Aggregator

Submit #702493 / VDB-221804

Submit #702489 / VDB-336710

Submit #702483 / VDB-224187

Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. “The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and details, or pretending that their victims’ bank accounts had been hacked,” the EU Agency for Criminal Justice Cooperation explained. “They convinced their victims to transfer large sums of money from their ‘compromised’ bank … More →

The post European police busts Ukraine scam call centers appeared first on Help Net Security.

Microsoft Copilot принудительно появился на телевизорах LG.

Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire

Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire

The post Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026 appeared first on Security Boulevard.

Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]

The post Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation appeared first on Check Point Research.

As organizations accelerate the adoption of Artificial Intelligence, from deploying Large Language Models (LLMs) to integrating autonomous agents and Model Context Protocol (MCP) servers, risk management has transitioned from a theoretical exercise to a critical business imperative. The NIST AI Risk Management Framework (AI RMF 1.0) has emerged as the standard for managing these risks, offering a structured approach to designing, developing, and deploying trustworthy AI systems.

However, AI systems do not operate in isolation. They rely heavily on Application Programming Interfaces (APIs) to ingest training data, serve model inferences, and facilitate communication between agents and servers. Consequently, the API attack surface effectively becomes the AI attack surface. Securing these API pathways is fundamental to achieving the "Secure and Resilient" and "Privacy-Enhanced" characteristics mandated by the framework.

Understanding the NIST AI RMF Core

The NIST AI RMF is organized around four core functions that provide a structure for managing risk throughout the AI lifecycle:

• GOVERN: Cultivates a culture of risk management and outlines processes, documents, and organizational schemes.
• MAP: Establishes context to frame risks, identifying interdependencies and visibility gaps.
• MEASURE: Employs tools and methodologies to analyze, assess, and monitor AI risk and related impacts.
• MANAGE: Prioritizes and acts upon risks, allocating resources to respond to and recover from incidents.

The Critical Role of API Posture Governance

While the "GOVERN" function in the NIST framework focuses on organizational culture and policies, API Posture Governance serves as the technical enforcement mechanism for these policies in operational environments.

Without robust API posture governance, organizations struggle to effectively Manage or Govern their AI risks. Unvetted AI models may be deployed via shadow APIs, and sensitive training data can be exposed through misconfigurations. Automating posture governance ensures that every API connected to an AI system adheres to security standards, preventing the deployment of insecure models and ensuring your AI infrastructure remains compliant by design.

How Salt Security Safeguards AI Systems

Salt Security provides a tailored solution that aligns directly with the NIST AI RMF. By securing the API layer (Agentic AI Action Layer), Salt Security helps organizations maintain the integrity of their AI systems and safeguard sensitive data. The key features, along with their direct correlations to NIST AI RMF functions, include:

Automated API Discovery:

• Alignment: Supports the MAP function by establishing context and recognizing risk visibility gaps.
• Outcome: Guarantees a complete inventory of all APIs, including shadow APIs used for AI training or inference, ensuring no part of the AI ecosystem is unmanaged.

Posture Governance:

• Alignment: Operationalizes the GOVERN and MANAGE functions by enabling organizational risk culture and prioritizing risk treatment.
• Outcome: Preserves secure APIs throughout their lifecycle, enforcing policies that prevent the deployment of insecure models and ensuring ongoing compliance with NIST standards.

AI-Driven Threat Detection:

• Alignment: Meets the Secure & Resilient trustworthiness characteristic by defending against adversarial misuse and exfiltration attacks.
• Outcome: Actively identifies and blocks sophisticated threats like model extraction, data poisoning, and prompt injection attacks in real-time.

Sensitive Data Visibility:

• Alignment: Supports the Privacy-Enhanced characteristic by safeguarding data confidentiality and limiting observation.
• Outcome: Oversees data flow through APIs to protect PII and sensitive training data, ensuring data minimization and privacy compliance.

Vulnerability Assessment:

• Alignment: Assists in the MEASURE function by assessing system trustworthiness and testing for failure modes.
• Outcome: Identifies logic flaws and misconfigurations in AI-connected APIs before they can be exploited by adversaries.

Conclusion

Trustworthy AI requires secure APIs. By implementing API Posture Governance and comprehensive security controls, organizations can confidently adopt the NIST AI RMF and innovate safely. Salt Security provides the visibility and protection needed to secure the critical infrastructure powering your AI. For a more in-depth understanding of API security compliance across multiple regulations, please refer to our comprehensive API Compliance Whitepaper.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security's research team and learn what attackers already know.

The post Securing the AI Frontier: How API Posture Governance Enables NIST AI RMF Compliance appeared first on Security Boulevard.

The dark web landscape constantly shifts between emerging platforms and sudden closures, often driven by the very anonymity they promise. On November 21, 2025, a new contender named Omertà Market emerged, positioning itself as a bastion of stability and security. Its administrators touted a philosophy of “security over flash,” claiming years of silent development and […]

The post Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs appeared first on Cyber Security News.

Microsoft announced on Monday that it will soon block mobile devices running outdated email software from accessing Exchange Online services until they're updated. [...]

微软终于准备淘汰过时且已知存在弱点的加密算法 RC4。RC4 代表 Rivist Cipher 4，由 RSA 加密算法作者之一的 Ronald Linn Rivest 在 1987 年设计。RC4 最初没有公开发表，属于商业机密，但 1994 年被泄露在 Cypherpunks 邮件列表上，安全研究人员很快演示了对 RC4 的攻击。尽管存在已知弱点，RC4 仍然被 SSL 和 TLS 等安全协议广泛使用，直到十年前才被淘汰。微软表示，到 2026 年中期，Windows Server 2008 及更高版本中 Kerberos Key Distribution Center(KDC)域控制器默认设置将禁用 RC4，仅允许使用 AES-SHA1 加密。除非管理员额外配置，否则 RC4 身份验证将不再有效。微软表示，过去十年一直在稳步推进对 RC4 算法的弃用，但这项工作并不容易。

FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configurations in the open-source IP PBX system. Researchers identified three high-severity issues distinct from the earlier CVE-2025-57819, which was added to CISA’s Known Exploited Vulnerabilities catalog. CVE-2025-66039 allows authentication […]

The post FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution appeared first on Cyber Security News.

Breaking Free from Security Silos in the Modern Enterprise Today’s organizations face an unprecedented challenge: securing increasingly complex IT environments that span on-premises data centers, multiple cloud platforms, and hybrid architectures. Traditional security approaches that rely on disparate point solutions are failing to keep pace with sophisticated threats, leaving critical gaps in visibility and response

The post Unified Security for On-Prem, Cloud, and Hybrid Infrastructure: The Seceon Advantage appeared first on Seceon Inc.

The post Unified Security for On-Prem, Cloud, and Hybrid Infrastructure: The Seceon Advantage appeared first on Security Boulevard.

Тот случай, когда лучше быть нелояльным. Новая схема развода для тех, кто ищет работу.

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

SoundCloud confirmed today that it experienced a security incident involving unauthorized access to a supporting internal system, resulting in the exposure of certain user data. The company said the incident affected approximately 20 percent of its users and involved email addresses along with information already visible on public SoundCloud profiles. Passwords and financial information were […]

The post SoundCloud Confirms Security Incident appeared first on Centraleyes.

The post SoundCloud Confirms Security Incident appeared first on Security Boulevard.

The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing library. Published in 2020, this package successfully deceived developers for years, accumulating roughly 2,000 downloads by impersonating the popular Tracer.Fody tool and its maintainer. The […]

The post Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data appeared first on Cyber Security News.

Amazon researchers believe this campaign is part of a bigger operation spearheaded by Russia’s military intelligence service, the GRU

Defensiemedewerkers hebben dit jaar opnieuw een indrukwekkend bedrag ingezameld voor Hulphond Nederland. Dat deden ze door statiegeldflesjes en -blikjes in te leveren. In totaal leverde de actie € 51.874,10 op. Vandaag is de cheque uitgereikt aan de stichting. De inzamelingsactie is een initiatief van de medewerkers zelf en geen campagne van het ministerie van Defensie.