Securing AI Applications From Inception to Deployment

Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...

Observability for AI Systems: Strengthening visibility for proactive risk detection

Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...

Observability for AI Systems: Strengthening visibility for proactive risk detection

Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...

Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting

Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instruction...

CVE-2025-27389

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

CVE-2025-27389

Technical details such as affected products, versions, root cause, or exploitation steps are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE feeds.

CVE-2025-27389 Application Installation Source Verification Flaw May Lead to Risk Detection Bypass

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

EUVD-2025-201354

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

CVE-2025-27389 Application Installation Source Verification Flaw May Lead to Risk Detection Bypass

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

PT-2025-49188

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI

As large language models LLMs are increasingly used for code generation, concerns over the security risks have grown substantially. Early research has primarily focused on red teaming, which aims to uncover and evaluate vulnerabilities and risks of CodeGen models. However, progress on the blue...

LLMs on Support of Privacy and Security of Mobile Apps: State of the Art and Research Directions

Modern life has witnessed the explosion of mobile devices. However, besides the valuable features that bring convenience to end users, security and privacy risks still threaten users of mobile apps. The increasing sophistication of these threats in recent years has underscored the need for more...

DinoCompanion: an Attachment-Theory Informed Multimodal Robot for Emotionally Responsive Child-AI Interaction

Children's emotional development fundamentally relies on secure attachment relationships, yet current AI companions lack the theoretical foundation to provide developmentally appropriate emotional support. We introduce DinoCompanion, the first attachment-theory-grounded multimodal robot for...

Organizational Adaptation to Generative AI in Cybersecurity: a Systematic Review

Cybersecurity organizations are adapting to GenAI integration through modified frameworks and hybrid operational processes, with success influenced by existing security maturity, regulatory requirements, and investments in human capital and infrastructure. This qualitative research employs...

How to Improve Okta Security in Four Steps

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the...

GHSA-H4W2-HVCG-938J

creationtimestamp| type| source ---|---|--- 2024-12-23 17:28:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113703315103089292...

The Value of AI-Powered Identity

Introduction Artificial intelligence AI deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of th...

NamespaceHound: protecting multi-tenant K8s clusters

NamespaceHound is an open-source tool for detecting the risk of potential namespace crossing violations and anonymous access opportunities in multi-tenant clusters...

Qualys Expands Cloud Platform for First-Party Application Risk Detection and Remediation

Have you faced the need to identify & respond to open-source package vulnerabilities like log4shell, openSSL, etc, in production from Day Zero? Are you using first-party, homegrown applications and are worried the risk introduced by those applications is not seen or addressed? Qualys new...

How to Build and Enable a Cyber Target Operating Model

Cybersecurity is complex and ever-changing. Organisations should be able to evaluate their capabilities and identify areas where improvement is needed. In the webinar “Foundational Components to Enable a Cyber Target Operating Model,” – part two of our Cybersecurity Series – Jason Hart, Chief...