Unlike traditional perimeter defenses such as firewalls, software-based microsegmentation enforces granular, internal network controls. By applying unique policies to each segment, it blocks attackers from moving laterally after an initial breach. Ransomware thrives on lateral movement, but ColorTokens Inc. and CrowdStrike Holdings Inc. use software-based microsegmentation to contain its spread. Attackers are forced to hit containment walls at each step, reducing the breach blast radius, Mac Grant, vice president of Americas sales and channels at ColorTokens. Software-based microsegmentation shortens the breakout period by restricting attacker movement, increasing detection opportunities and forcing adversaries to slow down at every step. By enforcing fine-grained, workload-to-workload policies that block unauthorized east–west traffic, it ensures attackers encounter barriers at every pivot point, even after breaching one machine, according to Muralidhar. “I think CrowdStrike has been measuring the breakout period for the last several years, and you can see it’s nosedived by about 90%,” he said. “What microsegmentation does is actually helps you get more time. It adds more friction to the attacker, so the attacker is not free to move on so easily. It reduces the attack surface for the attacker to move around, and that’s what the [security operations center] teams would love from us.” ColorTokens’ “Be Breach Ready” approach focuses less on fully preventing attacks and more on preparing for the inevitable. By stopping lateral movement, organizations can block ransomware takeovers and limit major security incidents, according to Grant.
Lockton Re became the first reinsurance broker adopting CyberCube’s Exposure Manager translating single-risk metrics into strategic cyber portfolio risk assessment and benchmarking
Lockton Re, a global reinsurance broker, is the first reinsurance broker in the industry to adopt Exposure Manager (XM), CyberCube’s newly launched product, revolutionizing the way (re)insurance companies assess risk and evaluate the health of cyber portfolios. The development partnership has provided valuable insights into the deployment of this new software. CyberCube, announced the launch of XM earlier this month, giving the (re)insurance ecosystem a powerful new way to assess the risk quality of their cyber portfolios with greater clarity and confidence. (Re)insurance companies have long understood how to manage complex portfolios, and XM enhances that expertise by translating granular, single-risk metrics into strategic, portfolio-level insights. By moving toward a quantitative approach to cyber risk quality, XM equips reinsurers to underwrite with greater confidence, insurers to audit and assess their portfolio strategy, and reinsurance brokers to better inform and advise all parties in a transaction, helping to drive a more sustainable cyber market. As XM presents a unifying view of client portfolios, Lockton Re will be able to efficiently benchmark, advise, and position its clients in the appropriate light, facilitating reinsurance transactions and strategic advisory.
SEON unveils an explainable AI platform processing real-time data signals for fraud teams with AML screening agent prioritization: reduces manual fraud review time by 50% with similarity ranking, color-coded risk signals and natural language rule builder
SEON, the command center for real-time fraud prevention and AML compliance, has launched a comprehensive AI suite that cuts manual review time by up to 50%. The platform now automatically detects linked users, highlights critical risk signals with color-coded indicators and includes an intelligent AML screening agent, keeping teams within the SEON ecosystem for seamless data-to-action workflows. Rather than operating as a black box, SEON’s see-through AI shows analysts exactly what happened and why it matters. Built with input from fraud and compliance teams worldwide, the tools turn SEON’s comprehensive data foundation into clear next steps without requiring analysts to jump between multiple solutions. SEON’s new capabilities address every stage of fraud and AML investigations, turning complex data relationships into clear next steps. The AI suite includes: Risk Signals: Color-coded indicators surface high, medium and low-risk activity across email, phone, device, OS and IP data so analysts can spot the most critical triggers at a glance. Similarity Ranking: Links and ranks connected users through shared devices, behaviors, IPs and contacts, letting analysts skip manual graph-building and focus on top priorities. AI Investigation Summaries: Generates clear, bullet-point explanations of each alert and transaction, turning complex digital fingerprints into concise narratives that explain why activity was flagged. Explainable AI Scoring: Complete visibility into what drives the risk score, including individual signal contributions, supporting both analyst confidence and regulatory requirements. Natural Language Rule & Filter Builder: Analysts describe detection logic in plain English, and AI automatically generates complex rules and filters. Teams adapt to new fraud patterns without technical coding knowledge. AML Screening Agent: Identifies false positives from screening hits, providing AI-backed prioritization so analysts focus on alerts that truly matter.
CrowdStrike launches Charlotte AI AgentWorks enabling autonomous SOC operations with 51-second breach response times through mission-ready agents and no-code workflow generation
As enterprises face William Blair’s projection of a 100x expansion in assets to secure, the following ten agentic AI technologies will be critical to safeguarding SOCs at scale while ensuring governance: Charlotte AI AgentWorks: Why it matters: CrowdStrike’s AgentWorks evolves Charlotte from an AI assistant to an autonomous SOC orchestrator, deploying specialized agents trained on 14 years of labeled threat telemetry. These agents learn from workflows, generate automations, and mirror analyst reasoning patterns. The platform’s trillion-event dataset provides contextual training that new competitors are still building. Entry point for autonomous operations on the FalCon platform. Threat AI Agents: Autonomous defense at machine speed: Why it matters: Threat AI deploys autonomous agents that detect, analyze, and respond to threats without human intervention. Adam Meyers emphasized during his keynote at FalCon that these “mission-ready agents that reason, decide, and act” are essential because “adversaries are moving faster than ever before, and they’re doing it in a way that is stealthier than ever before.” Pangea Agent Protection: Enterprise-grade AI governance: Why it matters: CrowdStrike’s acquisition of Pangea embeds runtime protection for AI agents directly into Falcon. The platform shields enterprises from prompt injection, malicious tool calls, data exfiltration, and unsafe agent behavior across browsers, SaaS, cloud, and developer pipelines. By building these controls into the core platform, CrowdStrike gives security leaders unified visibility and enforceable guardrails for scaling AI safely. Falcon for IT: Intelligence-driven vulnerability prioritization: Why it matters: Falcon for IT prioritizes patches based on real-world exploitation data rather than theoretical CVSS scores. Mike Sentonas noted during his keynote that “thousands of vulnerabilities are published each month, but only a small fraction are ever exploited in the wild,” making risk-based prioritization essential for resource-constrained teams. Onum Streaming Telemetry: Real-time intelligence pipeline: Why it matters: Onum processes security telemetry in real-time, eliminating batch processing delays. Mike Sentonas explained that it provides “control over the railroad tracks of security data,” enabling “sub-second detections that match adversary breakout times.” Unified Enterprise Graph: Contextual Intelligence at memory speed: Why it matters: The Enterprise Graph creates a real-time digital twin linking identities, endpoints, and cloud resources. Elia Zaitsev described it as delivering “unified real-time context across assets, identities, data, and everything else that makes up your IT environment” during his keynote at FalCon. Malware Analysis Agent: Automated reverse engineering: Why it matters: The Malware Analysis Agent automates malware reverse engineering, reducing analysis from hours to seconds. Adam Meyers and others frequently referred to the agent during their keynotes. Meyers said that the Malware Analysis Agent “transforms malware analysis from hours to minutes” while “instantly feeding new detection rules back into the Falcon graph.” Agentic Fusion SOAR: Intent-driven security orchestration: Why it matters: Fusion SOAR translates natural language into automated workflows without coding. Mike Sentonas explained during his keynote, “analysts describe an outcome and Charlotte dynamically builds and executes the workflow,” eliminating static playbooks. Hunt Agent: Proactive discovery at machine scale: Why it matters: The Hunt Agent automates threat hunting by generating and testing hypotheses autonomously. Adam Meyers noted during his keynote that it “transforms threat hunting from elite art to scalable science” through continuous pattern analysis. Governance by Design: Transparent autonomous operations: Why it matters: Governance ensures AI agents operate within defined boundaries with full auditability. Kurtz stressed during this keynote that “without visibility and compliance, no regulated customer will deploy AI agents.”
FBI warns that WhatsApp screen sharing exploitation enable real-time banking credential theft through encrypted video calls that bypass platform security detection
Attackers behind the billion-dollar hack surging across the U.S. will secure remote access to your device, the FBI warns. The “phantom hacker” scam starts with a call or message pretending to be from your bank, warning you have been hacked, helping you move your money to safety. WhatsApp now offers screen sharing, which “allows people to share what’s on their screen in real time. You must be in a video call to share your screen.” WhatsApp warns “we’ll remind you to only share your screen with people you trust,” that’s because “the information displayed on your shared screen, including usernames and passwords, are visible to the person you’re sharing with.” But despite the warning, this is now catching on fast with attackers and because WhatsApp calls are fully encrypted, the platform cannot intercept the threat. “No one outside of the call, not even WhatsApp, can see or hear what you share on your screen.” The initial attack will come by a regular phone call or message. The scammer then asks to move the call to WhatsApp as it’s more secure. There they perpetrate the Phantom Hacker attack to steal your life savings, asking you to share your screen. It’s the same as the original attack, but without the need to have you install software.
DeepDive launches AI platform enabling compliance teams to complete Enhanced Due Diligence reviews 10x faster through multi-language entity resolution across global databases and it also maintains audit trails
DeepDive has launched its artificial intelligence platform, designed to redefine Enhanced Due Diligence (EDD) and financial crime investigations for compliance teams worldwide. The new platform significantly extends the reach of EDD processes while enabling investigators to complete reviews up to ten times faster, marking a step change in the fight against financial crime. Compliance professionals have long faced a difficult choice between conducting comprehensive investigations that consume days of work or opting for speed at the expense of accuracy. DeepDive eliminates this trade-off by combining multi-language web intelligence with global regulatory and compliance data. This approach empowers analysts to search across vast open-source ecosystems, including public records, court filings, corporate disclosures, news archives, social media profiles, and watchlists such as PEPs and sanctions, delivering a holistic customer intelligence view. The platform strengthens EDD by generating multiple search permutations across both public and specialist compliance databases, tailored to relevant languages and local search engines. This is followed by entity resolution to refine the dataset and eliminate false positives. Multiple generative AI models then synthesise the results into a comprehensive intelligence report, complete with source citations and a transparent audit trail.
BeyondID’s Identity Economy report finds credential-based attacks affect 90% of companies, persist undetected for 10 months on average and trace 60% of breaches to internal actors through inadvertent exposure
BeyondID, a KeyData Cyber company, released a groundbreaking new report that reveals how identity credentials have become the primary currency of today’s cybercrime. The research details how identity credentials – usernames, passwords, tokens, and access rights – are now the “currency of choice” for attackers, and why organizations must urgently prioritize identity-first security strategies. The report explores how attackers exploit systemic weaknesses in identity and access management (IAM), why identity has become the most overlooked area of security investment, and how businesses can strengthen defenses against increasingly AI-powered threats. It also introduces the concept of Identity Exploit Vectors (IEVs) – the systemic weaknesses in IAM practices that attackers consistently exploit – and provides actionable steps to close these gaps. Key findings from The Identity Economy include: Identity credential theft now impacts more than 9 in 10 companies, making it the most widespread security problem across industries. Attacks using stolen credentials are not only the most common initial vector but also the longest lasting – an average of 10 months before detection. 60% of stolen credentials can be traced to internal actors, most often through inadvertent mistakes. AI is a force multiplier, powering more convincing phishing, automating credential harvesting, and even targeting agentic AI identities that carry their own access risks. Financial services and healthcare are the most frequently breached industries, with the U.S. healthcare sector reporting a breach affecting 500+ individuals nearly every business day.
FBI warns “phantom hacker” scam exploiting WhatsApp’s screen-sharing feature has stolen over $1 billion since 2024, with attackers viewing passwords, OTPs, and bank details in real-time through encrypted video calls
Attackers behind the billion-dollar hack surging across the U.S. will secure remote access to your device, the FBI warns. The “phantom hacker” scam starts with a call or message pretending to be from your bank, warning you have been hacked, helping you move your money to safety. WhatsApp now offers screen sharing, which “allows people to share what’s on their screen in real time. You must be in a video call to share your screen.” WhatsApp warns “we’ll remind you to only share your screen with people you trust,” that’s because “the information displayed on your shared screen, including usernames and passwords, are visible to the person you’re sharing with.” But despite the warning, this is now catching on fast with attackers and because WhatsApp calls are fully encrypted, the platform cannot intercept the threat. “No one outside of the call, not even WhatsApp, can see or hear what you share on your screen.” The initial attack will come by a regular phone call or message. The scammer then asks to move the call to WhatsApp as it’s more secure. There they perpetrate the Phantom Hacker attack to steal your life savings, asking you to share your screen. It’s the same as the original attack, but without the need to have you install software.
NIST’s ML-KEM-768 standard replaces X25519 and RSA key exchange with lattice-based post-quantum cryptography, protecting banking and healthcare data from “harvest now, decrypt later” attacks ahead of Q-day
Quantum experts are heralding the arrival of a new cryptographic algorithm, Module-Lattice-Based Key-Encapsulation Mechanism, or put more simply: ML-KEM. ML-KEM is the recently standardized alternative to ECC or RSA key agreement schemes, with ML-KEM-768 chosen as the primary parameter set to replace widely used algorithms such as X25519. The pressure is on for quantum experts to guarantee that this set of algorithms will protect important data when “Q-day” arrives — the anticipated moment when quantum computers are powerful enough to break today’s encryption. “ML-KEM is considered secure enough to protect government data,” Lily Chen, mathematician at the NIST, said. In the transition to PQC, cryptography architects have a choice between pure and hybrid algorithms. Pure PQC migration replaces all previous algorithms with quantum-resistant ones, whereas hybrid migration combines traditional public key algorithms with PQC algorithms. ML-KEM can be deployed with either option. “Now that we have ML-KEM, we still standardized groups that use ML-KEM in this hybrid scenario, it was basically very simple to switch to ML-KEM from Kyber.” Chen added that developing hybrid mode algorithms in alignment with current standards is necessary to prevent people from using unsafe, ad hoc hybrid algorithms. The goal is to meet companies’ needs while staying within the NIST framework.
Harness integrates Qwiet AI’s Code Property Graph-based scanning into its application security platform, eliminating 90% of open-source vulnerability alerts through attacker reachability analysis and AI-powered code fixes
Harness Inc., a software delivery startup has acquired Qwiet AI, formerly known as ShiftLeft Inc., a leader in agentic AI-powered vulnerability detection and remediation. Harness intends to integrate Qwiet’s Code Property Graph alongside the company’s Software Delivery Graph, which will allow the company deeper insights and precision for vulnerability detection and elimination. The CPG is the cornerstone of Qwiet’s service by providing fast and accurate code scanning by mapping the full flow of data and control within applications using an AI engine. Particularly, the addition of Qwiet will help reduce the amount of labor spent by developers fixing security issues in their code — especially those issues that actually matter first and foremost. Qwiet claims an industry-leading true-positive rate of 97%, an extremely low false-positive rate, and advanced reachability analysis that detects 92% of open-source vulnerabilities to help prioritize developer attention. By combining deep understanding of code alongside insights into runtime execution, Qwiet and Harness will be able to detect which vulnerabilities are actually exploitable. That will allow developers to focus on risks that matter. Qwiet says its platform goes beyond identifying vulnerabilities. The AI agents provide verified code fixes that can be implemented with confidence. The acquisition also addresses the growing security challenges posed by AI-generated code. AI-enabled development tools such as “vibe coding” platforms have made it easier for less experienced users to build applications quickly, but they also introduce more vulnerabilities. “AI-generated code is transforming how software gets built, but it’s also introducing a new wave of hidden vulnerabilities,” said Harness founder and Chief Executive Jyoti Bansal. “By unifying security and DevOps, every build, test and deployment can be secure by default – reducing risk while accelerating innovation.”