Security is not a point-in-time exercise. It’s a cycle of testing, fixing, and starting over. Organisations that treat it as anything less quickly fall behind.

In the last decade, we’ve seen how offensive security practices such as penetration testing, combined with follow-up patching and mitigation strategies, have significantly strengthened defences. For instance, Active Directory hardening, EDR solutions, and endpoint security have evolved considerably thanks to insights from attack simulations.

Repeated internal testing followed by corrective actions will help reduce misconfigurations, close or reduce privilege gaps, and ultimately shrink the overall attack surface. A positive outcome of defensive maturity is that attackers often now have to spend more effort to execute a successful attack.

Modern Attackers Have an Easy Entry

Many significant attacks in 2025 didn’t rely on basic exploit methods alone to reach their end goal. Multiple techniques, including social engineering, MFA fatigue, misconfigured cloud services, token abuse, and trusted third-party access were also used to enable lateral movement.

For instance, Salesforce suffered a breach related to SalesLoft-Drift SaaS, now considered the largest SaaS supply chain breach in history. ShinyHunters/UNC6395, started with the exploitation of a vulnerability in an integration point between Drift and Salesforce. Once inside, attackers were able to get oAuth tokens and refresh tokens for hundreds of companies globally.

And, an attack against Marks & Spencer was one of a number of attacks on major UK retail outlets. The attack happened when malefactors used social engineering tactics and compromised third-party access to trick the retailer’s service desk employees into resetting their own user ID and password for the company’s internal systems.

As attackers evolve to incorporate varying techniques to reach their end goal, the security industry must continue to do the same.

Real Attackers Don’t Respect Security Silos

Whether mass exploitation or a targeted attack, the bad guys are often patient, taking their time to understand the victim’s environment before trying to break in. Stronger defences have the ability to delay or even thwart these attempts, many of which exist because offensive security exposed where defences were weakest, pointing out how attackers might get in, where their controls could fail, and how small issues together can add up to major risks.

Because offensive security is an ecosystem rather than a single activity, network, cloud, identity, and email attack paths all intersect. If you only test one of these environments in isolation, then you are missing how real attacks happen. A mature offensive security programme reflects this reality by using tooling and expertise to test across environmental and stage-level attacks.

As a result, an organisation’s offensive security suite should consist of a full-scale array of tools and services that help companies conduct proactive assessments of their defensive posture. This is tested using several methods including penetration testing, Red Team engagements, and Adversary Simulation to identify vulnerabilities, verify controls, and enhance an entity’s security posture.

We also now have tools and techniques to simulate AI-assisted attacks, targeted cloud abuse, and advanced phishing scenarios that conventional defences cannot stop. These capabilities extend and augment penetration testing and red teaming by helping teams test situations that were onerous or time-consuming to recreate a few years ago.

Change as the Main Goal of Testing

Offensive security is often misunderstood as purely a vulnerability-finding exercise. In practice, its value lies in context.

Penetration testing and adversary simulation provide real-world evidence of how vulnerabilities can impact a company’s overall resilience by showing whether segmentation can prevent an attacker from moving around the network, whether endpoint controls will slow them down, and whether or not the alerts will get to the right person at the right time. The insights from these tests can directly influence changes to network architectures, configurations for endpoints, and identity strategies.

Testing is only valuable as offensive security though if the results are used to create actionable recommendations that result in actual change. These fixes must, in turn, be tested to ensure they are effective. This very feedback loop converts testing into a resilient process.

A Human – Machine Balance

Today’s adversaries use a combination of automation and human insight. Examples of this include using AI to create phishing content, automated scanning and reconnaissance techniques, as well as scripted methods to exploit vulnerabilities. All of these are coordinated and controlled by a person who can assess and adjust the course if one method fails.

This is why defenders must operate similarly.

Most modern attacks are successful due to human factors. A hasty decision, a missed configuration change, or a patch applied too late. Offensive security has strengthened technical controls to the point that people are now the simplest way into a business.

This means there needs to be a balance between automation and human intelligence. Automation can provide rapid scale and consistency, while human expertise provides intuitive reasoning, creative problem solving, and a level of critical thinking and judgment.

Effective offensive security programmes will always use automation to rapidly evaluate large volumes of data and identify potential vulnerabilities and areas of risk and will use human expertise to analyse and understand the results from these evaluations, examine the edge cases, and see through the eyes of a bad actor.

Closing the Loop

Offensive security doesn’t work on its own. It should be part of the defence-in-depth strategy together with security awareness and detection and response.

Threat intelligence proves priority. Knowing that a vulnerability has been identified is helpful, but realising it’s being exploited changes priority. Training employees limits repeated exposures to common attack vectors, while an automated response facilitates immediate actions when required.

Organisations that use offensive security demonstrate maturity and improve their overall security posture by integrating these solutions into their broader security operations and shifting from being reactive to continuously improving.

So, Is Offensive Security Keeping Pace?

Yes, but again, not all by itself.

Offensive security has matured substantially. Threat actors are using more sophisticated and realistic tactics, tools have improved in capability, and the insights these solutions provide are more actionable than ever.

Properly implemented, it can keep pace with attackers as they hone their craft. There is no silver bullet, so the solutions that gain your trust will be those that can be incorporated into a disciplined process of testing, learning, and adapting.

Offensive security is most effective when used from the outset, as a catalyst that leads to better decision-making, more effective controls, and quicker responses.

The post Is Offensive Security Keeping Up with the Latest Cyber Attacks? appeared first on IT Security Guru.

Filigran has unveiled XTM One, an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data.

The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack surface management and security validation tools, turning that information into meaningful action remains difficult. Security teams are often left moving manually between platforms to understand which threats matter, whether they are exploitable, and what remediation steps should be prioritised.

CTEM has emerged as one of the industry’s preferred frameworks for addressing that problem. Rather than relying on periodic assessments, CTEM aims to create a continuous cycle of discovery, prioritisation, validation and remediation that adapts as threats evolve. Filigran has been positioning its OpenCTI and OpenAEV platforms as key components of that approach, arguing that organisations need to move beyond simply identifying vulnerabilities and focus on understanding which exposures present genuine business risk.

XTM One sits above those platforms as an orchestration layer, coordinating AI agents across the CTEM lifecycle. The company says this allows security teams to automate tasks such as intelligence enrichment, threat reporting, attack scenario generation and remediation planning without constantly switching between tools.

“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, co-founder of Filigran. “XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work.”

The announcement highlights how security vendors are increasingly moving beyond AI assistants and copilots towards more autonomous agent-based systems. Rather than helping analysts complete individual tasks, agentic approaches seek to coordinate entire workflows across multiple products and data sources.

According to Filigran, early users of its broader XTM Platform have achieved up to 70% faster threat detection and response cycles and reduced preparation time for offensive security testing by up to 80%.

Industry analysts suggest this kind of automation may become increasingly necessary as organisations adopt CTEM programmes at scale.

“As the scale of threats outpaces human capacity to respond to alerts, security teams are hitting a wall when they need to optimize remediation to mitigate security risk. The shift toward an agentic AI orchestration layer is needed for CTEM to help security teams scale,” says Melinda Marks, Cybersecurity Practice Director at Omdia. “By leveraging an open-source foundation to automate utilizing needed context for threat intelligence and remediation, Filigran is enabling the speed, transparency, and evidence-based risk reduction required to scale defenses at the pace of the adversary.”

A key aspect of the launch is flexibility around AI deployment. Organisations can use Filigran’s models or bring their own large language models through BYOLLM support, while on-premises deployment options are intended to address data sovereignty requirements in regulated industries and government environments.

The company also believes AI could help address one of the long-standing barriers to threat intelligence adoption: usability.

“The biggest barrier to threat intelligence adoption has always been complexity,” said Jean-Philippe Salles, VP of Product Management at Filigran. “XTM One makes advanced threat management accessible to more teams through natural language interaction. Junior analysts can become productive faster, while experienced practitioners gain automation that removes repetitive work.”

The launch comes as investors increasingly view CTEM and threat exposure management as one of cybersecurity’s next major growth categories, particularly as organisations seek more evidence-based ways to prioritise cyber risk.

“Filigran is redefining how organisations operationalise threat intelligence at scale,” says Karine Peters, Managing Director at T.Capital. “Their AI-native approach to extended threat management, combined with one of the strongest open-source communities in cybersecurity, positions them to lead a category that legacy vendors have struggled to modernise. That conviction is why we invested.”

Whether agentic AI becomes the catalyst that finally makes CTEM achievable for security teams remains to be seen. What is clear is that as threat volumes continue to rise, organisations are increasingly looking for ways to automate the journey from intelligence gathering to validated defensive action, rather than simply collecting more data.

The post Filigran uses AI agents to make CTEM practical for overstretched security teams appeared first on IT Security Guru.

As a society, our reliance on technology has never been greater. From banking and shopping to remote work and healthcare, we have access to information in an instant. As good as technology is at helping us with daily tasks, it also comes with risks.

Cybersecurity is no longer a concern for IT departments in a business. It is a necessity for both businesses and individuals to stay protected online. As our use of technology continues to grow, so too does the sophistication and frequency of cyber threats. From financial fraud and identity theft to large-scale data breaches, the risks are real and becoming more common.

With data breaches and security threats becoming more frequent, sophisticated, and on a larger-scale, building a secure digital defence is a top priority for everyone.

The Rising Tide of Online Threats

Australia faces an unprecedented wave of cyber incidents every day. In the 2024–25 financial year, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) responded to over 1,200 cybersecurity incidents alone. A staggering 11% increase from the previous financial year. With attackers becoming more organised, better funded, and highly strategic in who they target.

Financially motivated attacks (scams) are the number one cyber-attack, with ransomware and cyber extortion now among the most common cyber incidents responded to by security firms. Industries such as financial services, healthcare, and critical infrastructure are becoming prime targets for hackers.

Now, with the rise of artificial intelligence, AI-powered threats are making it a global issue. Phishing emails generated by AI, deepfakes, and attacks that evolve to evade detection are becoming commonplace.

Your Data is the New Currency Online

Data is one of the most valuable assets in the dark corners of the web, where a single click on a malicious link can compromise entire systems. For businesses, this includes customer information, intellectual property, and financial records. For individuals, it’s personal identity, communications, and digital footprints.

A data breach can have serious consequences, and businesses face legal penalties, regulatory scrutiny, and a loss of customer trust that can take years to rebuild, if at all. In Australia, compliance with privacy laws such as the Privacy Act 1988 means businesses have a legal obligation to protect personal information.

For individuals, compromised data can lead to identity theft, unauthorised transactions, and long-term financial harm. The emotional toll should not be underestimated either. Recovering from cybercrime can take a long time to get over.

Cyber Security as a Business Priority

Business leaders must prioritise cyber security and see it as an investment rather than an added cost. An investment in cybersecurity not only protects data and assets but also increases business credibility and customer confidence.

Many modern businesses are using cloud-based systems, remote work environments, and integrated technologies. While these innovations offer incredible flexibility and efficiency, they also introduce new vulnerabilities. Without proper safeguards in place, these systems can become entry points for attackers.

Implementing cybersecurity into company culture is essential. This includes providing regular staff training, setting up strong access controls, and maintaining up-to-date security systems.

A master of cybersecurity offers advanced knowledge and real-world experience. This course gives qualified staff the skills they need to protect digital assets and keep networks secure.

Steps to Stay Safe Online

Both individuals and business owners can take important steps to strengthen their cybersecurity.

For Individuals:

• Enable multi-factor authentication (MFA) everywhere possible and use authenticator apps over SMS for stronger protection
• Keep software and systems updated
• Use strong, unique passwords managed by a password manager, and avoid reusing credentials
• Regularly back up important data and test recovery processes
• Educate family members, particularly the elderly, on recognising phishing, social engineering, and safe online habits
• Implement basic technical controls, such as firewalls, endpoint detection tools, and encryption for sensitive information
• Develop and test an incident response plan so you can react quickly if something goes wrong
• Review privacy settings on social media and be cautious with unsolicited requests for information

For Businesses:

• Conduct regular security audits and risk assessments
• Train employees to recognise and respond to cyber threats
• Implement firewalls, encryption, and endpoint protection
• Develop an incident response plan to minimise damage in the event of a breach

By implementing these steps, and being aware of the risks online, you can significantly reduce your chances of falling victim to a cyber-attack.

The Future of Cyber Security

Cybersecurity is no longer the stuff of science fiction; it is an integral part of modern life. As technology evolves, so too does the frequency and sophistication of cyber threats. While developing technologies like artificial intelligence, the Internet of Things (IoT), and blockchain offer exciting opportunities, they also present new security challenges that individuals and businesses must be prepared to face.

Whether you are running a business or managing your personal online presence, the need for data protection and security systems has never been greater. This makes ongoing education and skill development essential.

Cybersecurity specialists are in high demand, and the industry offers rewarding employment opportunities for those with the necessary skills and qualifications.

The post Building a Digital Fortress: Why Cyber Security Matters More Than Ever appeared first on IT Security Guru.

New research by Mitel has revealed a widening gap between AI adoption and enablement, with limited support and low confidence contributing to the rise of Shadow AI and unapproved AI usage. The State of Workforce Communication report found that while workplace communication is mission-critical, tools are misaligned with how teams execute, forcing employees to quietly compensate at measurable cost to productivity, security and service quality.

The global survey of 2,000 IT decision-makers (ITDMs) and desk and frontline employees across diverse industries, including healthcare, public sector, retail, manufacturing, financial services and hospitality, found that nearly two-thirds (63%) of workers feel pressured to “make it work” with systems that are not designed for their needs. This situation creates friction in productivity and service delivery while increasing operational and financial risks associated with limited control over data custody, performance, and business continuity.

In parallel, 93% of ITDMs consider communication tools integral to everyday business operations, yet only 34% of workers say those tools are highly effective. This highlights a gap between how communication tools are deployed and how employees actually work.

Eric Hanson, CMO at Mitel, said: “Organisations are making significant investments in AI, communication infrastructure, and modernisation. Yet more than half of employees report that these tools fall short at the moments that matter most. The challenge is not a lack of technology, but a lack of alignment with the realities of work. In fast-moving, high-pressure, and increasingly mobile environments, communication must be immediate, reliable and context-appropriate – or it risks breaking down precisely when it is needed most.”

While 93% of IT leaders consider communication tools strategically critical, Mitel’s report highlights the complexity of delivering consistent, effective communication across a distributed, mobile, and frontline-driven workforce. 89% of IT leaders acknowledge that some parts of the workforce are better served by communication tools than others. This points to a gap between intention and reality that is reflected in the day-to-day experience of desk and frontline workers. Over six in ten (63%) feel pressured to “make it work” when communication systems are not designed for their needs, reaching 71% for frontline workers.

The research found that teams are relying on an average of seven disconnected tools to complete even routine tasks, potentially leading to ‘tool overload’ and fatigue. 
Over half of workers say they waste time switching between communication tools and half of frontline workers feel increased pressure during busy or critical moments.

These inefficiencies extend beyond internal workflows, directly affecting service delivery, operational consistency, and, in some cases, safety. The burden is highest for frontline workers, where communication failures carry greater consequences. 54% of these workers report delays in completing tasks or responding to situations, 46% say that it impacts quality of service, and 35% even report that it creates safety risks for customers, patients, or staff.

These workarounds also introduce significant security risks to organisations. The report reveals that when faced with communication issues, workers are finding their own ways to keep work moving. Over three-quarters (76%) use non-approved communication channels for work-related purposes, increasing risks such as data exposure, compliance breaches, cybersecurity threats and a loss of visibility and control, according to 90% of ITDMs. This behaviour is even more pronounced among frontline workers, who are over twice as likely to use non-approved tools often to respond to their customers and patients quickly and effectively when sanctioned tools fall short.

While business leaders are prioritising AI investments to improve efficiency and modernise operations, adoption across the workforce remains uneven, and many workers feel unsupported. The report highlights that 52% of workers regularly use AI tools, but only 33% feel very comfortable using them in their day-to-day work. At the same time, 66% consider their organisation does not adequately support AI use, introducing a new emerging risk: Shadow AI.

It is evidenced by the fact that half of workers turn to non-approved AI tools, outpacing their organisations as they move to drive functional productivity and operational velocity. In the meantime, IT leaders indicate growing concerns around incorrect or misleading outputs (76%), whether AI use meets regulatory or compliance requirements (75%), and how data is stored, used and protected (75%).

As Sam Soares, CRO of CultureAI, previously told the Guru: “One of the biggest risks facing organisations today is the use of undocumented or unapproved AI tools – or shadow AI – operating on company networks or using company data. These tools are used by employees without organisational oversight, introducing significant security, compliance and operational risks. As the number of AI apps proliferates, it’s an increasingly common occurrence.”

AI is not yet delivering consistent value for the workforce, and managing its pace and risks remains a shared challenge for both IT leaders and workers. Clear guidance, integration, and alignment with existing workflows are needed to reduce complexity and risk rather than add to them.

Messaging platforms remain the preferred choice for everyday collaboration, but voice becomes the most trusted and effective channel in urgent or high-stakes situations, across generations.

Nearly eight in ten workers (79%) rely on voice communication when rapid action and immediate alignment are required, highlighting the enduring value of real-time human interaction in critical moments. The trend is particularly pronounced among healthcare professionals, where communication speed can directly influence operational outcomes and patient care, with 56% adopting a voice-first approach during urgent situations. However, this can create issues as deepfakes and productivity platform based attacks arise.

To address these challenges and close the gap between investment and employee experience, organisations must reconcile two priorities: offering employees the flexibility to choose the communication tools and channels best suited to each situation while ensuring strong standards for security and compliance.

In this context, hybrid infrastructure became the operating reality: 87% of ITDMs already rely on it for their communication tools and 93% confirm that it provides the flexibility and control needed, without unmanageable complexities. This model allows organisations to modernise communication systems while maintaining oversight and stability across increasingly complex environments.

“While there is broad alignment between IT leaders and employees on the need to evolve workforce communication, this research underscores how far most organisations remain from achieving that objective. They must address foundational challenges while navigating increasing technical complexity, heightened security requirements and ongoing modernisation efforts. These dynamics highlight the need for more practical, user-centred approaches, particularly solutions that are seamlessly integrated into everyday workflows across roles and work environments to ultimately drive performance and business outcomes,” said Luiz Domingos, CTO of Mitel.

The post Frontline Workers Twice as Likely to Use Unapproved AI appeared first on IT Security Guru.

With Infosecurity Europe kicking off tomorrow, many of us will be fine tuning our schedules and prepping for the festivities to kick off. The Gurus have been busy collecting a selection of unmissable events to help you plan your trip and ensure you get the most out of your visit. 

Here’s a selection of ones we think you’ll enjoy:

Tuesday Talks

Joanna Mendez, Former CIA Chief of Disguise and author 

The Deception Playbook: Inside the Mind of a CIA Spy

Keynote Stage 

Tuesday, 2nd June @ 10:10 – 10:50 

This keynote explores how the principles of espionage, deception and psychological manipulation underpin many of today’s most effective cyber-attacks. Drawing on her experience as the CIA’s former Chief of Disguise, Jonna Mendez shares compelling real-world lessons on trust, influence and human vulnerability, offering security leaders a fresh perspective on social engineering risks and organisational resilience.

 

Darren Guccione, CEO and Co-Founder, Keeper Security: 

Super-Identities at Machine Speed: Securing the Rise of AI Agents

Cyber Strategies Stage 

Tuesday, 2nd June @10:00 – 10:25

This session explores the growing security risks posed by AI agents as they become increasingly autonomous within enterprise environments. You’ll learn why traditional identity and access controls are no longer sufficient, and gain practical guidance on securing AI agents through least-privilege access, continuous monitoring and governance frameworks that support emerging UK and EU regulations.

 

Nico Hulkenberg, F1 Driver, Audi Revolut F1 Team and Lisa Forte, Partner at Red Goat Cyber Security 

In the Driver’s Seat with Nico Hulkenberg 

Keynote Stage 

12:25-12:45

With around 250 Grand Prix races in his career, Nico Hülkenberg is one of the most experienced drivers in the industry. In cyber security we often draw parallels with the Formula 1 world, as both operate with speed, data, risk and teamwork at extremely high stakes. Join Lisa Forte and Nico as they take to the stage, for this racy unmissable conversation.

 

Mayur Upadhyaya, CEO and Co-founder, APIContext:

Resilience at Machine Speed 

Resilience and Cyber Risk Theatre

Tuesday, 2nd June @ 12:45 – 13:15

This session examines how organisations can improve resilience in increasingly automated, machine-to-machine environments where service failures are often difficult to detect. You’ll learn how to identify modern monitoring blind spots across APIs and third-party services, and how continuous external verification can help spot issues early before they affect customers or business operations. 

 

Matthew Brady, Black Duck: 

Reporting Active Exploits in 24 Hours: Are You Ready for the CRA?

Resilience and Cyber Risk Theatre

Tuesday, 2nd June @ 15:00 – 15:30

This session focuses on how organisations can prepare their vulnerability management and AppSec processes for the Cyber Resilience Act’s strict reporting requirements. Attendees will gain practical insights into the operational, technical and workflow changes needed to detect, verify and report actively exploited vulnerabilities quickly, while improving cross-team collaboration, automation and compliance readiness.

 

Tim Ward, CEO and Co-founder, Redflags, and Daniela Waugh, Head of Information Security, S&W Group:

Intelligent Behaviour Change in the Age of AI

Case Studies Stage

Tuesday, 2nd June @ 14:15 – 14:45

This case study session explores how organisations can drive meaningful, long-term security behaviour change by understanding and influencing how people make decisions in the workplace. You’ll learn practical approaches to reducing human risk, fostering a stronger security culture, and using insights from employee interactions with AI tools to identify emerging risks and shape effective governance strategies.

 

Filigran and Centrica Plc 

From Scattered Insights to Actionable Intelligence: Breaking Team Silos and Turning Indicator Noise to Signal Using AI

Case Studies Stage 

Tuesday, 2nd June @14:40 – 15:05 

This session explores how organisations can make cyber threat intelligence more effective by breaking down security silos and improving the quality of threat data. Through a real-world case study from Centrica, you’ll learn how AI-enhanced intelligence workflows and automated feedback mechanisms can help prioritise threats more effectively, reduce noise, and create a more proactive, intelligence-led security operation.

 

Wednesday Talks

Meera Tamboli, DFIR Analyst at AVEVA

What 500+ Mentoring Calls Taught Me About Confidence in Cybersecurity

Community@Infosec

Wednesday 3rd June, 10:00 – 10:30

This session explores the personal and professional challenges many people face when building a career in cybersecurity, including imposter syndrome, burnout and fear of failure. Through insights gained from mentoring hundreds of cyber professionals, attendees will learn why community, authenticity and support are critical to building confidence, resilience and long-term success in the industry. 

 

Rik Ferguson, Vice President Security Intelligence, Forescout

“Quantum is still far off, we can wait – can’t we?”

Keynote Stage

Wednesday, 3rd June 2026  @ 11:00 – 11:45

This session explains why post-quantum cryptography (PQC) is a migration challenge that organisations need to address today, rather than a future problem to worry about when quantum computers arrive. You’ll learn how long technology refresh cycles can create hidden risks, what steps should be taken now to avoid crypto-agility issues, and how leading industries are preparing for the transition to quantum-safe security.

 

The Cyber Agony Aunts 

The Resiliency Quad: Integrated Framework for Sustaining Human Performance

Community@Infosec

Wednesday, 3rd June @ 13:30 – 14:00

This session introduces the Resiliency Quad, a framework for building sustainable performance through a balanced approach to physical, emotional, technological and developmental resilience. Attendees will gain practical insights into how strengthening these interconnected areas can improve wellbeing, adaptability and long-term effectiveness in both personal and professional settings.

 

Women in Cyber 10 Year Celebrations! 

This year Infosec marks a decade of the Women in Cybersecurity programme with sessions designed to inspire, empower and drive real change. The sessions will explore how women are redefining success in their cybersecurity careers and what’s shifted over the past 10 years. They’ll also highlight how allyship and diverse teams now play a crucial role in strengthening cyber operations. With practical insights, forward looking discussion and a special keynote speaker, this milestone year offers a powerful look at how far the industry has come and what’s next.

 

Cyber Fest 2025 Cyber House Party (Sold Out) | The Fox, Excel | 3rd June | 17:30 – 23:30pm

Cyber House Party is the industry’s biggest fundraising bash, plus you get to hear colleagues, peers, connections show off their DJing skills. Always a blast! AND they’re raising money for the NSPCC. 

 

Thursday Talks

Yemurai Rabvukwa, Senior Cybersecurity Associate and Cyber Careers Influencer, Individual Contributor

Navigating the Imposter Monster as a Cyber Professional

Community@Infosec

Thursday, 4th June 2026 @ 10:00 – 10:30

This keynote explores how cybersecurity professionals can overcome self-doubt by reframing imposter syndrome as the Imposter Monster. Attendees will learn a practical framework for building confidence, managing uncertainty and developing a healthier mindset for personal and professional growth.

 

Peter Coroneos, Founder of Cybermindz 

Human Capability Risk in Cybersecurity: When Defender Burnout Becomes a Control Opportunity

Keynote Stage

Thursday, 4th June 2026 @ 11:00 – 11:35

This session explores the often-overlooked link between human performance and cyber resilience, highlighting how stress, burnout, poor sleep and uncertainty can directly affect the effectiveness of security operations. Attendees will learn how to treat workforce wellbeing as an operational risk factor, using measurable performance data and governance frameworks to strengthen decision-making, improve resilience and maintain the long-term effectiveness of cyber defence teams. 

 

Mo Patel / Phil McGowan, Huntress:

Ditch the Hype on Zero Trust: Take Practical and Actionable Steps to Improve Your Security Posture Today

Deep Dive Stage

Thursday, 4th June 2026 @ 12:30 – 13:15

This session cuts through the hype around Zero Trust, explaining why it is a security strategy rather than a product. You’ll gain a clearer understanding of the core principles behind Zero Trust, how they address modern security challenges, and what organisations should focus on when building a practical Zero Trust architecture based on continuous verification and least-privilege access. 

 

Nasser Arif, Cybersecurity Manager at NHS 

Life Outside of Cyber 

Community@Infosec

Thursday, 4th June 2026 @ 13:30 – 14:00

This session shares the career journey and insights of an award-winning NHS Cyber Security Manager who progressed from volunteer to leading security across multiple NHS Trusts. Attendees will gain perspectives on building positive security cultures, making cybersecurity more accessible and inclusive, and balancing technical expertise with the human side of security. 

 

That’s our take on the hottest line up at Infosec this year, if you do see us at any of the above, say hello!

 

 

The post IT Security Guru picks for Infosecurity Europe 2026 appeared first on IT Security Guru.

The rapid adoption of AI coding assistants is creating a new governance challenge for enterprise security teams, according to research released by Salt Security, which found that nine in ten security leaders are concerned about the security risks associated with AI-generated code. The research, AI Coding Assistants and the New Security Challenge, surveyed 100 IT security leaders across the UK and US and highlights the growing tension between software development speed and security oversight.

According to the study, 67% of organisations now report widespread adoption of AI coding assistants across development teams, reflecting how deeply AI has become embedded in modern software engineering practices. However, governance frameworks have struggled to keep pace. While organisations increasingly rely on AI to accelerate development, 38% still depend primarily on manual reviews to assess AI-generated code, a process many security leaders believe is becoming unsustainable.

Among respondents, 29% identified insecure coding patterns as the biggest risk introduced by AI assistants, while 15% cited concerns about generated code failing to align with internal security policies.

The findings mirror wider industry concerns about the quality and security of machine-generated software. According to figures cited by Salt Security, AI coding assistants now generate nearly half of all code written on platforms such as GitHub, while independent research has found that a significant proportion of AI-generated code contains known vulnerabilities.

“AI coding assistants are fundamentally changing how software is built, but governance has not kept pace,” said Roey Eliyahu, CEO and co-founder of Salt Security.

“Most organisations recognise the risks, but many are still trying to manage AI-generated code using security processes designed for a pre-AI world. That approach does not scale. Security leaders need visibility, consistency and embedded governance across the AI-assisted development lifecycle before code volumes become unmanageable.”

The research also revealed that larger enterprises face greater operational complexity as AI adoption grows. Organisations with more than 500 employees were significantly more likely to report challenges around governance consistency, developer overreliance on AI-generated outputs and policy enforcement across distributed development teams.

The findings coincide with the launch of Salt Code, a new addition to the company’s Agentic Security Platform designed to enforce security policies directly within AI coding assistants such as Claude Code, GitHub Copilot, Cursor, Gemini CLI and Codex. Salt Code is designed to move security controls earlier in the software development lifecycle. Rather than relying solely on traditional security testing tools after code has been written, Salt Code applies organisational security policies during code generation itself.

At the heart of the platform is Salt’s Posture Governance Engine, which allows organisations to define security and compliance requirements once and enforce them consistently across code creation, deployment and runtime environments. The platform includes pre-built policy packs covering frameworks such as the OWASP API Top 10, MCP Security Top 10, LLM Security Top 10 and OpenAPI/Swagger compliance.

According to Salt Security, the approach is intended to address what it describes as “security drift”, or the gradual divergence between organisational policies and actual development practices that can occur as AI-generated code volumes increase.

“AI is writing code faster than organisations can govern it, whether that AI is Claude, Gemini, Copilot, or the next tool a developer downloads tomorrow,” Eliyahu said.

“For the first time, security policy travels with the code itself, from the first prompt through every stage of the pipeline and into runtime. Organisations no longer have to choose between the speed AI enables and the security their business requires.”

Industry analysts have argued that governance will become increasingly important as AI-generated code forms a growing share of enterprise software. Salt’s research suggests that organisations are already recognising the challenge, with security leaders expressing concerns that manual review processes are struggling to scale alongside AI-assisted development.

“I regularly point organisations toward Salt because the full Agentic Security Graph is genuinely differentiating. Salt Code is the piece that ties it together,” said Christopher M. Steffen, CISSP, CISA, CCZ, VP of Research, Information Security, Risk and Compliance Management, Enterprise Management Associates. “With code-level context layered onto runtime behaviour, Salt is building a multi-dimensional defence for agentic systems rather than another single-point tool. That is the direction this market needs to move.”

The company is encouraging organisations to focus on improving visibility into AI-generated code, reducing dependence on manual review, standardising secure development practices and treating AI coding assistants as part of the wider software supply chain.

As enterprises continue to embrace AI-assisted development, the findings suggest that the next phase of adoption may be defined less by productivity gains and more by how effectively organisations can govern and secure the code these systems produce.

The post Nine in Ten Security Leaders Concerned About AI-Generated Code Risks as Salt Security Launches New Governance Tool appeared first on IT Security Guru.

Acumen Cyber has announced a strategic partnership with AttackIQ to help organizations continuously validate their cyber defenses against real-world threats and reduce exposure to modern attacks.

The partnership combines Acumen Cyber’s engineering-led security operations expertise with AttackIQ’s Continuous Threat Exposure Management (CTEM) platform. Together, the companies aim to help organizations identify exploitable attack paths, validate security controls, and prioritize remediation efforts based on actual risk rather than theoretical vulnerabilities.

Moving beyond traditional vulnerability management

As cybercriminals increasingly leverage artificial intelligence and automation, organizations are struggling to keep pace with the growing volume of vulnerabilities and security alerts.

According to Acumen Cyber and AttackIQ, traditional approaches centered on vulnerability counts, severity ratings, and periodic assessments are no longer enough. Security teams need continuous visibility into how attackers could move through their environments and whether existing controls are capable of stopping them.

The partnership is designed to help organizations continuously test defensive effectiveness, validate security investments, and focus resources on the attack paths that present the greatest risk.

Carl Wright, Chief Commercial Officer at AttackIQ, said many organizations are overwhelmed by security findings but still lack clarity about where they are truly vulnerable.

“Threat Debt changes the conversation from managing lists of vulnerabilities to understanding and reducing accumulated adversary opportunity,” Wright said.

Continuous validation becomes a priority

As part of the partnership, Acumen Cyber’s engineers will emulate real-world adversary techniques mapped to frameworks such as MITRE ATT&CK. This will allow organizations to test whether their preventive and detective controls can successfully stop modern attack methods.

The companies say the approach helps uncover where vulnerabilities, identity exposures, misconfigurations, and control gaps combine to create viable attack paths to critical assets.

Mark Robertson, CEO of Acumen Cyber, said organizations need to focus less on activity metrics and more on measurable security outcomes.

“Most organizations still operate security programs built around activity metrics instead of validated outcomes,” Robertson said. “The reality is that adversaries exploit paths, not isolated findings.”

He added that the partnership will enable customers to continuously identify attacker opportunities and systematically reduce what AttackIQ calls “Threat Debt” before those weaknesses can be exploited.

Measuring exposure through Threat Debt

A key component of the partnership is the AttackIQ Threat Debt Index, which provides organizations with a framework for measuring accumulated adversary opportunity across their environments.

The index is designed to track how attack paths change over time, identify where new exposure has emerged, and show where security controls are successfully reducing risk. This gives organizations a way to measure cyber resilience based on validated outcomes rather than simply reporting on security activities.

As organizations continue to face increasingly sophisticated cyber threats, Acumen Cyber and AttackIQ believe continuous validation and threat-informed defense will play a growing role in helping security teams stay ahead of attackers.

The post Acumen Cyber and AttackIQ Partner to Strengthen Cyber Defense Validation appeared first on IT Security Guru.

Check Point Software has launched Agentic Exposure Validation (AEV), a new AI-driven capability within its Exposure Management platform that uses autonomous agents to reason like attackers and provide security teams with hard evidence of what is genuinely exploitable in their environment, before adversaries can act on it.

The launch comes as the threat landscape undergoes a fundamental shift. Frontier AI models are now capable of autonomously identifying and weaponising vulnerabilities at machine speed, compressing the mean time from CVE disclosure to confirmed exploitation from 2.3 years in 2018 to roughly 10 hours in 2026. At the same time, 72.7% of exploited CVEs in 2026 are hitting as zero-days, up from just 16.1% eight years ago.

Beyond Severity Scores

Traditional vulnerability management has long relied on static severity scores, leaving security teams to sift through thousands of flagged issues without knowing which represent a real, reachable risk. AEV takes a materially different approach: rather than assigning a score and moving on, it deploys AI agents that work through each potential exposure using logic that mirrors attacker reasoning.

The agents correlate exposure data with asset context, live threat intelligence, existing control coverage, and known exploit research to determine whether a path to compromise actually exists. When a route is blocked by an existing control, AEV pivots to an alternative attack path. If no viable path exists, the threat is discarded. If exploitation is feasible, the system produces direct evidence, giving security teams the confidence to prioritise and act.

Early customer engagements have already shown the capability of generating novel exploits for dozens of vulnerabilities that had no previously published exploit code, illustrating the analytical depth of the agents.

Closing the AI Arms Race Gap

Yochai Corem, General Manager of Exposure Management at Check Point, said the product addresses a problem that has become existential for enterprise security teams: “The era of autonomous, AI-driven exploitation is here. Frontier AI models are attacking critical vulnerabilities at scale, without human steering. Security teams are already inundated and cannot effectively address that emerging threat.”

Corem added that AEV is designed to put defenders on equal footing: “Agentic Exposure Validation is our answer: AI agents that reason like attackers reviewing your organisation’s digital surface from the outside with our unique threat intelligence context, and prove what is actually exploitable, providing security teams the evidence and the remediation to act smartly and effectively before attackers do.”

A Critical Piece of CTEM

Check Point positions AEV as a validation layer within Continuous Threat Exposure Management (CTEM) programmes, moving organisations from discovery and prioritisation into evidence-based exposure reduction. The validation step has historically been manual, slow, and resource-intensive. AEV’s safe proving loop, analysing assets and CVEs, enriching findings with live Check Point threat intelligence, verifying whether existing controls already block the path, and building targeted validation without disruptive techniques, is designed to make that step autonomous and continuous.

Agentic Exposure Validation is available now as part of Check Point Exposure Management. Organisations can request a complimentary AEV scan to see what an agentic attacker would uncover on their external attack surface.

The post Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level appeared first on IT Security Guru.

Swiss privacy company Proton has rolled out a significant update to Proton Mail that allows users to connect their Gmail accounts directly to the platform. The feature, announced on 28 May 2026, enables Gmail messages to be imported into Proton Mail and allows users to send and receive emails from their Gmail address, all without toggling between separate inboxes.

The integration is aimed at users looking to transition away from Google’s ecosystem but who face the practical challenge of updating contacts and switching services one by one. Rather than forcing an abrupt departure, Proton is offering a bridge: a managed migration path where Gmail activity is gradually absorbed into Proton Mail.

What the Feature Does, and What It Does Not

When a user activates the Gmail connection via Proton’s Easy Switch tool, their most recent Gmail messages are imported into Proton Mail. Going forward, new emails arriving in Gmail will continue to appear automatically in the Proton inbox. Crucially, Proton says the connection is strictly one-directional in terms of access: connecting Gmail does not grant Google any visibility into the user’s Proton Mail inbox.

From a security standpoint, this is a meaningful distinction. Proton positions the feature as a transitional tool rather than a permanent hybrid solution. The company acknowledges that Google continues to read emails received by a Gmail account, including any sensitive communications. The feature is designed to shrink that exposure over time, not eliminate it overnight.

Privacy Protections Applied to Gmail Traffic

Proton says it applies its standard email protections to Gmail content viewed through the Proton Mail interface. That includes tracker removal, ad stripping, and spam filtering. Unlike Gmail, which the company describes as fundamentally built around advertising, Proton does not scan email content, build advertising profiles, or use user data for AI training purposes.

Proton also highlights an encryption benefit: when both parties in a conversation use Proton Mail, messages exchanged between connected Gmail addresses become end-to-end encrypted, meaning Google cannot read those communications. This incentivises users to encourage their contacts to make the same switch.

A Gradual Exit Strategy from Big Tech

Proton is explicit that the feature is not a long-term solution. The company frames it as part of a broader, gradual transition away from Google, designed to make the process manageable. The recommended approach is for users to update all their important accounts to their Proton address, after which Gmail receives only low-priority mail. Users can then disconnect Gmail entirely from Proton Mail and, if they choose, delete their Google account altogether.

The feature is rolling out gradually, meaning not all users will see it immediately. Setup is straightforward: users open the Easy Switch section in their Proton Mail settings and connect their Gmail account. In addition to Gmail, Proton supports email imports from Outlook, Yahoo, and Apple Mail via the same Easy Switch tool or a standalone import utility.

Wider Context: Google’s Data Practices Under Scrutiny

The launch arrives against a backdrop of sustained criticism of Google’s data harvesting practices. Google uses Gmail activity, including which emails are opened and interacted with, to build user profiles that feed its advertising ecosystem. The company also uses approximate location data derived from email activity to personalise ads. By routing Gmail through Proton’s interface rather than Google’s own apps, users can reduce their exposure to this data collection, even while maintaining their Gmail address.

For IT and security teams advising organisations or individuals on reducing Big Tech data exposure, Proton’s new approach represents a pragmatic middle ground: it acknowledges that cold-turkey Gmail abandonment is impractical for many users and provides a structured, privacy-improving alternative.

The post Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox appeared first on IT Security Guru.

Evolution of AI Phishing

As with most cyber threats, AI has created a fundamental shift in the phishing threat landscape. It has become a precision operation powered by AI systems that research, build, deliver, and adapt campaigns autonomously. AI acts as a force multiplier: it scales targeted techniques that previously required experience and time, while simultaneously lowering the barrier to entry once again. To understand the scope of this shift, consider that AI can now generate a convincing spear-phishing email, without obvious grammatical errors and in many languages, in under 5 minutes. This article maps the technical shifts driving this new era, from vibe-coded criminal infrastructure and AitM authentication attacks to 24/7 autonomous agents and AI-powered interactive scams.

Vibe Coding and Asian PhaaS

“Vibe coding” – the practice of prompting LLMs with natural language to generate functional code without writing a single line manually – has drastically boosted the Phishing-as-a-Service ecosystem. Threat actors now describe desired functionality, like for example “build a reverse proxy that strips CSP headers and logs POST bodies”, and iterate on output until operational. This has turbocharged the PhaaS market, particularly within the Asian threat actor ecosystems where subscription model platforms like Darcula and Lucid have gained a lot of popularity.

Operators use LLMs to rapidly build and test modular kits, credential harvesters, OTP relay panels, and bulletproof hosting deployment scripts, all generated and refined through conversational prompting. Phishing kits can now even automatically check against commercial email security solutions before deployment, and LLMs then iterate the obfuscation layer until the evasion score meets a threshold. All with minimal expertise from buyers. 

Of course cyber criminal already had access to rent fully managed campaign infrastructure before, complete with analytics dashboards, victim management, and Telegram bot alerts for real-time credential notifications, the eco system is now just growing even faster.

Modern MFA Defeat Mechanisms

The adaption of Multi Factor Authentication (MFA) has started a slow shift away from simple password stealing phishing websites. Attacker-in-the-Middle frameworks like Evilginx & Co. remain popular to neutralize MFA. They operate as reverse proxies that sit between the victim’s browser and the legitimate service, transparently relaying traffic while intercepting session cookies and JWTs in real time. A more recent escalation is the weaponization of the OAuth2 device authorization grant flow against Microsoft Entra ID and M365 environments – so-called Device Code phishing. In a Device Code attack, the threat actor initiates a legitimate authentication flow, generating a device code, then socially engineers the victim into entering it at microsoft.com. The victim authenticates normally. No malicious link is clicked, no credential is typed into a fake page – the entire interaction happens on legitimate Microsoft infrastructure, rendering URL reputation tools blind. The use of residential proxies and ORB networks makes it hard to reply on IP reputation alone for conditional access policies. The window between token theft and first malicious action has collapsed from hours to seconds – all through automation scripts.

In May 2026, Google’s Threat Intelligence Group (GTIG) reported the first case of a cybercriminal using an AI-generated zero-day in the wild. The exploit was a bypass for a 2FA system used by various companies. This demonstrates that MFA, and even phishing-resistant methods such as passkeys, will face more pressure from AI-powered vulnerability research if their implementation is flawed.

24/7 Agentic Campaign Automation

The operational model has shifted from campaigns run by humans to campaigns run for humans by autonomous agents operating continuously. The reconnaissance phase is now fully automated: agents scrape LinkedIn for organizational hierarchy, cross-reference data broker records, and query breach dumps to build rich target profiles. This context is fed into an LLM that generates unique, persona-aware email lures – a CFO receives a lure referencing her CFO peer by name, a specific pending acquisition, and a plausible internal process. Traditional signature-based Email security gateways see clean, unique text with no pattern to match.

These agents also handle the entire infrastructure lifecycle. Domain registration, DNS configuration, TLS certificate provisioning, and continuous proxy rotation are orchestrated automatically, with domains being spun up and burned on a cycle that outpaces most threat intelligence feeds. Critically, modern agentic systems maintain persistent memory across victim interactions: if an initial lure goes unclicked, the agent notes the failure, adjusts the pretext, and schedules a follow-up via a different vector – SMS, Teams, calendar invite, or LinkedIn message – referencing prior interactions to build false familiarity. The campaign never sleeps, never forgets, and never gets frustrated.

Multi-Channel and Cross-Vector Chains

Email-based phishing is still the most common attack vector, but depending on the target we have seen an increase in multi-vector delivery. Agentic architectures can coordinate attacks across channels within a single campaign. A target profiled via LinkedIn is first primed with a text message to their mobile phone or a vishing call using a cloned voice of their IT helpdesk. That call references a “security incident” and tells the target to expect an email. Alternatively, the attackers execute a subscription bombing attack, flooding the inbox with legitimate newsletters to create an IT incident.

Minutes later, the phishing email arrives – and because the target was primed, it feels more legitimate. The AI orchestrates timing, channel selection, and persona consistency across email, voice, and SMS, creating a social engineering chain that is qualitatively harder to recognize as an attack than any single-vector lure.

Full deepfake multi-persona video calls are still rare, but probably because other methods remain successful. A 10-second voice sample scraped from a public earnings call or conference recording is sufficient to clone a CEO’s voice for a fraudulent wire transfer authorization call. The asymmetry matters: one successful deepfake BEC attack generating a $25M fraudulent transfer more than justifies the investment, which is why the technique’s rarity should not be confused with low risk. From a technology standpoint, attackers have long learned how to create convincing attacks that require video authenticity tools like Pindrop & Co. to detect.

Interactive Scams and Dynamic LLMs

Once a victim engages – replies to an email, fills a form, or initiates a chat – a second AI system activates. Victim replies are routed via API into an LLM configured with a detailed persona and objective. The model reads prior conversation history, parses the victim’s emotional state and objections, and generates contextual, persuasive responses in real time. For advance-fee fraud and romance scam operations, this means a single threat actor can maintain simultaneous “relationships” with hundreds of victims indefinitely, with each conversation feeling personal and continuous.

The financial ROI is striking. What previously required a team of human operators running shifts is replaced by an API call costing fractions of a cent per response. The model never breaks character, never makes timezone errors, and never gets impatient, consistent failure modes that human operators exhibit and that trained victims sometimes catch.

Evasion and Living Off the Land

Defenders have adapted to detect malicious infrastructure – so attackers increasingly operate from trusted infrastructure. Hosting on hyperscalers, hiding behind Cloudflare’s anti-bot Turnstile protection, or even abusing new agentic AI email services. Google Drawings, SharePoint, Canva, and QR codes are abused to host redirect chains that pass URL reputation checks because the initial link is genuinely legitimate. Calendar invite phishing exploits auto-add behavior in Google Calendar to plant lures that arrive outside the classic email flow entirely.

Weaponizing Offensive AI Research and the Defender Gap

With the number of AI systems deployed in production growing, we expect phishing will soon exploit these attack surfaces as well. Prompt injection, context manipulation, and tool-call hijacking can all be used by cybercriminals to achieve their goal of sending emails and having users follow malicious links. For example, a prompt injection targeting enterprise AI assistants via a malicious document or email containing hidden instructions can manipulate a victim’s Copilot or email summarizer into suppressing security warnings, exfiltrating content, or generating deceptive summaries of legitimate alerts.

Defenders are not keeping pace. Most CISOs don’t even know how well their current email security stack blocks modern attacks, and purely hope that user awareness training prevents an impact. That blind spot is growing rapidly.

Attackers now operate at machine speed across identity, email, and endpoint simultaneously – but most SOC detection pipelines still process these as siloed signals. Closing the gap requires deploying AI detection systems with the same cross-channel memory and correlation capabilities that attackers already exploit. The organizations that will survive this shift are those that recognize the threat is no longer a human criminal using AI as a tool – it is an autonomous system running a persistent, adaptive campaign. Against that, purely human-speed defense is no longer enough.

The post The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations appeared first on IT Security Guru.