AI- powered employee cybersecurity training startup Jericho Security specializes in AI-driven cybersecurity training that focuses on empowering employees to recognize and respond to evolving cyber threats. The company argues that as threat actors employ increasingly sophisticated tactics, companies understand that the best defense against outside attacks is their own employees. Jericho’s platform employs generative AI to create hyper-realistic phishing simulations that mimic real-world scenarios, enhancing the training experience. The simulations are designed to be dynamic and personalized, adapting to the specific needs and roles within an organization. The training modules offered by Jericho are tailored to address the unique challenges faced by various industries, including healthcare, technology and government sectors. The modules use customized content to meet the specific requirements of each industry to ensure that employees are prepared to handle sector-specific cyberthreats effectively. Jericho also provides a comprehensive cybersecurity dashboard that allows organizations to manage their security efforts from a single platform. The dashboard allows for the creation and scheduling of phishing simulations, delivery of custom training content and monitoring of employee performance through detailed analytics.
SquareX’s browser extension can block detection-evasive last mile reassembly attacks that disguise browser-borne malware by splitting it into multiple code snippets
SquareX Ltd., a startup with a browser extension that can detect and block obfuscated malware, has raised $20 million in funding. SquareX’s browser extension promises to help enterprises protect employees from malicious websites, phishing campaigns and other online threats. The extension provides features for blocking so-called last mile reassembly attacks. Those are cyberattacks that disguise browser-borne malware by splitting it into multiple code snippets. Because the individual snippets are harmless on their own, they have a higher chance of evading detection by antivirus tools. The malware resembles itself after the code fragments are downloaded onto the user’s device. In some cases, last-mile reassembly attacks use LSB steganography to further complicate detection efforts. LSB steganography is a data storage method that can be used to encode malicious code into images, which often aren’t scanned by cybersecurity tools. Once a malware-laden image is downloaded by a user, a script extracts the malicious code and runs it. SquareX says that its browser extension can spot such attacks as well. According to SquareX, its browser extension removes macros from Office documents to delete any malicious code they may contain. When the extension blocks a malicious program, it sends the file to a cloud-based sandbox where administrators can study it. SquareX provides more than 20 malware analysis tools to ease the process. SquareX can be configured to block password sharing across applications, data entry into unauthorized applications and other risky practices. It’s also possible to create a list of approved browser extensions and automatically block plug-ins that are not on the list.
Acoru’s gen AI platform tracks account changes and detects mule accounts by leveraging pre-fraud indicators and continuously monitoring and classifying account types over time, to prevent omnichannel authorized fraud
Acoru, a cybersecurity firm, has launched its operations after securing €4 million seed funding in 2023. The company aims to revolutionize fraud prevention in the financial sector by developing a NextGen platform equipped with generative AI, enhanced analytics, and a configurable intelligence network. The platform excels at tracking account changes and detecting mule accounts by leveraging pre-fraud indicators and continuously monitoring and classifying account types over time. Acoru’s platform leverages advanced technology to process both structured and unstructured data, delivering insights through an intuitive, user-friendly interface. The platform’s intuitive interface, easy customization, and effectiveness in identifying pre-fraud signals have driven rapid adoption. Acoru’s founders, Pablo de la Riva Ferrezuelo and David Morán, bring over 20 years of expertise in cybersecurity and fraud prevention. The company plans to use the funding to continue its international expansion.
Harness’s platform provides web application protection, API security, bot mitigation, and DDoS defense in a single, unified interface and analyzes real-time behavior across users, APIs, and sessions for enhanced traffic visibility
Harness has launched Traceable Cloud Web Application and API Protection (WAAP), a new offering to help developers secure their cloud-native applications and APIs. The product offers web application protection, API security, bot mitigation, and DDoS defense, aiming to provide a unified experience, eliminating the need for multiple tools. Key capabilities of Traceable Cloud WAAP include: API discovery from traffic, encrypted flows, and code repositories; Sensitive data flow mapping and API risk scoring; Real-time runtime protection with attacker fingerprinting, user and session attribution, and anomaly detection; Shift-left API testing integrated into CI/CD pipelines.
“SuperCard X” mobile malware campaign uses a multi-stage approach comprising of social engineering via smishing and phone calls, PIN elicitation, malicious app installation and real-time NFC data interception to steal payment card data through POS systems
A sophisticated mobile malware campaign using a new NFC-relay technique to steal payment card data has been uncovered by security researchers. Named “SuperCard X,” the Android malware operates under a Malware-as-a-Service (MaaS) model and enables fraudsters to carry out unauthorized transactions through Point-of-Sale (POS) systems and ATMs. According to the Cleafy Threat Intelligence team who discovered the threat, victims are deceived through smishing campaigns and phone calls into installing a malicious app disguised as a security tool. Once installed, the malware silently captures NFC data when a card is tapped on the compromised device. What makes this campaign particularly dangerous is its multi-stage approach, comprising: Social engineering via smishing and phone calls, PIN elicitation and card limit removal, Malicious app installation, Real-time NFC data interception, Instant fraudulent cash-outs. The SuperCard X malware remains largely undetected by antivirus software, partly due to its minimal permission requests and focused design. Once a victim’s card data is captured, it’s transmitted in real-time to a second device controlled by the attacker, which then emulates the card for immediate withdrawals or purchases. This bypasses traditional fraud detection systems that rely on transaction delays. The malware architecture includes two applications: “Reader,” which collects NFC data from victims; “Tapper,” used by fraudsters to emulate the stolen card. Communication between the two is secured via mutual TLS, ensuring encrypted and authenticated relay of stolen data. “While this type of attack relies on relatively simple social engineering techniques, it proves to be highly effective – both in terms of success rate and cashout efficiency,” Cleafy warned.
Congress passes the Take It Down Act that criminalizes deepfake videos and images, giving social media platforms 48 hours to remove such content when requested to
The Take It Down Act, legislation that criminalizes the publication of nonconsensual sexually explicit deepfake videos and images, passed the House and is already on its way to President Trump’s desk. This overwhelming response now means that social media companies and other websites will have 48 hours to remove content when requested to by a member of the public or a public figure. This will include images or videos that have been created or enhanced by artificial intelligence. “Once it passes the House, I look forward to signing that bill into law,” Trump added. Senate Commerce Chair Ted Cruz called it a “historic win in the fight to protect victims of revenge porn and deepfake abuse.” Cruz believes the act will spare “victims from repeated trauma” while “holding predators accountable.” The Electronic Frontier Foundation pointed out that the act could have a chilling effect. Smaller companies concerned over legal action may now introduce filters in their products, which could be flawed. The foundation is also concerned that end-to-end encrypted private messaging systems and cloud storage are not exempt, possibly resulting in a loss of privacy. At the same time, the law may encourage bad-faith takedown requests, hampering journalism and satire.
Palo Alto Networks platform automatically performs red-teaming, spots misconfigured access permissions, AI models that are susceptible to tempering and other risks before deploying a new AI workload to production
Palo Alto Networks is expanding its product portfolio with a new platform for protecting AI models and an upgraded version of its security-optimized browser. The company debuted the offerings against the backdrop of the news that it’s acquiring cybersecurity startup Protect. After the acquisition, the Protect AI team will join the company to help enhance Prisma AIRS, a new AI security platform it debuted in conjunction with the deal. The offering covers many of the same use cases as Protect AI’s product suite. Before deploying a new AI workload to production, a company can use Prisma AIRS to test it for vulnerabilities. The platform includes a tool that automatically performs red-teaming, the task of simulating cyberattacks to find weak points in an application. Prisma AIRS spots misconfigured access permissions, AI models that are susceptible to tempering and other risks. Once an AI workload is deployed in production, Prisma AIRS filters malicious prompts using a runtime security component. It also spots other issues. The software blocks, among others, hallucinations and requests that may cause an AI application to use an excessive amount of hardware resources. A third set of features in Prisma AIRS is designed to protect AI agents. The platform can spot tool misuse, or cyberattacks that target the applications an AI agent uses to perform tasks. The first set of upgrades is rolling out to Prisma Access Browser, a browser that uses AI to block malicious websites. The latest Prisma Access Browser release includes new detections, automated workflows for spotting cyberattacks. According to Palo Alto Networks, they can detect browser-in-the-browser phishing attacks.
Cequence Security’s platform governs interactions between AI agents and backend services enabling detection and prevention of harvesting of organizational data
Cequence Security announced significant enhancements to its Unified API Protection (UAP) platform to deliver the industry’s first comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance. Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data. Key enhancements to Cequence’s UAP platform include: Block unauthorized AI data harvesting; Detect and prevent sensitive data exposure; Discover and manage shadow AI; Seamless integration.
IBM’s agentic AI system for threat detection analyzes alerts with enrichment and contextualization, performs risk analysis, creates and executes investigation plans, and performs remediation actions
IBM introduced new agentic and automation capabilities to its managed detection and response service offerings to help enable autonomous security operations and predictive threat intelligence for clients. 1) Autonomous Threat Operations Machine (ATOM), an agentic AI system providing autonomous threat triage, investigation, and remediation with minimal human intervention. Powering IBM’s Threat Detection and Response (TDR) services, ATOM’s AI agentic framework and orchestration engine leverages multiple individual agents to augment an organization’s existing security analytics solution and help accelerate threat detection, analyze alerts with enrichment and contextualization, perform risk analysis, create and execute investigation plans, and perform remediation actions which enhance the security analyst experience. This orchestration allows security teams to focus on high priority threats, rather than spending valuable time on false positives or lower-priority risks. Within the TDR platform, ATOM acts as a vendor-agnostic digital operator and provides AI capabilities that integrate with existing solutions from IBM and partners. 2) IBM is also introducing the new X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which leverages industry vertical-specific AI foundation models to generate predictive threat insights on potential adversarial activity and minimize manual threat hunting efforts. IBM X-Force PTI integrates AI with expert human analysis to help curate proactive threat intelligence. Built on proprietary AI foundational models and trained on cybersecurity data, PTI provides a tailored, contextualized threat intelligence feed and predicts potential threats based on adversary behavior. To extract early indicators of behavior and compromise, PTI gathers data from more than 100 sources including X-Force Threat Intelligence, open-source RSS feeds, APIs and other automated sources, as well as user-supplied organizational context. PTI synthesizes that information into collective intelligence reports that include recommended threat hunt queries tailored to the organization’s specific needs. By focusing on indicators of behaviors, instead of just indicators of compromise, businesses can get ahead of threats.
CrowdStrike’s SIEM solution is first to bring managed threat hunting to third-party data- unifies real-time intelligence and AI-driven automation to deliver expert-led threat hunting across all attack surfaces
CrowdStrike introduced Falcon® Adversary OverWatch Next-Gen SIEM, the first and only solution to bring managed threat hunting to third-party data. This breakthrough innovation extends the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces adversaries have long exploited. By leveraging third-party data ingested by Falcon® Next-Gen SIEM, CrowdStrike delivers 24/7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface. Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, Falcon Adversary OverWatch uses deep adversary expertise and industry-leading threat intelligence to rapidly uncover evasive threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence and AI-driven automation to deliver comprehensive visibility, high-fidelity alerts and machine speed response. New innovations include: Expert-Led Threat Hunting Across all Attack Surfaces; UEBA and Case Management for Falcon Next-Gen SIEM; Unified Identity Security and Next-Gen SIEM; CrowdStrike Pulse Services.