19 articles tagged with "Enterprise Security"
NIST's updated password guidelines eliminate forced expiration and complexity rules. Here's how to enforce strong Active Directory passwords without driving users to workarounds.
Varonis joins 27 other security vendors integrating Anthropic's Claude Compliance API, enabling enterprises to monitor AI conversations, detect data leaks, and enforce governance policies in real time.
SAP's May 2026 security update addresses 15 vulnerabilities, including CVE-2026-34260 SQL injection in S/4HANA and CVE-2026-34263 unauthenticated RCE in Commerce Cloud.
Oracle's April 2026 CPU addresses 450 CVEs across 28 product families. Over 300 flaws are remotely exploitable without authentication, with Communications leading at 139 patches.
CVE-2026-27681 allows low-privileged users to execute arbitrary SQL commands in SAP Business Planning and Consolidation. CVSS 9.9 - patch immediately.
Cisco 360 Partner Program offers new AI specializations and certifications tied to NVIDIA partnership, with $267B in projected partner-delivered AI services by 2030.
Cisco Talos sounds the alarm on AI tools that demand root access and store credentials in plaintext, calling the current adoption frenzy a security crisis.
CVE-2026-20111 enables stored cross-site scripting attacks against administrators of Cisco Prime Infrastructure network management systems.
New taxonomy from Cisco's CISO and security leadership defines five AI security domains and the organizational functions needed to secure enterprise AI systems.
Flare research finds enterprise identity compromise doubled in 2025, with Microsoft Entra ID appearing in 79% of logs. Session cookies enable MFA bypass at scale.
Security researchers expose an active campaign using layered evasion techniques to deliver Remcos RAT through MSBuild abuse and .NET Reactor-protected loaders.
CVE-2026-22844 allowed meeting participants to execute arbitrary code on Zoom's on-premises multimedia routers. No active exploitation reported yet.
Multiple CVSS 10.0 flaws affect Commerce, Communications, and PeopleSoft. MySQL patches include a critical 9.8-severity bug.
CVE-2025-68493 in the XWork component enables XML External Entity attacks that can leak files, perform SSRF, or crash systems. Patch to version 6.1.1.
Netskope report finds organizations average 223 GenAI policy incidents monthly as employees use personal accounts to access AI tools outside corporate controls.
Five malicious extensions masquerading as HR tools steal authentication tokens, block security panels, and enable account takeover through cookie injection.
Global Cybersecurity Outlook 2026 finds executives prioritizing cyber-enabled fraud as top risk. Report warns of 'three-front war' against crime, AI misuse, and supply chain threats.
January 2026 Patch Day addresses 17 flaws including four HotNews vulnerabilities. CVE-2026-0501 allows authenticated attackers to compromise S/4HANA financial systems.
Malicious extensions have compromised over 15 million users in the past year. Here's how attackers exploit the extension ecosystem and what organizations can do.