Posted on AI Security Cloud Security Security Operations Vulnerability Intelligence

CrowdStrike Launches Project QuiltWorks to Counter AI-Driven Vulnerability Discovery

CrowdStrike has established Project QuiltWorks, an industry-wide coalition including OpenAI and IBM, to address the rapid discovery of software vulnerabilities by generative AI. The initiative integrates expert-led red teaming with frontier AI models to help organizations prioritize and remediate risks faster than automated exploitation tools can identify them, moving beyond traditional periodic security scanning. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CISA Expands KEV Catalog with ScreenConnect Path Traversal and Windows Shell Spoofing Vulnerabilities

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a high-severity path traversal flaw in ConnectWise ScreenConnect and a Windows Shell spoofing vulnerability. Both flaws have confirmed active exploitation in the wild, requiring federal agencies and private organizations to prioritize patching to prevent unauthorized remote access and network-based identity spoofing. Read more

Posted on AI Security Cloud Security Incidents & Breaches Security Operations

Kaspersky Analysis Reveals GPU Performance Gains Render Eight-Character Passwords Obsolete

A new study by Kaspersky analyzing 231 million leaked passwords shows that 48% can be cracked in under a minute. Rapid advancements in consumer GPU hardware, specifically the shift to the NVIDIA RTX 5090, have dramatically reduced the time required to break simple hashes, rendering traditional eight-character passwords virtually useless against modern brute-force and AI-assisted attacks. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance

Passkeys and SSO Adoption Drive First Decline in Managed Password Volume Since 2020

A 2026 study by NordPass reveals that the average number of managed passwords per user has decreased to 120, marking a reversal of a multi-year growth trend. The shift is attributed to the rise of passkeys, biometric authentication, and Single Sign-On (SSO) platforms, signaling a transition toward passwordless infrastructure. Read more

Posted on AI Infrastructure Risk AI Security Cloud Security Vulnerability Intelligence

Google Identifies First Cases of AI-Driven Zero-Day Exploitation by Threat Actors

Google's Threat Intelligence Group (GTIG) has reported the first observed instances of hackers using AI to discover zero-day vulnerabilities and generate exploit tools for large-scale attacks. The activity involved several notorious hacking groups collaborating to bypass two-factor authentication (2FA) in open-source network management tools. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance Incidents & Breaches

PCPJack Malware Framework Targets Cloud Infrastructure while Displacing Rival Threat Group

Security researchers have identified a new cloud-native malware framework, PCPJack, which specializes in credential theft across Docker, Kubernetes, and Redis environments. Uniquely, the framework actively removes tools associated with the TeamPCP (PCPcat) threat group, suggesting a possible internal rift or turf war over compromised cloud assets. Read more

Posted on AI Infrastructure Risk AI Security Cloud Security Identity & Governance

Taiwan FSC Unveils Post-Quantum Cryptography Migration Guidelines for Financial Sector

Taiwan's Financial Supervisory Commission (FSC) has announced a new roadmap for financial cybersecurity resilience, focusing on the 'AI Vulnerability Storm' and the transition to Post-Quantum Cryptography (PQC). The commission is set to release a formal PQC migration guide to prepare the industry for 'Y2Q' risks by 2029. Read more