borough councils really drive home the point that when systems holding sensitive information are hit, it’s not just the council that suffers. It spills out into the lives of residents and the whole network of services they depend on,” he explained.

Pamplin stressed that cyber resilience can no longer be treated as optional for organisations serving the public.

“When it comes to something as critical as local government, having rock-solid cyber resilience and data security isn’t a nice-to-have, it’s absolutely essential. It’s a bit like heading off on holiday, you wouldn’t dream of leaving the front door unlocked. In the same way, businesses and local authorities need to make sure every last digital door is properly secured, no exceptions, especially when the public is the one at risk.”

Darren Guccione, CEO and co-founder of Keeper Security, echoed those concerns, calling the incident a “serious wake-up call” for public-sector bodies still depending on outdated or interconnected infrastructure.

“Local councils are not only service providers, they’re custodians of highly sensitive personal data,” Guccione said. “When public services rely on shared or under-protected IT infrastructure, disruption is immediate and the consequences are far-reaching.”

He warned that structural vulnerabilities, legacy systems, limited budgets, and reactive security practices create conditions where a single breach can cascade across multiple essential services.

“Once an attacker gains access, the impact can spread rapidly across systems used for social care, housing, payments and citizen communications,” he noted.

Guccione urged councils to prioritise network segmentation, strict identity and access controls, and secure credential management, alongside continuous monitoring across both modern and legacy systems. He added that well-practiced incident response and business continuity plans are just as critical: “If cybersecurity is not embedded into core governance today, councils will continue defending ageing systems against rapidly evolving threats. That is not a sustainable position, and the stakes for citizens are simply too high.”

Other experts agree that the attack bears many hallmarks of a sophisticated ransomware operation. Rebecca Moody, Head of Data Research at Comparitech, said the combination of operational disruption and potential data theft fits the common playbook of modern ransomware groups seeking dual ransoms for decryption and data deletion.

“Governments are a key target… hackers can cause widespread disruption and access highly sensitive data,” she said, noting that Comparitech has tracked 174 confirmed attacks against government bodies worldwide so far this year, with average ransom demands approaching $2.5 million.

With investigations still underway, Moody urged residents and council employees to remain vigilant for phishing attempts or unusual account activity: “If this is a ransomware attack and ransom negotiations fail, it’s likely we’ll see a group coming forward to claim the attack and data theft in the coming days or weeks.”

Rik Ferguson, VP of Security Intelligence at Forescout, highlighted the shared-risk nature of modern IT ecosystems, noting that attackers increasingly exploit the interconnectedness between organisations.

“Attackers are learning that the fastest way to profit isn’t always by encrypting or publicly leaking data, it’s by holding entire enterprise ecosystems hostage,” he said. “Supply-chain and shared-services models create single points of failure.”

Ian Nicholson, Head of Incident Response at Pentest People, warned that the situation illustrates how quickly compromises can propagate across tightly connected public-sector systems.

“Again and again we see attackers exploiting legacy systems, slow patching, and under-funded, under-staffed IT teams,” he said. “Local authorities sit on highly sensitive information, and incidents like this really do impact those much-needed frontline services.”

Dray Agha, senior manager of security operations at Huntress, warned the incident exposes the fragility of shared public-sector infrastructure.

“This coordinated incident highlights a critical vulnerability in modern public services: the double-edged sword of shared IT infrastructure. While such systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents. It underscores an urgent need to move beyond simple cost-saving IT models and invest in resilient, segmented networks that can contain such threats and protect vital public services.”

As London councils work to restore systems, the attack marks yet another reminder that cybersecurity weaknesses in shared public infrastructure can carry real-world consequences, disrupting essential services and potentially exposing citizens’ most sensitive data.

The post Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems appeared first on IT Security Guru.

As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year’s threats are not only bigger than ever but far more intelligent, automated and difficult to spot.

Fresh data from Check Point, KnowBe4 Threat Labs and other cyber specialists note that attackers are using AI, automation and brand impersonation at industrial scale, exploiting the intensity of the shopping weekend to steal credentials, identities and payment information.

Fake retail sites multiply as attackers use AI and automation

According to Check Point Research, malicious activity tied to Black Friday is rising sharply. One in 11 newly registered Black Friday-themed domains has already been classified as harmful, with criminals spinning up fraudulent sites faster than retailers can report or shut them down.

Brand impersonation remains a core tactic, as 1 in 25 new domains mimicking Amazon, AliExpress and Alibaba has been flagged as malicious. Recent phishing campaigns spoofing HOKA and AliExpress demonstrate how attackers are exploiting high-demand brands to lure victims into sharing login credentials and payment details through convincing fake storefronts.

Omer Dembinsky, Data Group Manager at Check Point Research, said attacks this year “aren’t just bigger; they’re smarter, customised and automated.” Criminals are relying on AI-style templating, mass domain generation and sophisticated replica sites that look indistinguishable from the real thing.

“The best defence is prevention,” Dembinsky added. “Don’t trust a Black Friday link just because it looks real. Verify the domain, use security tools that can validate newly registered sites, and think twice before entering your credit card as you’re one click away from handing over your identity.”

Phishing surges ahead of Black Friday and Amazon leads UK impersonation

New findings from KnowBe4 Threat Labs reveal that out of 27,061 Black Friday-themed phishing emails observed globally, the vast majority (84.30%) impersonated “Deal Watchdog” alert services designed to create urgency around limited-time offers.

In the UK, Amazon was the most impersonated brand, with attackers overwhelmingly using credential-harvesting links as their main payload. UK activity began unusually early this year, with attacks starting on 3rd November and peaking on 10th November, well ahead of the shopping weekend.

Javvad Malik, Lead CISO Advisor at KnowBe4, warned that the psychological pressure of discounted deals is exactly what scammers rely on.

“The combination of time-limited deals and high demand means people often act quickly without taking the usual precautions,” he said. “Taking a moment to verify a website, examine a link or double-check a deal could be the difference between a great saving and becoming a victim.”

AI is fuelling more convincing scams than ever

Keeper Security says AI-generated content is behind much of this year’s sophistication. Fake order confirmations, AI-generated customer service chats and spoofed retailer sites are now near-perfect replicas of legitimate communications, making them harder than ever to spot.

Anne Cutler, Cybersecurity Expert at Keeper Security, explained: “Where there’s money and momentum online, cybercriminals invariably follow—and Black Friday delivers both in abundance. This year we’re guaranteed to see ever more sophisticated scams, primarily fuelled by artificial intelligence.”

Keeper’s global research shows identity-based attacks remain the top concern for cybersecurity leaders in 2025, with stolen credentials continuing to be the leading cause of data breaches.

“The simple truth is that if an attacker controls your identity, they also control your access to everything, ranging from sensitive financial information to social media accounts,” Cutler added. She stressed the importance of strong, unique passwords, MFA and monitoring unusual login activity.

Stick to “Brightly Lit” Parts of the Internet, experts warn

Privacy experts emphasise that consumers must stay vigilant as they hunt for bargains. Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, advised shoppers to go directly to retailer websites instead of clicking ads or pop-ups, many of which lead to expertly forged scam pages.

He added practical reminders:

• Avoid public WiFi for shopping or banking

• Use secure payment methods like Apple Pay or Google Pay

• Buy gift cards only from official retailers or trusted resellers

Paul Bischoff at Comparitech echoed similar safety fundamentals:

1. Never click links or attachments in unsolicited emails

2. Never switch communication/payment channels outside the marketplace

3. If a deal feels rushed, take a step back—it may be a scam

Brian Higgins, also from Comparitech, warned that delivery scams spike during major retail periods, with fake package-fee notifications being especially common as shoppers await parcels. “Don’t buy anything really essential unless you trust the vendor. And if you can afford it, sign up for one of the Credit Monitoring services as they will let you know if you start to buy stuff you’re not aware of,” he cautioned.

Black Friday doesn’t have to be a hacker’s payday

Despite the rising threats, experts agree that a few proactive steps dramatically reduce risk. Strong passwords, MFA, domain checking, secure payment methods and scepticism toward unsolicited messages remain the most effective protections.

As Cutler noted: “A few proactive steps, coupled with an identity-first mindset, can make the difference between a money-saving bargain and a costly breach.”

With AI-powered scams growing faster than ever, the message from security researchers is to enjoy the deals, but shop with caution and never let urgency override judgement.

The post Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats appeared first on IT Security Guru.

Salt Security has announced Salt MCP Finder technology, a dedicated discovery engine for Model Context Protocol (MCP) servers, the fast-proliferating infrastructure powering agentic AI. MCP Finder provides an organisation with a complete, authoritative view of its MCP footprint at a moment when MCP servers are being deployed rapidly, often without IT or security awareness.

As enterprises accelerate the adoption of agentic AI, MCP servers have emerged as the universal API broker that lets AI agents take action by retrieving data, triggering tools, executing workflows, and interfacing with internal systems. But this new power comes with a new problem: MCP servers are being deployed everywhere, by anyone, with almost no guardrails. MCPs are widely used for prototyping, integrating agents with SaaS tools, supporting vendor projects, and enabling shadow agentic workflows in production.

This wave of adoption sits atop fractured internal API governance in most enterprises, compounding risk. Once deployed, MCP servers become easily accessible, enabling agents to connect and execute workflows with minimal oversight. This becomes a major source of operational exposure.

The result is a rapidly growing API fabric of AI-connected infrastructure that is largely invisible to central security teams. Organisations currently lack visibility regarding how many MCP servers are deployed across the enterprise, who owns or controls them, which APIs and data they expose, what actions agents can perform through them, and whether corporate security standards and basic controls (like authentication, authorisation, and logging) are properly implemented.

Recent industry observations show why this visibility crisis matters. One study showed that only ten months after the launch of the MCP, there were over 16,000 MCP servers deployed across Fortune 500 companies. Another showed that in a scan of 1,000 MCP servers, 33% had critical vulnerability and the average MCP server had more than 5. MCP is quickly becoming one of the largest sources of “Shadow AI” as organisations scale their agentic workloads.

According to Gartner^® “Most tech providers remain unprepared for the surge in agent-driven API usage. Gartner predicts that by 2028, 80% of organisations will see AI agents consume the majority of their APIs, rather than human developers.”

Gartner further stated, “As agentic AI transforms enterprise systems, tech CEOs who understand and implement MCP would drive growth, ensure responsible deployment and secure a competitive edge in the evolving AI landscape. Ignoring MCP risks falling behind as composability and interoperability become critical differentiators. Tech CEOs must prioritize MCP to lead in the era of agentic AI. MCP is foundational for secure, efficient collaboration among autonomous agents, directly addressing trust, security, and cost challenges.”*

Salt’s MCP Finder technology solves the foundational challenge: you cannot monitor, secure, or govern AI agents until you know what attack surfaces exist. MCP servers are a key component of that surface.

Nick Rago, VP of Product Strategy at Salt Security, said: “You can’t secure what you can’t see. Every MCP server is a potential action point for an autonomous agent. Our MCP Finder technology gives CISOs the single source of truth they need to finally answer the most important question in agentic AI: What can my AI agents do inside my enterprise?”

Salt’s MCP Finder technology uniquely consolidates MCP discovery across three systems to build a unified, authoritative registry:

1. External Discovery – Salt Surface
   Identifies MCP servers exposed to the public internet, including misconfigured, abandoned, and unknown deployments.
2. Code Discovery – GitHub Connect
   Using Salt’s recently announced GitHub Connect capability, MCP Finder inspects private repositories to uncover MCP-related APIs, definitions, shadow integrations, and blueprint files before they’re deployed.
3. Runtime Discovery – Agentic AI Behavior Mapping
   Analyses real traffic from agents to observe which MCP servers are in use, what tools they invoke, and how data flows through them.
   

Together, these sources give organisations the single source of truth required to visualise risk, enforce posture governance, and apply AI safety policies that extend beyond the model into the actual action layer.

Salt’s MCP Finder technology is available immediately as a core capability within the Salt Illuminate platform.

*Source: Gartner Research, Protect Your Customers: Next-Level Agentic AI With Model Context Protocol, By Adrian Lee, Marissa Schmidt, November 2025.

The post Salt Security Launches Salt MCP Finder Technology appeared first on IT Security Guru.

The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the EU’s efforts to bolster cybersecurity resilience and streamline vulnerability coordination across member states.

As a Program Root, ENISA will serve as the central point of contact for national authorities, EU CSIRTs network members, and other partners operating under its mandate. The move aligns with major legislative efforts such as NIS2 and the Cyber Resilience Act, while further supporting the rollout of the EU Vulnerability Database (EUVD).

Boris Cipot, Principal Security Engineer at Black Duck, described the development as “a major step toward a stronger cybersecurity resilience in Europe,” noting that centralizing vulnerability coordination “ensures a faster, more consistent handling of security vulnerability information across the EU while also aligning with key initiatives like NIS2 and the Cyber Resilience Act.”

He added that ENISA’s new role gives the bloc “the needed strategic autonomy in vulnerability management,” reducing reliance on non-EU entities and helping “harmonize the CVE practices across European member states.”

Cipot also highlighted the long-term benefits for researchers and vendors and said “the idea and goal is to give researchers and cybersecurity vendors the capability to gain CVE ID assignment quicker, have a clearer legal guidance under EU law, and gain enhanced visibility through both the EUVD and global CVE listings.”

Daniel dos Santos, head of research at Forescout, explained that the designation reflects momentum on both sides. “It shows both ENISA’s commitment to the CVE program and also that the CVE program is interested in having ENISA’s contributions there,” he said. “Everyone gains when there are more organizations involved in shaping the CVE program and the future of vulnerability reporting.”

He also noted that the shift should “facilitate the process for national authorities, CSIRTs and other partners, since they can have a single point of contact with the CVE program in Europe,” while helping researchers and vendors agree on coordinated disclosure practices.

However, both experts cautioned that successful implementation would depend heavily on resources. Cipot pointed to potential integration challenges, including alignment of policies and tooling, while dos Santos emphasized the need for sustained investment.

“The main challenge is ensuring that ENISA has enough funding and resources to fulfil its ongoing mission of “achieving a high common level of cybersecurity across Europe” while now also having an extended role in the CVE program,” explained Forescout’s dos Santos. “There have been several additions to ENISA’s mandate recently, with the launch of the EU Vulnerability Database and the Cyber Resilience Act. As the recent NVD backlog and funding issues have shown, vulnerability reporting is a task that demands a significant amount of time and effort, so ENISA will have to balance that with their ongoing responsibilities.”

With ENISA taking on greater responsibility in vulnerability reporting and coordination, its performance will be closely watched by security teams, vendors and policymakers alike across the region.

The post ENISA becomes CVE Program Root, strengthening Europe’s vulnerability management framework appeared first on IT Security Guru.

As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations, is warning of a critical inflection point for 2026, where organisations are facing more cyber threats with fewer resources to defend against them.

According to Young, the cumulative effect of years of belt-tightening across cybersecurity teams and agencies is beginning to surface in major breaches and systemic failures. “Many organisations have been forced to delay modernisation, freeze hiring and reduce investment in defensive capabilities,” said Young. “The result is fewer defenders, slower detection, and weakened resilience, just as adversaries become more aggressive and technologically advanced.”

This year alone has already painted a stark picture. Major supply chain attacks, including a massive compromise of Oracle Cloud affecting over 140,000 tenants and the Salesloft/Drift breach, have demonstrated how underinvestment in cyber resilience can cascade across entire digital ecosystems. Even industrial sectors have been hit hard; for instance, Jaguar Land Rover’s factory shutdown following a cyberattack disrupted production for weeks and exposed the fragility of global supply chains.

Young warned that these incidents are not isolated events, but symptomatic of a deeper issue. “Unfortunately, it’s unlikely that 2025’s headline breaches are not the peak, they’re the warning signs. As we move into 2026, the legacy of these cuts will continue to degrade organisations’ defensive posture. We’ll likely see fewer, but far more impactful, attacks focused on shared platforms, third-party suppliers and critical infrastructure.”

He also acknowledged the societal aspect of the problem at large. Alongside highly coordinated campaigns by criminal and state-backed groups, Bridewell has observed a sharp rise in so-called ‘casual’ cyber aggression. Increasingly, attacks are being launched by loosely connected individuals, often teenagers, using freely available tools or AI-assisted exploit kits.

“This new wave of attackers doesn’t always fit the traditional profile,” explained Young. “We’re seeing a generation that grew up online, with access to open-source data, leaked credentials and automated tools that make disruption easy. What’s changed is the lack of deterrence. In online communities, the reputational rewards of causing chaos often outweigh the perceived risk by these individuals of getting caught.”

Bridewell believes this blend of economic strain, social disaffection and accessible hacking technology is fuelling a dangerous convergence. With reduced resources for defenders and a surge in opportunistic threat actors, organisations face a double blow between complex, targeted attacks on one hand and erratic, highly visible disruptions on the other.

“Cybersecurity is now facing the same kind of social and economic pressures that drive crime in the physical world,” said Young. “When times get tough and oversight weakens, the barrier to entry for malicious activity falls. If we continue underinvesting in resilience and accountability, we risk normalising cyber aggression as a form of expression or protest.”

Looking ahead to 2026, Bridewell predicts that cyber incidents will become less frequent but far more destructive, with greater operational, reputational and regulatory fallout for unprepared organisations. To mitigate this, Young stressed that technical measures must be matched with broader efforts to rebuild digital accountability, shared defence mechanisms and societal norms around online harm.

The post Bridewell CEO gives cyber predictions for 2026 appeared first on IT Security Guru.

API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.

With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate platform, extending visibility across the full API lifecycle. The new capability analyses code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection.  As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.”

This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.

Nick Rago, VP of Product Strategy, Salt Security, said: “AI agents and MCP servers have transformed how digital systems communicate and act. By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”

Modern code repositories have become the blueprint for the wider API ecosystem, shaping how applications and AI agents interact. GitHub Connect enables organisations to identify shadow APIs and MCP servers by analysing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere. It also supports a “shift-left” approach to governance by highlighting high-risk MCPs in private repositories so that policy can be applied before deployment. By bringing code-level insights into Salt’s unified risk model, it ensures that APIs and MCPs discovered in source code receive the same risk scoring as those identified at runtime.

The post Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories appeared first on IT Security Guru.

KnowBe4’s award-winning training content has now merged together under one umbrella, branded as KnowBe4 Studios. It will feature AI-forward training, fresh content, interactive games and expanded storytelling for an enhanced, immersive experience. KnowBe4’s content is among the highest rated in the industry, with an average rating of 4.6 out of 5 based on reviews from over 100 million learners globally. KnowBe4 brings 15 years of user behaviour data and training preferences to shape the new KnowBe4 Studios.

“This is the next evolution of our global team to continue to raise the standard of the most engaging security and compliance training in the market,” said John Just, chief learning officer, KnowBe4. “With KnowBe4 Studios, customers can anticipate even more high-quality content that they expect to see from KnowBe4.”

“The knowledge that users gain from the training and additional resources will carry with our students beyond their time here at Bridgewater State University and help keep them aware and safe of future scams,” said Tina Rebello, information security analyst, Bridgewater State University ResNet team. “KnowBe4 has a lot of really great features. Their shorter scenarios help keep the user’s attention and help make the training more effective. I also love the individual modules, which are interactive and emulate realistic scenarios.”

One example of KnowBe4’s training is the blockbuster, riveting, network-quality video series called The Inside Man. The exclusive series delivers an entertaining, movie-like experience with a compelling story that engages users and creates fans. The Inside Man has won numerous awards, including a Silver Telly and several NYX Video Awards.

See a preview of how KnowBe4 Studios will appear in training videos. These new updates will be reflected in the KnowBe4 training modules soon.

The post KnowBe4 merges training content to create Studios appeared first on IT Security Guru.

In 2025 we’re not just fighting today’s headline-grabbing cyber threats, but we’re also preparing for tomorrow’s. Technology is evolving at a pace that is both fuelling progress for defenders and powering new tools for bad actors. The same advances that drive discovery and innovation also give cybercriminals new ways to attack faster, more broadly and with greater impact. One of the clearest examples of this dual advancement is quantum computing: a breakthrough that could change the world for good, but also put the very foundations of online security at risk.

What is Quantum Computing?

Quantum computing is an emerging technology that processes information in ways traditional computers never could. Instead of working through one calculation at a time, quantum machines harness the principles of quantum mechanics to evaluate countless possibilities simultaneously.

That power has tremendous upside – potentially accelerating breakthroughs in medicine, science and engineering – but also creating a profound security challenge. Once fully realised, quantum computers will be able to break the public-key cryptography in use today, including RSA and Elliptic Curve Cryptography (ECC). These aren’t niche tools: they secure almost everything online. From the HTTPS connections that protect your browsing to digital signatures on software, as well as online banking, healthcare systems, government platforms and consumer accounts – encryption is the trust layer of the internet.

And most of it is not quantum-resistant. While the U.S. National Institute of Standards and Technology (NIST) has begun standardising quantum-safe encryption algorithms, including Kyber, they are not yet widely deployed. That means the logins and records you create today could be tomorrow’s open doors.

Large-scale quantum computers aren’t publicly available yet, but waiting for them to arrive is a mistake. Cybercriminals aren’t waiting – many have already started preparing.

The “Harvest Now, Decrypt Later” Threat

Hackers understand that quantum power is coming, and they’re planning ahead. Their strategy is simple: steal encrypted data now, knowing they’ll be able to decrypt it later. This “harvest now, decrypt later” approach means that stolen banking details, medical records or login credentials, which are protected currently with strong encryption, could be cracked years down the road – long after the original breach is forgotten.

Weak security practices make this problem worse. Keeper Security research shows that only 30% of people regularly update their passwords, leaving 70% exposed. Even more concerning, 41% reuse the same passwords across accounts, creating an easy opening for credential-stuffing attacks, where one stolen password is used to break into multiple accounts. These everyday habits give cybercriminals exactly the weaknesses they can exploit – whether now or in the quantum era.

Start Preparing Today for the Quantum Shift

The best way to defend against tomorrow’s quantum-enabled attacks is to act now. Leading organisations are already evaluating, developing and deploying quantum-resistant encryption, including NIST-approved algorithms like Kyber, to build in future-ready protections.

Individuals and businesses alike can prepare by taking proactive steps:

• Stay aligned with standards: Be sure to stay up-to-date on official guidelines and standards. Organisations should follow trusted guidance from NIST and the Cybersecurity and Infrastructure Security Agency (CISA).
• Update and patch regularly: You don’t need to track every technical update, but you should ensure the tools and providers you utilise are up to date with the latest security standards. Ensuring that products are regularly updated is critical, as patches often contain critical security fixes to keep your information secure.
• Vet your providers: Don’t just trust that a product is secure – verify it. Use products that meet and surpass compliance requirements, especially those that are looking to the future. When selecting a product for yourself or your organisation, vet it thoroughly against standards that are relevant to your needs.
• Reinforce best practices: As always, following existing best practices is the best way to protect yourself now and later. Use strong, unique passwords and change them regularly to defend against both current and future attack methods. The easiest way to manage them is with a trusted password manager, which generates strong passwords and stores them securely. Store sensitive information in secure, encrypted environments – not browsers, shared documents or sticky notes.
• Monitor for exposure: Every minute counts when your information is stolen. Organisations and individuals should use monitoring services that can alert them if their data appears on the dark web, so they can take immediate action.

And don’t abandon today’s encryption. Current standards remain highly effective and are essential to protecting your data today. The challenge is preparing for a post-quantum future while continuing to safeguard the world we live in right now.

Moving Into a Post-Quantum World

Quantum computing and its implications may sound daunting, but the path forward is clear. Strong, proactive measures taken today will help ensure a safer tomorrow.

This Cybersecurity Awareness Month, let’s recognise that preparing for the future is as important as defending against present threats. By reinforcing best practices, demanding future-proof tools and supporting the shift to quantum-resistant encryption, we can secure not only today’s digital world, but the post-quantum world we are heading toward.

The post The Quantum Future Is Coming – Hackers Are Already Preparing appeared first on IT Security Guru.

Keeper Security has announced the launch of its Visual Studio Code (VS Code) extension, extending its enterprise-grade secrets management directly into developers’ coding environments. The VS Code extension expands the KeeperPAM® platform’s reach into the developer ecosystem, enabling secure, zero-trust secrets management throughout the software development lifecycle.

Effective secrets management is vital for developers, as it safeguards the sensitive credentials and keys that keep applications secure. If items like API keys, tokens, or certificates are left exposed, whether through plaintext storage, embedding them in code, or casually sharing them, they can open the door to significant security breaches and system compromise.

The new Keeper VS Code extension allows developers to save, retrieve, generate and execute commands using secrets stored in their Keeper Vault, eliminating the need to leave their coding environment or expose sensitive information in configuration files. This direct integration supports both Keeper Commander CLI and Keeper Secrets Manager, providing organisations with the flexibility to align with their preferred infrastructure and security requirements.

Craig Lurey, CTO and Co-founder of Keeper Security, said: “Developers play a critical role in securing the software supply chain. Integrating Keeper directly into Visual Studio Code empowers teams to develop securely from the start. By embedding zero-trust principles into their workflows, developers can protect secrets and maintain compliance without slowing innovation.”

This launch reflects Keeper’s continued dedication to delivering unified privileged access and secrets management capabilities that align with the evolving needs of modern enterprises and development teams. 

The Keeper VS Code extension offers a range of powerful capabilities, including the ability to save, retrieve, and generate secrets directly from the Keeper Vault. It supports flexible operation through either the Keeper Commander CLI or Keeper Secrets Manager modes. The extension can automatically detect hardcoded credentials, such as API keys and tokens, to help developers quickly address security risks. It also enables secure command execution by injecting secrets from the Vault at runtime, and provides logging and debugging tools for greater visibility and easier troubleshooting.

By integrating secrets management directly into VS Code, Keeper helps organisations reduce secret sprawl, prevent accidental exposure and maintain compliance with zero-trust and least-privilege security frameworks.

Keeper Secrets Manager is part of Keeper’s unified privileged access management platform, KeeperPAM®. Built on a zero-trust, zero-knowledge architecture, KeeperPAM combines enterprise password, secrets and connection management with endpoint privilege management, zero-trust network access and remote browser isolation in a single cloud-based platform. Keeper’s Secrets Manager eliminates the need for manual secrets distribution, enforces least-privilege access and enables automated credential rotation, strengthening security while accelerating development workflows. With centralised visibility, detailed audit trails and API integrations that fit seamlessly into existing toolchains, KeeperPAM empowers developers to code faster, deploy securely and maintain compliance with minimal overhead.

Keeper’s new extension is available now in both the Visual Studio Marketplace and Open VSX Registry, ensuring compatibility with VS Code and its derivatives, such as Cursor.

The post Keeper Security Unveils Secure Secrets Management in Visual Studio Code appeared first on IT Security Guru.

The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies a once technically complex campaign flow, further “democratising” phishing for less skilled cybercriminals. It is thought to primarily target Microsoft 365 users.

Removing Barriers of Entry

Quantum Route Redirect bundles several capabilities that remove technical barriers to running a sophisticated phishing campaign: it uses behavioural detection to distinguish automatically between human and automated traffic, and intelligent routing to sort visitors without manual intervention. It also provides a a simplified analytics dashboard that presents comprehensive victim data – including location, device type and browser information – in an intuitive format. The platform also includes real-time monitoring displays campaign performance and success metrics so operators need no specialised technical expertise.

According to KnowBe4, the Phishing-as-a-Service (PhaaS) platform is capable of distinguishing between security tools and genuine users, directing the former to legitimate websites while sending the latter to the phishing version. This technique enables it to bypass URL scanners and certain web application firewalls. The platform also includes user-friendly features designed to support less technically skilled cybercriminals, such as a configuration panel for managing redirect rules, settings and routing logic; monitoring dashboards displaying traffic analytics; intelligent traffic routing to automatically sort visitors; and an analytics dashboard showing details such as victim location, device type and browser information.

To Carry Out An Attack

From the target’s perspective, these campaigns typically begin with a phishing email. Attackers usually cast a wide net using a range of themes and tactics designed to maximise victim engagement. These often include impersonation of services such as DocuSign and other agreement platforms, payroll-related scams, fake payment notifications, fraudulent “missed voicemail” messages, and QR code phishing (also known as quishing).

When the hyperlink is first activated, either by a security tool (bot) scanning it or by a person clicking on it, the request is intercepted by Quantum Route Redirect and sent for processing. The platform’s central routing engine then analyses all incoming traffic, using behavioural analysis to distinguish intelligently between bots and humans. Acting as both a classifier and router, the engine determines the appropriate destination for each request.

If the traffic is identified as originating from a bot, it is redirected to a safe URL, preventing access to the real phishing site. This protects the malicious infrastructure from exposure by security scanners and increases the likelihood that a genuine user will interact with the email, unless it is blocked by other detection mechanisms. Conversely, if the visitor is recognised as human, they are redirected to the actual phishing website, where attackers attempt to harvest Microsoft 365 credentials.

The Quantum Route Redirect system also provides administrative access for the cybercriminals operating these campaigns, featuring two streamlined management interfaces: a configuration panel for managing redirect rules, settings and routing logic, and a visitor statistics dashboard offering analytics such as traffic data to assess campaign performance.

Global Impact

This campaign has successfully compromised victims across 90 countries, demonstrating remarkable international reach. The US has borne the brunt of the attacks so far, accounting for 76% of affected users, while the remaining 24% are distributed worldwide, making the scope of this threat truly global.

What Should Organisations Do?

KnowBe4 advised security teams to implement a multi-layered defence strategy that incorporates a range of protective measures. These include using natural language processing (NLP) and natural language understanding to analyse email content, alongside URL and payload analysis, domain and impersonation detection, and polymorphic detection techniques. Sandboxing can be employed to inspect suspicious emails, while continuous monitoring helps identify potential account compromise. A human risk management (HRM) platform with advanced behavioural analytics, product telemetry and threat intelligence can generate individual risk scores, enabling personalised user training. In addition, email threat intelligence should be used to inform company-wide education initiatives, supported by rapid incident response procedures designed to isolate compromised users, block access and conduct digital forensics.

The post Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks appeared first on IT Security Guru.

Keeper Security has unveiled Keeper Forcefield, a new kernel-level endpoint security product designed to stop one of the fastest-growing cyber threats: memory-based attacks.

The company, known for its zero-trust and zero-knowledge Privileged Access Management (PAM) platform, says Forcefield is the first solution to deliver real-time memory protection at both the user and kernel levels, offering a proactive defence against credential theft, infostealers and memory-scraping malware.

“Forcefield closes one of the most dangerous blind spots in endpoint security,” said Craig Lurey, CTO and Co-founder of Keeper Security. “Malware can extract sensitive information directly from a device’s memory, even at the user level where administrative privilege isn’t required. Forcefield prevents this type of exploit entirely without disrupting trusted applications or everyday workflows.”

Closing a critical gap in endpoint protection

Traditional antivirus and Endpoint Detection and Response (EDR) tools often miss fileless and in-memory attacks that exploit unprotected memory rather than software vulnerabilities. Delivered through phishing or malicious downloads, these attacks can extract passwords, session tokens and other sensitive data directly from application memory — bypassing encryption and evading detection.

Keeper Forcefield addresses this by locking down memory access at the kernel level, preventing unauthorised processes from reading or scraping sensitive data. The product operates silently in the background, providing continuous protection without affecting system performance.

Supporting UK cyber resilience

The launch comes as UK organisations prepare for new obligations under the forthcoming Cyber Security and Resilience Bill, which aims to strengthen national cyber defences through alignment with the NCSC’s Cyber Assessment Framework (CAF) and Secure by Design principles.

With 43% of UK businesses reporting a cyber-attack in the past year, Forcefield’s ability to defend against advanced threats such as memory exploits and credential theft directly supports the UK’s wider resilience objectives.

How Keeper Forcefield works

Forcefield installs a lightweight, kernel-level driver that continuously monitors memory access, distinguishing between trusted and untrusted processes in real-time. It ensures legitimate applications function seamlessly while blocking unauthorised or malicious activity.

Key capabilities include:

• Kernel-level protection – Restricts and monitors memory access to protected applications.

• Selective memory restriction – Blocks unauthorised processes from reading application memory.

• Smart process validation – Identifies and validates trusted processes in real-time.

• Performance-friendly operation – Runs quietly without impacting performance or productivity.

Forcefield protects popular Windows applications including Chrome, Firefox, Edge, Brave, Opera and Vivaldi, along with Keeper’s own suite such as the Desktop App, Web Vault, Gateway, Bridge, Commander and KeeperChat. It supports Windows 11 x64 and ARM64 systems.

Rapid deployment and scalability

Available for both individual and enterprise users, Forcefield can be deployed across entire Windows environments in minutes using existing management tools, ensuring scalable, consistent endpoint protection.

More information and downloads are available at:
www.keepersecurity.com/forcefield-endpoint-protection

The post Keeper Security launches Forcefield to defend against memory-based attacks on Windows devices appeared first on IT Security Guru.

A new research report from Nagomi Security has revealed that, over the past six months, nearly three quarters (73%) of US CISOs have reported a significant cyber incident. The 2025 CISO Pressure Index emphasises how continuous widespread breaches and rising internal strain are reshaping the Chief Information Security Officer (CISO) role.

Nagomi’s 2025 CISO Pressure Index is based on a quantitative survey of 100 US-based CISOs across major industries.

Interestingly, the most consistent pressure isn’t coming from attackers, it’s coming from inside the organisation. According to the data, 87% of CISOs say pressure in their role has increased over the past year. Two-thirds report feeling burned out weekly or daily, and 40% considered leaving their role altogether.

Board expectations, shrinking resources, and tool fatigue are also factors causing additional strain. Notably, 42% of CISOs say expectations from boards and executives are now their greatest source of stress, more than the threats themselves. Most oversee sprawling tool stacks, with 65% managing 20 or more security tools, yet 58% say incidents occurred even though those tools were in place.

What’s more, CISOs face personal accountability when it comes to breaches. Worryingly, 17% say they always feel personally blamed for security incidents, regardless of root cause, and 39% say they often feel blamed – even when incidents fall outside their direct control. If a breach were to occur, 90% say their role may be at risk to some degree. Such pressured environments create the perfect place for burnout to thrive.

We know that AI has introduced new security risks and challenges, but the report notes that it’s also becoming a cost-cutting directive: 82% of CISOs say they’re under pressure to reduce staff using AI. The result is a widening gap between responsibility and control.

Emanuel Salmona, co-founder and CEO of Nagomi Security, said: “CISOs are managing nonstop risk with limited support and even less time. They’re expected to be strategic leaders and first responders all at once. The best way to support them is to share accountability across the business, make outcomes clearer, and give them the space to focus on what actually reduces risk.”

Finally, Nagomi is launching a new docuseries entitled Holding the Line, which features in-depth conversations with security leaders about the personal and professional toll of the role. The series dives into how the job is evolving, where pressure is coming from, and what needs to change.

The post Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds appeared first on IT Security Guru.

Forescout® Technologies, a global leader in cybersecurity, has announced the launch of eyeSentry, a new cloud-native exposure management solution designed to help enterprises continuously uncover and mitigate hidden risks across IT, Internet of Things (IoT), and Internet of Medical Things (IoMT) environments.

As organisations continue to embrace hybrid and cloud infrastructures, traditional vulnerability management methods such as static scans and point-in-time assessments are struggling to keep pace with the complexity and scale of modern, device-rich networks. Attackers are increasingly exploiting unmanaged devices—such as IP cameras, VoIP phones, and access control systems—as stealth entry points for lateral movement within networks.

According to new research from Forescout Research – Vedere Labs, published in the report “An X-ray of Modern Networks: Understanding and Mitigating IoT Security Risks,” 65% of connected assets across organisations are now non-traditional IT devices. These devices, which include printers, building sensors, and edge systems, often sit outside the scope of traditional scanning tools, creating blind spots that increase exposure and drive a surge in security breaches.

Redefining Exposure Management

Forescout’s new eyeSentry platform is purpose-built to address this challenge. Leveraging the company’s industry-leading asset intelligence, eyeSentry provides continuous discovery, contextualisation, and prioritisation of risks across all connected devices—managed or unmanaged.

By identifying critical risks early, security teams can act decisively before threats escalate. The platform’s cloud-native design enables streamlined deployment and ongoing learning from each mitigation cycle, enhancing resilience, refining detection accuracy, and strengthening response over time.

“With eyeSentry, we’re redefining how enterprises confront hidden risk,” said Barry Mainz, CEO of Forescout. “When unseen devices become attack vectors, the stakes aren’t just data—they’re operational continuity and trust. For over two decades, Forescout has set the standard in device intelligence, and now we’re bringing that expertise to the cloud, giving organisations the visibility and context they need to stay ahead of adversaries, including nation-state actors.”

Unified Visibility and Intelligence

Forescout eyeSentry unifies asset visibility and exposure management into a single, easy-to-deploy solution. Its key features include:

• Cloud-native deployment: Simplifies rollout across distributed environments without the maintenance demands of on-premises tools—ideal for sectors such as healthcare, finance, and retail.

• Active and passive asset discovery: Combines real-time active scanning with passive monitoring to deliver a comprehensive view of every connected device—whether agented, unmanaged, or un-agentable.

• Deeper visibility and precision: The dual-scan approach helps security teams uncover blind spots and build a full picture of asset behaviour, posture, and risk.

• Powered by Vedere Labs threat intelligence: Integrates Forescout’s 4D Platform insights, correlating device data with known exploits and business impact to support proactive defence.

New Research Highlights Growing IoT Risks

The “X-ray of Modern Networks” report analysed over 10 million devices across 700 organisations, revealing that 65% of connected assets fall outside traditional IT. The findings highlight extreme device diversity—with 380 device functions, 5,653 vendors, and 3,200 operating system versions represented—and show that critical sectors are heavily exposed. For instance, 54% of connected assets in financial services were non-IT, compared with 45% in healthcare and 40% in oil, gas, and mining.

These insights help explain a series of recent incidents in which attackers have exploited unmanaged devices—turning building sensors into listening tools or using IP cameras to evade endpoint detection. The report underscores the need for continuous, contextual visibility and risk-based remediation—capabilities that eyeSentry delivers by turning broad device intelligence into actionable security controls.

Webinar and Availability

Forescout will host a webinar, “Forescout eyeSentry: Continuous Threat and Exposure Management for the Modern Enterprise,” on December 4 at 8 a.m. PT (Session 1) and 4 p.m. PT (Session 2) to showcase the new platform.

For more information about eyeSentry, visit https://www.forescout.com/products/eyesentry/

The post New Forescout report finds 65% of connected assets are outside traditional IT visibility appeared first on IT Security Guru.

APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn compliance from a productivity limiter to a business accelerator with measurable efficiency and risk-reduction outcomes. In short, how much time is saved if compliance controls are built into your development or release process, if you have instant access to audit trails and data-flow maps? Salt’s core belief sums it up: you can’t secure AI without securing APIs.

Across hundreds of enterprises, Salt Security’s H2 2025 State of API Security Report shows the same pattern: organizations are racing to ship AI features, but governance and runtime security of the API layer haven’t kept pace. Half (50%) slowed a release due to API risk, one-third (33%) suffered an API incident, 80% lack continuous monitoring, and only 19% are “very confident” in their API inventory. These aren’t theoretical gaps. In the context of AI, this “risk exposure” includes specific threats like data poisoning, model theft, and unauthorized system use that can fundamentally alter an AI system’s behavior. These are real business outcomes in lost time, rework, and increased risk exposure.

Compliance Might Be an API Problem

Meeting these new AI regulations is fundamentally an API security challenge. For instance, the EU AI Act mandates “Accuracy, robustness, and cybersecurity” for high-risk systems (Article 15). This is impossible without securing the API, which your whitepaper identifies as the “primary attack surface”. Similarly, ensuring “Data and Data Governance” (Article 10) relies on securing API conduits to prevent data poisoning and ensure integrity. API security provides the very “logging and traceability” (Articles 12 & 20) needed for human oversight and the complete API discovery required to manage the entire AI lifecycle, as mandated by ISO 42001.

A recent Gartner® report stated, “Model Context Protocol (MCP) and Agent2Agent (A2A) do not replace existing APIs. They rely on APIs for data, context, tools and resources for consumption by autonomous agents and AI applications.”

The expanded attack surface

The volume and sophistication of API-related attacks continue to climb. In fact, Salt Labs reports that nearly every organization (99%) experienced API security issues in the past year. The targeting is based in part on the potential to access and expose personally identifiable information. Of notable concern, a recent report from Salt Labs shows that 96% of attacks come from authenticated sources with 98% of those targeting external-facing APIs.  This shift challenges the historical outside-in perimeter mindset.

Salt Labs also found that the majority of API misuse attempts stemmed from either API1 (Broken Object Level Authorization) or API8 (Security Misconfiguration) vulnerabilities.  For those organizations expanding their AI capabilities, this expanded attack surface carries compliance implications.  Each vulnerability becomes a potential failure in governance.  

As Salt’s research highlights, without strong governance and visibility into APIs that handle sensitive data, organizations struggle to enforce security policies consistently. This often leads to misconfigurations, excessive permissions, and weak access controls, conditions that increase breach risk and jeopardize regulatory readiness.

Compliance today

Frameworks like ISO/IEC 42001 and the EU AI Act highlight that accountability and governance need to be considered from the beginning and not treated as an afterthought.  Organizations that adopt compliance by design now will be the ones ready when enforcement begins.  The benefit extends beyond regulatory alignment; it’s about strengthening operational resilience.

The Gartner® report also stated, “Double down on API security by adding specialist security solutions to supplement standard gateway protections. Rate-limiting and access management, in particular, are vital for APIs AI applications will consume when addressing the risk of data and services being abused by agentic use.”

Salt’s platform was built for exactly this challenge: to give organizations AI-aware visibility, policy-driven governance, and real-time protection across the APIs that power AI systems. Because in the age of intelligent agents, one truth remains: you can’t secure AI without securing APIs.

References:

Gartner, How MCP and the A2A Protocols Impact API Management, Shameen Pillai, Mark O’Neill, Aaron Lord, 25 August 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Why API Security Is Central to AI Governance appeared first on IT Security Guru.

A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the battlefield. Only 12% of respondents in the UK and 16% in the United States said their organisations are fully prepared to handle AI-enhanced attacks. In Germany, confidence was higher at 28%, but most respondents acknowledged that preparedness remains a work in progress. 

Unlike traditional surveys, this study is built on anonymous, in-person feedback from cybersecurity professionals on the front lines of defence. More than 370 practitioners shared candid insights during three of the industry’s most influential conferences (Infosecurity Europe in London, Black Hat USA in Las Vegas and it-sa in Nuremberg) offering a view into how security teams are adapting to an increasingly complex threat landscape. 

In the United Kingdom, these insights arrive amid a sharp escalation in cyber activity. The National Cyber Security Centre (NCSC) recently reported a 50% year-on-year rise in nationally significant cyber incidents, with new attacks emerging almost daily. The surge highlights how UK organisations face constant pressure to strengthen identity protection and access controls.

Zero trust was universally recognised as critical to a modern defence strategy, yet implementation continues to trail intent. At Infosecurity Europe, 18% of respondents reported fully implemented zero-trust frameworks. That figure rose to 27% at Black Hat USA and 44% at it-sa in Germany, reflecting stronger progress but underscoring that adoption remains uneven across regions.

In the UK, momentum around zero trust is being driven by national frameworks such as the NCSC’s Cyber Assessment Framework, the National Cyber Strategy 2022–2030, and the UK’s move to align with NIS2. Each underscores the need for robust identity and access management, yet Keeper’s findings show many organisations still lack the practical tools to put these policies into action.

The data also reinforces identity-based attacks as the leading global concern. Half of UK respondents identified phishing as the top identity-based threat, with 42% naming deepfakes. In the United States, 45% cited phishing as their greatest risk, followed by 41% who pointed to deepfakes. Concern peaked in Germany, where 61% of respondents identified deepfakes as the most significant identity-based threat.

In the UK, phishing remains the dominant attack vector. The Government’s Cyber Security Breaches Survey 2025 found that 85% of businesses experiencing an attack reported phishing among the methods used — a near-universal pattern that mirrors Keeper’s own UK findings.

Across all regions, privileged access controls were found to be inconsistent. In the UK, 43% said Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts. In the United States, 40% reported the same, while in Germany, half of the respondents said their organisations lack a dedicated PAM solution altogether.

The results reveal that security leaders are aligned on strategy but divided by execution. Awareness of zero trust, PAM and AI-driven security principles is high, yet complexity, resource constraints and competing priorities continue to delay deployment. 

Darren Guccione, CEO and Co-founder, Keeper Security, said: “Identity has become the control point of cybersecurity. Our data demonstrates that the disparity between cybersecurity awareness and action is wide, but positive, proactive defence can close this gap. The organisations that lead in zero trust and PAM are not only protecting access but building the foundation for secure, scalable growth in the age of AI.”

The report emphasises that true resilience now depends on disciplined execution, measurable progress and the responsible use of AI to detect anomalies and manage risk across every access point. 

The post UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds appeared first on IT Security Guru.

Check Point has unveiled its new solution, AI Cloud Protect, built in partnership with the NVIDIA Corporation. The offering is designed to deliver end-to-end protection for enterprise AI infrastructure, from model development through to inference, leveraging NVIDIA’s BlueField data processing units and DOCA security framework.

Security gaps are emerging, as organisations accelerate AI adoption. According to Check Point’s data, one in every 80 GenAI prompts exposes sensitive data. Simultaneously, a recent Gartner report found that 32% of organisations experienced a prompt manipulation attack and 29% dealt with attacks on GenAI infrastructure in the past year. This paints a worrying picture. 

Nataly Kremer, Chief Product Officer at Check Point, said “As enterprises race to build AI-driven innovation, they can’t afford blind spots. With NVIDIA, we’re making AI factories secure by design, protecting models, data, and infrastructure without slowing innovation.”

AI Cloud Protect runs on NVIDIA BlueField-3 DPUs and is validated on NVIDIA RTX PRO servers, enabling enterprises to deploy AI securely from data centre to cloud without the performance trade-offs typical of legacy security solutions. 

This multi-layered solution secures AI workloads by providing network-level protection against data poisoning and model exfiltration. It also offers host-level visibility through NVIDIA’s DOCA Argus to detect malicious processes, all with unified, accelerated management across thousands of AI nodes with zero CPU/GPU overhead.

“Security is essential for the next generation of AI infrastructure,” said David Reber, chief security officer at NVIDIA. “NVIDIA is working with Check Point to integrate BlueField acceleration and the NVIDIA DOCA Argus runtime security framework into the AI Cloud Protect platform to help enterprises deploy AI confidently.”

Early adopters of AI Cloud Protect include the systems integrator World Wide Technology (WWT) and select financial services organisations, where the solution is being piloted in AI data centres supporting large language-model development and prompt-based applications.

Chris Konrad, Vice President, Global Cyber, World Wide Technology, said: “As enterprises build AI server factories at scale, the combination of Check Point’s AI Cloud Protect and NVIDIA BlueField acceleration delivers enterprise-grade protection for sensitive AI workloads from model training to inference without compromising the performance modern AI applications demand.”

This multi-layered solution secures AI workloads by providing network-level protection against data poisoning and model exfiltration. It also offers host-level visibility through NVIDIA’s DOCA Argus to detect malicious processes, all with unified, accelerated management across thousands of AI nodes with zero CPU/GPU overhead.

The post Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads appeared first on IT Security Guru.