Infosec.Pub

Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement and automated evidence collection tied to live system behavior. The specification addresses a common challenge in AI oversight. Models evolve through retraining, data pipelines change, and system configurations shift during operation. Oversight methods … More → The post Audits for AI systems that keep changing appeared first on Help Net Security.

The interim director of the Cybersecurity and Infrastructure Security Agency triggered an internal cybersecurity warning with the uploads — and a DHS-level damage assessment.

Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.…

Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8, […]

Comments

Chainalysis: Chinese-language crypto laundering networks processed ~$16.1B in 2025, or $44M per day on average across 1,799+ wallets, representing 20% of laundering activity  —  TL;DR  — After emerging at the start of the pandemic, Chinese-language money laundering networks (CMLNs) …

Bugcrowd study reveals 82% of security researchers now use AI, a big increase from 2023 figures

The military tested a new approach in Venezuela and during strikes on Iranian nuclear facilities.

In 1993, DOOM was a great game to play if you had a 486 with a VGA monitor and nothing to do all weekend. In 2026, you can play it on …read more

Google did not admit wrongdoing in the settlement of the class-action case, which accused the firm of "unlawful and intentional interception and recording of individuals’ confidential communications without their consent and subsequent unauthorized disclosure of those communications to third parties."

Researchers found over 20 flaws in Dormakaba access systems that could let attackers remotely unlock doors at major organizations. Researchers from SEC Consult discovered and fixed more than 20 security flaws in Dormakaba physical access control systems. The experts uncovered multiple critical vulnerabilities in Dormakaba physical access control systems based on exos 9300. These enterprise […]

Nearly 60% of Tech Students Said They'd Violate HIPAA If the Price Was RightBudding IT insiders can be corrupted into giving up protected health information of a very famous patient, say State University of New York at Buffalo researchers who also found a correlation between an interest in white hat hacking and illegal breaches.

Company's autodiscover caused users' test credentials to be sent outside Microsoft networks.