A sophisticated mobile malware campaign using a new NFC-relay technique to steal payment card data has been uncovered by security researchers. Named “SuperCard X,” the Android malware operates under a Malware-as-a-Service (MaaS) model and enables fraudsters to carry out unauthorized transactions through Point-of-Sale (POS) systems and ATMs. According to the Cleafy Threat Intelligence team who discovered the threat, victims are deceived through smishing campaigns and phone calls into installing a malicious app disguised as a security tool. Once installed, the malware silently captures NFC data when a card is tapped on the compromised device. What makes this campaign particularly dangerous is its multi-stage approach, comprising: Social engineering via smishing and phone calls, PIN elicitation and card limit removal, Malicious app installation, Real-time NFC data interception, Instant fraudulent cash-outs. The SuperCard X malware remains largely undetected by antivirus software, partly due to its minimal permission requests and focused design. Once a victim’s card data is captured, it’s transmitted in real-time to a second device controlled by the attacker, which then emulates the card for immediate withdrawals or purchases. This bypasses traditional fraud detection systems that rely on transaction delays. The malware architecture includes two applications: “Reader,” which collects NFC data from victims; “Tapper,” used by fraudsters to emulate the stolen card. Communication between the two is secured via mutual TLS, ensuring encrypted and authenticated relay of stolen data. “While this type of attack relies on relatively simple social engineering techniques, it proves to be highly effective – both in terms of success rate and cashout efficiency,” Cleafy warned.
Congress passes the Take It Down Act that criminalizes deepfake videos and images, giving social media platforms 48 hours to remove such content when requested to
The Take It Down Act, legislation that criminalizes the publication of nonconsensual sexually explicit deepfake videos and images, passed the House and is already on its way to President Trump’s desk. This overwhelming response now means that social media companies and other websites will have 48 hours to remove content when requested to by a member of the public or a public figure. This will include images or videos that have been created or enhanced by artificial intelligence. “Once it passes the House, I look forward to signing that bill into law,” Trump added. Senate Commerce Chair Ted Cruz called it a “historic win in the fight to protect victims of revenge porn and deepfake abuse.” Cruz believes the act will spare “victims from repeated trauma” while “holding predators accountable.” The Electronic Frontier Foundation pointed out that the act could have a chilling effect. Smaller companies concerned over legal action may now introduce filters in their products, which could be flawed. The foundation is also concerned that end-to-end encrypted private messaging systems and cloud storage are not exempt, possibly resulting in a loss of privacy. At the same time, the law may encourage bad-faith takedown requests, hampering journalism and satire.
Palo Alto Networks platform automatically performs red-teaming, spots misconfigured access permissions, AI models that are susceptible to tempering and other risks before deploying a new AI workload to production
Palo Alto Networks is expanding its product portfolio with a new platform for protecting AI models and an upgraded version of its security-optimized browser. The company debuted the offerings against the backdrop of the news that it’s acquiring cybersecurity startup Protect. After the acquisition, the Protect AI team will join the company to help enhance Prisma AIRS, a new AI security platform it debuted in conjunction with the deal. The offering covers many of the same use cases as Protect AI’s product suite. Before deploying a new AI workload to production, a company can use Prisma AIRS to test it for vulnerabilities. The platform includes a tool that automatically performs red-teaming, the task of simulating cyberattacks to find weak points in an application. Prisma AIRS spots misconfigured access permissions, AI models that are susceptible to tempering and other risks. Once an AI workload is deployed in production, Prisma AIRS filters malicious prompts using a runtime security component. It also spots other issues. The software blocks, among others, hallucinations and requests that may cause an AI application to use an excessive amount of hardware resources. A third set of features in Prisma AIRS is designed to protect AI agents. The platform can spot tool misuse, or cyberattacks that target the applications an AI agent uses to perform tasks. The first set of upgrades is rolling out to Prisma Access Browser, a browser that uses AI to block malicious websites. The latest Prisma Access Browser release includes new detections, automated workflows for spotting cyberattacks. According to Palo Alto Networks, they can detect browser-in-the-browser phishing attacks.
Cequence Security’s platform governs interactions between AI agents and backend services enabling detection and prevention of harvesting of organizational data
Cequence Security announced significant enhancements to its Unified API Protection (UAP) platform to deliver the industry’s first comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance. Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data. Key enhancements to Cequence’s UAP platform include: Block unauthorized AI data harvesting; Detect and prevent sensitive data exposure; Discover and manage shadow AI; Seamless integration.
IBM’s agentic AI system for threat detection analyzes alerts with enrichment and contextualization, performs risk analysis, creates and executes investigation plans, and performs remediation actions
IBM introduced new agentic and automation capabilities to its managed detection and response service offerings to help enable autonomous security operations and predictive threat intelligence for clients. 1) Autonomous Threat Operations Machine (ATOM), an agentic AI system providing autonomous threat triage, investigation, and remediation with minimal human intervention. Powering IBM’s Threat Detection and Response (TDR) services, ATOM’s AI agentic framework and orchestration engine leverages multiple individual agents to augment an organization’s existing security analytics solution and help accelerate threat detection, analyze alerts with enrichment and contextualization, perform risk analysis, create and execute investigation plans, and perform remediation actions which enhance the security analyst experience. This orchestration allows security teams to focus on high priority threats, rather than spending valuable time on false positives or lower-priority risks. Within the TDR platform, ATOM acts as a vendor-agnostic digital operator and provides AI capabilities that integrate with existing solutions from IBM and partners. 2) IBM is also introducing the new X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which leverages industry vertical-specific AI foundation models to generate predictive threat insights on potential adversarial activity and minimize manual threat hunting efforts. IBM X-Force PTI integrates AI with expert human analysis to help curate proactive threat intelligence. Built on proprietary AI foundational models and trained on cybersecurity data, PTI provides a tailored, contextualized threat intelligence feed and predicts potential threats based on adversary behavior. To extract early indicators of behavior and compromise, PTI gathers data from more than 100 sources including X-Force Threat Intelligence, open-source RSS feeds, APIs and other automated sources, as well as user-supplied organizational context. PTI synthesizes that information into collective intelligence reports that include recommended threat hunt queries tailored to the organization’s specific needs. By focusing on indicators of behaviors, instead of just indicators of compromise, businesses can get ahead of threats.
CrowdStrike’s SIEM solution is first to bring managed threat hunting to third-party data- unifies real-time intelligence and AI-driven automation to deliver expert-led threat hunting across all attack surfaces
CrowdStrike introduced Falcon® Adversary OverWatch Next-Gen SIEM, the first and only solution to bring managed threat hunting to third-party data. This breakthrough innovation extends the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces adversaries have long exploited. By leveraging third-party data ingested by Falcon® Next-Gen SIEM, CrowdStrike delivers 24/7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface. Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, Falcon Adversary OverWatch uses deep adversary expertise and industry-leading threat intelligence to rapidly uncover evasive threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence and AI-driven automation to deliver comprehensive visibility, high-fidelity alerts and machine speed response. New innovations include: Expert-Led Threat Hunting Across all Attack Surfaces; UEBA and Case Management for Falcon Next-Gen SIEM; Unified Identity Security and Next-Gen SIEM; CrowdStrike Pulse Services.
Abnormal AI converts real phishing attacks blocked by its security platform into tailored simulations for each employee; and uses real-time behavioral threat data to instantly deliver coaching modules
Abnormal AI is introducing autonomous AI agents that revolutionize how organizations train employees and report on risk, while also evolving its email security capabilities to continue to stop the world’s most advanced email attacks. The launch of AI Phishing Coach allows organizations to replace ineffective, generic training with a personalized, autonomous AI platform. By converting real attacks blocked by Abnormal into tailored simulations for each user, it delivers instant coaching modules when users click—no more canned videos or impersonalized courses. For company-wide training, AI-generated videos are created on-demand, branded, and customized to each organization’s threat landscape. AI Phishing Coach uses real-time behavioral threat data to deliver hyper-relevant training experiences. Because it’s powered by Abnormal’s behavioral AI engine, it learns from each organization’s threat environment and adapts training dynamically—providing proactive education before attacks succeed. Abnormal is also launching AI Data Analyst to turn complex security data into instantly usable intelligence—providing admins with better reporting tools and saving teams dozens of hours in manual data aggregation. AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers, highlighting the value Abnormal is bringing to their organization. Customers can then interact with the agent to ask follow-up questions, explore specific data points, or request customized board decks—complete with interactive slides and plain-language insights—tailored to showcase the impact of Abnormal AI on their security posture. Abnormal is rolling out three no-cost upgrades to Inbound Email Security, now available to all customers: 1) Quarantine Release: Consolidates Microsoft-quarantined emails into the Abnormal platform for streamlined triage and faster response; 2) URL Rewriting: Adds user-facing warnings and click tracking for suspicious links, improving protection without disrupting the email experience. 3) Enterprise Remediation Settings: Allows administrators to tailor remediation actions based on threat type and business context.
Bugcrowd’s crowdsourced red teaming as a service RTaaS connects customers with a global network of vetted, trusted ethical hackers tailored to needs, budgets and organizational maturity
Bugcrowd the first-ever offering to apply the scale, agility, and incentive-driven power of crowdsourcing to red teaming. This new service connects customers with a global network of vetted ethical hackers for a variety of red team engagements—fully managed through the Bugcrowd Platform. This release sets a new benchmark in the red team services market, enabling organizations to test their security environments with the highest level of confidence. By tapping into a global pool of experts using the latest adversarial tactics, techniques, and procedures (TTPs), customers gain unparalleled insight into how real-world attackers would attempt to breach their defenses. Available on the Bugcrowd Platform, RTaaS works seamlessly alongside offerings such as Penetration Testing as a Service, Managed Bug Bounty, and Vulnerability Disclosure Programs. Bugcrowd customers can tailor their RTaaS engagements to meet specific needs, budget constraints, and organizational maturity. Through Bugcrowd’s global talent pool of vetted, trusted ethical hackers, customers can secure the exact expertise they need and scale their RTaaS program over time, surpassing competing services on the market. Bugcrowd’s industry-first offensive crowdsourced RTaaS bridges this critical security gap, opening the door for our customers to access high-end capabilities that deliver crucial insights into their defensive posture—continuously,” says Dave Gerry, CEO of Bugcrowd. Key features of RTaaS on the Bugcrowd Platform: Threat intelligence aligned with realistic scenarios; Real-world adversarial tactics; Global pool of specialized operators; Integrated platform and workflows; Scalable and flexible; High return on investment
Minimus platform reduces cloud software vulnerabilities by building container images directly from upstream project sources and including only the essential components needed to run applications
Application security startup Minimus has raised $51 million in an exceptionally large seed round to support the rollout of its platform, which claims to eliminate 95% of software supply chain vulnerabilities. Minimus offers a solution that is said to radically reduce cloud software vulnerabilities. The company’s platform transforms application security by breaking free from the cycle of detection, triage and remediation, allowing chief information security officers and developers to entirely avoid nearly all vulnerabilities. Minimus offers secure, minimal container images and virtual machines that seamlessly replace existing artifacts anywhere in the development workflow. Requiring only a single change to deployment configurations, the Minimus platform can help organizations realize an immediate decrease in vulnerability exposure, vastly accelerating remaining remediation efforts. Under the hood, Minimus builds images directly from upstream project sources, including only the essential components needed to run applications. The methodology reduces the attack surface, providing a lightweight, secure alternative to traditional development artifacts that doesn’t disrupt existing workflows or tools. The platform also integrates real-time threat intelligence to give developers and security teams insights into active exploits and vulnerability metrics, including Exploit Prediction Scoring System metrics and Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities. Doing so allows teams to focus their efforts on the small fraction of remaining risks, streamlining prioritization and significantly improving operational efficiency.
Pillar Security’s tech auto-maps all AI-related assets across the organization and uses real-world threat intelligence to address AI-specific risks such as evasion attacks, data privacy and intellectual property leakage
AI security startup Pillar Security has raised $9 million in seed funding to expand its research and development (R&D) and go-to-market efforts. Pillar Security’s solution is designed to meet the needs of a new age in which “software has gained agency and data itself has become executable,” Pillar Security CEO and Co-founder Dor Sarig said. “Pillar’s technology, backed by real-world AI threat intelligence, is built with this understanding, delivering a new class of protection designed explicitly for AI-related security risks,” Sarig said. “We are redefining application security to match the agentic and autonomous software of the Intelligence Age.” The company’s security platform is specifically designed for AI-integrated software systems and addresses AI-specific risk areas like evasion attacks, data poisoning, data privacy and intellectual property leakage. The platform integrates with an organization’s existing code repositories, data infrastructures and AI/ML platforms, automatically maps all AI-related assets across the organization, tests AI models and deploys guardrails that proactively prevent failures.