Acoru, a cybersecurity firm, has launched its operations after securing €4 million seed funding in 2023. The company aims to revolutionize fraud prevention in the financial sector by developing a NextGen platform equipped with generative AI, enhanced analytics, and a configurable intelligence network. The platform excels at tracking account changes and detecting mule accounts by leveraging pre-fraud indicators and continuously monitoring and classifying account types over time. Acoru’s platform leverages advanced technology to process both structured and unstructured data, delivering insights through an intuitive, user-friendly interface. The platform’s intuitive interface, easy customization, and effectiveness in identifying pre-fraud signals have driven rapid adoption. Acoru’s founders, Pablo de la Riva Ferrezuelo and David Morán, bring over 20 years of expertise in cybersecurity and fraud prevention. The company plans to use the funding to continue its international expansion.
Harness’s platform provides web application protection, API security, bot mitigation, and DDoS defense in a single, unified interface and analyzes real-time behavior across users, APIs, and sessions for enhanced traffic visibility
Harness has launched Traceable Cloud Web Application and API Protection (WAAP), a new offering to help developers secure their cloud-native applications and APIs. The product offers web application protection, API security, bot mitigation, and DDoS defense, aiming to provide a unified experience, eliminating the need for multiple tools. Key capabilities of Traceable Cloud WAAP include: API discovery from traffic, encrypted flows, and code repositories; Sensitive data flow mapping and API risk scoring; Real-time runtime protection with attacker fingerprinting, user and session attribution, and anomaly detection; Shift-left API testing integrated into CI/CD pipelines.
“SuperCard X” mobile malware campaign uses a multi-stage approach comprising of social engineering via smishing and phone calls, PIN elicitation, malicious app installation and real-time NFC data interception to steal payment card data through POS systems
A sophisticated mobile malware campaign using a new NFC-relay technique to steal payment card data has been uncovered by security researchers. Named “SuperCard X,” the Android malware operates under a Malware-as-a-Service (MaaS) model and enables fraudsters to carry out unauthorized transactions through Point-of-Sale (POS) systems and ATMs. According to the Cleafy Threat Intelligence team who discovered the threat, victims are deceived through smishing campaigns and phone calls into installing a malicious app disguised as a security tool. Once installed, the malware silently captures NFC data when a card is tapped on the compromised device. What makes this campaign particularly dangerous is its multi-stage approach, comprising: Social engineering via smishing and phone calls, PIN elicitation and card limit removal, Malicious app installation, Real-time NFC data interception, Instant fraudulent cash-outs. The SuperCard X malware remains largely undetected by antivirus software, partly due to its minimal permission requests and focused design. Once a victim’s card data is captured, it’s transmitted in real-time to a second device controlled by the attacker, which then emulates the card for immediate withdrawals or purchases. This bypasses traditional fraud detection systems that rely on transaction delays. The malware architecture includes two applications: “Reader,” which collects NFC data from victims; “Tapper,” used by fraudsters to emulate the stolen card. Communication between the two is secured via mutual TLS, ensuring encrypted and authenticated relay of stolen data. “While this type of attack relies on relatively simple social engineering techniques, it proves to be highly effective – both in terms of success rate and cashout efficiency,” Cleafy warned.
Congress passes the Take It Down Act that criminalizes deepfake videos and images, giving social media platforms 48 hours to remove such content when requested to
The Take It Down Act, legislation that criminalizes the publication of nonconsensual sexually explicit deepfake videos and images, passed the House and is already on its way to President Trump’s desk. This overwhelming response now means that social media companies and other websites will have 48 hours to remove content when requested to by a member of the public or a public figure. This will include images or videos that have been created or enhanced by artificial intelligence. “Once it passes the House, I look forward to signing that bill into law,” Trump added. Senate Commerce Chair Ted Cruz called it a “historic win in the fight to protect victims of revenge porn and deepfake abuse.” Cruz believes the act will spare “victims from repeated trauma” while “holding predators accountable.” The Electronic Frontier Foundation pointed out that the act could have a chilling effect. Smaller companies concerned over legal action may now introduce filters in their products, which could be flawed. The foundation is also concerned that end-to-end encrypted private messaging systems and cloud storage are not exempt, possibly resulting in a loss of privacy. At the same time, the law may encourage bad-faith takedown requests, hampering journalism and satire.
Palo Alto Networks platform automatically performs red-teaming, spots misconfigured access permissions, AI models that are susceptible to tempering and other risks before deploying a new AI workload to production
Palo Alto Networks is expanding its product portfolio with a new platform for protecting AI models and an upgraded version of its security-optimized browser. The company debuted the offerings against the backdrop of the news that it’s acquiring cybersecurity startup Protect. After the acquisition, the Protect AI team will join the company to help enhance Prisma AIRS, a new AI security platform it debuted in conjunction with the deal. The offering covers many of the same use cases as Protect AI’s product suite. Before deploying a new AI workload to production, a company can use Prisma AIRS to test it for vulnerabilities. The platform includes a tool that automatically performs red-teaming, the task of simulating cyberattacks to find weak points in an application. Prisma AIRS spots misconfigured access permissions, AI models that are susceptible to tempering and other risks. Once an AI workload is deployed in production, Prisma AIRS filters malicious prompts using a runtime security component. It also spots other issues. The software blocks, among others, hallucinations and requests that may cause an AI application to use an excessive amount of hardware resources. A third set of features in Prisma AIRS is designed to protect AI agents. The platform can spot tool misuse, or cyberattacks that target the applications an AI agent uses to perform tasks. The first set of upgrades is rolling out to Prisma Access Browser, a browser that uses AI to block malicious websites. The latest Prisma Access Browser release includes new detections, automated workflows for spotting cyberattacks. According to Palo Alto Networks, they can detect browser-in-the-browser phishing attacks.
Cequence Security’s platform governs interactions between AI agents and backend services enabling detection and prevention of harvesting of organizational data
Cequence Security announced significant enhancements to its Unified API Protection (UAP) platform to deliver the industry’s first comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance. Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data. Key enhancements to Cequence’s UAP platform include: Block unauthorized AI data harvesting; Detect and prevent sensitive data exposure; Discover and manage shadow AI; Seamless integration.
IBM’s agentic AI system for threat detection analyzes alerts with enrichment and contextualization, performs risk analysis, creates and executes investigation plans, and performs remediation actions
IBM introduced new agentic and automation capabilities to its managed detection and response service offerings to help enable autonomous security operations and predictive threat intelligence for clients. 1) Autonomous Threat Operations Machine (ATOM), an agentic AI system providing autonomous threat triage, investigation, and remediation with minimal human intervention. Powering IBM’s Threat Detection and Response (TDR) services, ATOM’s AI agentic framework and orchestration engine leverages multiple individual agents to augment an organization’s existing security analytics solution and help accelerate threat detection, analyze alerts with enrichment and contextualization, perform risk analysis, create and execute investigation plans, and perform remediation actions which enhance the security analyst experience. This orchestration allows security teams to focus on high priority threats, rather than spending valuable time on false positives or lower-priority risks. Within the TDR platform, ATOM acts as a vendor-agnostic digital operator and provides AI capabilities that integrate with existing solutions from IBM and partners. 2) IBM is also introducing the new X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which leverages industry vertical-specific AI foundation models to generate predictive threat insights on potential adversarial activity and minimize manual threat hunting efforts. IBM X-Force PTI integrates AI with expert human analysis to help curate proactive threat intelligence. Built on proprietary AI foundational models and trained on cybersecurity data, PTI provides a tailored, contextualized threat intelligence feed and predicts potential threats based on adversary behavior. To extract early indicators of behavior and compromise, PTI gathers data from more than 100 sources including X-Force Threat Intelligence, open-source RSS feeds, APIs and other automated sources, as well as user-supplied organizational context. PTI synthesizes that information into collective intelligence reports that include recommended threat hunt queries tailored to the organization’s specific needs. By focusing on indicators of behaviors, instead of just indicators of compromise, businesses can get ahead of threats.
CrowdStrike’s SIEM solution is first to bring managed threat hunting to third-party data- unifies real-time intelligence and AI-driven automation to deliver expert-led threat hunting across all attack surfaces
CrowdStrike introduced Falcon® Adversary OverWatch Next-Gen SIEM, the first and only solution to bring managed threat hunting to third-party data. This breakthrough innovation extends the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces adversaries have long exploited. By leveraging third-party data ingested by Falcon® Next-Gen SIEM, CrowdStrike delivers 24/7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface. Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, Falcon Adversary OverWatch uses deep adversary expertise and industry-leading threat intelligence to rapidly uncover evasive threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence and AI-driven automation to deliver comprehensive visibility, high-fidelity alerts and machine speed response. New innovations include: Expert-Led Threat Hunting Across all Attack Surfaces; UEBA and Case Management for Falcon Next-Gen SIEM; Unified Identity Security and Next-Gen SIEM; CrowdStrike Pulse Services.
Abnormal AI converts real phishing attacks blocked by its security platform into tailored simulations for each employee; and uses real-time behavioral threat data to instantly deliver coaching modules
Abnormal AI is introducing autonomous AI agents that revolutionize how organizations train employees and report on risk, while also evolving its email security capabilities to continue to stop the world’s most advanced email attacks. The launch of AI Phishing Coach allows organizations to replace ineffective, generic training with a personalized, autonomous AI platform. By converting real attacks blocked by Abnormal into tailored simulations for each user, it delivers instant coaching modules when users click—no more canned videos or impersonalized courses. For company-wide training, AI-generated videos are created on-demand, branded, and customized to each organization’s threat landscape. AI Phishing Coach uses real-time behavioral threat data to deliver hyper-relevant training experiences. Because it’s powered by Abnormal’s behavioral AI engine, it learns from each organization’s threat environment and adapts training dynamically—providing proactive education before attacks succeed. Abnormal is also launching AI Data Analyst to turn complex security data into instantly usable intelligence—providing admins with better reporting tools and saving teams dozens of hours in manual data aggregation. AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers, highlighting the value Abnormal is bringing to their organization. Customers can then interact with the agent to ask follow-up questions, explore specific data points, or request customized board decks—complete with interactive slides and plain-language insights—tailored to showcase the impact of Abnormal AI on their security posture. Abnormal is rolling out three no-cost upgrades to Inbound Email Security, now available to all customers: 1) Quarantine Release: Consolidates Microsoft-quarantined emails into the Abnormal platform for streamlined triage and faster response; 2) URL Rewriting: Adds user-facing warnings and click tracking for suspicious links, improving protection without disrupting the email experience. 3) Enterprise Remediation Settings: Allows administrators to tailor remediation actions based on threat type and business context.
Bugcrowd’s crowdsourced red teaming as a service RTaaS connects customers with a global network of vetted, trusted ethical hackers tailored to needs, budgets and organizational maturity
Bugcrowd the first-ever offering to apply the scale, agility, and incentive-driven power of crowdsourcing to red teaming. This new service connects customers with a global network of vetted ethical hackers for a variety of red team engagements—fully managed through the Bugcrowd Platform. This release sets a new benchmark in the red team services market, enabling organizations to test their security environments with the highest level of confidence. By tapping into a global pool of experts using the latest adversarial tactics, techniques, and procedures (TTPs), customers gain unparalleled insight into how real-world attackers would attempt to breach their defenses. Available on the Bugcrowd Platform, RTaaS works seamlessly alongside offerings such as Penetration Testing as a Service, Managed Bug Bounty, and Vulnerability Disclosure Programs. Bugcrowd customers can tailor their RTaaS engagements to meet specific needs, budget constraints, and organizational maturity. Through Bugcrowd’s global talent pool of vetted, trusted ethical hackers, customers can secure the exact expertise they need and scale their RTaaS program over time, surpassing competing services on the market. Bugcrowd’s industry-first offensive crowdsourced RTaaS bridges this critical security gap, opening the door for our customers to access high-end capabilities that deliver crucial insights into their defensive posture—continuously,” says Dave Gerry, CEO of Bugcrowd. Key features of RTaaS on the Bugcrowd Platform: Threat intelligence aligned with realistic scenarios; Real-world adversarial tactics; Global pool of specialized operators; Integrated platform and workflows; Scalable and flexible; High return on investment