The problem of “secrets creep” is accelerating, with one report finding 23 million exposed secrets last year. Experts say convenience and an illusion of internal security are to blame, and AI tools are about to make it much worse.
Ron Deibert founded the Citizen Lab research center in 2001 to act as “counterintelligence for civil society.” He now warns that the United States, long a democratic standard, is seeing its foundational norms come under serious threat.
The US government is funding new AI research hubs to tackle economic and cyber threats. The centers aim to protect American dominance in AI innovation and supply chains.
Federal regulators are taking a sledgehammer to crypto fraud. The SEC just charged three trading platforms and four investment clubs in a scheme that allegedly stole over $14 million from social media users. This is part of a massive enforcement push that saw $4.98 billion in crypto penalties in 202
In a wild experiment, a tech journalist tried to infect a Windows XP virtual machine with modern malware. Surprisingly, much of it simply wouldn’t run, crashing due to missing system features or 64-bit requirements. But this doesn’t mean the 23-year-old OS is safe.
A critical vulnerability in WatchGuard Firebox firewalls is being actively exploited in attacks, prompting CISA to issue an urgent remediation order. Federal agencies have until December 26 to apply the patch, but all organizations are urged to act quickly.
The year’s major cyber incidents, including China-linked telco attacks and the Ingram Micro ransomware hit, all point to a single, critical failure. Organizations simply couldn’t see what was happening inside their own networks, and attackers knew it.
As companies link AI systems across departments, they unlock huge value but also create new vulnerabilities. The biggest danger isn’t a single AI failing—it’s that failure spreading like wildfire.
Microsoft has confirmed that recent Windows 11 security updates are breaking VPN access for some users and causing RemoteApp failures in Azure Virtual Desktop. The company is investigating but has only provided a workaround for one of the issues. It’s another blow for IT admins trying to keep system
Critical authentication bypass vulnerabilities in Fortinet’s FortiOS and other products are being actively exploited just days after disclosure. Attackers are using them to steal configuration files and hashed credentials. CISA has added one to its must-patch list with a deadline of December 23.
