Fraud attacks expected to ramp up in AI 'perfect storm'
C-suite leaders should brace themselves for a rise in artificial intelligence-powered impersonation scams targeting enterprises in the coming year, according to a report by fraud prevention firm Nametag. Trends such as the increased accessibility of "deepfake" technologies will likely accelerate this year, allowing bad actors to step up attacks like hiring fraud, where scammers pose as legitimate job candidates. READ MORE...
AI & Humans: Making the Relationship Work
Leaders of many organizations are urging their teams to adopt agentic AI to improve efficiency, but are finding it hard to achieve any benefit. Managers attempting to add AI agents to existing human teams may find that bots fail to faithfully follow their instructions, return pointless or obvious results or burn precious time and resources spinning on tasks that older, simpler systems could have accomplished just as well. READ MORE...
Critical Vulnerability Patched in jsPDF
A critical-severity vulnerability recently patched in the jsPDF library could allow attackers to read sensitive information, including configuration files and credentials, Endor Labs warns. A popular NPM package with more than 3.5 million downloads per week, jsPDF supports the creation of PDF documents in JavaScript applications. The flaw, tracked as CVE-2025-68428 (CVSS score of 9.2), is a local file inclusion/path traversal issue in the library's loadFile method. READ MORE...
Veeam issues patch to close critical remote code execution flaw
Veeam has released an update to fix a security flaw in its Backup & Replication software that could let certain users run code on affected systems. The main issue, tracked as CVE-2025-59470, affects all Veeam Backup & Replication version 13 builds, according to a security advisory released Tuesday. Veeam said older product lines, including 12.x and earlier, are not affected by the vulnerabilities listed. READ MORE...
Fake WinRAR downloads hide malware behind a real installer
A member of our web research team pointed me to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that's usually a good indicator of a new campaign. So, I downloaded the file and started an analysis, which turned out to be something of a Matryoshka doll. WinRAR is a popular utility that's often downloaded from "unofficial" sites, which gives campaigns offering fake downloads a bigger chance of being effective. READ MORE...
IBM's AI agent Bob easily duped to run malware, researchers show
IBM describes its coding agent thus: "Bob is your AI software development partner that understands your intent, repo, and security standards." Unfortunately, Bob doesn't always follow those security standards. Announced last October and presently in closed beta testing, IBM offers Bob in the form of a command line interface - a CLI, like Claude Code - and an integrated development environment - an IDE like Cursor. READ MORE...
Maximum-severity n8n flaw lets randos run your automation server
A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn't even require logging in. The vulnerability, uncovered by researchers at security outfit Cyera, carries a CVSS score of 10.0 and has been dubbed "ni8mare" for good reason. Tracked as CVE-2026-21858, the flaw allows an unauthenticated attacker to execute arbitrary code on vulnerable systems. READ MORE...
Critical HPE OneView Vulnerability Exploited in Attacks
The US cybersecurity agency CISA on Wednesday warned that a critical-severity vulnerability in the OneView product from Hewlett Packard Enterprise (HPE) has been exploited in attacks. Tracked as CVE-2025-37164 (CVSS score of 10/10), the security defect was disclosed on December 17, 2025, when HPE released hotfixes for it. HPE credited Nguyen Quoc Khanh for reporting the bug but refrained from sharing technical information. READ MORE...
'Elon Musk is playing with fire:' All the legal risks that apply to Grok's deepfake disaster
As collective disgust has continued to build over the widespread generation and sharing of nonconsensual, sexualized deepfakes generated by X's GrokAI tool, angry onlookers have expressed shock that the activity continues unabated and company owner Elon Musk isn't being compelled to put a halt to the practice. Legal experts say there are several federal laws and regulations already on the books that could expose Musk and X to significant fines, civil lawsuits and criminal prosecution. READ MORE...
- ...in 1790, President George Washington delivers the first State of the Union address in New York City.
- ...in 1935, rock singer and 20th century icon Elvis Presley is born in Tupelo, MS.
- ...in 1942, English theoretical physicist and author Stephen Hawking is born in Oxford.
- ...in 1947, musician David Robert Jones (who changed his name to David Bowie to avoid confusion with the Monkees singer) is born in London.
