Microsoft testing Windows 11 support for third-party passkeys
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. [...]
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. [...]
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period
Also: Highlights from ISMG's Financial Services Summit and Key Insights on AI AdoptionOn the 200th episode of the ISMG Editors' Panel, the team discussed the major China-linked cyberespionage campaign targeting U.S. telecommunications, highlighted key insights from ISMG's Financial Services Summit in New York, and unpacked the top findings from ISMG’s annual Generative AI Survey.
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.
Revised Framework to Address Emerging IoT Risks and TechnologiesThe U.S. National Institute of Standards and Technology plans to revise its Internet of Things cybersecurity framework to address evolving risks posed by emerging technologies and use cases, such as AI and immersive tech. The proposed updates will broaden the focus to entire product ecosystems.
DeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to JailbreaksChinese artificial intelligence research company DeepSeek, funded by quantitative trading firms, introduced what it says is one of the first reasoning models to rival OpenAI o1. Reasoning models engage in self-fact checking and perform multi-step reasoning tasks.
One Vulnerability Had Been Undiscovered for Two Decades, Researchers SaidGoogle researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said.
Microsoft announced today that its controversial AI-powered Recall feature is finally rolling out to Windows Insiders in the Dev Channel using Snapdragon-powered Copilot+ PCs. [...]
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer
Lawmakers Expressed Concerns Over Proposed Data Use and Access BillBritish lawmakers sought assurances Tuesday from the U.K. government that proposed data use reform legislation will not cause the country to lose its data-sharing rights with the European Union. Lawmakers also warned about potential AI risks arising from the bill.
Also: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send MalwareThis week, Russia suspected in Balctic Sea cable sabotage, VPNs draw ransomware attackers and Swiss snail mail malware. An AI training company reported a cybertheft of $250,000 and a U.S. space firm reported a breach. Microsoft said it will pay $$$ for AI vulnerabilities and a MFA success story.
One of these flaws detected using LLMs was in the widely used OpenSSL library
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library
Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management PlatformWith Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs.
Nightwing's John DeSimone Talks Growth, Threats, National Security and AI StrategyNightwing CEO John DeSimone reveals how the company’s independence from Raytheon allows it to better serve customers, invest in intelligence, advanced AI and data solutions, address sophisticated cyber threats, and maintain a no-fail mission approach in the face of rising security threats.