%term

Analyzing llama.cpp Servers for Prompt Leaks

Apr 11, 2025 By Greg Pollock In UpGuard

The proliferation of AI has rapidly introduced many new software technologies, each with its own potential misconfigurations that can compromise information security. Thus the mission of UpGuard Research: discover the vectors particular to a new technology and measure its cyber risk. This investigation looks at llama.cpp, an open-source framework for using large language models (LLMs).

Read Post

UpGuard

Read more about Analyzing llama.cpp Servers for Prompt Leaks

CISOs: The Perfect SCORE With Your Board

Apr 11, 2025 By SecurityScorecard In SecurityScorecard

You’ve done the work—mapped the risks, built the roadmap, secured the right tools. But when it’s time to face the board, the conversation stalls. Not because you’re wrong. Because you’re speaking a different language. Boards don’t operate in threat models and tech stacks. They operate in risk, revenue, and accountability. And if you want their support, you need to meet them there.

Read Post

SecurityScorecard

Read more about CISOs: The Perfect SCORE With Your Board

Strategies to Mitigate Risks in AI-Driven Medical Note Systems

Apr 11, 2025 By SecuritySenses In SecuritySenses

AI isn't just changing how healthcare works-it's redefining how care is delivered. With medical note systems powered by AI, clinicians are finally getting a break from endless documentation. But with that freedom comes a new set of challenges: accuracy, data safety, and the delicate balance between tech and human judgment. If you're adopting or managing these tools, it's not just about innovation-it's about protecting what matters most. Read on to discover the key strategies every healthcare leader must know to implement AI documentation systems responsibly and effectively.

Read Post

SecuritySenses

Read more about Strategies to Mitigate Risks in AI-Driven Medical Note Systems

Threat Monitoring for Superannuation Security

Apr 10, 2025 By Greg Pollock In UpGuard

On April 4, 2025, The Australian Financial Review reported on a set of credential abuse attacks targeting multiple Austrian superannuation funds. These attacks were not breaches of the infrastructure of those companies, but compromises of individual customer accounts via stolen credentials. How were those customer credentials stolen?

Read Post

UpGuard

Read more about Threat Monitoring for Superannuation Security

Third-Party Security Risks: How to Mitigate Potential Cybersecurity Threats

Apr 9, 2025 By Syteca In Syteca

Cooperation is the key to success, and working with third parties helps your organization increase efficiency, offer better products and services, employ highly qualified experts, and cut costs. However, all these benefits come at the price of additional cybersecurity risks. Even minor flaws in your third-party vendor’s security and privacy routines may lead to serious cybersecurity breaches in your organization.

Read Post

Syteca

Read more about Third-Party Security Risks: How to Mitigate Potential Cybersecurity Threats

How Research Supports the 2025 Bitsight Rating Algorithm Update

Apr 9, 2025 By Abdullah Al Rashid In BitSight

In keeping with Bitsight's ongoing commitment to making its ratings more meaningful and more representative of an ever-changing Cybersecurity landscape, the Ratings Algorithm Update for 2025 is scheduled to go into preview on April 8, 2025. The highlight of RAU 2025 is the incorporation of the Web Application Security(WAS) risk vector into the Bitsight Security Ratings1, and the associated deprecation/removal of Web Application Headers(WAH) risk vector.

Read Post

BitSight

Read more about How Research Supports the 2025 Bitsight Rating Algorithm Update

Preparing for the Next Big Cyber Threat: Expert Recommendations

Apr 9, 2025 By Leah Sadoian In UpGuard

Staying ahead of the game is a top concern for security teams as the cyber threat landscape continues to evolve rapidly. Every year seems to bring new technological advances, which also introduce new cybersecurity trends and significant risks. As organizations face these challenges, it’s essential to build proactive defenses, not reactive responses. The next big cyber threat is already here—ready or not.

Read Post

UpGuard

Read more about Preparing for the Next Big Cyber Threat: Expert Recommendations

Ongoing TPRM Success: Continuous Security Monitoring with AI

Apr 9, 2025 By Nicholas Sollitto In UpGuard

All security professionals know third-party risk management doesn’t stop after one risk assessment. What about the next vendor? Or the future risks the vendors you’ve already evaluated will inevitably endure? While completing even a single risk assessment can feel like an arduous journey when done manually, all successful TPRM programs continue long after assessment.

Read Post

UpGuard

Read more about Ongoing TPRM Success: Continuous Security Monitoring with AI

Sequenced Event Templates via Risk-based Alerting

Apr 8, 2025 By Haylee Mills In Splunk

Sequenced event templates are pretty cool, but they were developed around the time that Risk-based Alerting (RBA) was developed in Splunk Enterprise Security. Additionally, they don’t have all the great context we can generate with the holistic picture provided by risk, so I want to provide guidance on how we would implement its equivalent in the RBA context as they are now deprecated in Splunk Enterprise Security 8.0. There are two approaches we can utilize that do slightly different things.

Read Post

Splunk

Read more about Sequenced Event Templates via Risk-based Alerting

Information Security Risk Management (ISRM) Boosts Compliance by Undermining Configuration Drift

Apr 7, 2025 By Katrina Thompson In Tripwire

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant. And how Tripwire makes that process automatic.

Read Post