Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Journal of Accountancy

COSO creates audit-ready guidance for governing generative AI

The Committee of Sponsoring Organizations of the Treadway Commission’s publication relies on its proven internal control framework to help companies manage AI-related risks.
Accounting Today

COSO releases guidance on internal controls for AI

The Committee of Sponsoring Organizations of the Treadway Commission has released guidance outlining ways that organizations can achieve and maintain effective internal controls over generative AI.

US sanctions Russian broker for buying stolen zero-day exploits

The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor.

CISA warns that RESURGE malware can be dormant on Ivanti devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect ...
CNET

Stop Using ChatGPT for Everything and Do These 11 Tasks Yourself

With more than a decade of experience, Nelson covers Apple and Google and writes about iPhone and Android features, privacy and security settings, and more. AI is not an infallible search engine, but ...