Prioritization of Risks from Artificial Intelligence: A Delphi Study of 272 International Experts

Artificial intelligence poses many risks, ranging from familiar present-day harms to unprecedented and potentially catastrophic ones. Effective risk management requires prioritization: we must understand which risks are most severe, who is most vulnerable, and who is most responsible for addressi...

How Reliable Are AI Attackers against a Fixed Vulnerable Target? A 400-Run Empirical Study of LLM Penetration Testing Consistency

Large language models LLMs can autonomously conduct multi-stage cyber attacks, but the consistency of their offensive behavior under repeated trials remains unstudied. This work presents the first large-scale empirical measurement of LLM attack consistency: 400 autonomous penetration testing runs...

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s...

Towards Personalizing Secure Programming Education with LLM-Injected Vulnerabilities

According to constructivist theory, students learn software security more effectively when examples are grounded in their own code. Generic examples often fail to connect with students' prior work, limiting engagement and understanding. Advances in LLMs are now making it possible to automatically...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the amendment acceptance flow. An attacker can gain unauthorized coauthorship and modify proposal outcomes by submitting amendment accept or reject actions without proper authorization checks. Workaround This...

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG via induced transient faults in the Keccak-based expansion process. An attacker can compromise key material and cryptographic outcomes by physically manipulating seed or...

CVE-2026-3503

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026

Austin, United States, 19th March 2026, CyberNewswire...

Jailbreaking Embodied LLMs Via Action-Level Manipulation

Embodied Large Language Models LLMs enable AI agents to interact with the physical world through natural language instructions and actions. However, beyond the language-level risks inherent to LLMs themselves, embodied LLMs with real-world actuation introduce a new vulnerability: instructions tha...

Your VMDR Year in Review: Making Security Progress Visible and Actionable

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...

Cybersecurity Performance Goals 2.0 for Critical Infrastructure

Today, CISA released updated Cross-Sector Cybersecurity Performance Goals CPG 2.0 with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity. This update incorporates lessons learned, aligns with the most recent National Institute of...

What is Patch Management Automation and Why It Matters

Executive Summary Environments rarely stay as orderly as they begin. New workloads, faster releases, and growing attack surfaces stretch manual patching beyond its limits. The real risk emerges in the widening gap between spotting a vulnerability and fixing it. Automated patch management closes...

Introducing Posture Issues: Transform Security Findings into Actionable Outcomes

Streamline Security Backlogs by Grouping Vulnerabilities, Secrets, and Data Findings into Posture Issues...

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

EUVD-2025-17831

Malicious code in bioql PyPI...

EUVD-2022-0356

Malicious code in bioql PyPI...

Shaping the Future of Cyber Risk Management: QSC Evolves to ROCon

Over the last year, I’ve had the privilege of meeting with thousands of CIOs, CISOs, and security leaders across the globe. What I hear repeatedly is clear: managing cyber risk is more complex than ever, driven by the evolving digital, threat, and regulatory landscape. The number of vulnerabiliti...

Cyber Security Educational Games for Children: a Systematic Literature Review

Educational games have been widely used to teach children about cyber security. This systematic literature review reveals evidence of positive learning outcomes, after analysing 91 such games reported in 68 papers published between 2010 and 2024. However, critical gaps have also been identified...

CAASM in Action: What It Really Looks Like When It Works

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! You’ve heard the promises. The...

New Research Reveals: 95% of AppSec Fixes Don't Reduce Risk

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its...