BLACK HAT ASIA – Singapore – The emergence of large language models (LLM) like Anthropic’s Mythos and, this week, OpenAI’s GPT-5.5, has set the security world a twitter with dark speculation that we are entering an era of industrialized, autonomous, mass exploitation across any platform or infrastructure — a nuclear threat that no organization, anywhere, can hide from. But not so fast, argues RunSybil CEO Ari Herbert-Voss: while defenders need to change their risk calculus to prepare for ever-accelerating threats from AI, the limits of human effort still matter when it comes to how successful those threats become; and it’s a…
Author: admin
Ravie LakshmananApr 28, 2026Vulnerability / Identity Management An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations in a tenant. The platform enables AI agents to authenticate securely and access necessary resources, as well as discover other agents. However, the shortcoming discovered by the identity security platform meant that users assigned the Agent ID…
Editor’s note: This research was conducted by Exploding Topics, the trend discovery platform owned by Semrush, and is republished here with permission. Data is drawn from a proprietary survey of 1,009 US consumers. Full methodology appears at the end of this article.More than three in four consumers have used AI to help with shopping or purchasing decisions in the last six months, according to new research from Exploding Topics. AI tools like ChatGPT and Google Gemini have been absorbed into weekly shopping routines. The technology has rapidly become a staple of product research and price comparison, for everything from clothing to…
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. Six of the extensions have been activated and deliver malware, while researchers assess with high confidence that the rest of them are dormant or at least suspicious. When initially uploaded, the extensions are benign but deliver the payload at a later stage, revealing the attacker’s true intention. “This count may change as new updates continue to appear, but the pattern is consistent with earlier GlassWorm waves,” say researchers at application security company Socket. GlassWorm is an ongoing supply…
A few weeks ago, we sat down with marketers running webinar programs at agencies and in-house teams, all B2B. We asked them what was working, what wasn’t, and where they felt stuck. Three pain points came up in nearly every conversation: “Webinars are a heavy lift with little proven ROI.”“We’re not generating enough qualified leads.”“Without clear attribution, leadership isn’t seeing the value of webinars.” If you’ve said any version of those things, you’re not alone, and you’re not the problem. The system around it is. Topic selection, promotion, follow-up, and measurement are where the pipeline leaks. And those gaps are…
US-based energy and water management solutions provider Itron has launched an investigation after hackers gained access to some of its systems. Itron helps utilities and cities manage energy, water, and other services, serving more than 8,000 customers across 100 countries. The company has revealed in an SEC filing that it detected unauthorized access to some systems on April 13, but noted that “operations have continued in all material respects”. “The Company took action to remediate and remove the unauthorized activity and has not observed any subsequent unauthorized activity within its corporate systems. Further, no unauthorized activity was observed in the…
A lot is going on in search today. Google still reigns supreme, but the competition and evolution coming from AI alternatives have many marketers wondering how to optimize for ChatGPT.
Researchers have long considered the Stuxnet attacks on Iran’s nuclear centrifuges in Natanz to be the opening chapter of state-sponsored cyber sabotage.As it turns out, at least five years before Stuxnet became public in 2010, somebody had developed an equally potent cyber weapon, one capable of injecting near-imperceptible errors into high-precision mathematical computations to gradually undermine and sabotage systems and applications that rely on their results.Researchers at SentinelOne who discovered the previously undocumented malware framework, which they are tracking as fast16, say it represents the earliest example yet of a cyber tool designed explicitly for sabotaging “ultra expensive high-precision computing…
On PPC Live The Podcast, I spoke with Peter Bowen, a Google Ads specialist with nearly 20 years of experience and a strong focus on B2B lead generation. Pete shared two major lessons from his career: always check the basics, and never assume the systems around your ads are working just because the campaigns look fine. The currency mistake that cost 10 times the budget Pete Bowen shared an early mistake where a South African client’s account was set up in the UK, defaulting the currency to pounds instead of rand. That simple oversight led to spending roughly 10 times…
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right questions: Is this a step-change or an incremental advance? Does restricting access to Microsoft, Apple, AWS, and JPMorgan actually reduce risk, or does it just concentrate defensive advantage among the already-well-defended? What happens when adversaries—state actors, criminal enterprises—build equivalent capability? These are important. But there’s a quieter…