Static Scans, Red Teams and Frameworks Aim to Find Bad AI Models
With hundreds of AI models found to harbor malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.
Explore the latest frameworks in information security. Stay updated on guidelines to protect your digital assets and ensure data privacy.
Search across headline titles and summaries.
Background for this topic.
A security framework is an organized set of principles, practices, and controls for managing information and technology risk. Frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001, and COBIT help organizations structure activities including identifying assets and risks, protecting systems, detecting events, responding to incidents, and recovering operations. They are reference models rather than automatically effective security programs: an organization must select and implement measures appropriate to its systems, threats, and risk tolerance.
Practitioners use frameworks to assign responsibilities, prioritize vulnerability remediation, assess suppliers and cloud services, and document why particular controls are in place. They also provide a common vocabulary for audits, regulatory or contractual evidence, and measuring improvement over time. News under this tag may concern revisions to framework requirements, mappings between frameworks, assessment findings, or failures caused by treating a framework checklist as proof that controls work. A framework can guide governance and security operations, but it does not replace technical testing, continuous monitoring, or judgment about specific attack surfaces.
With hundreds of AI models found to harbor malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.
The PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE's ATT&CK.
A newly discovered phishing campaign is using social engineering to dupe victims into copying, pasting, and running the Havoc command-and-control framework on their computers, warn researchers from Fortinet. "ClickFix," displays a fake error message and instructions for its supposed resolution.
Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild
A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...]
Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API