Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its behavioural threat protection to safeguard Model Context Protocol (MCP) servers via AWS WAF. The announcements highlight the company’s growing focus on visibility, risk reduction and real-time defence in increasingly complex cloud and AI environments.

On 1 December, Salt launched “Ask Pepper AI”, a natural language interface designed to help security teams instantly query their entire API estate. Built on Amazon Bedrock, the tool allows users to ask plain-English questions (such as “Which of my APIs expose PII?” or “What APIs have the highest Risk Score?”) and receive immediate, actionable insights drawn from Salt’s API Discovery, Posture Governance and Threat Protection capabilities.

With organisations struggling for clarity in sprawling cloud environments, Salt’s H2 2025 State of API Security Report found that only 19% feel “very confident” in the accuracy of their API inventory, while 15% admit they do not know which APIs expose personal data. Salt says “Ask Pepper AI” helps close these gaps by democratising access to critical security information and accelerating both incident response and risk prioritisation.

“API security is complex, but understanding your risk shouldn’t be,” said Michael Nicosia, Co-Founder and COO at Salt Security. “‘Ask Pepper AI’ makes it simple. By using Amazon Bedrock, we’re putting powerful, intuitive security insights into the hands of everyone from SOC analysts to CISOs. When most organisations aren’t even sure what their API inventory looks like, the ability to just ask and get an immediate answer is a game-changer.”

Two days later, Salt announced a second major capability: the extension of its patented API behavioural threat protection to detect and block malicious intent targeting MCP servers. MCP servers allow LLMs and autonomous agents to execute tasks by calling APIs and tools, but their growing usage has outpaced security controls. Often deployed without central oversight and exposed to the internet, they are becoming a new target for attackers seeking access to sensitive data and system functionality.

Building on Salt’s recently released MCP Finder technology, the company now enables organisations to identify misuse or abuse of MCP servers and automatically block threats using AWS WAF, leveraging real-time behavioural intelligence from the Salt platform.

“Most organisations don’t even know how many MCP servers they have, let alone which ones are exposed or being abused,” said Nick Rago, VP of Product Strategy at Salt Security. “This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure.”

By combining MCP discovery with AWS WAF enforcement, customers can block attacks before they impact applications, uncover shadow or unmanaged MCP instances, extend edge protection to the AI action layer, and continuously update defences as attacker tactics change.

The post Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure appeared first on IT Security Guru.

Keeper Security has announced the appointment of Tim Strickland as Chief Revenue Officer (CRO). Strickland will lead Keeper’s global revenue organisation, driving go-to-market strategy, customer growth and channel expansion as demand accelerates globally for modern Privileged Access Management (PAM) and identity security solutions.

Strickland brings more than two decades of executive leadership experience scaling high-performance revenue teams at category-defining SaaS companies. Most recently, he served as Chief Revenue Officer at ZoomInfo, where he guided the company through a successful IPO, built its customer growth and strategic sales functions and oversaw the go-to-market integration of eight acquisitions.

Prior to ZoomInfo, Strickland held senior revenue leadership roles at Marketo, where he played an integral role in the company’s growth, its take-private acquisition by Vista Equity Partners and subsequent sale to Adobe. His responsibilities spanned enterprise sales, account management, customer success and global channel development.

“Tim is joining Keeper at a pivotal moment as organisations around the world confront unprecedented identity-based threats,” said Darren Guccione, CEO and Co-founder of Keeper Security. “He brings the kind of leadership that elevates teams, sharpens focus and accelerates impact. Tim understands the responsibility we have to our customers, and he shares our commitment to building secure, elegant solutions that drive meaningful outcomes. I’m confident he will help propel Keeper into its next chapter of growth while keeping our vision and our customers at the centre of everything we do.”

In his new role, Strickland will oversee Keeper’s global sales, customer success, revenue operations and channel ecosystem, with a focus on expanding market penetration for Keeper’s unified privileged access management platform. KeeperPAM® combines enterprise password management, secrets management, privileged session management, zero-trust network access, endpoint privilege management and remote browser isolation into a single cloud-native solution—designed to meet surging global demand for credential and identity-based threat protection.

“Identity and access security has never been more critical, and Keeper has built a revolutionary cybersecurity platform for organisations,” said Strickland. “The market opportunity is tremendous, and the company’s momentum reflects a deep commitment to innovation and customer value. I’m excited to help scale our impact globally and support customers in strengthening their security posture.”

Strickland also serves as an Advisory Partner with Summit Partners, where he helps high-growth technology companies navigate go-to-market transformation and scale with discipline. As Keeper continues to meet rising global demand for modern privileged access and identity security, Strickland’s leadership will help advance the company’s mission to deliver zero-trust and zero-knowledge solutions that protect the world’s most sensitive data and systems.

The post Keeper Security Appoints New Chief Revenue Officer appeared first on IT Security Guru.

Nominations are now open for the 2026 Most Inspiring Women in Cyber Awards! The deadline for entry is the 9th January 2026. We’re proud to be media supporters once again. 

The 2026 event is hosted by Eskenzi PR and sponsored by Fidelity International, BT, Bridewell and Plexal – organisations that are leading the way in making the cybersecurity industry more inclusive. The 6th annual event, held at the iconic BT Tower on the 26th February 2026, aims to celebrate trailblazers at all stages of their careers from across the cybersecurity industry who are doing exceptional things. 

Additionally, Eskenzi PR has partnered with some of the most influential women in cyber groups to help shape the awards, ensuring they are more inclusive and intersectional than ever before. By partnering with WiCyS UK & Ireland Affiliate and Women in Tech and Cybersecurity Hub (WiTCH), it is hoped that the 2026 event will reach an even wider range of inspirational women from across all corners of the globe.

Aiding in this mission, cybersecurity consultancy Bridewell has committed to sponsoring a bursary that will allow the UK based winners of the Ones to Watch category to attend the awards with paid travel and accommodation. A new addition for the 2026 awards, sparked by industry feedback, this move is hoped to remove the financial barriers of attending industry events for people starting out in their careers.

Cybersecurity continues to face challenges with diversity and representation. According to research by ISC2, women now make up about 22% of the global cybersecurity workforce. Despite the industry’s growing demand for skilled professionals – driven by escalating talent shortages and increasingly sophisticated threats – representation remains limited. Building a more inclusive cybersecurity community requires visible role models, mentorship, and active encouragement. After all, we cannot become what we cannot see.

The Most Inspiring Women in Cyber Awards aims to bring together and empower incredible women (both established and those starting out their careers) and make long lasting connections.

Nominations can be submitted via this link and will remain open until 5pm on Friday 9th January 2026. An esteemed panel of judges (yet to be confirmed) will then review the submissions and narrow the list down to the Top 20, each of whom will be profiled on the IT Security Guru. There will also be five women crowned ‘ones to watch’.

On the 26th February 2026, a physical awards ceremony will be held in London at the iconic BT Tower. The event will include a welcome address and an informal panel discussion with a Q&A featuring industry leaders. Then, the finalists will be awarded their certificates and trophies. The event will conclude with networking over food and drinks at the top of the tower. Finalists, judges, and guests are welcome to attend in person and the public can tune in to the ceremony via a live stream. More information to be provided soon.

The award’s founder, Yvonne Eskenzi, said: “We’re delighted to once again host the Most Inspiring Women in Cyber Awards, supported by industry leaders including Fidelity International, Bridewell and Plexel. With BT’s continued partnership, it’s a pleasure and a privilege to return to the iconic BT Tower once again for this special occasion. At Eskenzi, we remain deeply committed to championing diversity in cybersecurity through meaningful action. Together with leading women’s networks and forward-thinking organisations, the Most Inspiring Women in Cyber Awards aims to celebrate, elevate and empower women across the sector while helping to forge lasting connections among all who attend.”

‘Women in Cyber’ group, at Fidelity International, said: “At Fidelity International, supporting the 2026 Most Inspiring Women in Cyber Awards reflects our belief that empowering women strengthens cybersecurity. As cyber threats intensify, diverse perspectives are key to safeguarding our digital future. By championing talent and creating opportunities, we aim to inspire the next generation of women leaders in cybersecurity.”

Laura Price, Cyber Skills Partnerships Manager at BT Business, said: “At BT Business, we’re committed to helping organisations stay connected, secure, and future ready. Supporting the Most Inspiring Women in Cyber Awards reflects our belief that diversity and innovation go hand in hand. By celebrating role models and amplifying voices, we aim to inspire the next generation of cyber leaders and strengthen the resilience of businesses in an increasingly digital world.”

Diane Gilbert, Senior Lead Programmes at Plexal, said: “Plexal supports women in cyber to build careers and grow their businesses. Wonderful moments like the Most Inspiring Women in Cyber Awards provide an opportunity to celebrate the increased inclusion and diversification of the industry to date. And reinforces the important role we all play in keeping the momentum going on female representation in the sector. Plexal is excited to be a returning sponsor of the 2026 awards.” 

For more information and to nominate visit: https://www.itsecurityguru.org/most-inspiring-women-cyber-2026/

The post Nominations Open For The Most Inspiring Women in Cyber Awards 2026 appeared first on IT Security Guru.

Amelia Hewitt, Co-Founder (Director of Cyber Consulting) at Principle Defence and Founder of CybAid, and Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, are proud to announce the launch of the second series of The Cyber Agony Aunt Podcast (formerly Securely Yours Podcast). The new season is now available to stream on all major platforms.

The Cyber Agony Aunt Podcast is an empowering series hosted by Hewitt and Taylor, two accomplished cybersecurity professionals, recorded at Matinee Studios in Reading, UK. Drawing on their extensive experience in the field and their roles as mentors, they use an “agony aunt” format to address the real-life questions and challenges faced by professionals.

Inspired by classic magazine advice columns, the podcast offers practical guidance for those building and thriving in cybersecurity and related careers. Through candid conversations and questions from mentees and peers, Hewitt and Taylor explore pressing topics such as active allyship, burnout, sexual harassment, threat intelligence, and overcoming adversity. Their confessional tone ensures that no issue is considered off-limits.

To further enrich the series, Season 2 features a selection of seasoned professionals who share their perspectives, lived experiences, and expert insights in specially curated episodes. Amelia Hewitt and Rebecca Taylor have had the privilege of speaking with:

• Callum Stott(Sales Director at Matinée Multilingual),
• Karl Lankford(Senior Director, Solutions Engineering at Rapid7),
• Phoebe Farrelly(Deals – Lead Advisory & Restructuring at PWC, and Branch Coordinator for CyberWomen Groups C.I.C),
• Nikki Webb(Global Channel Manager at Custodian360, Founder of The Cyber House Party, and Volunteer Marketing Coordinator at The Cyber Helpline),
• Will Lyne(Head of Economic & Cybercrime at the Metropolitan Police Service),
• Pauline Campbell (Principal Lawyer at London Borough of Waltham Forest & Social Justice Author),
• Jake Moore(Global Cybersecurity Advisor at ESET)
• Zak Layton-Elliott(Director of Partnerships at CybAid ,and Cyber Security Analyst at Principle Defence).

The Cyber Agony Aunt Podcast offers practical guidance for anyone seeking to advance their career in cybersecurity. Driven by the belief that everyone should thrive, not merely survive, the series aims to make professional growth attainable through accessible, actionable advice. Hewitt and Taylor approach even the most complex and uncomfortable topics with honesty and empathy, ensuring no conversation is left unspoken and no listener feels alone.

Co-host Amelia Hewitt said: ‘It’s been an incredible journey. We have been very fortunate to have lots of guests on the series, all happy and willing to share their opinions and thought leadership. This series is a real eye opener, myth buster and level setter for anyone wanting to understand the nitty gritty of a career in the cyber industry.’

Co-host Rebecca Taylor added: ‘This podcast is about showing that no-one in cyber is alone. By bringing together voices from across the industry, we’re breaking down barriers, sharing real experiences, and proving that a career in cyber is possible for anyone – even with all its challenges. We’re not shying away from the tough conversations; we’re having them, so others don’t have to face them in silence.’

The Cyber Agony Aunt Podcast, hosted by Amelia Hewitt and Rebecca Taylor, is now available to stream on all major platforms. Their first book, Securely Yours, is also available for purchase on Amazon (you can read the IT Security Guru’s Q&A with the hosts here). The duo are currently working on their highly anticipated second book, ‘Resilient You: An Agony Aunts’ Guide to Keeping It Together’, scheduled for release in April 2026.

The post Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers appeared first on IT Security Guru.

Today, APIContext, has launched its Model Context Protocol (MCP) Server Performance Monitoring tool, a new capability that ensures AI systems respond fast enough to meet customer expectations.

Given that 85% of enterprises and 78% of SMBs are now using autonomous agents, MCP has emerged as the key enabler by providing an open standard that allows AI agents access tools, like APIs, databases, and SaaS apps, through a unified interface. Yet, while MCP unlocks scale for agent developers, it also introduces new complexity and operational strain for the downstream applications these agents rely on. Even small slowdowns or bottlenecks can cascade across automated workflows, impacting performance and end-user experience.

APIContext’s MCP server performance monitoring tool provides organisations with first-class observability for AI-agent traffic running over the MCP. This capability enables enterprises to detect latency, troubleshoot issues, and ensure AI workflows are complete within the performance budgets needed to meet user-facing SLAs. For example, consider a voice AI customer support system speaking with a caller. If the AI sends a query to the MCP server and has to wait for a response, the caller quickly becomes irritated and frustrated, often choosing to escalate to a human operator. This kind of latency prevents the business from realising the full value of its AI operations and disrupts the customer experience.

Key Benefits of MCP Performance Monitoring Includes:

• Performance Budgeting for Agentic Workflows: Guarantees agent interactions are completed under required latency to maintain user-facing SLAs. 
• Root Cause Diagnosis: Identifies whether delays are caused by the agent, MCP server, authentication, or downstream APIs. 
• Reliability in Production: Detects drift and errors in agentic workflows before they affect customers.

“AI workflows now depend on a distributed compute chain that enterprises don’t control. Silent failures happen outside logs, outside traces, and outside traditional monitoring,” said Mayur Upadhyaya, CEO of APIContext. “. With MCP performance monitoring, we give organisations a live resilience signal that shows how machines actually experience their digital services so they can prevent failures before customers ever feel them.”

For more information on APIContexts’ MCP Performance Monitoring Tool, visit https://apicontext.com/features/mcp-monitoring/ 

The post APIContext Introduces MCP Server Performance Monitoring to Ensure Fast and Reliable AI Workflows appeared first on IT Security Guru.

API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.

With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate platform, extending visibility across the full API lifecycle. The new capability analyses code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection.  As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.”

This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.

Nick Rago, VP of Product Strategy, Salt Security, said: “AI agents and MCP servers have transformed how digital systems communicate and act. By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”

Modern code repositories have become the blueprint for the wider API ecosystem, shaping how applications and AI agents interact. GitHub Connect enables organisations to identify shadow APIs and MCP servers by analysing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere. It also supports a “shift-left” approach to governance by highlighting high-risk MCPs in private repositories so that policy can be applied before deployment. By bringing code-level insights into Salt’s unified risk model, it ensures that APIs and MCPs discovered in source code receive the same risk scoring as those identified at runtime.

The post Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories appeared first on IT Security Guru.

In 2025 we’re not just fighting today’s headline-grabbing cyber threats, but we’re also preparing for tomorrow’s. Technology is evolving at a pace that is both fuelling progress for defenders and powering new tools for bad actors. The same advances that drive discovery and innovation also give cybercriminals new ways to attack faster, more broadly and with greater impact. One of the clearest examples of this dual advancement is quantum computing: a breakthrough that could change the world for good, but also put the very foundations of online security at risk.

What is Quantum Computing?

Quantum computing is an emerging technology that processes information in ways traditional computers never could. Instead of working through one calculation at a time, quantum machines harness the principles of quantum mechanics to evaluate countless possibilities simultaneously.

That power has tremendous upside – potentially accelerating breakthroughs in medicine, science and engineering – but also creating a profound security challenge. Once fully realised, quantum computers will be able to break the public-key cryptography in use today, including RSA and Elliptic Curve Cryptography (ECC). These aren’t niche tools: they secure almost everything online. From the HTTPS connections that protect your browsing to digital signatures on software, as well as online banking, healthcare systems, government platforms and consumer accounts – encryption is the trust layer of the internet.

And most of it is not quantum-resistant. While the U.S. National Institute of Standards and Technology (NIST) has begun standardising quantum-safe encryption algorithms, including Kyber, they are not yet widely deployed. That means the logins and records you create today could be tomorrow’s open doors.

Large-scale quantum computers aren’t publicly available yet, but waiting for them to arrive is a mistake. Cybercriminals aren’t waiting – many have already started preparing.

The “Harvest Now, Decrypt Later” Threat

Hackers understand that quantum power is coming, and they’re planning ahead. Their strategy is simple: steal encrypted data now, knowing they’ll be able to decrypt it later. This “harvest now, decrypt later” approach means that stolen banking details, medical records or login credentials, which are protected currently with strong encryption, could be cracked years down the road – long after the original breach is forgotten.

Weak security practices make this problem worse. Keeper Security research shows that only 30% of people regularly update their passwords, leaving 70% exposed. Even more concerning, 41% reuse the same passwords across accounts, creating an easy opening for credential-stuffing attacks, where one stolen password is used to break into multiple accounts. These everyday habits give cybercriminals exactly the weaknesses they can exploit – whether now or in the quantum era.

Start Preparing Today for the Quantum Shift

The best way to defend against tomorrow’s quantum-enabled attacks is to act now. Leading organisations are already evaluating, developing and deploying quantum-resistant encryption, including NIST-approved algorithms like Kyber, to build in future-ready protections.

Individuals and businesses alike can prepare by taking proactive steps:

• Stay aligned with standards: Be sure to stay up-to-date on official guidelines and standards. Organisations should follow trusted guidance from NIST and the Cybersecurity and Infrastructure Security Agency (CISA).
• Update and patch regularly: You don’t need to track every technical update, but you should ensure the tools and providers you utilise are up to date with the latest security standards. Ensuring that products are regularly updated is critical, as patches often contain critical security fixes to keep your information secure.
• Vet your providers: Don’t just trust that a product is secure – verify it. Use products that meet and surpass compliance requirements, especially those that are looking to the future. When selecting a product for yourself or your organisation, vet it thoroughly against standards that are relevant to your needs.
• Reinforce best practices: As always, following existing best practices is the best way to protect yourself now and later. Use strong, unique passwords and change them regularly to defend against both current and future attack methods. The easiest way to manage them is with a trusted password manager, which generates strong passwords and stores them securely. Store sensitive information in secure, encrypted environments – not browsers, shared documents or sticky notes.
• Monitor for exposure: Every minute counts when your information is stolen. Organisations and individuals should use monitoring services that can alert them if their data appears on the dark web, so they can take immediate action.

And don’t abandon today’s encryption. Current standards remain highly effective and are essential to protecting your data today. The challenge is preparing for a post-quantum future while continuing to safeguard the world we live in right now.

Moving Into a Post-Quantum World

Quantum computing and its implications may sound daunting, but the path forward is clear. Strong, proactive measures taken today will help ensure a safer tomorrow.

This Cybersecurity Awareness Month, let’s recognise that preparing for the future is as important as defending against present threats. By reinforcing best practices, demanding future-proof tools and supporting the shift to quantum-resistant encryption, we can secure not only today’s digital world, but the post-quantum world we are heading toward.

The post The Quantum Future Is Coming – Hackers Are Already Preparing appeared first on IT Security Guru.

Keeper Security has announced the launch of its Visual Studio Code (VS Code) extension, extending its enterprise-grade secrets management directly into developers’ coding environments. The VS Code extension expands the KeeperPAM® platform’s reach into the developer ecosystem, enabling secure, zero-trust secrets management throughout the software development lifecycle.

Effective secrets management is vital for developers, as it safeguards the sensitive credentials and keys that keep applications secure. If items like API keys, tokens, or certificates are left exposed, whether through plaintext storage, embedding them in code, or casually sharing them, they can open the door to significant security breaches and system compromise.

The new Keeper VS Code extension allows developers to save, retrieve, generate and execute commands using secrets stored in their Keeper Vault, eliminating the need to leave their coding environment or expose sensitive information in configuration files. This direct integration supports both Keeper Commander CLI and Keeper Secrets Manager, providing organisations with the flexibility to align with their preferred infrastructure and security requirements.

Craig Lurey, CTO and Co-founder of Keeper Security, said: “Developers play a critical role in securing the software supply chain. Integrating Keeper directly into Visual Studio Code empowers teams to develop securely from the start. By embedding zero-trust principles into their workflows, developers can protect secrets and maintain compliance without slowing innovation.”

This launch reflects Keeper’s continued dedication to delivering unified privileged access and secrets management capabilities that align with the evolving needs of modern enterprises and development teams. 

The Keeper VS Code extension offers a range of powerful capabilities, including the ability to save, retrieve, and generate secrets directly from the Keeper Vault. It supports flexible operation through either the Keeper Commander CLI or Keeper Secrets Manager modes. The extension can automatically detect hardcoded credentials, such as API keys and tokens, to help developers quickly address security risks. It also enables secure command execution by injecting secrets from the Vault at runtime, and provides logging and debugging tools for greater visibility and easier troubleshooting.

By integrating secrets management directly into VS Code, Keeper helps organisations reduce secret sprawl, prevent accidental exposure and maintain compliance with zero-trust and least-privilege security frameworks.

Keeper Secrets Manager is part of Keeper’s unified privileged access management platform, KeeperPAM®. Built on a zero-trust, zero-knowledge architecture, KeeperPAM combines enterprise password, secrets and connection management with endpoint privilege management, zero-trust network access and remote browser isolation in a single cloud-based platform. Keeper’s Secrets Manager eliminates the need for manual secrets distribution, enforces least-privilege access and enables automated credential rotation, strengthening security while accelerating development workflows. With centralised visibility, detailed audit trails and API integrations that fit seamlessly into existing toolchains, KeeperPAM empowers developers to code faster, deploy securely and maintain compliance with minimal overhead.

Keeper’s new extension is available now in both the Visual Studio Marketplace and Open VSX Registry, ensuring compatibility with VS Code and its derivatives, such as Cursor.

The post Keeper Security Unveils Secure Secrets Management in Visual Studio Code appeared first on IT Security Guru.

The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies a once technically complex campaign flow, further “democratising” phishing for less skilled cybercriminals. It is thought to primarily target Microsoft 365 users.

Removing Barriers of Entry

Quantum Route Redirect bundles several capabilities that remove technical barriers to running a sophisticated phishing campaign: it uses behavioural detection to distinguish automatically between human and automated traffic, and intelligent routing to sort visitors without manual intervention. It also provides a a simplified analytics dashboard that presents comprehensive victim data – including location, device type and browser information – in an intuitive format. The platform also includes real-time monitoring displays campaign performance and success metrics so operators need no specialised technical expertise.

According to KnowBe4, the Phishing-as-a-Service (PhaaS) platform is capable of distinguishing between security tools and genuine users, directing the former to legitimate websites while sending the latter to the phishing version. This technique enables it to bypass URL scanners and certain web application firewalls. The platform also includes user-friendly features designed to support less technically skilled cybercriminals, such as a configuration panel for managing redirect rules, settings and routing logic; monitoring dashboards displaying traffic analytics; intelligent traffic routing to automatically sort visitors; and an analytics dashboard showing details such as victim location, device type and browser information.

To Carry Out An Attack

From the target’s perspective, these campaigns typically begin with a phishing email. Attackers usually cast a wide net using a range of themes and tactics designed to maximise victim engagement. These often include impersonation of services such as DocuSign and other agreement platforms, payroll-related scams, fake payment notifications, fraudulent “missed voicemail” messages, and QR code phishing (also known as quishing).

When the hyperlink is first activated, either by a security tool (bot) scanning it or by a person clicking on it, the request is intercepted by Quantum Route Redirect and sent for processing. The platform’s central routing engine then analyses all incoming traffic, using behavioural analysis to distinguish intelligently between bots and humans. Acting as both a classifier and router, the engine determines the appropriate destination for each request.

If the traffic is identified as originating from a bot, it is redirected to a safe URL, preventing access to the real phishing site. This protects the malicious infrastructure from exposure by security scanners and increases the likelihood that a genuine user will interact with the email, unless it is blocked by other detection mechanisms. Conversely, if the visitor is recognised as human, they are redirected to the actual phishing website, where attackers attempt to harvest Microsoft 365 credentials.

The Quantum Route Redirect system also provides administrative access for the cybercriminals operating these campaigns, featuring two streamlined management interfaces: a configuration panel for managing redirect rules, settings and routing logic, and a visitor statistics dashboard offering analytics such as traffic data to assess campaign performance.

Global Impact

This campaign has successfully compromised victims across 90 countries, demonstrating remarkable international reach. The US has borne the brunt of the attacks so far, accounting for 76% of affected users, while the remaining 24% are distributed worldwide, making the scope of this threat truly global.

What Should Organisations Do?

KnowBe4 advised security teams to implement a multi-layered defence strategy that incorporates a range of protective measures. These include using natural language processing (NLP) and natural language understanding to analyse email content, alongside URL and payload analysis, domain and impersonation detection, and polymorphic detection techniques. Sandboxing can be employed to inspect suspicious emails, while continuous monitoring helps identify potential account compromise. A human risk management (HRM) platform with advanced behavioural analytics, product telemetry and threat intelligence can generate individual risk scores, enabling personalised user training. In addition, email threat intelligence should be used to inform company-wide education initiatives, supported by rapid incident response procedures designed to isolate compromised users, block access and conduct digital forensics.

The post Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks appeared first on IT Security Guru.

A new research report from Nagomi Security has revealed that, over the past six months, nearly three quarters (73%) of US CISOs have reported a significant cyber incident. The 2025 CISO Pressure Index emphasises how continuous widespread breaches and rising internal strain are reshaping the Chief Information Security Officer (CISO) role.

Nagomi’s 2025 CISO Pressure Index is based on a quantitative survey of 100 US-based CISOs across major industries.

Interestingly, the most consistent pressure isn’t coming from attackers, it’s coming from inside the organisation. According to the data, 87% of CISOs say pressure in their role has increased over the past year. Two-thirds report feeling burned out weekly or daily, and 40% considered leaving their role altogether.

Board expectations, shrinking resources, and tool fatigue are also factors causing additional strain. Notably, 42% of CISOs say expectations from boards and executives are now their greatest source of stress, more than the threats themselves. Most oversee sprawling tool stacks, with 65% managing 20 or more security tools, yet 58% say incidents occurred even though those tools were in place.

What’s more, CISOs face personal accountability when it comes to breaches. Worryingly, 17% say they always feel personally blamed for security incidents, regardless of root cause, and 39% say they often feel blamed – even when incidents fall outside their direct control. If a breach were to occur, 90% say their role may be at risk to some degree. Such pressured environments create the perfect place for burnout to thrive.

We know that AI has introduced new security risks and challenges, but the report notes that it’s also becoming a cost-cutting directive: 82% of CISOs say they’re under pressure to reduce staff using AI. The result is a widening gap between responsibility and control.

Emanuel Salmona, co-founder and CEO of Nagomi Security, said: “CISOs are managing nonstop risk with limited support and even less time. They’re expected to be strategic leaders and first responders all at once. The best way to support them is to share accountability across the business, make outcomes clearer, and give them the space to focus on what actually reduces risk.”

Finally, Nagomi is launching a new docuseries entitled Holding the Line, which features in-depth conversations with security leaders about the personal and professional toll of the role. The series dives into how the job is evolving, where pressure is coming from, and what needs to change.

The post Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds appeared first on IT Security Guru.

A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the battlefield. Only 12% of respondents in the UK and 16% in the United States said their organisations are fully prepared to handle AI-enhanced attacks. In Germany, confidence was higher at 28%, but most respondents acknowledged that preparedness remains a work in progress. 

Unlike traditional surveys, this study is built on anonymous, in-person feedback from cybersecurity professionals on the front lines of defence. More than 370 practitioners shared candid insights during three of the industry’s most influential conferences (Infosecurity Europe in London, Black Hat USA in Las Vegas and it-sa in Nuremberg) offering a view into how security teams are adapting to an increasingly complex threat landscape. 

In the United Kingdom, these insights arrive amid a sharp escalation in cyber activity. The National Cyber Security Centre (NCSC) recently reported a 50% year-on-year rise in nationally significant cyber incidents, with new attacks emerging almost daily. The surge highlights how UK organisations face constant pressure to strengthen identity protection and access controls.

Zero trust was universally recognised as critical to a modern defence strategy, yet implementation continues to trail intent. At Infosecurity Europe, 18% of respondents reported fully implemented zero-trust frameworks. That figure rose to 27% at Black Hat USA and 44% at it-sa in Germany, reflecting stronger progress but underscoring that adoption remains uneven across regions.

In the UK, momentum around zero trust is being driven by national frameworks such as the NCSC’s Cyber Assessment Framework, the National Cyber Strategy 2022–2030, and the UK’s move to align with NIS2. Each underscores the need for robust identity and access management, yet Keeper’s findings show many organisations still lack the practical tools to put these policies into action.

The data also reinforces identity-based attacks as the leading global concern. Half of UK respondents identified phishing as the top identity-based threat, with 42% naming deepfakes. In the United States, 45% cited phishing as their greatest risk, followed by 41% who pointed to deepfakes. Concern peaked in Germany, where 61% of respondents identified deepfakes as the most significant identity-based threat.

In the UK, phishing remains the dominant attack vector. The Government’s Cyber Security Breaches Survey 2025 found that 85% of businesses experiencing an attack reported phishing among the methods used — a near-universal pattern that mirrors Keeper’s own UK findings.

Across all regions, privileged access controls were found to be inconsistent. In the UK, 43% said Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts. In the United States, 40% reported the same, while in Germany, half of the respondents said their organisations lack a dedicated PAM solution altogether.

The results reveal that security leaders are aligned on strategy but divided by execution. Awareness of zero trust, PAM and AI-driven security principles is high, yet complexity, resource constraints and competing priorities continue to delay deployment. 

Darren Guccione, CEO and Co-founder, Keeper Security, said: “Identity has become the control point of cybersecurity. Our data demonstrates that the disparity between cybersecurity awareness and action is wide, but positive, proactive defence can close this gap. The organisations that lead in zero trust and PAM are not only protecting access but building the foundation for secure, scalable growth in the age of AI.”

The report emphasises that true resilience now depends on disciplined execution, measurable progress and the responsible use of AI to detect anomalies and manage risk across every access point. 

The post UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds appeared first on IT Security Guru.

Check Point has unveiled its new solution, AI Cloud Protect, built in partnership with the NVIDIA Corporation. The offering is designed to deliver end-to-end protection for enterprise AI infrastructure, from model development through to inference, leveraging NVIDIA’s BlueField data processing units and DOCA security framework.

Security gaps are emerging, as organisations accelerate AI adoption. According to Check Point’s data, one in every 80 GenAI prompts exposes sensitive data. Simultaneously, a recent Gartner report found that 32% of organisations experienced a prompt manipulation attack and 29% dealt with attacks on GenAI infrastructure in the past year. This paints a worrying picture. 

Nataly Kremer, Chief Product Officer at Check Point, said “As enterprises race to build AI-driven innovation, they can’t afford blind spots. With NVIDIA, we’re making AI factories secure by design, protecting models, data, and infrastructure without slowing innovation.”

AI Cloud Protect runs on NVIDIA BlueField-3 DPUs and is validated on NVIDIA RTX PRO servers, enabling enterprises to deploy AI securely from data centre to cloud without the performance trade-offs typical of legacy security solutions. 

This multi-layered solution secures AI workloads by providing network-level protection against data poisoning and model exfiltration. It also offers host-level visibility through NVIDIA’s DOCA Argus to detect malicious processes, all with unified, accelerated management across thousands of AI nodes with zero CPU/GPU overhead.

“Security is essential for the next generation of AI infrastructure,” said David Reber, chief security officer at NVIDIA. “NVIDIA is working with Check Point to integrate BlueField acceleration and the NVIDIA DOCA Argus runtime security framework into the AI Cloud Protect platform to help enterprises deploy AI confidently.”

Early adopters of AI Cloud Protect include the systems integrator World Wide Technology (WWT) and select financial services organisations, where the solution is being piloted in AI data centres supporting large language-model development and prompt-based applications.

Chris Konrad, Vice President, Global Cyber, World Wide Technology, said: “As enterprises build AI server factories at scale, the combination of Check Point’s AI Cloud Protect and NVIDIA BlueField acceleration delivers enterprise-grade protection for sensitive AI workloads from model training to inference without compromising the performance modern AI applications demand.”

This multi-layered solution secures AI workloads by providing network-level protection against data poisoning and model exfiltration. It also offers host-level visibility through NVIDIA’s DOCA Argus to detect malicious processes, all with unified, accelerated management across thousands of AI nodes with zero CPU/GPU overhead.

The post Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads appeared first on IT Security Guru.

Today, Keeper Security has announced a native integration with Microsoft Sentinel. This integration enables organisations to detect and respond to credential-based threats faster and with greater precision by streaming real-time Keeper event data directly into the Microsoft Sentinel Security Information and Event Management (SIEM) solution. Security teams gain deep visibility into credential use, privileged activity and potential threats across both commercial and Azure Government environments.

Credential-based attacks remain the top threat vector in today’s enterprise environments. According to Verizon’s 2025 Data Breach Investigations Report, found that stolen credentials were the most common initial access vector in 22% of breaches and were involved in 88% of Basic Web Application attacks. To effectively reduce this risk, organisations need real-time insights into how passwords, secrets and privileged accounts are accessed and managed.

Keeper’s integration is available for commercial and government customers as a one-click deployment through the Microsoft Sentinel Content Hub, eliminating the need for manual setup or Workspace IDs. The integration automatically handles all necessary connection setup, including secure authorisation and data routing, enabling organisations to quickly and easily activate enterprise-grade privileged access monitoring without complex manual configuration. Beyond human users, this integration extends critical visibility to non-human identities, including service accounts and automated systems, that often hold privileged access. Monitoring both human and machine activity provides organisations with a comprehensive view of credential usage, closing security gaps and reducing blind spots.

Craig Lurey, CTO and Co-founder of Keeper Security, said: “With this integration, Keeper becomes a real-time signal to Microsoft Sentinel, giving security teams actionable intelligence about who is accessing what, when and where. Credential-based attacks continue to rise. We’re delivering the visibility organisations need to respond quickly and prevent breaches.”

The integration of Keeper event data with Microsoft Sentinel offers security teams unified visibility over credential and privileged access risk. By streaming real-time activity, it enables faster threat detection and response through automated alerts for suspicious logins and policy changes. This comprehensive monitoring, which includes oversight of both human and machine access, also simplifies compliance and auditing by automatically logging detailed, verifiable activity for regulatory reporting.

With identity at the centre of modern attacks, this integration delivers credential intelligence and threat detection to help security teams strengthen defences, accelerate response and stay ahead of evolving threats.

The post Keeper-Sentinel Integration Targets Rise in Identity Abuse and Privilege Misuse appeared first on IT Security Guru.

The concept of having a single suite of interconnected products, which come without the headache of installations and with optimal performance from each facet, is sometimes the best option. The other consideration is to go for a ‘best of breed’ selection of products, which may not work together and leave you with vulnerable spots even whilst using the best technology.

This is an issue that cybersecurity vendors are well aware of, and they add new factors to their offerings. I recently met with Securonix whose recent acquisition of ThreatQuotient added a threat intelligence capability to its existing portfolio of security analytics, threat detection, and incident response through its cloud-native Unified Defence SIEM.

Specific and Actionable

A provider of advanced cybersecurity solutions, Securonix said the acquisition strengthens its ability to provide more specific, actionable, and automated insights by integrating threat intelligence directly into its SIEM and UEBA foundation. This comes at a time when customers are looking for fewer vendors and more consolidation, making the unified platform approach attractive.

Its VP Europe, Tim Bury, said this addition strengthens its unified platform by combining UEBA (User and Entity Behaviour Analytics), SIEM, real-time threat intelligence, and AI agents to create more actionable, efficient, and board-relevant security outcomes while reducing complexity, cost, and noise for customers.

He says that customers are looking to try to consolidate the number of providers they have, “but it’s really about extracting that value, and what we were finding is we were always ingesting different feeds, threat feeds, but there wasn’t that platform to make it effective.”

Great Integrations

Bury later admits that having the wider suite is advantageous because it offers a more holistic view. If you don’t take a holistic view of the different components that the customer has, then you’ll be missing things.

“We’re trying to ensure that everything is included,” he says. “In addition to the external sources and threat intelligence content, our customers were using other sources for that, but they couldn’t necessarily do things intelligently that were fully integrated into a single Unified Defence SIEM. It’s about bringing it together.”

That value lies in the integration, Bury claims, while his colleague Cyrille Badeau, VP of International Sales at Securonix, says that leveraging threat intelligence adds more expertise making the SIEM more effective for customers. “That could change how people operate – and potentially resolve many issues,” Badeau says

Threat Intelligence

The acquisition of ThreatQuotient adds threat intelligence to its offering, as Bury says that the integrations work together to “get a single pane of glass,” which he admits is very difficult to achieve and get value from, but fits within its remit of trying to make its offering super simple.

Bury says its own research determined that customers are using a variety of sources for threat content, so it was advantageous to bring in a platform that can extract the value out of that threat content, which is more specific to customer needs, and increase both automation and integration into the Securonix platform “to make it more meaningful and actionable.”

Badeau says that adding real-time threat intelligence was the realistic next level for the UEBA, as that intelligence can be used as context for any decision. He also says that the intelligence can “build a memory to learn over time,” so if something new is seen, it may not be the same as what was seen the previous time, but actions can be taken.

“What are the good things to hunt for? Those are the priorities you need to worry about,” he says. “Maybe you have an adversary after you, and that adversary is known to have three different techniques you have detected: the first two are used often, and the third is never detected, so either they never tried on you, or maybe we should automate the threat hunting capability based on the third capability?”

Board and Breach Ready

Secuionix’s ethos is based on three elements: being board-ready, breach-ready, and AI-powered. Bury explains that being breach-ready means that an organisation is ready to defend itself. Being board-ready recognises that cybersecurity is a board-level challenge, and there is a need to understand the outcomes that they’re looking for. Finally, everything needs to be AI-powered.

“Another objective that our solution helps you do is identify where you’re at risk, so that you can prevent a breach from happening,” Bury says. “It’s looking at intent and catching things before they happen. If you are attacked, it is about how you identify that and take remediation action in a very short period of time.”

Some ten years after the last flourish of stand-alone threat intelligence providers emerged, and were ultimately acquired, the combination of SIEM, TDIR, UEBA and SOAR offered by Securonix is now augmented by the addition of real-time threat intelligence, and the offering to be ahead of the attack and breach-ready sounds promising.

The post Securonix: Adding Threat Intelligence to the Mix appeared first on IT Security Guru.

New research by Salt Security has revealed an alarming disconnect between rapid API adoption and immature security practices, threatening the success of critical AI and automation initiatives. The H2 2025 State of API Security Report shows that, as enterprises race to capitalise on the emerging AI Agent Economy, API security has emerged as a systemic vulnerability in the digital backbone that powers it.

The findings came from a study of responses from 386 professionals tasked with managing APIs in their organisations. Notably, the research found that 80% of organisations lack continuous, real-time API monitoring, leaving them blind to active threats targeting AI agents.

Additionally, the research found that 1 in 3 companies (33%) experienced an API security incident in the past year, while 50% had to delay a new application rollout due to API security concerns. Only 19% are “very confident” in the accuracy of their API inventory, while more than half (54%) rely on error-prone developer documentation to identify sensitive data exposure.

Eric Schwake, Director of Cyber Security Strategy at Salt Security, said: “APIs are now central to digital transformation and AI, yet security controls remain inconsistent, reactive, and dangerously behind the curve. AI without API security is like driving a car blindfolded – if you can’t govern APIs, you can’t govern AI. Without immediate action, the unmonitored API attack surface will continue to expand, putting both innovation and resilience at risk.”

Generative AI is adding new layers of complexity to API security. While 62% of organisations have already adopted GenAI in API development, more than half (56%) view it as a growing security concern, particularly due to vulnerabilities in AI-generated code. At the same time, 59% are leveraging GenAI within their security operations, creating a dynamic that introduces both defensive opportunities and offensive risks.

The study highlights explosive growth in API adoption, with 41% of organisations reporting increases of 51–100% over the past year and a further 13% experiencing growth of 101–200%.

Remarkably, 6% saw their API volumes more than triple, surging by over 301% in just 12 months. This rapid expansion is mirrored in portfolio size, as 42% of organisations now manage between 101 and 500 APIs, while 14% oversee more than 1,000, further demonstrating the accelerating scale and complexity of today’s API ecosystems.

Despite rising investment in API security, significant challenges remain. Nearly 80% of organisations increased their budgets over the past year, yet most of these boosts were modest at under 15%. Budget limitations were cited as the top barrier by 25% of respondents, followed by resource shortages (16%). Beyond funding, structural concerns persist, with 15% citing inadequate runtime security, 14% highlighting poor manageability, and 12% noting underinvestment in pre-production security, signs that many programs are still struggling to mature.

The report urges organisations to pivot from fragmented, reactive defences to a holistic strategy built on continuous API discovery, stronger governance, runtime protection, and GenAI-specific safeguards.

“AI adoption is rampant, but security is not keeping up. Existing tools miss the API execution layer, which means attackers can hijack entire AI agents via APIs,” added Eric Schwake. “Enterprises that master API security will be able to unlock AI-driven innovation safely at scale. Those that don’t are at risk of falling behind.”

The post Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk appeared first on IT Security Guru.

A cyberattack that occurred over the weekend has caused significant disruption at major European airports. The incident targeted Collins Aerospace, a service provider for automated check-in and boarding systems. The cyberattack forced airports, including Heathrow, Brussels, and Berlin, to revert to manual procedures, leading to widespread flight delays and cancellations. At Heathrow, over 600 flights were affected, while Brussels and Berlin airports reported similar impacts on their schedules. The disruption resulted in longer waiting times for passengers across the affected locations. It has since been confirmed as a ransomware incident.

Cybersecurity experts from across the industry have weighed in…

Charlotte Wilson, Head of Enterprise Sales at Check Point Software:

“The aviation industry has been under sustained pressure from cybercriminals for several months, with attacks rising both in frequency and intensity. Check Point has found that the Transportation & Logistics sector has consistently ranked among the world’s top ten most attacked industries, with each organisation facing an average of 1,143 cyberattacks per week in recent months, a 5% increase year-on-year. In August 2025 alone, that number spiked to 1,258 weekly attacks. Ransomware remains a key concern as well: globally, around 1,600 incidents were reported in Q2 2025, with the Transportation & Logistics sector accounting for 4% of those cases

This relentless targeting underscores how the aviation industry has become an increasingly attractive target for cybercriminals due to its heavy reliance on shared digital systems. These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once. When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.

To build resilience, aviation companies must take a layered approach: rigorously patching and updating software to close vulnerabilities, continuously monitoring for unusual activity that could indicate an intrusion, and implementing clear, well-tested backup systems that ensure airports and airlines can keep operating even if critical digital tools are knocked offline. But this challenge cannot be addressed in isolation. On a European scale, better information-sharing between governments, airlines, and technology providers is essential. Cyberattacks rarely stop at national borders, so the faster one country can identify and report an attack, the faster others can take action to contain it. A joined-up defence will be far more effective than siloed responses.

Cybercriminals are exploiting every weak link in this highly connected ecosystem. Unless the sector treats cybersecurity as a matter of operational continuity and passenger safety, not just IT, the risk of large-scale disruption will continue to rise. The time to act is now, through proactive resilience measures, international collaboration, and a recognition that cyber resilience is as critical to aviation as physical safety.”

Rebecca Moody, Head of Data Research at Comparitech:

“This attack is another stark reminder that companies’ systems are only as good as the third parties they use to provide services. By attacking the software provided to airports by Collins Aerospace, hackers have been able to cause widespread disruption at various locations across multiple countries. We don’t yet know who the attackers are, but if ransom demands aren’t met, we’ll likely see a claim coming through in the next few days/weeks.

What’s perhaps more concerning is that a ransomware group previously claimed to have hacked Collins Aerospace way back in July 2023. This attack was never confirmed by the company but BianLian alleged to have stolen around 20 GB of data from the organisation at the time.

This is the 15th confirmed attack on the transport sector this year so far.”

Dray Agha, senior manager of security operations at Huntress, added, “This incident underscores how critical third-party providers are to the aviation sector’s resilience. The attack on Collins Aerospace’s check-in and boarding systems shows that even if an airport has strong internal defences, dependencies on external software or services can become major single points of failure; a supply chain compromise will undermine your own internal security posture.

“The use of manual check-in and baggage drop as a mitigation is sensible, but it is neither scalable nor sustainable for long. This kind of fallback will create delays, confusion, higher costs, and increased exposure to human error. It emphasises the need for rigorous incident response planning, including regular drills for degraded operational states.

“Beyond immediate disruption, there are reputational and regulatory risks. Passengers expect reliability and safety; when basic services fail, trust erodes. Regulators are likely to scrutinise the supply chain, system redundancy, and the speed of detection and disclosure. This could lead to tighter rules around cyber resilience in critical infrastructure.”

Jamie Akhtar, CEO and Co-Founder of CyberSmart, said:

“The disruption at Heathrow, Brussels and other European hubs shows that cyber attacks aren’t always about ransomware or zero-days. In this case, the weak link appears to be a third-party provider behind check-in, boarding and baggage systems. Due to so many airport processes depending on it, the fallout will be extensive. It’s a reminder that operational reliance on external vendors creates a large attack surface, and when those services fail, the impact is immediate and highly visible.

To reduce risk from this kind of disruption, organisations need more than perimeter defences. That means rigorous assessment of supplier resilience, redundancy and fallback options, continuous monitoring of dependencies, and clear communication protocols during incidents. Ultimately, the weakest link is often someone else’s system but the consequences are felt by everyone.”

Darren Guccione, CEO and Co-Founder of Keeper Security, said:

“Although information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure. A technical incident with a single provider can quickly cascade across multiple airports, which is why resilience, security and visibility are critical in modern infrastructure.

 Adversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks. Organisations that rely on third-party systems and vendors need to ensure that every point of access is secured, every connection is monitored and no user or system is automatically trusted.

Zero trust security models and privileged access management solutions play a central role in that effort. By enforcing least-privilege access and leveraging agentic AI to revoke credentials as soon as risk is detected, organisations can limit the impact of an attack and maintain public confidence in essential services.”

Javvad Malik, Lead CISO Advisor at KnowBe4, said:

“Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds. 

It’s why it’s important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready. 

Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn’t halt everyone. Above all, communicate clearly and often, prioritise vulnerable passengers, and empower frontline teams to make humane decisions. 

Resilience isn’t just cyber controls it’s people, process, and communications to ensure ongoing availability.”

Dr Martin Kraemer, CISO Advisor at KnowBe4, said:

“More information has come to light: Dublin airports have also been affected, and a ransomware demand was made. This does not mean the motivation could not also have been sabotage, but one motivation is now clear: extortion.

We still need more information to actually understand the true impact and ramifications of the attack.

The EU is still investigating the attack, while the impact is widespread. We should not expect the EU to determine the source as early. That is because there is still a lack of clarity since authorities and corporations have confusing messaging. The NCSC is investigating a cyber incident. Collins Aerospace is talking about a cyber-related disruption. We require more transparency before we can make meaningful conclusions as to who is behind this and what their benefits are.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy:

“This attack underscores the need for organisations to not only ensure that their own systems are kept secure and updated, but to also investigate and confirm that any third-party vendors, particularly software vendors, have their software and systems fully secured. Until then, we’ll continue to see hackers using the flaws in users’ systems to perform cyber attacks. While keeping systems updated isn’t a cure-all to block cyber attacks, they can lessen the impact of such attacks.”

 

The post European Airports Disrupted by Supply Chain Cyberattack appeared first on IT Security Guru.

At CrowdStrike Fal.Con 2025, Salt Security announced the industry’s first solution to secure the actions AI agents take in the enterprise. As large organisations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer of risk. Salt is the first to converge API and AI security, giving organisations visibility into every agent-driven action, governance to enforce the right posture, and real-time protection against AI agent abuse. 

This release gives security teams immediate visibility, automatic governance and real-time protection for agentic AI, without extra setup. MCP Protect maps MCP server interactions and surfaces hidden endpoints, while built-in guardrails, enabled by default, enforce safe agent behaviour automatically.

Michael Nicosia, co-founder and COO of Salt Security, said: “Most organisations’ first AI security gap isn’t prompt and model jailbreak attacks, it’s the invisible API connections powering agents. Salt closes that gap by continuously discovering every API, governing it against policy, and protecting it in real time, including the fast-growing universe of agent-driven traffic.”

Salt Security’s new MCP Protect feature is designed to give organisations a clear view of their AI-powered systems. It automatically discovers and keeps an eye on all Model Context Protocol (MCP) servers and their interactions with AI agents, revealing connections that were previously hidden. The system then assesses the risk of these interactions, tracks sensitive data as it moves, and safeguards against any unsafe or malicious use of MCP servers.

This update introduces a new category of ready-to-use security controls. These controls ensure that AI agents behave safely by automatically detecting and addressing the most significant security vulnerabilities in both MCP and Agent-to-Agent (A2A) environments.

“From a security standpoint, it’s not just about what AI agents say, it’s what they actually do,” said Nick Rago, VP Product Strategy of Salt Security. “AI agents act through APIs, MCP, and A2A, but most organisations don’t have visibility into those actions. Salt gives you that visibility from day one, puts the right guardrails in place and protects against abuse and AI logic attacks in real time so your teams can move fast with confidence.”

The post Salt Security Announces Industry First Solution to Secure API Actions Taken by AI Agents appeared first on IT Security Guru.

Nagomi Security has announced the next step in its platform evolution with Nagomi Control, a new release that redefines Continuous Threat Exposure Management (CTEM) by enabling security teams to shift from identifying exposures to fixing them. Nagomi Control provides an execution layer for CTEM. While many cybersecurity programs use CTEM to identify risks, they often lack the ability to act on them. This solution allows teams to automatically address exposures, reduce risk at scale, and integrate with their existing technology stack.

Nagomi Control debuts alongside Exposure Lens, the company’s new AI-driven intelligence engine that powers the release. Exposure Lens brings together data from assets, controls, vulnerabilities, and live threat activity to reveal where organizations are most exposed. It expands the definition of exposure beyond Common Vulnerabilities and Exposures (CVEs) to include weak configurations, missing safeguards, and unchecked access – the everyday risks attackers rely on but most tools miss. By placing these exposures in business context and ranking them by impact, Control gives security teams a clear path from awareness to resolution.

Emanuel Salmona, co-founder and CEO of Nagomi, said: “Knowing where your exposures are is not enough, especially when the most dangerous ones aren’t tied to a CVE. For years, security teams have been flooded with vulnerability data, while critical misconfigurations, missing controls, and excessive access quietly opened the door for attackers. Nagomi Control turns that flood into focus. It makes every exposure, not just the ones with a name, actionable, trackable, and measurable, so teams can stop real threats and leaders can show progress that actually means something.”

Nagomi Control integrates accountability into the remediation process. It assigns each issue to the appropriate team and tracks it within existing workflows. This approach aims to clarify responsibility and ensure all steps are completed. Progress can be measured by business unit, campaign, or threat type, providing security leaders with data to demonstrate a reduction in exposure to executives and board members. Gartner reports that 61% of security leaders experienced a breach in the past year due to failed or misconfigured controls.

Shai Mendel, co-founder and CPO of Nagomi, said: “The majority of breaches share a common thread: the exposure was already known and could have been mitigated. The challenge isn’t visibility, it’s execution. Control was designed to close that gap. By delivering the execution layer of CTEM, we’re helping security teams to proactively resolve exposures faster, show measurable risk reduction, and strengthen security without adding more tools or headcount.”

Nagomi Control includes features that distinguish it from traditional vulnerability management and visibility-only platforms. Its Findings feature surfaces security issues by combining exposures such as misconfigurations, vulnerabilities, and coverage gaps with critical asset attributes like whether a device is internet-facing, a domain controller, or a server. This approach provides teams with a prioritized, contextual view of risk that standalone scanners or asset inventories cannot provide.

Additionally, the Latest Changes Feed offers a dynamic timeline of environmental changes, including new CVEs, threat campaigns, posture shifts, and tool degradations. Each change is presented with full context and one-click actions.

The post Nagomi Control Brings CTEM Into Action appeared first on IT Security Guru.

Keeper Security has announced a new partnership with CrowdStrike, which aims to protect businesses against cyber threats. Keeper’s cloud-native PAM platform, KeeperPAM®, now integrates with CrowdStrike Falcon® Next-Gen SIEM, the AI-powered engine of the modern Security Operations Center (SOC). Organisations can now find and investigate threats with AI-powered detections from Falcon Next-Gen SIEM and rich insights from Keeper, streamline deployment with faster onboarding and automated third-party responses and unify SOC data to strengthen security and reduce costs.

Crowdstrike’s Security Information and Event Management (SIEM) solution unifies native CrowdStrike Falcon® platform and third-party data with industry-leading threat intelligence and AI-driven automation to accelerate threat detection and response. By integrating Falcon Next-Gen SIEM with Keeper’s Advanced Reporting and Alerts Module (ARAM), organisations gain access to comprehensive activity reporting with customisable filters – enabling detailed visibility into privileged account usage, credential access and administrative actions. Ingesting ARAM logs and alerts into Falcon Next-Gen SIEM helps improve operational efficiency, reduces manual oversight and enables IT and security teams to focus on strategic priorities.

Craig Lurey, CTO and Co-founder, Keeper Security, said: “Integrating KeeperPAM with CrowdStrike Falcon Next-Gen SIEM empowers security teams to detect and respond to privileged access threats with unprecedented speed and precision – unifying workflows, accelerating threat investigation and reducing total cost of ownership through AI-driven insights and automation.”

This centralised visibility empowers security teams with real-time insights into suspicious or unauthorised behaviour, accelerating incident detection and response. Keeper’s SIEM integrations also support compliance efforts by providing the necessary data for regulatory audits through detailed event logging and access control documentation. Additionally, administrators can enable BreachWatch® event data to feed into their SIEM systems, helping to identify exposed credentials and prevent account takeovers.

Keeper’s CrowdStrike integration is available today in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of third-party security products. 

 

The post Keeper Security Announces Integration With CrowdStrike Falcon Next-Gen SIEM appeared first on IT Security Guru.

A recent report from Check Point Research uncovered Zipline, a phishing campaign that fuses subtle, patient social engineering with stealthy in-memory malware, together enabling attackers to slip past traditional defences and manipulate human behaviour on a wide scale.

​

How did they do it, and who was targeted?

​

A typical phishing attack relies on unsolicited emails, but Zipline, on the other hand, flipped the script completely. The attackers instead used a company’s own “Contact Us” web form, prompting a reply from the target. If successful, this marks the beginning of multiple professional email exchanges spanning several weeks, filled with fake NDAs and proposals, all in the hopes of establishing the trust of the target. Once this is done, the malicious ZIP file is sent carrying a .LNK file. This launches a PowerShell loader and delivers MixShell, an in-memory implant using DNS tunnelling for covert communication.  

​

Check Point found that more than 80% of the identified targets in this campaign are based in the United States, underscoring a clear geographic concentration, while also companies in Singapore, Japan, and Switzerland were targeted.  The majority of the targeted companies are in industrial manufacturing (46%), but also affected industries including hardware & semiconductors (18%), consumer goods & services (14%), and biotech & pharmaceuticals (5%). Due to this distribution in sectors, Check Point determined that the attackers tried to seek entry points across wealthy operational and supply chain-critical industries.

​

Why does this Method Work So Well?

​

Tim Ward, CEO and Co-Founder of RedFlags, shared his in-depth knowledge on the topic and focused on how human psychology comes into play,

“Impressive, and worrying, research from Check Point on the ZipLine campaign. What makes this so effective isn’t just the tooling (in‑memory payloads, DNS tunnelling) but the way it exploits how people think:

There is a lot of psychology at play in why this works:

• Authority & legitimacy bias, formal entry via a “Contact us” form, and an NDA request create a veneer of legitimacy.
• Commitment & consistency / sunk‑cost effect,  multi‑week professional exchanges make people feel invested and less likely to challenge a late‑stage ZIP request.
• Reciprocity, they start the conversation so you feel obliged to respond/help.
• Fluency & familiarity, polished language, sector jargon, and an “AI Impact Assessment” pretext feel normal and current.
• Normalcy bias, long, routine back‑and‑forth lowers suspicion—“it’s just another vendor thread.”  
• Urgency & framing, the NDA / AI‑programme framing implies time sensitivity and internal endorsement.

Attackers continue to refine people‑centred attacks, so our defence has to be people‑centred too. Lengthy annual training doesn’t cut it.”

Many of these points have both real-life and theoretical backing. Take, for example, the sunk cost effect that was first found by Harold Arkes and Catherine Blumer. Together, they found that people have the tendency to continue an endeavour as a result of previously invested resources, even when those investments cannot be recovered.

So imagine you just spent weeks building this professional relationship, countless emails sent back and forth, all resulting in a lot of time and effort spent that can never be recovered. This personal investment now causes people to be emotionally invested, and when that final malicious ZIP file comes through, not clicking it would seem like a missed opportunity. Which is, in fact, exactly why the sunk cost fallacy works so well, as it’s based on the idea of “loss aversion”. This is the phenomenon of people feeling the pain of a loss more strongly than the pleasure of an equal gain.

​

What’s The Takeaway Here?

​

This Zipline attack highlights a key truth that the industry most often learns the hard way. People remain the softest attack surface. As a society, we value trust highly; all businesses are dependent on it, but that is exactly why, when it lands in the wrong hands, the results can be catastrophic. While advanced threat detection is essential, the sheer success of this phishing attack promotes just how important continuous, behaviour-aware security education is.

​

However, the blame shouldn’t always lie with the individual. Security leaders should also rethink policies around contact form workflows, NDA processes, and late-stages ZIP file approvals. This, paired with context-aware email security that flags suspicious behavioural patterns over time, can ensure that more attackers can’t zip away with your sensitive data.

The post Ziplining into the Minds of US Supply Chains appeared first on IT Security Guru.