Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

OpenAI-Microsoft tensions escalate over control and contracts

Computerworld.com [Hacking News] - 17 Červen, 2025 - 11:00

The relationship between OpenAI and Microsoft is under growing strain amid extended talks over OpenAI’s restructuring, with OpenAI reportedly considering antitrust action over Microsoft’s influence in the partnership.

OpenAI leaders have considered alleging that Microsoft engaged in anticompetitive practices during their collaboration, a move that could prompt a federal investigation, WSJ reported.

The ChatGPT maker is reportedly exploring the option of urging regulators to examine its contractual relationship with Microsoft, along with a public campaign.

Meanwhile, The Information reported that OpenAI is seeking to give Microsoft a roughly 33% stake in its reorganized for-profit unit in exchange for relinquishing rights to future profits.

OpenAI also wants to revise existing contract clauses that grant Microsoft exclusive cloud hosting rights and to exclude its planned $3 billion acquisition of AI startup Windsurf from terms that give Microsoft access to OpenAI’s intellectual property, the report added.

These developments threaten to disrupt one of the most closely watched alliances in the AI sector.

A potential antitrust complaint by OpenAI could heighten regulatory scrutiny of major AI-cloud partnerships and lead enterprise customers to reevaluate risks tied to vendor lock-in and control over core infrastructure.

Microsoft, a major investor since 2019, supports OpenAI through Azure and powers tools like Microsoft 365 Copilot with its models.

However, tensions between OpenAI and Microsoft have been simmering in recent months, with occasional public clashes.

OpenAI has also been trying to reduce its dependence on Microsoft by turning to Google Cloud for additional computing power, while Microsoft has been working to lessen its own reliance on OpenAI by integrating alternative AI models into its Copilot platform, according to Reuters.

Impact on enterprises

A potential regulatory review may weaken enterprise confidence in adopting or expanding the use of Copilot and related tools, particularly in heavily regulated sectors such as healthcare and financial services.

“Over the short to long term, enterprises could face service disruptions, compatibility issues, or increased costs as vendors adjust their business models in response to changes in the partnership or service offerings,” said Prabhu Ram, VP of the industry research group at CyberMedia Research.

OpenAI models currently power Microsoft Copilot. But with growing innovation from rivals like DeepSeek, both firms appear to be preparing for a more independent path.

“The rate at which AI is advancing, especially given what DeepSeek has demonstrated, suggests that being locked into a single model is no longer a prudent strategy for Microsoft,” said Neil Shah, VP of research and partner at Counterpoint Research. “Enterprises will need to prepare for AI tools and platforms that are diverse in capability, modular, and scalable.”

For OpenAI, partnerships with Oracle Cloud and potentially Google Cloud will help scale its models further in enterprise deployments, particularly in the public sector, where Google is working to expand its presence.

“In the end, most cloud and AI providers will need to support multiple models and adopt modular integration to give enterprises more choice,” Shah said. “This way, they avoid becoming a one-trick pony and can select models based on their strengths, future development roadmaps, and alignment with specific use cases.”

Kategorie: Hacking & Security

Hackers switch to targeting U.S. insurance companies

Bleeping Computer - 16 Červen, 2025 - 22:43
Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. [...]
Kategorie: Hacking & Security

OpenAI’s MCP move tempts IT to trust genAI more than it should

Computerworld.com [Hacking News] - 16 Červen, 2025 - 21:23

Generative AI (genAI) poses a classic IT dilemma. When it works well, it is amazingly versatile and useful, fueling dreams that it can do almost anything. 

The problem is that when it does not do well, it might deliver wrong answers, override its instructions, and pretty much reinforce the plotlines of every sci-fi horror movie ever made. That is why I was horrified when OpenAI late last month announced changes to make it much easier to give its genAI models full access to any software using Model Context Protocol (MCP).

“We’re adding support for remote MCP servers⁠ in the Responses API, building on the release of MCP support in the Agents SDK⁠,” the company said. “MCP is an open protocol that standardizes how applications provide context to LLMs. By supporting MCP servers in the Responses API, developers will be able to connect our models to tools hosted on any MCP server with just a few lines of code.”

There are a large number of companies that have publicly said they will use MCP, including those with  popular apps such as PayPal, Stripe, Shopify, Square, Slack, QuickBooks, Salesforce and GoogleDrive.

The ability for a genAI large language model (LLM) to coordinate data and actions with all of those apps — and many more —certainly sounds attractive. But it’s dangerous because it allows access to mountains of highly sensitive compliance-relevant data — and a mistaken move could deeply hurt customers. MCP would also allow genAI tools to control those apps, exponentially increasing risks.

If the technology today cannot yet do its job properly and consistently, what level of hallucinogens are needed to justify expanding its power to other apps?

Christofer Hoff, the CTO and CSO at LastPass, took to LinkedIn to appeal to common sense. (OK, if one wanted to appeal to common sense, LinkedIn is probably not the best place to start, but that’s a different story.) 

“I love the enthusiasm,” Hoff wrote. “I think the opportunity for end-to-end workflow automation with a standardized interface is fantastic vs mucking about hardcoding your own. That said, the security Jiminy Cricket occupying my frontal precortex is screaming in terror. The bad guys are absolutely going to love this. Who needs malware when you have MCP? Like TCP/IP, MCP will likely go down as another accidental success. At a recent talk, Anthropic noted that they were very surprised at the uptake. And just like TCP/IP, it suffers from critical deficiencies that will have stuff band-aided atop for years to come.”

Rex Booth, the CISO at identity vendor SailPoint, said the concerns are justified. “If you are connecting your agents to a bunch of highly sensitive data sources, you need to have strong safeguards in place,” he said. 

But as Anthropic itself has noted, genAI models do not always obey their own guardrails

QueryPal CEO Dev Nag sees inevitable data usage problems. 

“You have to specify what files [the model] is allowed to look at and what files it is not allowed to look at and you have to be able to specify that,” Nag said. “And we already know that LLMs don’t do that perfectly. LLMs hallucinate, make incorrect textual assumptions.”

Nag argued that the risk is — or at least should be — already well known to IT decision makers. “It’s the same as the API risk,” Nag said. “If you open up your API to an outside vendor with their own code, it could do anything. MCP is just APIs on steroids. I don’t think you’d want AI to be looking at your core financials and be able to change your accounting.”

The best defense is to not trust the guardrails on either side of the communication, but to give the exclusion instructions to both sides. In an example with the model trying to access Google Docs, Nag said, dual instructions are the only viable approach.

“It should be enforced at both sides, with the Google Doc layer being told that it can’t accept any calls from the LLM,” Nag said. “On the LLM side, it should be told ‘OK, my intentions are to show my work documents, but not my financial documents.’”

Bottom line: the concept of MCP interactiveness is a great one. The likely near-term reality? Not so much.

Kategorie: Hacking & Security

Canalys: Companies limit genAI use due to unclear costs

Computerworld.com [Hacking News] - 16 Červen, 2025 - 21:11

As companies move from testing out generative AI tools and models into real-world use — also known as inference— they’re having trouble predicting what that use will lead to in terms of cloud costs, according to a new report from analyst firm Canalys .

“Unlike training, which is a one-time investment, inference represents a recurring operational cost, making it a crucial constraint on the path to commercializing AI,” said Canalys senior director Rachel Brindley in a statement. “As AI moves from research to large-scale deployment, companies are increasingly focusing on cost-effectiveness in inference, comparing models, cloud platforms, and hardware architectures such as GPUs versus custom accelerators.”

According to Canalys researcher Yi Zhang, many AI services rely on usage-based pricing models that charge per token or API call; that makes it difficult to predict costs when scaling up usage.

“When inference costs are volatile or excessively high, companies are forced to limit usage, reduce model complexity, or restrict implementation to high-value scenarios. As a result, the broader potential of AI remains underutilized,” said Zhang.

Kategorie: Hacking & Security

ASUS Armoury Crate bug lets attackers get Windows admin privileges

Bleeping Computer - 16 Červen, 2025 - 20:08
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. [...]
Kategorie: Hacking & Security

Washington Post's email system hacked, journalists' accounts compromised

Bleeping Computer - 16 Červen, 2025 - 17:08
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. [...]
Kategorie: Hacking & Security

Kali Linux 2025.2 released with 13 new tools, car hacking updates

Bleeping Computer - 16 Červen, 2025 - 16:18
Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. [...]
Kategorie: Hacking & Security

Zoomcar discloses security breach impacting 8.4 million users

Bleeping Computer - 16 Červen, 2025 - 16:13
Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. [...]
Kategorie: Hacking & Security

WWDC: What is Apple Sparse Image Format (ASIF)?

Computerworld.com [Hacking News] - 16 Červen, 2025 - 15:45

Apple stealthily introduced Apple Sparse Image Format (ASIF), a new sparse disk image format for Apple Silicon, at WWDC; among other features, it might also help Macs remain the best PCs on which to run Windows.

That somewhat counter-intuitive claim is because the new format dramatically improves the efficiency with which Apple Silicon Macs run virtual machines (VMs) by boosting read/write performance. ASIF also makes significant improvements to how Macs handle storage for VMs, and is likely to support third-party virtualization tools once it ships.

What is Apple Sparse Image Format (ASIF)?

Set to appear with macOS Tahoe later this year, ASIF lets files transfer more efficiently between hosts or disks, “because their intrinsic structure doesn’t depend on the host file system’s capabilities,” according to Apple’s developer website. “The size the ASIF file takes on the file system is proportional to the actual data stored in the disk image.”

[ Related: Apple WWDC 2025: News and analysis ]

ASIF replaces the currently used format, which occupies the same amount of disk space as the allocated portion of the disk. What this means is that when you allocate 10GB of disk space to a VM you immediately sacrifice 10GB of space, no matter how much data the virtual machine contains; with ASIF, the volume will only occupy as much space as it contains. In other words, you can allocate a large quantity of disk space to enable optimal VM performance but sacrifice only as much actual space as the VM contains. 

“These space-efficient images can be created with the diskutil image command-line tool or the Disk Utility application and are suitable for various uses, including as a backing store for virtual machines storage via the Virtualization framework,” Apple explained.

The company says users should migrate their VM storage images from the existing RAW format to ASIF to benefit from the improved file transfer performance between the host Mac and the disk. 

Faster and highly performant

Eclectic Light was first out the gate with news about Apple’s new tech, publishing a first look alongside test results to show how much faster it is in use than standard sparse imaging technologies it is.

The test results show that ASIF gives Disk images on Apple Silicon devices near-native SSD speeds. That matters whenever you are moving data around, and is particularly important when running Linux or Windows in virtual machines. It means you should experience significant performance benefits, further reinforcing the Mac as the best platform for Windows.

Eclectic Light noted that in some cases an encrypted sparse image (UDSP) stored on the fast SSD of a current Mac might only write files at up to an unimpressive 100 MBps. That report comes with receipts, sharing extensive test data to show that even encrypted ASIF files read and write data far faster than the sparse file formats Macs use today. That’s will mean much more moving forward as on-device encryption becomes even more essential to personal data protection as government mandated back doors are identified and abused.

It’s not just about virtual machines. For general storage, it seems highly probable the new format will also improve the performance of FileVault. That’s because right now encrypted sparse images are used to secure a user’s home directory in FileVault, so better performance and storage management have implications there. (I also speculate that the new format might have implications in how Apple efficiently provides and encrypts future LLM services via Private Cloud Compute.)

Additional WWDC coverage:

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Kategorie: Hacking & Security

Microsoft shares temp fix for Outlook crashes when opening emails

Bleeping Computer - 16 Červen, 2025 - 14:23
Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. [...]
Kategorie: Hacking & Security

Uptime’s AI-in-a-box offers turnkey enterprise-grade AI —without the cloud

Computerworld.com [Hacking News] - 16 Červen, 2025 - 13:57

In a bid to deliver secure, compliant generative AI (genAI) to business teams without the need for a cloud service, Uptime Industries last week unveiled Lemony. It’s a turnkey stackable device that comes preloaded with multiple large language models (LLMs) and can serve up to five users per node, connected directly to a PC or to a LAN with no internet connectivity. As business needs expand, multiple nodes can be connected into a cluster, with automatic failover. Lemony says a four-node cluster can support up to 50 users and comes with six pre-loaded genAI models.

IBM is working with the company to deploy its Granite AI models on Lemony nodes. Other available LLMs include Llama-3.1, Llama-3.2, and Mistral. In addition, JetBrains is integrating its coding models and tools into the Lemony node to allow software developers to leverage its intelligent development features. (For maximum performance, each node contains a neural processing unit (NPU), an AI accelerator cluster and a CPU.)

Other pre-loaded functions include retrieval-augmented generation (RAG), and the ability to create AI assistants to help with tasks such as analyzing documents. 

Data is loaded onto a Lemony node in one of three ways, with only a knowledge graph retained, said Uptime CEO and cofounder Sascha Buehrle. “We are uploading, analyzing, indexing, and deleting the data,” he said. 

Users can also connect to their data via an API, with which the data is indexed, or connectors that integrate directly with business applications.

One early customer, Alexander Göbel, legal tech officer at Niederer Kraft Frey AG in Zurich, Switzerland, called setup quick and easy. “You can be up and running with an on-premises solution within minutes rather than within days/weeks,” Göbel said via email. Transferring documents to the device, where they’re indexed for use via RAG, is done by uploading via the Lemony browser.

 “We are currently working on a SharePoint connector to make the process of uploading even simpler, as the latest version of the node provides for a limited API,” Göbel said.

Because the nodes are not connected to the internet, Lemony updates are provided quarterly via individually keyed encrypted USB keys. Each key will only work with its designated node. The update also resets a secure timer to ensure that the user’s subscription is still valid; if not, the node locks, with data fully encrypted.

Lemony offers a two-week free trial, and Uptime says it already has more than 300 customers in Switzerland, Germany, the UK, and the US. Subscriptions start at $499 per month for a single node accessed by up to five users, billed annually; the setup includes the node, software, apps for Windows and Mac, and technical support. 

Cautious optimism

Analysts found the concept appealing, and were cautiously optimistic about the device itself.

“Uptime is tapping into a real need for any regulated industry,” said Matt Kimball, vice president and  principal analyst for Datacenter Compute & Storage at Moor Insights & Strategy. “And in Europe this is most companies. What we effectively have is a genAI appliance. 

“If I am a CIO or an IT professional at a smaller law firm,” Kimball said, “I immediately see the value in this Lemony platform…. I can see Lemony being attractive at the departmental level [at a larger firm] or for an SMB that values/requires data privacy. And the ability to use AI without the need for IT is super interesting.” 

“The on-prem AI edge is an underserved segment,” said Gartner Vice President Analyst Chirag Dekate. “Most genAI infra[structure] today assumes cloud-first. There is an opportunity for localized solutions, especially if latency, cost, or compliance are concerns. If Uptime provides automated [machine learning] ops, energy optimization, and support for open-source models, it might reduce the complexity barrier enough to attract mid-sized enterprises and public sector clients. Global expansion of AI regulations will make ‘keep your AI local’ more attractive in the next two to three years.”

Wyatt Mayham, lead AI consultant at Northwest AI Consulting, agreed. “We work with clients who refuse to put sensitive data in the cloud, even if it’s Azure + OpenAI, which never touches the public web or trains the models,” he said. “Clients often think they want true on-prem, but actually building an on-prem setup with GPUs, model hosting, orchestration, and RAG infrastructure is expensive, high maintenance, and usually way overkill for what they actually need. 

“This actually looks like a solid middle ground,” Mayham said. “It’s not full-scale enterprise infra, but it gives small teams a path to locally run LLMs, stay compliant, and avoid the cloud.”

“We don’t consider Lemony.ai as a replacement for all cloud-based AI systems,” Göbel said. “For ‘commodity data’ with lower confidentiality requirements, a turnkey cloud solution remains to make sense to us (in this case, access to internet information may be required, too). However, we are dealing with a lot of very sensitive and confidential information for which cloud solutions are not options. As a result, depending on the specific use cases, Lemony.ai and cloud-based solutions work very well in tandem.”

Lemony’s success will be influenced by how it’s positioned in the market, Dekate said. ”Uptime’s Lemony AI strategy will be limited if it’s positioned as a general-purpose AI appliance. But if Uptime focuses on narrow verticals with repeatable workloads — like retail, energy, or industrial monitoring — it may gain traction,” he said.

But there are “fundamental challenges in a packaged AI in a box experience (independent of a vendor): Packaging doesn’t solve talent gaps. Just because it’s in a box doesn’t mean it’s plug-and-play for everyone. AI model management, updates, and troubleshooting are still hard. Without model agility, customers may view it as a closed system, limiting experimentation and extensibility. [And] if Uptime isn’t controlling its hardware supply chain or relies on commodity boards, this may be hard to differentiate long-term.”

Kimball sounded a cautionary note: “I will counter with this one thing: if I were still in IT, I am not sure I would be allowing ‘AI appliances’ to populate my network.  If you thought shadow IT was bad with the cloud — holy moly!”

Kategorie: Hacking & Security

Police seizes Archetyp Market drug marketplace, arrests admin

Bleeping Computer - 16 Červen, 2025 - 13:15
Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020. [...]
Kategorie: Hacking & Security

AI isn’t taking your job; the big threat is a growing skills gap

Computerworld.com [Hacking News] - 16 Červen, 2025 - 12:00

Despite sizeable tech layoffs over the past two years, a tech talent gap persists — especially for those trained on implementing and using generative artificial intelligence (genAI) tools. Consultancy McKinsey & Co. now projects that demand for AI-skilled workers will outpace supply by two-to-four times, a skills gap likely to continue at least until 2027.

That echoes what consultancy Deloitte wrote in a recent report. It found that corporate leaders continue to rate critical talent shortages as one of their greatest fears, even as job-seekers report despair about their hiring prospects. “And yet neither side seems prepared to address it,” Deloitte said in its report.

A ManpowerGroup survey of 40,413 employers in 42 countries found that 74% of employers still struggle to find skilled talent, with only 16% of execs confident in their tech teams and 60% citing the skill gaps as a key barrier to digital strategies. Along the same lines, Bain & Co. found that 44% of corporate leaders say limited in-house expertise has slowed AI adoption, with demand for AI skills rising 21% annually since 2019 and a shortage of talent lasting another two years.

The good news? Pay for AI skills continues to increase, growing 11% a year since 2019, according to Bain & Co. Workers with AI skills such as prompt engineering command a 56% wage premium (up from 25% last year), suggesting the value they bring, according to PricewaterhouseCoopers (PwC).

PwC said its data “does not show job or wage destruction from AI,” it shows growth across AI-exposed roles — even highly automatable ones. AI is boosting expertise, allowing workers to take on higher-level tasks. according to Joe Atkinson, PwC’s Global chief AI officer.

PricewaterhouseCoopers

“AI is at the forefront of corporate transformation, but without the right talent, businesses will struggle to move from ambition to implementation,” Sarah Elk, head of AI research for Bain & Co.’s Americas group, said in a statement. “Executives see the growing AI talent gap as a major roadblock to innovation, limiting businesses’ ability to scale and compete in an AI-driven world.”

While the gap has always been a challenge, gaining experience is harder than ever with AI taking over various work tasks, remote work weakening apprenticeships, and rising job complexity that require broader skills, Deloitte said.

The AI skills gap is driven by the rapid growth of AI technologies and the increasing demand for adoption across industries, according to Kelly Stratman, Ernst & Young’s global ecosystem relationships enablement leader. “Currently, 50% of enterprises with more than 5,000 employees have adopted AI solutions, and even more are considering doing so. At the same time, job postings requesting AI skills increased by 2000% in 2024 alone.”

By 2030, companies are expected to spend $42 billion a year on genAI projects such as chatbots, agents, research, writing, and summarization tools.

Key AI skills in short supply include prompt engineering, programming, and bias handling. Just as vital are soft skills such as adaptability, critical thinking, and emotional intelligence to ensure responsible, ethical AI use, according to Stratman.

PwC’s new AI Jobs Barometer shows demand for AI skills growing, even as the US job market slows. In response, PwC recently launched two AI tools that offer career development through tailored training and an AI coach that adapts to each employee’s goals and projects.

Bain & Co. projects AI job demand could reach up to more than 1.3 million in the US over the next two years, while the number of skilled workers available is on track to hit less than 645,000 — implying the need to reskill up to 700,000 US workers. “Companies navigating this increasingly competitive hiring landscape need to take action now, upskilling existing teams, expanding hiring strategies, and rethinking ways to attract and retain AI talent,” Bain’s Elk wrote.

The first response to the skills gap is to take an honest assessment of your organization and align AI projects with core business goals, “because really, this isn’t just a question of AI readiness, it’s about digital, data and AI readiness,” tech consultancy Thoughtworks wrote in a new report.

The key takeaways from Thoughtworks’ report:

  • Strategic alignment matters: 61% of leaders have a mature tech strategy compared to 19% of late adopters, showing its impact on digital and AI success.
  • Continuous improvement is essential: 93% see room for tech ecosystem improvement; 77% of leaders seek major changes.
  • Tech leadership boosts ROI: 53% of leaders report positive ROI, outpacing all other groups.

Justin Vianello, CEO of US technology talent training firm SkillStorm, said a shortage of qualified talent — especially in cloud, cybersecurity, and AI — is a bigger barrier to hiring than AI automation replacing jobs. Organizations struggle to find candidates with the right skills, certifications, and clearances, Vianello said, referring to shortages for government agencies.

While AI can boost productivity by handling routine tasks, it can’t replace the strategic roles filled by skilled professionals, Vianello said. To avoid those kinds of issues, agencies — just like companies — need to invest in adaptable, mission-ready teams with continuously updated skills in cloud, cyber, and AI.

The technology, he said, should augment – not replace — human teams, automating repetitive tasks while enhancing strategic work.

Success in high-demand tech careers starts with in-demand certifications, real-world experience, and soft skills. Ultimately, high-performing teams are built through agile, continuous training that evolves with the tech, Vianello said.

“We train teams to use AI platforms like Copilot, Claude and ChatGPT to accelerate productivity,” Vianello said. “But we don’t stop at tools; we build ‘human-in-the-loop’ systems where AI augments decision-making and humans maintain oversight. That’s how you scale trust, performance, and ethics in parallel.”

High-performing teams aren’t born with AI expertise; they’re built through continuous, role-specific, forward-looking education, he said, adding that preparing a workforce for AI is not about “chasing” the next hottest skill. “It’s about building a training engine that adapts as fast as technology evolves,” he said.

Kategorie: Hacking & Security

Microsoft: June Windows Server security updates cause DHCP issues

Bleeping Computer - 16 Červen, 2025 - 11:35
Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems. [...]
Kategorie: Hacking & Security

Where AI skills are needed most

Computerworld.com [Hacking News] - 16 Červen, 2025 - 09:30
Navigating the AI talent shortage

The IT layoffs we’ve seen in 2024 and early 2025 are set to continue as companies look to drive efficiencies with AI while bracing for a recession. This wee,k CIO.com reported on company boards pushing CEOs to replace IT workers with AI. It’s compelling reading.  

That’s the bad news for IT professionals. But our readers wanted to understand where the opportunity lies in all this disruption. Many of them asked Smart Answers where the AI skills gap is — and where are the roles going to be. 

The good news is that more than three-quarters of employers say they’re struggling to find the right tech talent, with roles in AI and Machine Learning most prominently cited as gaps. 

Find out: Where is the AI talent shortage most prominent now?  

Why do CISOs quit?

Staying with the challenge of hiring and retaining IT talent, this week, CSO reported that more than half of department heads reporting to CISOs are looking to quit. It’s an irony that only a softening economy is keeping many of them in their jobs.  

But what about the CISOs themselves? Many readers asked Smart Answers why CISOs tend not to stay in their roles for long. Leaning into decades of human reporting, our AI answer service surmises that the issues include high stress levels, personal liability and organizational distance from decision-makers. (Those would make us change jobs, too.)  

Find out: Why is average CISO tenure so short? 

…And why you should stop CISOs quitting

Meanwhile, here’s the problem with all of those CISOs quitting: a good CISO is worth his or her weight in gold — or even more valuable than that. 

This week, CSO published an article in which David Gee argued that good CISOs have highly specialized knowledge that takes significant time and investment to develop for a secure future. So you need to keep them onboard. They are hard to find.  

Why is that? Smart Answers thinks the issue is escalating cyberattacks and the growing sophistication of security threats, including AI-driven attacks, that is driving up demand. More people, with more skills, are required.  

Find out: Why are cybersecurity professionals difficult to hire currently?  

About Smart Answers 

Smart Answers is an AI-based chatbot tool designed to help you discover content, answer questions, and go deep on the topics that matter to you. Each week we send you the three most popular questions asked by our readers, and the answers Smart Answers provides.  

Developed in partnership with Miso.ai, Smart Answers draws only on editorial content from our network of trusted media brands—CIO, Computerworld, CSO, InfoWorld, and Network World—and was trained on questions that a savvy enterprise IT audience would ask. The result is a fast, efficient way for you to get more value from our content. 

Kategorie: Hacking & Security

ChatGPT's AI coder Codex now lets you choose the best solution

Bleeping Computer - 15 Červen, 2025 - 21:59
ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...]
Kategorie: Hacking & Security

ChatGPT Search gets an upgrade as OpenAI takes aim at Google

Bleeping Computer - 15 Červen, 2025 - 17:53
On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance. [...]
Kategorie: Hacking & Security

Over 46,000 Grafana instances exposed to account takeover bug

Bleeping Computer - 15 Červen, 2025 - 16:07
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. [...]
Kategorie: Hacking & Security

WestJet investigates cyberattack disrupting internal systems

Bleeping Computer - 14 Červen, 2025 - 19:34
WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...]
Kategorie: Hacking & Security
Syndikovat obsah