SquareX Ltd., a startup with a browser extension that can detect and block obfuscated malware, has raised $20 million in funding. SquareX’s browser extension promises to help enterprises protect employees from malicious websites, phishing campaigns and other online threats. The extension provides features for blocking so-called last mile reassembly attacks. Those are cyberattacks that disguise browser-borne malware by splitting it into multiple code snippets. Because the individual snippets are harmless on their own, they have a higher chance of evading detection by antivirus tools. The malware resembles itself after the code fragments are downloaded onto the user’s device. In some cases, last-mile reassembly attacks use LSB steganography to further complicate detection efforts. LSB steganography is a data storage method that can be used to encode malicious code into images, which often aren’t scanned by cybersecurity tools. Once a malware-laden image is downloaded by a user, a script extracts the malicious code and runs it. SquareX says that its browser extension can spot such attacks as well. According to SquareX, its browser extension removes macros from Office documents to delete any malicious code they may contain. When the extension blocks a malicious program, it sends the file to a cloud-based sandbox where administrators can study it. SquareX provides more than 20 malware analysis tools to ease the process. SquareX can be configured to block password sharing across applications, data entry into unauthorized applications and other risky practices. It’s also possible to create a list of approved browser extensions and automatically block plug-ins that are not on the list.
Acoru’s gen AI platform tracks account changes and detects mule accounts by leveraging pre-fraud indicators and continuously monitoring and classifying account types over time, to prevent omnichannel authorized fraud
Acoru, a cybersecurity firm, has launched its operations after securing €4 million seed funding in 2023. The company aims to revolutionize fraud prevention in the financial sector by developing a NextGen platform equipped with generative AI, enhanced analytics, and a configurable intelligence network. The platform excels at tracking account changes and detecting mule accounts by leveraging pre-fraud indicators and continuously monitoring and classifying account types over time. Acoru’s platform leverages advanced technology to process both structured and unstructured data, delivering insights through an intuitive, user-friendly interface. The platform’s intuitive interface, easy customization, and effectiveness in identifying pre-fraud signals have driven rapid adoption. Acoru’s founders, Pablo de la Riva Ferrezuelo and David Morán, bring over 20 years of expertise in cybersecurity and fraud prevention. The company plans to use the funding to continue its international expansion.
Harness’s platform provides web application protection, API security, bot mitigation, and DDoS defense in a single, unified interface and analyzes real-time behavior across users, APIs, and sessions for enhanced traffic visibility
Harness has launched Traceable Cloud Web Application and API Protection (WAAP), a new offering to help developers secure their cloud-native applications and APIs. The product offers web application protection, API security, bot mitigation, and DDoS defense, aiming to provide a unified experience, eliminating the need for multiple tools. Key capabilities of Traceable Cloud WAAP include: API discovery from traffic, encrypted flows, and code repositories; Sensitive data flow mapping and API risk scoring; Real-time runtime protection with attacker fingerprinting, user and session attribution, and anomaly detection; Shift-left API testing integrated into CI/CD pipelines.
“SuperCard X” mobile malware campaign uses a multi-stage approach comprising of social engineering via smishing and phone calls, PIN elicitation, malicious app installation and real-time NFC data interception to steal payment card data through POS systems
A sophisticated mobile malware campaign using a new NFC-relay technique to steal payment card data has been uncovered by security researchers. Named “SuperCard X,” the Android malware operates under a Malware-as-a-Service (MaaS) model and enables fraudsters to carry out unauthorized transactions through Point-of-Sale (POS) systems and ATMs. According to the Cleafy Threat Intelligence team who discovered the threat, victims are deceived through smishing campaigns and phone calls into installing a malicious app disguised as a security tool. Once installed, the malware silently captures NFC data when a card is tapped on the compromised device. What makes this campaign particularly dangerous is its multi-stage approach, comprising: Social engineering via smishing and phone calls, PIN elicitation and card limit removal, Malicious app installation, Real-time NFC data interception, Instant fraudulent cash-outs. The SuperCard X malware remains largely undetected by antivirus software, partly due to its minimal permission requests and focused design. Once a victim’s card data is captured, it’s transmitted in real-time to a second device controlled by the attacker, which then emulates the card for immediate withdrawals or purchases. This bypasses traditional fraud detection systems that rely on transaction delays. The malware architecture includes two applications: “Reader,” which collects NFC data from victims; “Tapper,” used by fraudsters to emulate the stolen card. Communication between the two is secured via mutual TLS, ensuring encrypted and authenticated relay of stolen data. “While this type of attack relies on relatively simple social engineering techniques, it proves to be highly effective – both in terms of success rate and cashout efficiency,” Cleafy warned.
Congress passes the Take It Down Act that criminalizes deepfake videos and images, giving social media platforms 48 hours to remove such content when requested to
The Take It Down Act, legislation that criminalizes the publication of nonconsensual sexually explicit deepfake videos and images, passed the House and is already on its way to President Trump’s desk. This overwhelming response now means that social media companies and other websites will have 48 hours to remove content when requested to by a member of the public or a public figure. This will include images or videos that have been created or enhanced by artificial intelligence. “Once it passes the House, I look forward to signing that bill into law,” Trump added. Senate Commerce Chair Ted Cruz called it a “historic win in the fight to protect victims of revenge porn and deepfake abuse.” Cruz believes the act will spare “victims from repeated trauma” while “holding predators accountable.” The Electronic Frontier Foundation pointed out that the act could have a chilling effect. Smaller companies concerned over legal action may now introduce filters in their products, which could be flawed. The foundation is also concerned that end-to-end encrypted private messaging systems and cloud storage are not exempt, possibly resulting in a loss of privacy. At the same time, the law may encourage bad-faith takedown requests, hampering journalism and satire.
Palo Alto Networks platform automatically performs red-teaming, spots misconfigured access permissions, AI models that are susceptible to tempering and other risks before deploying a new AI workload to production
Palo Alto Networks is expanding its product portfolio with a new platform for protecting AI models and an upgraded version of its security-optimized browser. The company debuted the offerings against the backdrop of the news that it’s acquiring cybersecurity startup Protect. After the acquisition, the Protect AI team will join the company to help enhance Prisma AIRS, a new AI security platform it debuted in conjunction with the deal. The offering covers many of the same use cases as Protect AI’s product suite. Before deploying a new AI workload to production, a company can use Prisma AIRS to test it for vulnerabilities. The platform includes a tool that automatically performs red-teaming, the task of simulating cyberattacks to find weak points in an application. Prisma AIRS spots misconfigured access permissions, AI models that are susceptible to tempering and other risks. Once an AI workload is deployed in production, Prisma AIRS filters malicious prompts using a runtime security component. It also spots other issues. The software blocks, among others, hallucinations and requests that may cause an AI application to use an excessive amount of hardware resources. A third set of features in Prisma AIRS is designed to protect AI agents. The platform can spot tool misuse, or cyberattacks that target the applications an AI agent uses to perform tasks. The first set of upgrades is rolling out to Prisma Access Browser, a browser that uses AI to block malicious websites. The latest Prisma Access Browser release includes new detections, automated workflows for spotting cyberattacks. According to Palo Alto Networks, they can detect browser-in-the-browser phishing attacks.
Cequence Security’s platform governs interactions between AI agents and backend services enabling detection and prevention of harvesting of organizational data
Cequence Security announced significant enhancements to its Unified API Protection (UAP) platform to deliver the industry’s first comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance. Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data. Key enhancements to Cequence’s UAP platform include: Block unauthorized AI data harvesting; Detect and prevent sensitive data exposure; Discover and manage shadow AI; Seamless integration.
IBM’s agentic AI system for threat detection analyzes alerts with enrichment and contextualization, performs risk analysis, creates and executes investigation plans, and performs remediation actions
IBM introduced new agentic and automation capabilities to its managed detection and response service offerings to help enable autonomous security operations and predictive threat intelligence for clients. 1) Autonomous Threat Operations Machine (ATOM), an agentic AI system providing autonomous threat triage, investigation, and remediation with minimal human intervention. Powering IBM’s Threat Detection and Response (TDR) services, ATOM’s AI agentic framework and orchestration engine leverages multiple individual agents to augment an organization’s existing security analytics solution and help accelerate threat detection, analyze alerts with enrichment and contextualization, perform risk analysis, create and execute investigation plans, and perform remediation actions which enhance the security analyst experience. This orchestration allows security teams to focus on high priority threats, rather than spending valuable time on false positives or lower-priority risks. Within the TDR platform, ATOM acts as a vendor-agnostic digital operator and provides AI capabilities that integrate with existing solutions from IBM and partners. 2) IBM is also introducing the new X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which leverages industry vertical-specific AI foundation models to generate predictive threat insights on potential adversarial activity and minimize manual threat hunting efforts. IBM X-Force PTI integrates AI with expert human analysis to help curate proactive threat intelligence. Built on proprietary AI foundational models and trained on cybersecurity data, PTI provides a tailored, contextualized threat intelligence feed and predicts potential threats based on adversary behavior. To extract early indicators of behavior and compromise, PTI gathers data from more than 100 sources including X-Force Threat Intelligence, open-source RSS feeds, APIs and other automated sources, as well as user-supplied organizational context. PTI synthesizes that information into collective intelligence reports that include recommended threat hunt queries tailored to the organization’s specific needs. By focusing on indicators of behaviors, instead of just indicators of compromise, businesses can get ahead of threats.
CrowdStrike’s SIEM solution is first to bring managed threat hunting to third-party data- unifies real-time intelligence and AI-driven automation to deliver expert-led threat hunting across all attack surfaces
CrowdStrike introduced Falcon® Adversary OverWatch Next-Gen SIEM, the first and only solution to bring managed threat hunting to third-party data. This breakthrough innovation extends the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces adversaries have long exploited. By leveraging third-party data ingested by Falcon® Next-Gen SIEM, CrowdStrike delivers 24/7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface. Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, Falcon Adversary OverWatch uses deep adversary expertise and industry-leading threat intelligence to rapidly uncover evasive threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence and AI-driven automation to deliver comprehensive visibility, high-fidelity alerts and machine speed response. New innovations include: Expert-Led Threat Hunting Across all Attack Surfaces; UEBA and Case Management for Falcon Next-Gen SIEM; Unified Identity Security and Next-Gen SIEM; CrowdStrike Pulse Services.
Abnormal AI converts real phishing attacks blocked by its security platform into tailored simulations for each employee; and uses real-time behavioral threat data to instantly deliver coaching modules
Abnormal AI is introducing autonomous AI agents that revolutionize how organizations train employees and report on risk, while also evolving its email security capabilities to continue to stop the world’s most advanced email attacks. The launch of AI Phishing Coach allows organizations to replace ineffective, generic training with a personalized, autonomous AI platform. By converting real attacks blocked by Abnormal into tailored simulations for each user, it delivers instant coaching modules when users click—no more canned videos or impersonalized courses. For company-wide training, AI-generated videos are created on-demand, branded, and customized to each organization’s threat landscape. AI Phishing Coach uses real-time behavioral threat data to deliver hyper-relevant training experiences. Because it’s powered by Abnormal’s behavioral AI engine, it learns from each organization’s threat environment and adapts training dynamically—providing proactive education before attacks succeed. Abnormal is also launching AI Data Analyst to turn complex security data into instantly usable intelligence—providing admins with better reporting tools and saving teams dozens of hours in manual data aggregation. AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers, highlighting the value Abnormal is bringing to their organization. Customers can then interact with the agent to ask follow-up questions, explore specific data points, or request customized board decks—complete with interactive slides and plain-language insights—tailored to showcase the impact of Abnormal AI on their security posture. Abnormal is rolling out three no-cost upgrades to Inbound Email Security, now available to all customers: 1) Quarantine Release: Consolidates Microsoft-quarantined emails into the Abnormal platform for streamlined triage and faster response; 2) URL Rewriting: Adds user-facing warnings and click tracking for suspicious links, improving protection without disrupting the email experience. 3) Enterprise Remediation Settings: Allows administrators to tailor remediation actions based on threat type and business context.