Category: Security

  • AI Agent Security Needs to Move to the Tool-Call Boundary

    AI agents are becoming useful for the same reason they are becoming risky: they can act. They can browse websites, read files, call APIs, search repositories, invoke MCP servers, use skill files, modify documents, and trigger workflows across external systems. That makes them very different from older chatbot deployments, where most risk stayed inside the…

  • Netizen: Monday Security Brief (7/6/2026)

    Today’s Topics: BioShocking Shows Why AI Browsers Turn Prompt Injection Into Account Access AI browsers change the risk model for web security. A normal browser displays pages, runs site code inside web security boundaries, and leaves most decisions to the user. An AI browser in agent mode can read, click, type, summarize, follow links, interact…

  • AI Agent Tooling Is Turning Metadata Into an Attack Surface

    AI agent security is beginning to move beyond the familiar problem of malicious prompts. The more serious issue is what happens after the model is connected to real systems. Once an AI assistant can reach files, APIs, databases, SaaS platforms, code repositories, ticketing queues, and internal workflows, the security boundary is no longer just the…

  • Netizen: Monday Security Brief (6/29/2026)

    Today’s Topics: Squidbleed Shows Why Old Proxy Code Still Belongs in the Threat Model Squidbleed is the kind of vulnerability that looks small in code and much larger in an environment diagram. Tracked as CVE-2026-47729, the flaw is an out-of-bounds read in Squid’s FTP gateway that can leak fragments of proxy memory back to a…

  • The Growing Market for Stolen Browser Data

    The modern browser has become one of the most valuable data repositories in the enterprise. It stores passwords, cookies, active sessions, autofill fields, saved payment details, authentication tokens, browsing history, device identifiers, and traces of nearly every cloud platform a user touches during the workday. For attackers, that makes the browser less like a utility…

  • The Next Software Supply Chain Problem May Not Be Code

    Software supply chain security has spent the last several years focused on source code, third-party packages, vulnerable libraries, and malicious dependencies. That focus made sense. Incidents like Log4Shell, dependency confusion, typosquatting, and compromised open-source packages made it clear that organizations needed better visibility into what their applications were built from. That visibility still matters. SBOMs,…

  • Netizen: Monday Security Brief (6/22/2026)

    Today’s Topics: INTERPOL Warns Cybercrime Is Surging Across Asia-Pacific as Phishing, Ransomware, and AI Scams Scale Up Cybercrime is rising sharply across Asia and the South Pacific, with phishing, ransomware, banking malware, information stealers, deepfakes, and AI-assisted fraud placing new pressure on governments, businesses, and law enforcement agencies across the region. A new INTERPOL assessment…

  • The Difference Between Passing a SOC 2 Audit and Maintaining a SOC 2 Program

    For many organizations, SOC 2 begins as a customer request. A prospect asks for the report, a contract requires it, or a sales cycle stalls until the organization can prove that it has controls in place to protect customer data. That pressure often turns SOC 2 into a project with a deadline, an audit window,…

  • Netizen: Monday Security Brief (6/15/2026)

    Today’s Topics: Self-Replicating AI Worm Shows Malware Can Reason Its Way Through a Network University of Toronto researchers have demonstrated a proof-of-concept AI worm that changes one of the oldest assumptions in worm defense: that the malware arrives with a fixed exploit path. In a preprint posted to arXiv on June 2, a team from…

  • How Living-Off-the-Land Attacks Bypass Traditional Security Controls

    Living-off-the-land attacks have become one of the clearest examples of a security problem that cannot be solved by malware detection alone. Instead of bringing obvious malicious tooling into an environment, attackers use what is already present: signed Windows binaries, administrative consoles, scripting engines, remote management services, cloud command-line tools, backup utilities, identity platforms, and trusted…