Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.

darkreading – ​Read More

Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness

In Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious gap between regulatory expectations and day-to-day security operations. 

Key Takeaways 

  • Chile’s Cybersecurity Framework Law raises the pressure on operational readiness: Security leaders need teams that can detect threats, investigate incidents, and support response decisions without delay. 
  • Slow investigation can quickly become a business risk: Delayed response weakens evidence, increases regulatory pressure, and makes post-incident review harder to manage. 
  • Faster triage and clearer evidence now matter more: Better visibility into suspicious activity helps reduce disruption, improve reporting quality, and support faster decisions under tight deadlines. 
  • For business leaders, this is about continuity as much as compliance: Teams must be able to contain incidents, document actions, and maintain control during regulatory scrutiny. 
  • ANY.RUN’s Enterprise solutions help reduce operational risk under compliance pressure: They support faster investigations, stronger evidence, and more controlled analysis workflows. 

The Regulatory Shift 

Chile has taken a decisive step toward strengthening its national cybersecurity posture with the approval of Law No. 21.663 – the Cybersecurity Framework Law. This legislation establishes mandatory cybersecurity obligations for organizations classified as: 

  • Operators of Vital Importance (OIV) 
  • Operators of Essential Services 
  • Critical public sector entities 

Unlike traditional compliance frameworks that focus on policies and documentation, Chile’s approach is outcome-driven and risk-based. Organizations must demonstrate real operational capabilities– not just checkbox compliance. With enforcement and audits ramping up through 2025-2026, the compliance window is closing fast.

The scope is broad. An estimated 915 organizations across energy, telecommunications, banking and financial services, digital infrastructure, healthcare, and public institutions must now prove their cybersecurity readiness.

What the New Law Requires from Security Teams 

Chile’s Cybersecurity Framework Law does not mandate specific tools, but it does set clear expectations for operational readiness. Regulated organizations are expected to have the following: 

✅ Effective threat detection: Identify malicious activity before it causes damage 
✅ Timely incident analysis and response: Understand what happened, how, and what to do 
✅ Continuous risk management: Adapt defenses as the threat landscape evolves 
✅ Evidence-based reporting: Provide detailed, defensible reports to Chile’s national CSIRT and regulatory authorities 

Regulated entities must permanently apply technical and organizational measures to prevent, report, and resolve cybersecurity incidents in line with ANCI protocols and sector-specific standards. They must also report significant cyberattacks and incidents to the national CSIRT under a defined timeline. 

For operators of vital importance, requirements are stricter. They must run a continuous information security management system, document security actions, and maintain certified cybersecurity and continuity plans, reviewed at least every two years.

They are also expected to conduct regular exercises, implement rapid containment measures, train staff, and appoint an independent cybersecurity delegate with direct access to top management and formal responsibility for coordination with ANCI. 

Build a compliant and mature SOC
Integrate ANY.RUN’s solutions to reduce business risk and boost security 



Power up your SOC


The reporting timelines are especially important for CISOs, SOC leaders, and MSSPs serving regulated clients. The law requires an early warning within three hours after learning of a significant incident, an updated report within 72 hours, and a final report within 15 days.

If the affected entity is an OIV and the incident disrupts its essential service, the second report deadline tightens to 24 hours. OIVs must also communicate a formal action plan within seven days. 

The key shift is simple: the law focuses less on documented intent and more on proven capability. It is not enough to say controls are in place. Organizations need to show they can investigate suspicious activity, confirm whether a threat is real, and support response decisions with evidence. 

That changes the standard for security teams. Alerts alone are not enough. Teams need visibility, faster analysis, and a reliable investigation trail they can stand behind during reporting, audits, and post-incident review. 

What Non-Compliance Can Cost 

The legal exposure is serious. Minor infringements can be fined up to 5,000 UTM, serious infringements up to 10,000 UTM, and very serious infringements up to 20,000 UTM. For operators of vital importance, those maximums double to 10,00020,000, and 40,000 UTM respectively.  

For leadership, the business risk goes beyond the fine itself. When teams cannot investigate suspicious activity quickly, explain what happened, or produce defensible incident evidence, the result can be longer disruption, slower communication with authorities, and more exposure during audits. That is why this law should not be treated as only a legal issue. It is also a detection, response, and operational-readiness issue. 

The Compliance Challenge: Why This Is Hard 

For SOCs and incident response teams across Chile, the new requirements create significant operational pressure: 

Challenges for security teams in Chile

 

1. Alert Overload, Limited Analysis Capacity 

Chilean organizations are facing the same challenge plaguing SOCs globally: too many alerts, not enough time to investigate them properly. SOC teams are drowning in noise from SIEM and EDR platforms, struggling to separate real threats from false positives. 

2. Talent Shortage 

The cybersecurity skills gap is acute in Latin America. According to industry data, LATAM experiences approximately 2,716 cyberattacks per organization per week, significantly above the global average. Yet there aren’t enough trained analysts to keep pace with investigation demands. 

3. Malware Analysis Bottlenecks 

Many sandbox solutions provide a verdict, but limited visibility into how the threat behaves or why it matters. When regulators ask for detailed incident reports, security teams need more than a malicious or benign label. They need evidence, context, and a clearer view of the attack chain. 

4. Rising Threat Sophistication 

Attackers targeting Latin America, particularly Chile’s banking and financial sectors, are deploying region-specific malware families like Mekotio, Grandoreiro, and Casbaneiro. These threats use novel evasion techniques specifically designed to bypass legacy detection systems.

Close the Security Gap with Better Threat Visibility, Analysis, and Response 

Under Chile’s new framework, security gaps are no longer just technical weaknesses. They can become compliance failures, reporting delays, and broader business risks. ANY.RUN helps organizations close those gaps with stronger threat visibility, faster analysis, and more defensible response workflows. 

1. Threat Intelligence for Better Visibility and Prioritization 

One of the hardest parts of compliance is knowing which threats deserve immediate attention. Security teams already deal with large volumes of alerts, but the new law raises the need for monitoring that is not only active, but relevant to actual business risk. 

ANY.RUN’s Threat Intelligence Lookup helps teams focus on threats that matter most to their environment. Rather than treating threat intelligence as just another dataset, it works as an operational layer that connects threat context with prioritization and action across the SOC lifecycle. Instead of relying only on generic indicators, organizations can investigate threats through industry- and geo-specific context. 

For example, a query such as submissionCountry:”CL” AND industry:”banking” can help teams understand what is actively targeting Chile’s financial sector. This gives analysts faster context for triage, supports continuous risk management, and helps organizations build monitoring around real threats rather than assumptions. 

Threat activity targeting Chile’s financial sector, visible inside TI Lookup 

With this approach, organizations can: 

  • Focus security efforts on the threats most relevant to their sector 
  • Improve prioritization across monitoring and triage workflows 
  • Reduce investigation delays caused by low-context alerts 
  • Strengthen continuous risk management with more relevant threat visibility 
  • Build a stronger foundation for defensible response and reporting 

Strengthen cyber readiness where business risk is highest
Improve prioritization and decisions with clearer threat context 



Upgrade your SOC


2. Behavioral Analysis for Faster Investigation and Clearer Evidence 

Threat visibility is only the first step. Once a suspicious file, URL, or email is detected, teams still need to understand what it actually does, how serious it is, and what actions should follow. 

ANY.RUN’s Interactive Sandbox helps security teams investigate threats through real behavioral analysis. Instead of receiving only a verdict, analysts can observe malicious activity as it unfolds, understand the attack chain, extract indicators, and see the broader context of the incident. This makes it easier to validate threats faster, support containment decisions, and produce clearer evidence for reporting, audits, and post-incident review. 

Threat analysis carried out inside ANY.RUN sandbox 

In practice, this allows organizations to: 

  • Understand how a threat behaves, not just whether it is malicious 
  • Confirm impact faster and make response decisions with more confidence 
  • Extract IOCs and other evidence for reporting and follow-up investigation 
  • Support containment with clearer visibility into attacker activity 
  • Build a more defensible investigation trail for audits and incident review 

Turn uncertain alerts into faster, defensible decisions
Give teams clearer evidence for response and reporting 



Integrate your SOC


3. Integrations and Threat Feeds for Faster Detection and Response 

Meeting regulatory expectations also depends on how quickly security teams can move from detection to action. When threat data stays locked in separate tools or requires manual handling, triage slows down, response becomes less consistent, and reporting gets harder under tight deadlines. 

ANY.RUN helps reduce that friction by connecting threat intelligence and sandbox analysis directly to existing security workflows through ready-made connectors, STIX/TAXII, and API/SDK options. This allows teams to move investigation data into SIEM, SOAR, EDR, and TIP environments faster, so enrichment, correlation, and response can happen with less manual effort.  

Integration opportunities for ANY.RUN Threat Intelligence 

Threat Intelligence Feeds continuously deliver high-confidence malicious indicators sourced from live attack investigations across 15,000 organizations and 600,000 analysts, helping teams work with fresh threat data instead of static lists.  

Strengthen detection with live threat data from real attacks
Help your team correlate faster and respond with less effort 



Contact us


This gives organizations the ability to: 

  • Push fresh threat data directly into existing detection and response tools 
  • Reduce manual workload in enrichment and triage workflows 
  • Improve alert quality with validated, high-confidence indicators 
  • Speed up correlation and response across the SOC stack 
  • Build a more scalable and operationally consistent security model 

Support Compliance Readiness with Privacy, Control, and Audit Confidence 

Security teams also need confidence that sensitive analyses can be handled in a controlled environment that supports internal governance, confidentiality, and audit readiness. That is especially important for organizations working under stricter reporting obligations and higher regulatory scrutiny. 

ANY.RUN supports that need with SOC 2 Type II attested security and private, access-controlled sandbox analysis designed for confidential investigations.  

ANY.RUN’s private sandbox sessions remain confidential through strict access controls and encrypted data processing, helping organizations investigate threats without exposing case data to the public community. For leadership, this matters because improving detection and response is not enough on its own. The investigation environment also needs to meet enterprise expectations for security, privacy, and operational reliability.  

This becomes especially valuable when incidents involve sensitive internal files, regulated environments, or investigations that may later be reviewed by auditors, executives, or external authorities. With stronger privacy controls around analysis data, organizations can reduce the risk of accidental exposure while giving security teams a safer way to investigate suspicious activity and preserve a defensible trail of evidence. 

About ANY.RUN 

ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, helps security teams investigate threats faster and with greater clarity across modern enterprise environments.   

It allows teams to safely execute suspicious files and URLs, observe real behavior in an Interactive Sandbox, enrich indicators with immediate context through TI Lookup, and monitor emerging malicious infrastructure using Threat Intelligence Feeds. Together, these capabilities help reduce investigation uncertainty, accelerate triage, and limit unnecessary escalations across the SOC.   

Frequently Asked Questions 

What changes for security leaders under Chile’s Cybersecurity Framework Law?

The law raises the standard from having policies on paper to proving operational readiness in practice. It sets minimum requirements for preventing, containing, resolving, and responding to cyber incidents, creates ANCI as the national authority, and gives regulators a clearer basis for oversight and sanctions. In practice, that means leadership teams need confidence that detection, investigation, reporting, and continuity measures will hold up under pressure.  

Which organizations are most exposed to these requirements?

The law applies to providers of essential services and to entities designated as Operators of Vital Importance, or OIVs. The covered sectors include areas such as energy, water, telecom, digital infrastructure, transport, banking and payments, postal services, and healthcare, while ANCI has the power to formally qualify OIVs.  

What will regulators expect an organization to be able to show?

At a minimum, regulated entities must permanently apply measures to prevent, report, and resolve incidents. For OIVs, the bar is higher: they must run a continuous information security management system, maintain records of security actions, implement and review continuity and cybersecurity plans, carry out ongoing reviews and exercises, train staff, and appoint a cybersecurity delegate who reports upward.  

Why does response speed matter so much under this law?

Because the reporting clock starts quickly. The law requires an early alert within 3 hours of learning about a significant incident, an update within 72 hours, and a final report within 15 days. If an OIV’s essential service is affected, the update deadline tightens to 24 hours, and OIVs must also adopt an action plan within 7 days. For leadership, this makes delayed investigation a business risk, not just a technical issue. 

Does the law require specific tools?

No. It does not prescribe named products. What it does require is that organizations can prevent, report, and resolve incidents, follow ANCI protocols and standards, and support continuity and incident handling with real operational capability. That is why the focus for leadership should be less on tool count and more on whether teams can investigate, decide, and report fast enough when it matters.  

Why does investigation quality matter for compliance?

Because the law is built around response, reporting, and oversight. ANCI can require information needed to understand incidents, supervise compliance, and enforce sanctions, while the law also emphasizes continuity, risk management, and documented actions. For leadership teams, that makes clear evidence and a defensible investigation trail part of compliance readiness. 

The post Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections

Congress is set to take up the reauthorization of a divisive program that lets U.S. spy agencies pore over foreigners’ calls, texts and emails.

The post Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections appeared first on SecurityWeek.

SecurityWeek – ​Read More

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Researchers found adware capable of killing cybersecurity products and pushing more dangerous payloads to infected systems.

The post $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks appeared first on SecurityWeek.

SecurityWeek – ​Read More

The best internal communication tools of 2026: Expert tested and reviewed

If your office works remotely in any way, you’ll need reliable internal communication tools to keep information flowing smoothly and everyone on the same page.

Latest news – ​Read More

The n8n n8mare: How threat actors are misusing AI workflow automation

  • Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. 
  • In this blog, Talos provides concrete examples of how threat actors are weaponizing legitimate automation platforms to facilitate sophisticated phishing campaigns, ranging from delivering malware to fingerprinting devices.  
  • By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery vehicles for persistent remote access.

The n8n n8mare: How threat actors are misusing AI workflow automation

AI workflow automation platforms such as Zapier and n8n are primarily used to connect different software applications (e.g., Slack, Google Sheets, or Gmail) with AI models (e.g., OpenAI’s GPT-4 or Anthropic’s Claude). These platforms have been applied to different application domains, including cybersecurity over the past few months, especially with the progress that has been made in new avenues like large language models (LLMs) and agentic AI systems. However, much like other legitimate tools, AI workflow automation platforms can be weaponized to orchestrate malicious activities, like delivering malware by sending automated emails.

This blog describes how n8n, one of the most popular AI workflow automation platforms, has been abused to deliver malware and fingerprint devices by sending automated emails.

What is n8n?

N8n is a workflow automation platform that connects web applications and services (including Slack, GitHub, Google Sheets, and others with HTTP-based APIs) and builds automated workflows. A community-licensed version of the platform can be self-hosted by organizations. The commercial service, hosted at n8n.io, includes AI-driven features that can create agents capable of using web-based APIs to pull data from documents and other data sources.

Users can register for an n8n developer account at no initial charge. Doing so creates a subdomain on “tti.app.n8n[.]cloud” from which the user’s applications can be accessed. This is similar to many web-based AI-aided development tools, and one that malicious actors have harnessed elsewhere in the past; earlier this year, Talos observed another AI-oriented web application service, Softr.io, being used for the creation of phishing pages used in a series of targeted attacks.

How n8n’s webhooks work

Talos’ investigation found that a primary point of abuse in n8n’s AI workflow automation platform is its URL-exposed webhooks. A webhook, often referred to as a “reverse API,” allows one application to provide real-time information to another. These URLs register an application as a “listener” to receive data, which can include programmatically pulled HTML content. An example of an n8n webhook URL is shown in Figure 1.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 1. Anatomy of an example n8n webhook URL.

When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a webpage.

Talos has observed a significant rise in emails containing n8n webhook URLs over the past year. For example, the volume of these emails in March 2026 was approximately 686% higher than in January 2025. This increase is driven, in part, by several instances of platform abuse, including malware delivery and device fingerprinting, as we will discuss in the next sections.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 2. The prevalence of n8n webhook URLs in emails over the past few months.

Abusing n8n for malware delivery

Because webhooks mask the source of the data they deliver, they can be used to serve payloads from untrusted sources while making them appear to originate from a trusted domain. Furthermore, since webhooks can dynamically serve different data streams based on triggering events — such as request header information — a phishing operator can tailor payloads based on the user-agent header.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 3. Example of a malicious email that delivers malware to the victim’s device by abusing the n8n platform.

Talos observed a phishing campaign (shown in Figure 3) that used an n8n-hosted webhook link in emails that purported to be a shared Microsoft OneDrive folder. When clicked, the link opened a webpage in the targeted user’s browser containing a CAPTCHA.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 4. HTML document delivered by the webhook presenting a CAPTCHA.

Once the CAPTCHA is completed, a download button appears, triggering a progress bar as the payload is downloaded from an external host. Because the entire process is encapsulated within the JavaScript of the HTML document, the download appears to the browser to have come from the n8n domain.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 5. HTML and JavaScript payload of the webhook downloads an executable file from a malicious URL.

In this case, the payload was an .exe file named “DownloadedOneDriveDocument.exe” that posed as a self-extracting archive. When opened, it installed a modified version of the Datto Remote Monitoring and Management (RMM) tool and executed a chain of PowerShell commands.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 6. Downloaded executable and the document it deploys (an installer for an RMM tool).

The PowerShell commands generated by the malicious executable extract and configure the Datto RMM tool, configure it as a scheduled task, and then launch it, establishing a connection to a relay on Datto’s “centrastage[.]net” domain before deleting themselves and the rest of the payload.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 7. The webhook-delivered “DownloadedOneDriveDocument.exe” malware attack chain.

Talos observed a similar campaign that also utilized an n8n webhook to deliver a different payload. Like the previous instance, it featured a self-contained phishing page delivered as a data stream from the webhook, protected with a CAPTCHA for human verification.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 8. Second CAPTCHA variant presented by n8n webhook.

This CAPTCHA code was significantly simpler than the first case. The payload delivered upon solving the CAPTCHA was a maliciously modified Microsoft Windows Installer (MSI) file named “OneDrive_Document_Reader_pHFNwtka_installer.msi”. Protected by the Armadillo anti-analysis packer, the payload deployed a different backdoor: the ITarian Endpoint Management RMM tool. When executed by “msiexec.exe”, the file installs a modified version of the ITarian Endpoint RMM, which acts as a backdoor while running Python modules to exfiltrate information from the target’s system. During this process, a fake installer GUI displays a progress bar; once finished, the bar resets to 0% and the application exits, creating the illusion of a failed installation.

Abusing n8n for fingerprinting 

Talos observed another common abuse case: device fingerprinting. This is achieved by embedding an invisible image (or tracking pixel) within an email. For example, when the <img> HTML tag is used, it tells the email client (e.g., Outlook or Gmail) to fetch an image from a specific URL. Figure 9 shows an example spam email in the Spanish language that leverages this technique.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 9. Email example where n8n is abused to fingerprint the recipient’s device.

When the email client attempts to load the image, it automatically sends an HTTP GET request to the specified address, which is an n8n webhook URL. These URLs include tracking parameters (such as the victim’s email address), allowing the server to identify exactly which user opened the email. Also, it is clear how this image is made invisible by using the “display” and “opacity” CSS properties.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 10. HTML source snippet of the email in Figure 9.

The second example below uses the same technique to track email opens and fingerprint the recipient’s device. Here, the sender tries to get a hold of recipient by introducing a new gift card feature.

The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 11. Email example where n8n is abused to fingerprint the recipient’s device.
The n8n n8mare: How threat actors are misusing AI workflow automation
Figure 12. HTML source snippet of email in Figure 11.

Conclusion

The same workflows designed to save developers hours of manual labor are now being repurposed to automate the delivery of malware and fingerprinting devices due to their flexibility, ease of integration, and seamless automation. As we continue to leverage the power of low-code automation, it’s the responsibility of security teams to ensure these platforms and tools remain assets rather than liabilities.

Protection

Because several AI automation platforms exist today that are inherently designed to be flexible and trustworthy, the security community must move beyond simple static analysis to effectively counter their abuse. For instance, instead of blocking entire domains, which would disrupt legitimate business workflows, security researchers should investigate behavioral detection approaches. These should trigger alerts when high volumes of traffic are directed toward such platforms from unexpected internal sources. Similarly, if an endpoint attempts to communicate with an AI automation platform’s domain (e.g., “n8n.cloud”) that is not part of the organization’s authorized workflow, it should trigger an immediate alert.

Collaborative intelligence sharing is another effective approach to countering malicious email campaigns. Security teams should prioritize sharing indicators of compromise (IOCs) — such as specific webhook URL structures, malicious file hashes, and command and control (C2) domains — with platforms like Cisco Talos Intelligence.

Last but not least, safeguarding against these complex threats necessitates a comprehensive email security solution that utilizes AI-driven detection. Secure Email Threat Defense employs distinctive deep learning and machine learning models, incorporating Natural Language Processing, within its sophisticated threat detection systems. It detects harmful techniques employed in attacks against your organization, extracts unmatched context for particular business risks, offers searchable threat data, and classifies threats to identify which sectors of your organization are most at risk of attack. You can register now for a free trial of Email Threat Defense.

IOCs 

IOCs for this threat also available on our GitHub repository here

93a09e54e607930dfc068fcbc7ea2c2ea776c504aa20a8ca12100a28cfdcc75a 
7f30259d72eb7432b2454c07be83365ecfa835188185b35b30d11654aadf86a0 
hxxps[://]onedrivedownload[.]zoholandingpage[.]com/my-workspace/DownloadedOneDrive 
hxxps[://]majormetalcsorp[.]com/Openfolder 
hxxps[://]pagepoinnc[.]app[.]n8n[.]cloud/webhook/downloading-1a92cb4f-cff3-449d-8bdd-ec439b4b3496 
hxxps[://]monicasue[.]app[.]n8n[.]cloud/webhook/download-file-92684bb4-ee1d-4806-a264-50bfeb750dab 

Cisco Talos Blog – ​Read More

Half of all US employees use AI at work now – and waste almost 8 hours a week doing it

Companies on the front lines of AI adoption are also hiring and laying off more employees on average than those that aren’t, Gallup found.

Latest news – ​Read More

Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are

The Hacker News – ​Read More

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos.
“The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems

The Hacker News – ​Read More