AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data.

The post Indirect Prompt Injection Is Now a Real-World AI Security Threat appeared first on TechRepublic.

The post “TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets appeared first on Daily CyberSecurity.

The post Checkmarx Falls Victim to Credential Harvesting Attack appeared first on Daily CyberSecurity.

The post Tactical Evolution: Trigona Ransomware Debuts Custom Exfiltration Armory appeared first on Daily CyberSecurity.

Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security.

The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.

Unit 42は、マルチエージェントAIシステムがクラウド環境をどのように自律的に攻撃できるかを明らかにします。プロアクティブなセキュリティのための重要なインサイトと不可欠な教訓を学びます。

The post AIはクラウドを攻撃できるのか?自律型クラウド攻撃型マルチエージェント システムの構築から得られた教訓 appeared first on Unit 42.

Malicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in enterprise security.

The post Malicious TikTok Downloader Extensions Quietly Compromised 130K Users appeared first on TechRepublic.

Learn how ML-based anomaly detection stops metadata exfiltration in post-quantum AI environments and secures MCP infrastructure against advanced threats.

The post ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration appeared first on Security Boulevard.

Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching.

The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42.

The Education Authority cyberattack investigation has confirmed that a recent incident involved a targeted attack on a small number of schools, leading to the compromise of some personal data. The update comes days after the incident was first reported, with new findings shedding light on the nature and impact of the breach. According to officials, the Education Authority cyberattack was identified on April 10, 2026, when authorities were alerted to suspicious activity affecting school systems. Forensic experts have since determined that attackers gained specific and targeted access to personal information linked to certain schools.

Targeted Nature of Education Authority Cyberattack

The latest findings indicate that the Education Authority cyberattack was not a widespread system breach but a focused attack on select institutions. Investigators confirmed that personal data was accessed in these cases, though the full extent of the compromised information has not yet been disclosed. Authorities had earlier stated that there was no evidence of data exfiltration or corruption. That assessment was based on initial findings, with officials noting at the time that the investigation was ongoing. The updated confirmation reflects the results of a more detailed forensic review, which required analysis across multiple systems. The breach is believed to have occurred before additional cybersecurity measures were implemented by the authority earlier this month.

Investigation and Law Enforcement Involvement

The Education Authority cyberattack is currently under active investigation, with law enforcement agencies involved. The Police Service of Northern Ireland and the Information Commissioner’s Office were notified immediately after forensic experts confirmed that personal data had been accessed. Officials stated that details of the incident are being disclosed publicly following an arrest made by the police. Prior to this development, authorities had withheld information to avoid interfering with ongoing investigations. The involvement of regulatory and law enforcement bodies highlights the seriousness of the Education Authority cyberattack, particularly given the sensitivity of data held by educational institutions.

Containment and System Recovery Efforts

System managers have assessed that the Education Authority cyberattack has been contained. Additional security measures were deployed as soon as the incident was detected, aimed at preventing further unauthorized access. Efforts are now focused on restoring normal operations. Work is ongoing to reconnect affected schools to the C2k system, which supports digital services across the education network. Officials said that restoring full functionality remains a priority while ensuring system security. The authority has also urged users to reset their C2k passwords as a precautionary step.

Notification of Affected Individuals

Authorities have confirmed that individuals whose personal data may have been compromised in the Education Authority cyberattack will be notified. The process of informing affected schools and individuals is currently underway and is being guided by the final findings of the investigation, along with advice from relevant authorities. Officials acknowledged the concern such incidents may cause and said efforts are being made to communicate with impacted parties as quickly as possible. At the same time, they noted that certain details cannot yet be disclosed publicly due to the ongoing police investigation. Further updates are expected once authorities are able to share more information without affecting the case.

Ongoing Monitoring and Next Steps

The Education Authority cyberattack remains under close monitoring as forensic analysis continues. Investigators are working to fully understand how the breach occurred and whether additional risks remain. While the incident appears to be contained, the confirmation of targeted access to personal data underscores the risks facing education systems, which often manage sensitive information across interconnected platforms. Authorities have indicated that further updates will be provided as the investigation progresses and more details become available.

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why security enforcement must shift to the data layer.

The post GrafanaGhost: The AI That Leaked Everything Without Being Hacked appeared first on TechRepublic.

The Intesa Sanpaolo data breach was not just the result of unauthorized access, it was a failure of detection that lasted for more than two years. In an exclusive response to The Cyber Express, Italy’s data protection authority has now clarified that the bank’s monitoring systems were not equipped to identify repeated, low-volume misuse of access over time. The Intesa Sanpaolo data breach, which has already led to a €31.8 million fine, involved a single employee accessing the data of over 3,500 customers without any valid business reason. While earlier findings established the scale of the incident, the latest response explains why it continued undetected for so long.

Intesa Sanpaolo Data Breach: Monitoring Failed to Catch Slow, Repeated Access

At the center of the Intesa Sanpaolo data breach is a critical gap in how internal activity was monitored. In response to queries from The Cyber Express, Secretary General of the Italian Data Protection Authority, Luigi Montuori, said:

“The Authority found that the employee carried out unauthorized access over a period of more than two years without the bank’s alert systems detecting any anomaly. According to the decision, the controls adopted by the bank proved inadequate in light of the specific risks connected with its operating model, which allowed broad internal access to customer data.”

He further added:

“In particular, the Authority considered that the thresholds and monitoring mechanisms in place were not sufficient to promptly detect repeated but time-distributed improper access, including access involving politically exposed or otherwise high-profile individuals.”

This clarification is significant. It shows that the Intesa Sanpaolo data breach was not missed because of a lack of controls, but because those controls were not designed to detect how insider threats actually behave. Rather than triggering alerts through large or unusual spikes, the access remained under the radar by being spread out over time. This exposes a common blind spot in enterprise monitoring, systems often focus on volume, not patterns.

No Confirmed Misuse, But Regulator Flags High Risk

Another key question in the Intesa Sanpaolo data breach has been whether the accessed data was misused beyond internal viewing. Montuori clarified in his response:

“The decision does not state that there is confirmed evidence of data exfiltration or further misuse of the data outside the unauthorized access itself. However, the Authority found that the unlawful access, its scale, its duration, and the categories of persons affected were sufficient to create a high risk for the rights and freedoms of the individuals concerned. Beyond the conclusions set out in our decision, the case is also under investigation by the judicial authority in criminal proceedings.”

Even without confirmed data exfiltration, the Intesa Sanpaolo data breach was treated as a serious violation. The regulator’s position is clear: prolonged unauthorized access, especially involving sensitive and high-profile individuals, creates inherent risk. This reflects a broader shift in enforcement, where exposure itself, not just proven misuse, is enough to trigger regulatory action.

Post-Breach Fixes Highlight Earlier Gaps

Following the Intesa Sanpaolo data breach, the bank introduced several measures to strengthen its controls. The authority noted:

“The decision notes that, after the incident, the bank adopted a number of measures to strengthen its safeguards, including:

• stronger protections for certain particularly sensitive or high-profile customers;
•  enhanced ex ante authorization mechanisms and ex post controls on access;
• strengthened alerting and monitoring systems for anomalous access;
• a dedicated task force for analysis and decision support;
• the introduction of additional data masking measures;
• broader governance improvements in the management of personal data breaches.

As stated in the decision, the Authority also took these remedial measures into account in its overall assessment.”

While these steps address key weaknesses, they also underline a larger issue. In the Intesa Sanpaolo data breach, the most critical safeguards, effective monitoring, stricter access control, and risk-based oversight, were strengthened only after the breach had already persisted for years.

A Broader Warning on Insider Risk

The Intesa Sanpaolo data breach offers a clear lesson for the banking sector and beyond. Internal access remains one of the most difficult risks to control. Systems are often designed to enable efficiency, giving employees broad visibility across customer data. But without monitoring that reflects real user behavior, that access can be misused without detection. What stands out in this case is that even access involving politically exposed and high-profile individuals did not trigger alerts. That points to a deeper issue—not just in tools, but in how risk is defined and monitored. As Montuori concluded:

“At this stage, we have no further comment beyond the contents of the adopted measure”.

The case may be closed from a regulatory standpoint, but its implications are not. The Intesa Sanpaolo data breach shows that insider threats do not always appear as obvious anomalies, they often build quietly over time. Without systems designed to catch that, similar incidents are likely to happen again.

Unit 42 uncovers a "double agent" flaw in Google Cloud's Vertex AI, demonstrating how overprivileged AI agents can compromise cloud environments.

The post Double Agents: Exposing Security Blind Spots in GCP Vertex AI appeared first on Unit 42.

The Nova Scotia Power data breach has forced the utility provider to commit to stronger cybersecurity and privacy safeguards after a cyberattack exposed sensitive data of more than 900,000 current and former customers. The scale of the Nova Scotia Power data breach and the nature of the compromised information have raised serious questions about how organizations manage and protect customer data. The breach, discovered on April 25, 2025, was not the result of a single failure. Instead, it unfolded over weeks—highlighting how attackers can quietly move through systems before being detected.

Nova Scotia Power Data Breach Linked to Malware Infection

According to details shared in a compliance letter, the Nova Scotia Power data breach began on or around March 19, 2025. An employee accessed a compromised website infected with “SocGholish” malware and clicked on a malicious pop-up link. This allowed the malware to install and create a foothold within the network. From there, attackers escalated their access. Between April 8 and April 22, they moved laterally across systems using domain administrator privileges, conducted internal reconnaissance, and harvested credentials. This phase is critical, and often underestimated in cyber incidents. By the time the Nova Scotia Power data breach was detected, the attackers had already spent days exploring the network.

Data Exfiltration and Ransomware Deployment

The final stage of the Nova Scotia Power data breach occurred between April 23 and April 25, when the threat actor exfiltrated data from both on-premises systems and cloud storage. Shortly after, ransomware was deployed, backups were destroyed, and multiple applications stopped functioning. The attack was only discovered when employees reported system disruptions—an indication that the breach had already reached its most damaging phase. The attackers later contacted the company via a Tor-based dark web page, providing proof that sensitive customer data had been accessed. However, there is no confirmed evidence so far that the data has been publicly released or sold. Nova Scotia Power chose not to pay the ransom, aligning with law enforcement guidance.

Scope of the Nova Scotia Power Data Breach

The Nova Scotia Power data breach impacted approximately 375,000 current customers and 540,000 former customers. The compromised data includes:

• Names, phone numbers, and email addresses
• Mailing addresses and dates of birth
• Account and billing history, including bank details
• Driver’s license numbers and Social Insurance Numbers (SINs)

This level of exposure significantly increases the risk of identity theft and financial fraud, making the Nova Scotia Power data breach particularly serious.

Delayed Notifications and Customer Concerns

The handling of the Nova Scotia Power data breach has also drawn scrutiny. The Office of the Privacy Commissioner of Canada received multiple complaints, particularly around delayed notifications and the use of mailed letters, which slowed communication with affected individuals. Some concerns were also raised about the collection and storage of SINs, which were part of the compromised dataset. While Nova Scotia Power informed the public on April 28 and notified regulators by May 1, direct notifications to customers began weeks later, with additional affected individuals identified months after the initial disclosure. This staggered communication reflects the complexity of breach investigations—but also highlights the importance of timely transparency.

Response and Security Commitments

Following the Nova Scotia Power data breach, the company took steps to contain the incident. This included isolating affected systems, resetting compromised credentials, and working with third-party cybersecurity experts to investigate and remediate the breach. Customers were offered credit monitoring and identity protection services, initially for 24 months and later extended to five years for all customers. More importantly, Nova Scotia Power has now committed to strengthening its security measures under a compliance agreement. The Office of the Privacy Commissioner will continue to monitor progress until all commitments are fulfilled. Privacy Commissioner Philippe Dufresne stated, “I welcome this commitment by Nova Scotia Power to ensure stronger protections for the personal information of its customers. This privacy breach highlights the significant risks of cyberattacks to individuals and companies. Strong, proactive data protection, including robust safeguards, must be prioritized by all organizations in this evolving landscape.”

AI agents now operate across enterprise systems, creating new risk via prompt injection, plugins, and persistent memory. Here’s how to adapt security.

The post AI Agents Are Quietly Redefining Enterprise Security Risk appeared first on TechRepublic.