A finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. And it contains a malicious link.
Researchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.
.jpg)
In the financial services industry, a “security incident” is rarely just an IT ticket. It is a regulatory event. Whether you are a bank, a global investment firm, or a fintech startup, your email environment is the most targeted entry point for attackers and the most common exit point for sensitive data.
I just came across the Zero Day Clock, and I love it. Everyone should go there, see the stats, see the trends, and figure out what that means for your ongoing and future patch management plans.
Malwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer.
AI isn’t just another technology wave—it’s a force multiplier for both innovation and risk. In a recent webinar featuring insights from Bryan Palma and guest speaker Jinan Budge, Vice President and Research Director at Forrester, one message came through clearly: the rise of AI and AI agents is fundamentally reshaping the human risk landscape—and security leaders need to move fast to keep up.
The number of publicly reported unique vulnerabilities has risen year after year.
There was a brief decrease and stabilization in 2015 – 2016, but those are the only years in the over two decades (1999 – on) I have been following vulnerability metrics. Other than that, it has been up, up, up.
