Ride-hailing company plans increased investment, vehicle buys depending on Rivian’s autonomous tech progress in coming years This article has been indexed from Silicon UK Read the original article: Uber Invests $300m In Rivian Amid Autonomous Tie-Up
Tag: EN
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency has issued an urgent warning regarding a critical zero-day vulnerability affecting heavily relied-upon Cisco security products. Tracked officially as CVE-2026-20131, this severe flaw is actively being exploited by cybercriminals in targeted ransomware campaigns. Organizations…
SILENTCONNECT Uses VBScript, PowerShell and PEB Masquerading to Deploy ScreenConnect
SILENTCONNECT is a newly discovered multi-stage malware loader that has been silently targeting Windows machines since at least March 2025. It uses VBScript, in-memory PowerShell execution, and PEB masquerading to install the ConnectWise ScreenConnect remote monitoring and management tool on…
Bamboo Data Center and Server Vulnerability Enables Remote Code Execution
Atlassian has officially resolved a high-severity Remote Code Execution (RCE) vulnerability within its Bamboo Data Centre application. Officially tracked as CVE-2026-21570, this critical security flaw introduces severe risks to enterprise continuous integration and continuous deployment environments. Because Bamboo serves as…
Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation
The lesser-known JackSkid and Mossad botnets have also been targeted in the operation. The post Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Aisuru…
Why MCP Gateways are a Bad Idea (and What to Do Instead)
MCP Gateways are the wrong abstraction for AI security. Discover why runtime hooks and MCP registries offer a superior, context-aware defense against data leaks and unauthorized tool calls in modern agentic architectures. The post Why MCP Gateways are a Bad…
ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption
ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility, policy enforcement,…
Semgrep Multimodal brings AI reasoning and rule-based analysis to code security
Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cutting noise by 50% compared to foundation models alone, and has already…
While you’re here, could you go out of your way to do an impossible job?
He would have gotten away with it too, if it weren’t for a meddling security team’s fear of USB On Call Each Friday The Register offers a fresh installment of On Call, the reader-contributed column that celebrates the fine art…
AppViewX acquires Eos to extend identity security to AI agents and workloads
AppViewX has acquired Eos, an AI-native identity control plane for AI agents and autonomous workloads within the enterprise. By combining AppViewX’s automated CLM and PKI with Eos’s agentic governance and privileged access control, the platform delivers an integrated solution for…
Bonfy ACS 2.0 helps organizations control data use in AI environments
Bonfy.AI announced Bonfy Adaptive Content Security (Bonfy ACS) 2.0, a platform built to secure enterprise content across all systems, applications, and AI agents – anywhere data moves, resides, or is processed. As organizations race to deploy copilots, custom AI apps,…
Critical SharePoint flaw, real-time cyberattack prevention, CISA’s Intune warning
Critical Microsoft SharePoint flaw now exploited in attacks 1stProtect reveals endpoint security platform intended to prevent cyberattacks in real time CISA urges U.S. organizations to secure Microsoft Intune systems following Stryker breach Get links to all our stories in the…
New Critical Jenkins Vulnerabilities Put CI/CD Servers at Risk of RCE Exploits
The Jenkins project released a critical security advisory addressing multiple vulnerabilities in its core automation server and the LoadNinja plugin. These flaws expose continuous integration and continuous deployment (CI/CD) environments to severe risks, including arbitrary file creation, credential exposure, and…
Cloud misconfiguration has evolved and your controls haven’t
In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the basics of bucket visibility. The first is bucket name squatting. Because S3 uses a…
Field workers don’t need more access, they need better security
In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access management, authentication practices, and data risk processes that support employees in the field. Thompson…
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also…
Microsoft Introduces Teams Upgrades to Improve Windows App Performance on ioS and Android
Microsoft has officially announced the general availability of new Microsoft Teams optimizations designed specifically for the Windows App on both iOS and Android operating systems. This important update introduces the WebRTC Redirector Service to mobile enterprise users. By rolling out…
Navia Confirms Data Breach Exposing Sensitive Information of 2.7 Million Users
Navia Benefit Solutions has confirmed a significant data breach impacting nearly 2.7 million individuals. The incident resulted from unauthorised access to the company’s systems, exposing sensitive personal and health plan information. As a prominent administrator of employee benefits for over…
Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’
A Russian state-linked threat actor has launched a targeted cyberattack against a Ukrainian government agency, exploiting a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite to steal credentials and sensitive email data. Dubbed “Operation GhostMail,” the campaign stands out for…
New infosec products of the week: March 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Intel 471, Kore.ai, NinjaOne, Pindrop, Secure Code Warrior, Token Security, and Xona Systems. NinjaOne Vulnerability Management enables real-time detection and autonomous patching NinjaOne has unveiled…