Issues

Navigating the Perils of Agentic AI: Essential Risk Management Strategies, ETCISO

Agentic AI holds transformative potential but introduces various risks that exceed traditional AI frameworks. These include security vulnerabilities, compliance challenges, ethical issues, operational unpredictability, and reputational threats. Proactive risk management is essential, emphasizing enhanced observability, robust testing, human oversight, and clear accountability. Organizations must adapt their strategies to address the evolving landscape, ensuring responsible AI deployment while safeguarding operations and reputation.

https://ciso.economictimes.indiatimes.com/news/cybercrime-fraud/navigating-the-perils-of-agentic-ai-essential-risk-management-strategies/123041904

That Seemingly Innocent Text Is Probably a Scam

Scam texts often appear innocent and crafted to provoke curiosity, leading recipients to reply. Common types include one-word messages, casual inquiries, tempting invites, business offers, and conversational starters. Responding can confirm your number's activity, marking you as an easy target for scammers who may then sell or profile your information. Instead, do not engage, block the number, and report the message.

https://www.malwarebytes.com/blog/news/2025/07/that-seemingly-innocent-text-is-probably-a-scam

Expert Interview: Sean Peisert on Cybersecurity Research

Sean Peisert leads cybersecurity research at Berkeley Lab, focusing on protecting data and infrastructure vital to science and society. His team employs physics-based monitoring and privacy-preserving techniques for high-performance computing (like NERSC) and energy delivery systems. They aim to secure scientific research tools, the power grid, and nuclear safeguards. Peisert’s innovative approach to cybersecurity emphasizes enabling collaboration and fostering automated responses to threats while allowing safe data sharing. The lab's long-term vision positions it as a leader in forward-thinking cybersecurity solutions.

https://newscenter.lbl.gov/2025/07/30/expert-interview-sean-peisert-on-cybersecurity-research/

Social Engineering on the Rise — New Unit 42 Report

TLDR: Palo Alto Networks' 2025 Unit 42 report highlights a significant rise in social engineering attacks, with over a third of incidents starting from these tactics, primarily phishing (65%). Attackers exploit trust and human behavior rather than technical vulnerabilities, leading to business disruptions and data exposure. AI enhances these attacks, allowing for personalized lures and scalable strategies. Organizations are urged to address overpermissions, alert gaps, and strengthen identity security to mitigate risks.

https://www.paloaltonetworks.com/blog/2025/07/social-engineering-rise-new-unit-42-report/

What if Your Passkey Device Is Stolen? How to Manage Risk in Our Passwordless Future

If your passkey device is stolen, risk management hinges on device security measures. Passkeys are stored securely within the device's operating system, making unauthorized access difficult. It’s crucial to enable device locking, remote wiping, and strong authentication measures. If your device is unlocked and accessed by a thief, securing apps with additional passwords can help. Deleting passkeys from the stolen device may be necessary, depending on your password manager's security settings. Overall, preparing for potential theft is essential to mitigate risks associated with passwordless authentication.

https://www.zdnet.com/article/what-if-your-passkey-device-is-stolen-how-to-manage-risk-in-our-passwordless-future/

Zero Knowledge Proofs Alone Are Not a Digital ID Solution to Protecting User Privacy

Zero Knowledge Proofs (ZKPs) alone cannot safeguard user privacy in digital ID systems. While they enable age verification without sharing personal information, they don't prevent issuer abuse or limit data collection. ZKPs may create more burdens on users and don't address the broader issues of existing data privacy laws. Effective protection requires comprehensive legal safeguards beyond just technology.

https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-alone-are-not-digital-id-solution-protecting-user-privacy

Hacker Slips Malicious ‘wiping’ Command Into Amazon’s Q AI Coding Assistant – and Devs are Worried

Hacker infiltrated Amazon's ‘Q' AI coding assistant, implanting a command that could potentially erase local files and dismantle AWS infrastructure. The malicious code passed Amazon's verification, causing developer concern and criticism over security practices. Amazon responded, claiming no customer resources were affected and stating security is a priority. However, the incident raised significant trust issues among developers, who demand more transparency and accountability.

https://www.zdnet.com/article/hacker-slips-malicious-wiping-command-into-amazons-q-ai-coding-assistant-and-devs-are-worried/

AI Has Broken Trust. Here’s How We’re Rebuilding It

AI has eroded trust in digital interactions. Rebuilding it requires prioritizing whether a user is a real human before verifying their identity through multi-factor authentication. Historical reliance on single-factor authentication has proven inadequate, especially with advancements in generative AI, with high-quality synthetic voices and abundant voice cloning models complicating security. Effective defense strategies now must focus on detecting synthetic identities prior to authentication processes, emphasizing the need for a robust, layered security approach.

https://www.pindrop.com/article/rebuilding-ai-broken-trust/

Deepfake Cybercrime Is Soaring, Experts Say

Deepfake cybercrime is increasing due to AI advancements, posing serious threats including bank fraud and political disinformation, as discussed in a Fordham presentation. Detection is challenging; for example, a $25 million scam involved deepfake videos of company executives. Deepfake-related losses exceeded $200 million recently. To combat this, awareness and technological solutions are essential.

https://now.fordham.edu/university-news/deepfake-cybercrime-is-soaring-experts-say/

Basic Cybersecurity Lapses Are Leaving US Infrastructure Exposed, Top Experts Warn

Experts warn U.S. infrastructure is vulnerable due to basic cybersecurity failures, emphasizing the need for better security measures like firewalls and patching. Key officials highlight the urgency for improved authentication technologies and increased public-private collaboration to combat rising cyber threats from nation-state actors and criminals.

https://www.nextgov.com/cybersecurity/2025/07/basic-cybersecurity-lapses-are-leaving-us-infrastructure-exposed-top-experts-warn/406971/

McDonald’s AI Breach Reveals The Dark Side Of Automated Recruitment

McDonald's AI hiring system, McHire, suffered a significant breach exposing millions of job applicants' personal data due to serious security flaws, including weak passwords and unregulated access. Researchers accessed sensitive information by simply using default login credentials, highlighting the inadequacy of basic security practices. The incident exposes a broader trend where rapid technology deployment often neglects essential security measures, indicating that companies must prioritize safeguarding personal data amidst automation efforts.

https://www.forbes.com/sites/tonybradley/2025/07/15/mcdonalds-ai-breach-reveals-the-dark-side-of-automated-recruitment/

How Passkeys Work: The Complete Guide to Your Inevitable Passwordless Future

TLDR: Passkeys offer a secure, passwordless authentication method using public key cryptography, eliminating the need to share secrets with websites or apps, thus reducing theft risks. They involve workflows for discovery, registration, authentication, and deletion. Passkeys rely on standards like WebAuthn and FIDO2, with authenticators managing cryptographic tasks.

https://www.zdnet.com/article/how-passkeys-work-the-complete-guide-to-your-inevitable-passwordless-future/

Free Certificates for IP Addresses: Security Problem or Solution?

Let’s Encrypt is now issuing free certificates for IP addresses, enhancing security by allowing access to websites and home devices without domain names. However, this poses risks; cybercriminals could exploit certificates for malicious sites, deceiving users with fake links that appear secure. The certificates are short-term (valid for six days) to mitigate abuse, highlighting the need for vigilance in users against potential phishing and the necessity of good cybersecurity practices.

https://www.malwarebytes.com/blog/news/2025/07/free-certificates-for-ip-addresses-security-problem-or-solution

Scroll to Top