Author: admin

ENISA reveals phishing and vulnerability exploitation accounted for majority of intrusions in past year

His conclusion:

Context wins

Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.

And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things­—hopefully before the baddies take advantage.

Summary and prediction

1. Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.
2. After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.

LLM tech is nowhere near ready to handle the context of an entire company right now. That’s why this will take 3-5 years for true AI-enabled Blue to become a thing.

And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc. to power their attacks.

I agree.

By the way, this is the SPQA architecture.

Broadcom has released security patches for critical flaws affecting several VMware products

A new campaign has been observed using malicious Windows shortcuts in credential-themed ZIP files to deploy PowerShell script

PwC found that AI security has become a top investment priority in cyber budgets over the next 12 months, ahead of cloud and network security

Phantom Taurus is the latest formally identified cyber-espionage group aligned with Chinese state interest

The NCA warns that house buyers could face losses of over £80,000 from a type of BEC called payment diversion fraud

Image-sharing platform Imgur has blocked its services within the UK, following a regulatory notice from the ICO

See how your networks, systems, and employees stand up to simulated attacks before an adversary strikes.

New report: “Scam GPT: GenAI and the Automation of Fraud.”

This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.

AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and eff­ective legislation.