Cybercriminals are exploiting the popularity of DeepSeek-R1, a popular artificial intelligence chatbot, to distribute a sophisticated new malware strain targeting Windows users. The malware, known as “BrowserVenom,” targets users’ browsing infrastructure and establishes persistent network monitoring capabilities. The campaign begins with a malvertising campaign that places fraudulent websites at the top of Google search results when users search for “deepseek r1”. The malware reconfigures all browser instances to route traffic through an attacker-controlled proxy server, allowing cybercriminals to intercept, monitor, and manipulate network communications. The infection process demonstrates sophistication through its multi-stage deployment and social engineering components.
Kusari’s AI-based pull request tool provides security risk analysis early during the pull request process, adds real-time inspection and clear “safe to merge” guidance and remediates vulnerabilities before code integration
Software supply chain security company Kusari unveiled Kusari Inspector, an AI-based pull request security tool that provides security risk analysis early during the pull request process and address them before code integration. In addition to core supply chain analysis, Kusari Inspector adds real-time pull-request inspection and clear “safe to merge” guidance. Using the tool, developers receive instant, annotated reports with inline explanations, plus step-by-step remediation instructions that flag exposed secrets, misconfigurations, risky licenses and typo-squatted dependencies. Kusari Inspector prioritizes risk by ranking vulnerable or low-trust dependencies, both direct and transitive against trusted sources such as Common Vulnerability Scoring System, Exploit Prediction Scoring System and the Known Exploited Vulnerabilities catalog. The idea is that by filtering out non-exploitable issues, the tool cuts alert noise and keeps teams focused on the threats that matter most. The AI model used by Kusari Inspector continuously learns from each codebase to refine its recommendations. Engineers can chat with the assistant to clarify findings, customize security standards and receive precise coding fixes that accelerate approvals. Additionally, it generates Software Bill of Materials data to support compliance and bolster software supply chain resilience from development through deployment.
Kyndryl to integrate Commvault’s immutable data vault based on zero-trust principles that secures backup data from unauthorized access and forensic analysis module into its cyber resiliency services
Data protection provider Commvault Systems announced a new partnership with information technology consultancy Kyndryl Holdings to help customers recover faster, advance cyber resilience and navigate the evolving regulatory landscape. The partnership between the two companies will see Commvault augment Kyndryl’s portfolio of cyber resiliency services, encompassing Incident Recovery Services, including Cyber Incident Recovery, Managed Backup Services and Hybrid Platform Recovery. The services from Commvault and Pure Storage provide a modular, four-layer architecture designed to assist with compliance and accelerate recovery across hybrid cloud environments. Commvault and Pure Storage bring to the table the Cyber Resilient Vault, an isolated and immutable data vault based on zero-trust principles that protects backup data from unauthorized access and corruption, as well as the Clean Recovery Zone, a secure space for forensic analysis, backup validation and staged recovery. The architecture also features Production Rapid Restore for fast and reliable restoration of large datasets using Pure Storage FlashBlade, enhanced with immutability via S3 Object Lock and SafeMode. Additionally, Immutable Snapshot Recovery offers application-consistent snapshot replication through Commvault IntelliSnap and Pure Storage FlashArray, enabling rapid restoration of Tier-1 workloads.
AWS to integrate CrowdStrike’s AI-powered cybersecurity platform with its automated triage and investigation capabilities, allowing customers to address the entire lifecycle of a security incident
CrowdStrike and Amazon Web Services (AWS) have launched Falcon for AWS Security Incident Response, a new program that allows AWS customers to access the CrowdStrike Falcon cybersecurity platform at preferred rates via the AWS Marketplace. The AI-driven platform enables organizations to detect more threats in less time, detecting 96% more threats twice as fast and investigating incidents 66% more quickly. The Falcon platform complements AWS Security Incident Response’s automated triage and investigation capabilities, allowing customers to address the entire lifecycle of a security incident. CrowdStrike’s offerings have been designated “Deployed on AWS”, verifying their availability and compatibility through the AWS Marketplace. The Falcon platform is based on CrowdStrike Security Cloud and uses a single, lightweight agent to simplify deployment across multiple environments while reducing security complexity. The bundled offer is managed through a customer’s existing AWS procurement channel, supporting operational efficiency and making incident response and threat investigations more accessible.
New quishing attacks see hackers embed JavaScript payloads into QR codes that execute instantly upon scanning, with no link clicks required and then hijack login pages, capture keystrokes and exfiltrate data
A new report from cybersecurity company INKY Technology Corp. is sounding the alarm over a new wave of phishing threats that use QR codes in increasingly dangerous and deceptive ways, including leveraging embedded JavaScript payloads that execute instantly upon scanning, with no link clicks required. INKY says that attackers are now going a step further by embedding raw HTML and JavaScript into QR codes using data uniform resource identifiers. The new quishing methodology differs from traditional QR threats that redirect users to malicious websites and instead include payloads that execute entirely within the browser, hijacking login pages, capturing keystrokes and even launching exploits as soon as a user scans the code. Often, users don’t even need an active internet connection if the payload is self-contained. The new technique sees attackers embed base64-encoded HTML in the QR code itself. When scanned by a mobile camera or QR scanning app, the code is automatically opened in the system browser and executed. Once the QR code has been scanned and has become active, malicious JavaScript can then simulate login portals, exfiltrate data via hidden forms and fingerprint devices for further exploitation. The QR codes also evade standard email security tools, proxies and threat intelligence systems, as the payload is embedded in the code and never touches an external URL, at least when initially executed.
Hackers drain money from mobile wallets like Apple Pay and Google Pay in seconds without the need for a card skimmer by exploiting Express Transit mode through NFC payment data relaying malware
Hackers exploit features like Express Transit mode to steal money quickly, without the need for a card skimmer. Mobile wallets like Apple Pay and Google Pay have revolutionized the way we pay, but they are not immune to attack. Some of their most convenient features, like Express Transit mode, are being exploited by hackers to steal money in seconds, without the need for a card skimmer. This mode allows commuters to bypass turnstiles without fumbling for Face ID, fingerprints, or PINs. Hackers can now grab unlocked phones, drain funds within minutes, trick users into approving payments, and exploit users who leave Express Transit enabled or use weak PINs. Recent reports show cases where phone-grabbers drained bank accounts in minutes and malware like “Ghost Tap” relayed NFC payment data globally, enabling fraudsters to make purchases anywhere in the world.
Atsign’S solution enables securely deploying AI models by eliminating open ports on AI inference nodes, data services, and MCP servers thereby removing network attack surfaces entirely and preventing discovery by botnets and external reconnaissance
Atsign announced MCP NoPorts™, a ground-breaking solution for securely deploying AI models and Model Context Protocol (MCP) servers. NoPorts Solves AI’s Core Security & Deployment Challenges: Eliminates AI Exposure (Pre-Emptive Security); Invisible Infrastructure – MCP NoPorts eliminates open ports on AI inference nodes, data services, and MCP servers. This removes network attack surfaces entirely, preventing discovery by botnets and external reconnaissance. They can’t attack what they can’t see; Cryptographic Identity Access – Every AI model, tool, or service is assigned a unique, cryptographically authenticated identity. This eliminates the need for vulnerable tokens or shared secrets. Access is granted only after identity is confirmed, delivering a zero-trust architecture that directly prevents unauthorized access and AI agent impersonation before any interaction with your tools occurs; Prevents Sensitive Data Exposure & Malicious Invocations; End-to-End Encrypted Connections – All communication to and from private AI models and MCP servers is fully encrypted by Atsign’s NoPorts, safeguarding sensitive data, proprietary logic, and AI interactions from eavesdropping and tampering, thereby preventing sensitive data exposure; Accelerates AI Deployments; No IT Bottlenecks – NoPorts removes the need for complex firewall exceptions, static IPs, or VPN setups. Developers can securely deploy and connect AI models and MCP servers in minutes, not weeks, freeing IT and networking teams from tedious configurations; Streamlined Collaboration – Securely connect developers, AI models, MCP servers and other systems globally, making seamless collaboration possible without exposing any of them to external threats.
Salt Security’s API security solution for AWS is 100% agentless and read-only, automatically discovers all APIs instantly and automates posture governance
Salt Security has launched Salt Cloud Connect for AWS, the first API security solution to provide full API visibility and posture governance without traffic data or agents. This read-only integration allows AWS customers to see every API in their environment in under two minutes, making it the fastest and least intrusive deployment in the market. Built for speed and designed for simplicity, Salt Cloud Connect for AWS helps security and DevOps teams: Get Complete Visibility in Minutes: Automatically discover all APIs across your AWS infrastructure instantly. Skip the Agents and Sensors: 100% agentless and read-only. Just connect and go. See Posture, Not Just Traffic: Identify risk exposures and misconfigurations right away—before attackers do. Automate Posture Governance: Continuously monitor and manage API posture across services and accounts. Integrate Seamlessly: Native support for AWS gateways and services ensures smooth setup and fast time-to-value. Minimize Permissions, Maximize Security: Built-in guardrails and least-privilege access ensure strong protection and compliance alignment.
Okta’s Cross App Access solution enables ISVs to deliver secure, enterprise-grade integrations for AI agents by removing repetitive authorization consent screens and offering interoperability between apps and AI systems
Okta, working with industry leading ISVs, is launching Cross App Access to help ISVs deliver secure, enterprise-ready integrations in an AI-powered world. Anticipated to be available for select Okta Platform customers as a feature in Q3 of this year, it will enable ISVs’ enterprise customers to better connect their AI tools to other apps and data, deliver more seamless experiences for the end user by removing repetitive authorization consent screens, and manage agent access for better security and compliance. As an extension of OAuth, it brings visibility and control to both agent-driven and app-to-app interactions, allowing IT teams to decide what apps are connecting and what information AI agents can access. Cross App Access enables ISVs to deliver secure, enterprise-grade integrations for AI agents and other autonomous systems, such as workflow automation tools. By shifting access control to the identity provider, like Okta, ISVs can reduce security risks, simplify integration complexity, and better support their customers’ compliance and governance needs. With Cross App Access, enterprises can enhance security and usability, empowering IT to manage agent access while enabling seamless, low-friction experiences for users. It supports secure interoperability between apps and AI systems, making it easier to adopt innovative ISV solutions without compromising oversight or performance.
DataKrypto and Tumeryk’s solution combines real-time encryption of RAG data, model weights and prompt payloads with self-calibrating prompt security to provide end-to-end protection across all stages of generative AI workflows
AI trust scoring company Tumeryk Inc. announced a strategic integration with AI encryption firm DataKrypto Co. to launch a joint service that they claim offers the world’s first encrypted guardrails for operational AI security. The new Encrypted Guardrails for Operational Security combines DataKrypto’s real-time encryption of retrieval-augmented generation data, model weights and prompt payloads with Tumeryk’s AI Trust Score, self-calibrating prompt security and responsible AI controls to provide end-to-end protection across the entire AI pipeline. The integrated solution encrypts all stages of generative AI workflows, from data retrieval through model inference and response generation, while simultaneously enforcing compliance and policy alignment. The two companies argue that while traditional AI guardrails focus on monitoring model outputs, they often leave critical data flows vulnerable to attack or misuse. The integration between Tumeryk and DataKrypto closes the gap by encrypting every component of the AI pipeline, from vector embeddings and foundation models to tool-calling prompts and guardrail policies. The result is end-to-end protection that strengthens the AI attack surface while also preventing threats such as data exfiltration, prompt injection and model manipulation. Core to the new solution is DataKrypto’s FHEnom technology, which allows encrypted computation on embeddings and model weights while maintaining hardware-enforced isolation within secure enclaves. Tumeryk complements this with real-time prompt inspection, using self-calibrating guardrails to detect and block noncompliant or potentially harmful inputs before they reach the model.