Avertium

06/03/2026

The is warning of a new evolution in that goes beyond the inbox.

The Silent Group is targeting U.S. law firms with a dangerous blend of social engineering and in-person intrusion tactics. Attackers impersonate IT support via phishing emails or phone calls, and when remote access fails, they escalate, physically entering offices to steal sensitive data.

‼️ Why this matters ‼️
- No longer purely digital, cyber threats now span physical and human attack surfaces
- Legal, financial, and healthcare sectors remain prime targets due to highly sensitive data
- Traditional security controls alone aren’t enough to stop social engineering and physical access attacks

Read more: https://loom.ly/J86-nmQ

Silent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations.

06/02/2026

starts with visibility into both your data and how AI interacts with it.

Organizations need to understand where their sensitive data lives, what tools they can access, and how that data is being used in prompts and outputs. DSPM provides visibility, mapping sensitive data across your environment and showing how it intersects with AI.

The result?
➡️ AI risk becomes measurable
➡️ Exposure becomes manageable
➡️ Governance becomes actionable

That’s how organizations move from reactive security to proactive control.

📑 Download our free and see for yourself how to turn AI risk into measurable control: https://loom.ly/0f_E_NQ

Learn how to govern AI securely with Microsoft Purview DSPM. Discover, classify, and protect sensitive data to enable AI without exposure.

05/29/2026

💥 FLASH NOTICE 💥
A critical vulnerability (CVSS 9.8) has been identified in the kernel qla2### Fibre Channel (FC) driver. The flaw is caused by a double free/use-after-free condition that can lead to kernel memory corruption.

Avertium continues to monitor this vulnerability for emerging exploit activity, indicators of compromise, and updated vendor advisories. Full details and guidance can be found here: https://loom.ly/5It15-o

A critical vulnerability (CVSS 9.8) has been identified in the Linux kernel qla2### Fibre Channel (FC) driver.

05/28/2026

Adopting AI securely and responsibly requires more than innovation - it demands discipline, trust, and leadership.

In our new blog, Jacques Lucas shares his perspective on what it truly takes for organizations to embrace AI without increasing risk. From balancing speed with security to ensuring accountability and governance, the article highlights why responsible must be intentional, not reactive.

As AI continues to reshape how organizations operate, security leaders play a critical role in guiding adoption that protects the business, earns trust, and supports long term resilience.

🌐 Read Jacques' full perspective here: https://loom.ly/Sq-3V2M

05/27/2026

Security and aren’t separate problems, they’re one system; but most organizations still run them in silos.

Different teams. Different tools. Different priorities.

That gap? That’s where risk lives.

✅ 24/7 security + compliance as one means:
- Detecting threats and capturing evidence in the same workflow
- Reducing risk while meeting regulatory obligations
- Turning alerts into actionable, compliant outcomes

💡 The result? Fewer blind spots, faster response, and compliance that keeps pace with operations.

If your organization is trying to manage security and compliance separately, consider a more integrated model. Avertium can help unify these efforts into a single operational program. https://loom.ly/olN62-0

05/26/2026

A newly identified exploit is exposing a fundamental weakness in how the Internet delivers content and the impact is significant.

Researchers have uncovered “Underminr,” a technique that allows threat actors to manipulate web requests and hide malicious activity behind trusted websites.

What makes this especially concerning:
💥 It’s rooted in Internet infrastructure design, not a simple software bug, so there’s no easy fix
💥 Nearly 42% of global websites (and over 50% in the U.S.) are potentially vulnerable
💥 Attackers can effectively hijack brand trust, using legitimate domains to cloak malicious traffic

Read more 🔗 https://loom.ly/-ZdELog

05/22/2026

In our most recent webinar, Avertium security leaders walk through how organizations can adopt responsibly by focusing on the fundamentals that matter most: governance, guardrails, and purpose-driven use cases.

In just one hour, you’ll gain clarity on:
- What “ ” actually means in practice
- How to manage AI agents as digital workers with accountability
- Common missteps organizations make after deploying AI tools
- Practical next steps for securing AI without slowing innovation

If AI is part of your roadmap this year, this session is designed for you.
⏯️ WATCH: https://loom.ly/oQqunHY

05/21/2026

What is , and why does it matter for ?
Retrieval Augmented Generation (RAG) is what makes tools like Copilot and ChatGPT so useful in the enterprise. It allows AI to pull from internal data sources to generate more accurate, relevant responses.

But that same capability introduces risk. RAG can:
✖️ Surface sensitive data that wasn’t intended to be exposed
✖️ Pull from multiple sources and combine information in unexpected ways
✖️ Bypass traditional data loss prevention controls

The reality is simple: If can access your data, it can generate it. That’s why AI governance can’t focus only on the model, it must focus on the data behind it.

Learn how to govern RAG and reduce AI exposure risk: https://loom.ly/0f_E_NQ

05/20/2026

🚨 A newly disclosed zero-day vulnerability (CVE-2026-42897) is already being actively exploited, impacting on-premises Exchange servers via Web Access (OWA).

The flaw stems from a cross-site scripting (XSS) issue that allows attackers to execute malicious code through a specially crafted email - potentially leading to mailbox compromise, session hijacking, and unauthorized access.

With no patch available yet, organizations are left relying on temporary mitigations while attackers actively exploit the gap. Full details: https://loom.ly/ReLMJPA

05/19/2026

for SQL doesn’t create data governance problems; it exposes the ones already there.

When AI can instantly generate queries and surface insights, long standing issues like over privileged access, unclear data ownership, and poorly classified sensitive data become impossible to ignore.

That’s why must start at the data layer:
✅ Strong identity and permissions
✅ Clear classification and ownership
✅ Visibility into sensitive data exposure
✅ Guardrails that keep AI aligned with security and compliance

Copilot makes one thing clear: AI governance becomes real where people actually touch data.

🔗 Read the full blog by Fred Cobb for practical fixes: https://loom.ly/EewL6rI