Posted on AI Security Cloud Security Security Operations Vulnerability Intelligence

CrowdStrike Launches Project QuiltWorks to Counter AI-Driven Vulnerability Discovery

CrowdStrike has established Project QuiltWorks, an industry-wide coalition including OpenAI and IBM, to address the rapid discovery of software vulnerabilities by generative AI. The initiative integrates expert-led red teaming with frontier AI models to help organizations prioritize and remediate risks faster than automated exploitation tools can identify them, moving beyond traditional periodic security scanning. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CISA Expands KEV Catalog with ScreenConnect Path Traversal and Windows Shell Spoofing Vulnerabilities

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a high-severity path traversal flaw in ConnectWise ScreenConnect and a Windows Shell spoofing vulnerability. Both flaws have confirmed active exploitation in the wild, requiring federal agencies and private organizations to prioritize patching to prevent unauthorized remote access and network-based identity spoofing. Read more

Posted on AI Security Cloud Security Incidents & Breaches Security Operations

Kaspersky Analysis Reveals GPU Performance Gains Render Eight-Character Passwords Obsolete

A new study by Kaspersky analyzing 231 million leaked passwords shows that 48% can be cracked in under a minute. Rapid advancements in consumer GPU hardware, specifically the shift to the NVIDIA RTX 5090, have dramatically reduced the time required to break simple hashes, rendering traditional eight-character passwords virtually useless against modern brute-force and AI-assisted attacks. Read more

Posted on AI Infrastructure Risk AI Security Incidents & Breaches Security Operations

Wistron Accelerates Blue Team Response from Hours to Minutes via Generative AI Integration

At the 2026 CYBERSEC Taiwan conference, high-tech manufacturer Wistron revealed how its security operations center (SOC) successfully integrated generative AI to reduce incident analysis time from 15 minutes to 1 minute and overall response times from hours to under 10 minutes, achieving a 97.5% accuracy rate in threat detection. Read more

Posted on Cloud Security Identity & Governance Incidents & Breaches Security Operations

Ransomware group “Nitrogen” claims Foxconn breach with 8TB of alleged internal data, raising supply-chain exposure questions

Taiwan’s iThome reports that ransomware operators using the “Nitrogen” name have listed Foxconn (Hon Hai Precision Industry) as a victim on a dark-web leak site, claiming they stole 8TB of data comprising about 11 million files. The actors allege the haul includes confidential orders, projects, and design sketches tied to multiple technology companies, but the report notes those partner references are not yet independently verified. The disclosure follows a widely reported early-May IT outage at Foxconn’s U.S. Wisconsin campus; Foxconn confirmed an “IT network issue” and later stated that production operations at affected North American sites remained normal after response actions were initiated. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Taiwan CERT warns of two medium-severity a+HRD flaws enabling authenticated database read via SQL injection and missing authorization

TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604004) for two vulnerabilities affecting Yuqi Digital Technology’s a+HRD product in versions 7.1 and earlier. The issues—SQL injection (CVE-2026-6833) and missing authorization (CVE-2026-6834)—could allow an authenticated remote attacker to read database contents. TWCERT/CC advises upgrading to a patched release referenced by the vendor’s security notice. Read more