Exabeam, a global leader in intelligence and automation for security operations, has expanded its integrated multi-agent AI system, Exabeam Nova, to provide real-time strategic planning and boardroom communication tools. The Exabeam Nova Advisor Agent is the industry’s first AI capability designed to turn security data into a strategy that CISOs can defend in the boardroom. The system includes six agents designed to automate decisions, streamline investigations, and deliver continuous benchmarking of program effectiveness with clear, prioritized recommendations to drive improvement. Embedded into the New-Scale Security Operations Platform, Exabeam Nova is deeply integrated into the complete threat detection, investigation and response (TDIR) workflow. Within 90 days of launch, users reported five-times faster investigations with improved accuracy. Exabeam Nova’s seamless AI agents work together, allowing users to work smarter and prove the business impact of their security programs. Exabeam Nova is now the only agentic AI that empowers security leaders to: Build Strategic Plans: Automatically generate data-backed roadmaps using daily posture assessments, MITRE ATT&CK coverage, and organizational security data. Communicate with the Executive Team and Board: Generate boardroom-ready summaries that reframe technical metrics into business outcomes, enabling leadership to understand progress, support investment decisions, and evaluate ROI. Identify and Prioritize Gaps: Uncover issues like missing log sources, misconfigurations, and ineffective threat detection content that weakens security posture. Run What-If Analysis: Simulate adjustments or additions to security tooling and detection capabilities to evaluate how proposed actions close gaps and improve security posture. Track and Improve Maturity: Benchmark security posture daily, monitor measurable improvements, and align security operations with long-term organizational goals.
Hackers exploiting Vercel’s gen AI tool v0.dev that lets them quickly reproduce the design and branding of authentic login sites such as Okta and Microsoft 365, often hosting visual assets such as company logos, to create sophisticated phishing websites at scale
Cybercriminals are using Generative Artificial Intelligence (GenAI), specifically the v0.dev tool from Vercel, to create sophisticated phishing websites quickly and at scale. The tool allows attackers to quickly reproduce the design and branding of authentic login sites, often hosting visual assets such as company logos on Vercel’s infrastructure. The research revealed that attackers have used the Vercel platform to host phishing sites imitating not only Okta customers but also brands like Microsoft 365 and various cryptocurrency companies. Vercel responded by restricting access to suspect sites and working with Okta to improve reporting processes for additional phishing-related infrastructure. The report also noted the existence of several public GitHub repositories that replicate the v0.dev application, along with DIY guides enabling others to build their own generative phishing tools. Okta Threat Intelligence highlighted that traditional indicators of poor quality or imperfect design are insufficient for deterrence. To address these risks, Okta Threat Intelligence recommends enforcing phishing-resistant authentication policies, prioritizing the deactivation of less secure factors, restricting access to trusted devices, requiring secondary authentication if anomalous user behavior is detected, and updating security awareness training to account for AI-driven threats.
Platformization taking centre stage in cybersecurity driven by the need to create experience-driven engagement and safeguard complex, distributed environments where data, people and machines all intersect
Platformization is becoming a critical strategy in cybersecurity as organizations shift from fragmented tools to integrated platforms to manage growing threats, complex infrastructure and changing buyer expectations. Vendor consolidation and re-platformization are reshaping the cybersecurity landscape, but expectations often clash with reality on the show floor. As buyers shift toward experience-driven engagement, traditional booth strategies fall short. “I think we’re just consolidating those alphabet soups into specific platforms,” Jackie McGuire, principal analyst, security analytics, operations and strategy at theCUBE Research. said. “The IAM, PAM, all of the identity will become an identity platform. The data security, DSPM, all of that will be a data platform. We are seeing platformization, I just don’t think it’s quite the one login to rule them all that the big vendors would have you believe.” As the security perimeter disappears and digital threats reach into physical infrastructure, the importance of truly integrated platforms continues to rise. Organizations are no longer just defending networks, they’re safeguarding complex, distributed environments where data, people and machines all intersect. The challenge now is not just technical unification, but creating experiences and solutions that align with how modern buyers think, behave and invest, according to John Furrier, co-founder and executive analyst at theCUBE Research. “I call it the re-platformization, because some people are re-platforming, some are actually adopting platforms for the first time because they had best of breed,” he added. “The theme is homogeneous layers where you need data and people, using the Waymo example, where you have so much data and devices or things connected that you need to have data controls. That’s become a big theme.”
Akamai creates firewall purpose built for unique AI threats unauthorized queries, adversarial inputs, and large-scale data-scraping attempts
Akamai Technologies announced Firewall for AI, a new solution that provides multilayered protection for AI applications against unauthorized queries, adversarial inputs, and large-scale data-scraping attempts. Combined with other new enhancements such as API LLM Discovery, Akamai Firewall for AI provides customers with a holistic set of AI-driven capabilities. AI models contain valuable proprietary knowledge and sensitive datasets, making them prime targets for attackers. Akamai Firewall for AI addresses this as a purpose-built security solution designed to protect AI-powered applications, LLMs, and AI-driven APIs from emerging cyberthreats. By securing inbound AI queries and outbound AI responses, the firewall closes security gaps that generative AI technologies introduce. Key features of Firewall for AI include: Multilayered protection: Blocks adversarial inputs, unauthorized queries, and large-scale data scraping to prevent model manipulation and data exfiltration. Real-time AI threat detection: Uses adaptive security rules to dynamically respond to evolving AI-based attacks, including prompt injection and model exploitation. Compliance and data protection: Helps ensure AI-generated outputs remain safe and align with regulatory and industry standards. Flexible deployment options: Deploys via Akamai edge, REST API, or reverse proxy, enabling seamless integration into existing security frameworks. Proactive risk mitigation: Filters AI outputs to prevent toxic content, hallucinations, and unauthorized data leaks.
NetApp adds quantum-safe encryption and AI ransomware detection to ONTAP data management software – ransomware-specific role-based access controls, which empower security teams with granular permissions tailored to combat ransomware threats
To help customers enhance their cyber resiliency at the storage layer, NetApp is releasing new data security capabilities including: Post-Quantum Cryptography: NetApp has embedded post-quantum cryptography into its storage portfolio for file and block workloads. NetApp’s secure-by-design storage keeps its customers’ data protected against quantum threats, fostering confidence among customers, partners, and regulators. By leveraging encryption algorithms standardized by NIST—a globally recognized standards body and authority—businesses can rely on a defense that is thoroughly tested and capable of carrying them into the future with quantum-ready storage. NetApp BlueXP Ransomware Protection Update: Updates to BlueXP ransomware protection strengthen the service’s ability to provide a comprehensive, orchestrated ransomware defense for NetApp ONTAP workloads. The new features include ransomware-specific role-based access controls, which empower security teams with granular permissions tailored to combat ransomware threats effectively, and support for ransomware protection for native cloud workloads. These advancements provide enterprises with enhanced control and protection against ransomware, safeguarding critical data and maintaining operational resilience in an increasingly complex threat landscape. NetApp BlueXP Backup and Recovery Workload Support: NetApp BlueXP backup and recovery provides a simple, secure, and cost-effective integrated data protection service for ONTAP data. With these new updates, customers will benefit from a redesigned user interface that makes it easier to integrate and define a 3-2-1 data protection strategy for their workloads, including Microsoft SQL Server, VMware, and Kubernetes applications. NetApp Security Professional Services: NetApp is offering expanded professional security assessment and security hardening services to help customers evaluate and further tighten their security posture by enabling the built-in security capabilities in NetApp that help keep their data secure.
Magento attackers left the code dormant for six years ultimately compromising between 500 and 1,000 eCommerce websites with malicious code capable of stealing payment card information and other sensitive data
Hundreds of eCommerce sites, at least one of which is owned by a $40 billion multinational company, were impacted by a supply chain attack, Sansec reported. Cybersecurity observers believe the next major wave of enterprise breaches may not come from direct attacks but rather through trusted dependencies and third parties. The attack came from a sophisticated backdoor embedded within 21 Magento extensions concealed within license verification files. The attackers left the code dormant for six years and only activated it in April, ultimately compromising between 500 and 1,000 eCommerce websites with malicious code capable of stealing payment card information and other sensitive data. The Magento incident serves as a sign of a broader evolution in cyberattacks, from quick heists to long cons. This is espionage at the code level, and the prolonged and covert infiltration of eCommerce providers serves as a reminder of the evolving tactics employed by cybercriminals and the critical importance of proactive cybersecurity measures. A breach in an eCommerce plugin can cascade into enterprise resource planning (ERP) systems, customer relationship management (CRM) platforms and payroll software. A single compromised dependency can compromise thousands of downstream systems. The problem can be exacerbated by visibility gaps. Many enterprises struggle to maintain accurate inventories of their software components. Without knowing what’s under the hood, it’s nearly impossible to detect tampering, let alone respond swiftly when a vulnerability is disclosed. This new landscape may demand a shift in mindset. Trust-based assumptions, which were once the norm in IT supply relationships, are increasingly being replaced with “zero trust” frameworks that continuously verify and monitor every component and user. Software bills of materials (SBOMs), automated code integrity checks and secure-by-design principles are no longer optional but are becoming operational necessities.
Barracuda Networks’s multimodal AI simultaneously correlates and analyzes diverse text and visual data types including URLs, documents, images, QR codes and more to offer more adaptive defense against zero-day attacks
Barracuda Networks unveiled new threat detection capabilities fueled by multimodal AI that deliver context-aware protection against emerging attacks. The new capabilities give Barracuda’s platform the ability to protect against attacks with accuracy and speed by simultaneously correlating and analyzing diverse text and visual data types – including URLs, documents, images, QR codes and more. The new capabilities introduce a new integration with multimodal AI, technology that synthesizes and interprets numerous data streams in various formats, with ML classifiers and a purpose-built sandbox engine. Doing so delivers a faster, smarter and more adaptive defense layer that detects more than three times as many malicious files at eight times the speed of previous models. The capabilities significantly strengthen Barracuda Advanced Threat Protection, which provides layered security across the Barracuda platform. The new capabilities also enhance Barracuda LinkProtect, which inspects URLs for hidden threats, malicious scripts, suspicious redirects and other attacks using a virtual sandbox and secure, isolated browser environment. By incorporating multimodal AI, Barracuda can now detect not only known threat signatures but also subtle anomalies across multiple content formats that may indicate novel or zero-day attacks. The capability is particularly useful at a time when threat actors continue to blend social engineering, image-based lures and malicious links into more convincing and evasive campaigns.
Google Desktop Chrome is using the on-device Gemini Nano model to provide instant insight on risky websites and offer an additional layer of defense even against online scams that haven’t been detected before
Google published a report about how it’s using the latest AI approaches to combat spam across Search, Chrome (with Gemini Nano for Enhanced Protection), and Android. Google Search credits AI-powered scam detection systems as currently helping detect and block “hundreds of millions of scammy results every day.” The company notes how it can now “analyze vast quantities of text and identify subtle linguistic patterns and thematic connections that might indicate coordinated scam campaigns or emerging fraudulent narratives.” In addition to the “Standard Protection” warnings when you come across a nefarious site, Safe Browsing offers an optional “Enhanced Protection” mode against phishing and other scams. Desktop Chrome is now using the on-device Gemini Nano model to “provide Enhanced Protection users with an additional layer of defense against online scams.” The LLM “provides instant insight on risky websites and allows us to offer protection, even against scams that haven’t been seen before.” Google is already using this to “protect users from remote tech support scams,” with plans to cover more types and bringing to the Android browser in the future. Meanwhile, Chrome for Android will use an on-device machine learning model that flags “malicious, spammy or misleading notifications” and labels them as “Possible scam.” Users can “Show notification” or “Unsubscribe.”
Android’s new security feature shows a warning with a button to close if a partner bank’s app is opened while sharing a screen with an unknown number
Google announced new security and privacy features for Android including new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a device is stolen or taken over by an attacker, and enhance device-level security for various attacks. Phone scammers often ask users to take actions like tapping on unsafe links or downloading unknown apps. In order to protect users, Google is blocking some actions and warning users of a potential scam while they are on a call with someone not in their contact list. For Android 16, these actions include side-loading an app for the first time from a web browser, messaging app, or other sources that have not been verified by Google, and granting accessibility permission to an app so that a scammer can take control of the device. The company is also preventing users running Android 6 or later from disabling Google Play Protect, which scans the device for harmful apps while they are on a call. Google is adding screen-sharing protection as well by reminding users to stop sharing the screen after a call ends. The company is also testing a new warning screen with select banks in the U.K. to prevent fraud through screen-sharing. When users on devices running Android 11 or later open a partner bank’s app while sharing a screen with an unknown number, the device will show a warning screen with a button to quickly end the screen-sharing. The company is adding new features to its Google Play Protect live detection program as well, which detect unsafe apps that have hidden or changed icons. The company said it is now applying a new set of on-device rules to catch more categories of malicious apps. The company said it is now applying a new set of on-device rules to catch more categories of malicious apps.
TSB Bank offers access to safeguarding app for users who are fleeing or experiencing abuse- alerts can be sent to chosen emergency contact with a simple tap or shake of the smartphone
TSB will offer customers who are fleeing or experiencing abuse, free access to Hollie Guard Extra for a year1 – simply by downloading the app and using a unique activation code. Those wishing to claim can discuss their situation in branch, over the phone or via video banking. Once installed, Hollie Guard Extra transforms an everyday smart phone into a personal safety device. TSB has added this level of protection to its existing domestic abuse support – which includes its Emergency Flee Fund2 and Safe Spaces3. With a simple tap or shake of the device, the user can send alerts to chosen emergency contacts, including the police, and a 24/7 monitoring centre. The app allows for a user’s location to be shared every five seconds, alongside audio and video recordings, helping to keep people safe in a vulnerable or potentially dangerous situation. The app has already been downloaded by almost 500,000 people in the UK and Hollie Guard Extra is being used by police forces across England and Wales. In addition, it has led to numerous arrests and helped in more than 1,500 threatening and dangerous situations. TSB hopes that Hollie Guard Extra can provide further support to TSB’s Flee Fund – helping connect and protect victim-survivors having fled an abuser.