Information Security Buzz

05/06/2026

Your organisation probably has an AI governance policy. What it may not have is operational control over what your AI systems are actually doing at runtime.

That gap is getting harder to ignore. When an employee asks Microsoft 365 Copilot to summarise everything relevant before a leadership meeting, and the Copilot pulls files from sensitive HR folders, an unreleased earnings deck, and a confidential M&A workspace the employee technically had access to but rarely opened, the audit log attributes all of it to the human.

There is no separate signal for Copilot. The activity looks identical to the user doing it themselves.

Artyom Poghosyan, CEO and Co-Founder of Britive, writes about what it actually takes to secure agentic AI systems beyond governance frameworks and acceptable-use policies.

🔗 Learn more: https://informationsecuritybuzz.com/practitioner-framework-securing-agentic-systems/

AI governance lacks operational control. Teams must map specific agentic deployment models to runtime control points to secure autonomous workflows. Read more..

04/06/2026

Machine identities now outnumber human users by ten to one in many organisations. Service accounts created on demand, API tokens spun up and never retired, AI agents accumulating access with no structured offboarding. Most IAM systems were never designed to track any of this at scale.

The result is a visibility problem that attackers understand well. Compromised credentials remain the top initial access vector in breaches, and when nobody has a clear picture of who or what has access to what, the window to catch something and contain it stretches considerably.

David Canellos, CEO of Axiad, writes about what it actually takes to close that gap. His argument is that quarterly access certifications and manual reviews create an appearance of control without surfacing the exposures that actually matter.

🔗 Learn more: https://informationsecuritybuzz.com/the-missing-link-in-cyber-resilience-bridging-the-identity-visibility-gap/

The enterprise security perimeter didn't evolve; it dissolved, and what replaced it isn't a newer, stronger boundary. It's the absence of one.  Today's

04/06/2026

Dutch police and the NCSC just shut down a botnet running across 17 million infected devices, with 200 controlling servers sitting inside the Netherlands.

Access was being sold for $5 a month in crypto. Good news: the infrastructure is down. Less good news: every one of those 17 million devices is still infected.

Denis Calderone (Suzu Labs) & Damon Small (Xcape, Inc.) share their insights!

🔗 Full story: https://informationsecuritybuzz.com/dutch-police-ncsc-take-down-major-botnet/

A collaboration between the Dutch National Police and the National Cyber Security Centre (NCSC), has seen a large botnet being shut down.

26/05/2026

Passwords were invented in the 1960s for time-sharing terminals. They were never designed to carry the weight of modern enterprise security, and yet here we are.

Passkeys, biometrics, and device trust are genuinely better controls. But moving away from passwords doesn't shrink the attack surface, it relocates it. Session hijacking, MFA fatigue, and AiTM phishing don't need a password. They work on trust that's already been granted.

So what does good identity security actually look like in 2026? Our experts give their honest take in this month's expert panel.

Ross Moore, Javvad Malik (KnowBe4), Anastasios Arampatzis, (Bora | Cybersecurity marketing), Chloé Messdaghi (Thornbridge Advisory), and Dimitris Georgiou (Alphabit Cybersecurity)

🔗 Read their thoughts here: https://informationsecuritybuzz.com/passwordless-security-and-the-new-identity-battleground/

We consulted cybersecurity experts to explore if passwords may become obsolete and to understand current digital identity security. Read more...

26/05/2026

AT&T, Verizon, T-Mobile, Comcast, Charter, Cox, Lumen, and Zayo have launched the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), a private-sector-only threat intelligence alliance operating independently from the federal government.

The move comes after the Salt Typhoon campaign exposed gaps in how telecom carriers share threat data, and as CISA faces significant budget cuts and workforce reductions.

Two experts share their read on what the launch means: Jacob Krell (Suzu Labs), & Jacob Warner (Xcape, Inc.)

🔗 Full story: https://informationsecuritybuzz.com/major-us-telecom-providers-debut-c2-isac/

Eight of the leading communications companies in the United States have created a new cybersecurity alliance. Read more...

21/05/2026

The Verizon 2026 DBIR is out, and ten security professionals share their take on what it means.

Weighing in:

Matt Hartman (Merlin Group), Jason Soroko (Sectigo), Collin H. (Black Duck), Chandra Gnanasambandam (SailPoint), ☁️ Trey Ford (Bugcrowd), Morey Haber (BeyondTrust), Mika Aalto & Maxime Cartier (Hoxhunt), Ram Varadarajan (Acalvio Technologies), and Diana Kelley (Noma Security)

🔗 Full article: https://informationsecuritybuzz.com/verizon-dbir-26-the-experts-are-saying/

Hear from several security experts to get their views on the DBIR and what it means for today's businesses. Read more...

21/05/2026

The Verizon 2026 DBIR is out, drawn from over 22,000 confirmed breaches across 145 countries. A few numbers worth sitting with.

Vulnerability exploitation is now the top initial access method at 31% of breaches, overtaking credential abuse which dropped to 13%. Median remediation times grew from 32 to 43 days, and only 26% of CISA KEV vulnerabilities were fully addressed in 2025, down from 38% the year before.

🔗 Read more: https://informationsecuritybuzz.com/verizon-dbir-2026-security-teams-losing-ground/

The Verizon 2026 DBIR shows a rapidly evolving threat environment that many organizations struggle to protect against. Read more...

19/05/2026

Vulnerability management as a discipline is not disappearing, but the role of the VM analyst is changing in ways that will matter for career trajectory.

Katrina Dobieski Thompson discusses the implications of exposure management for practitioners. While AI can handle tasks like scanning and patching CVEs, translating technical findings into business risks and presenting remediation priorities requires a knowledgeable human.

She emphasizes that organizations still need skilled professionals to validate AI forecasts, form remediation teams, and take responsibility for decisions.

🔗 Learn more: https://informationsecuritybuzz.com/em-boosting-the-career-trajectory-vm-analysts/

As organizations shift from vulnerability management (VM) to exposure management (EM), the role of the VM analyst must evolve or become outmoded. Read more...

19/05/2026

The UK's National Cyber Security Centre, alongside authorities in the US, Australia, Canada, and New Zealand, has published guidance advising organisations to slow down on agentic AI deployment until governance and security tooling are more mature.

The concern is specific: agentic AI takes actions, not just generates answers. That changes the risk profile considerably. The NCSC flags overprivileged agents with broad access to email, finance, and internal systems, prompt injection attacks, and cascading failures across connected systems as the key areas of exposure.

Experts offer their read on the guidance: Rajeev R. (Averlon) & Steven Swift (Suzu Labs)

🔗 Full story: https://informationsecuritybuzz.com/ncsc-warns-organisations-not-to-rush-into-agentic-ai/

19/05/2026

7-Eleven has filed a breach notification after an outside party accessed internal systems on 8 April containing franchising application documents. The exposed data includes applicants' names and addresses. The full scope of what was compromised is still unknown.

🔗 Full story: https://informationsecuritybuzz.com/7-eleven-breach-exposes-personal-data/