Archive for October 1, 2025

« Older Entries

A Severe Red Hat Privilege Escalation Flaw Is Out There

Posted in Commentary with tags , on October 1, 2025 by itnerd

A severe privilege escalation flaw (CVE-2025-10725, CVSS 9.9) has been disclosed in Red Hat’s OpenShift AI service, which manages the lifecycle of predictive and generative AI models across hybrid cloud environments. The vulnerability allows a low-privileged, authenticated user—such as a data scientist using a Jupyter notebook—to escalate privileges to full cluster administrator. This could enable an attacker to exfiltrate data, disrupt services, and take control of the infrastructure, leading to complete compromise. Red Hat classified the issue as “Important” rather than “Critical” due to the requirement of authenticated access, but acknowledged that it exposes all cluster confidentiality, integrity, and availability. The company advises restricting permissions for system-level groups and applying least-privilege principles for job creation.

You can read the Red Hat advisory here: https://access.redhat.com/security/cve/cve-2025-10725

Gunter Ollmann, CTO, Cobalt had this to say:

     “AI platforms are rapidly becoming high-value targets because they combine sensitive data, critical infrastructure, and powerful compute in one place. This vulnerability shows how even a low-privileged role can become a launchpad for full control of an AI environment if privilege boundaries aren’t enforced. While authenticated access may sound like a barrier, in real-world environments credentials are often shared, phished, or exposed through weak operational practices. Organizations adopting AI at scale must treat these systems with the same rigor as any mission-critical infrastructure—least privilege, continuous testing, and proactive detection. Otherwise, the promise of AI becomes paired with a massive, underappreciated attack surface.”

Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic adds this:

     “In today’s cyber-criminal world, account compromise is table stakes.  The idiom now is that an attacker only needs to login to the network now to gain access.  Phishing, token hijacking, iFrame overflow, credential stuffing, have shown to be very effective in dozens of recent successful breaches.  The working assumption is that the network is already breached and that there are already compromised accounts at risk.  Relying on a failed layer of protection to downgrade an account escalation to full privileges from Critical to Important may well underserve the community.  This breach and the reaction to it reinforces the need for a second layer of protection reinforcing authentication at the authorization layer.  Identity Observability actively monitors, alerts, and remediates threats from compromised accounts by recognizing anomalous behavior, policy violations, and out of band access escalations.  The old walls have fallen, it is time to build an effective layer of defense at the identity observability layer. 

AI platforms amplify the risks we already face with identity and privilege management. When a standard user can escalate to cluster administrator, it shows how fragile role boundaries can be without proper observability and enforcement. These environments are only as secure as their ability to monitor who has access, how that access is being used, and when privilege escalation occurs. Building AI securely means applying Zero Trust to every identity—human and machine alike—so no single credential or role can become the key to the entire system. Without that visibility, organizations are effectively flying blind in one of the most sensitive parts of their infrastructure.”

Red Hat users should look at the mitigation steps in the advisory and implement them ASAP given the impact and the severity of this flaw. To be frank, this flaw is pretty scary and should scare anyone in the Red Hat community.

Leave a comment »

FEMA Has Apparently Been Pwned… And Pwned Big

Posted in Commentary with tags on October 1, 2025 by itnerd

It is being reported that an unidentified hacker stole sensitive data from Customs and Border Protection and Federal Emergency Management Agency employees in a “widespread” breach this summer that lasted several weeks. 

Ensar Seker, CISO at SOCRadar had this to say:

“This breach targeting both FEMA and Customs and Border Protection highlights the growing risk of lateral movement across interconnected federal systems, especially when regional network segments are left exposed. A compromise that lasted “several weeks” without detection suggests not just a failure of preventive security controls, but likely gaps in real-time monitoring and behavioral anomaly detection.

The fact that the attacker gained deep access to a FEMA environment that supports critical emergency operations across several states is particularly alarming. This isn’t just a data breach; it’s a breach of trust in systems that Americans rely on during disasters. If the attacker maintained persistence long enough to pivot laterally, they could have exfiltrated sensitive employee PII, internal operational planning data, and potentially even response coordination protocols, all of which could be weaponized in future incidents.

What makes this more concerning is that no threat actor has been named yet. The longer attribution remains unclear, the greater the uncertainty for federal employees, partners, and the public. The incident underscores the urgency for agencies like DHS to implement more robust Zero Trust architectures, extend attack surface visibility into traditionally siloed regional environments, and continuously audit access paths, especially for hybrid or legacy systems.

We’re seeing a rise in state-linked threat actors exploiting weakly segmented infrastructure and federated identities across agencies. This breach is a textbook case of why cybersecurity shouldn’t be managed in operational silos. For federal agencies, the stakes aren’t just reputational or financial. They’re national security.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“A breach that lasts several weeks usually implies that DHS failed to properly secure the data. If the data was left exposed to the internet for that long, then any number of hackers could have found and stolen it in that time. I surmise that hackers exploited the CitrixBleed vulnerability in an unpatched version of the Citrix NetScaler software, which is used for VPNs and other network gateways.  CISA, which is also run by the federal government, issued guidance on how to avoid CitrixBleed in 2023. 

The big questions we should be asking now is if it’s possible that more than one unauthorized party accessed the data, whether any of them were state-sponsored or political actors, and what data was stolen.”

This is not just bad. It’s insanely bad. The fact that the threat actor was running around for weeks inside a government network should not be a thing. Yet here we are talking about it. This shows that there needs to be a big shake up when it comes to cybersecurity in the US government.

Leave a comment »

Apps Putting Your Privacy Most at Risk: Revealed By Elevate

Posted in Commentary with tags on October 1, 2025 by itnerd

While 65% of adults worldwide have at least one social media account, fewer than 15% understand how their personal data is collected, stored, or protected by these platforms. A new study by cloud network provider Elevate analyzed major apps to identify which ones are putting users’ privacy in the most danger.

The research evaluated each platform using multiple security indicators: confirmed breach incidents, total number of users affected, data sharing policies with third parties, and the number of permissions each app requests from users. Apps were ranked primarily by the total number of users whose data was exposed in confirmed breaches.

Here’s a look at the apps with the worst data breach records:

AppNumber of Confirmed BreachesTotal Users AffectedPermissions requested
Facebook  5~1.4 billion85
Weibo  1~538 million107
X (Twitter)  2~200 million50
Pinterest  1~70 million29
Telegram  2~57 million21
ChatGPT0~20 Million0

*Although there are no confirmed breaches, ChatGPT reportedly experienced a data leak in 2025.

You can access the complete research findings here.

Facebook ranks first as the platform with the worst data security record. With 3.07B users worldwide, the social media platform has experienced five separate confirmed breaches that collectively exposed data from an estimated 1.4B user accounts. Facebook also demands 85 different permissions from users’ devices and freely shares data with third parties, creating multiple security vulnerabilities.

Weibo takes second place in privacy risks. The Chinese social network suffered a data leak only once, although it affected 538M users, nearly its entire user base of 599M. Weibo also requests a high number of permissions at 107, significantly more than any other platform studied.

X, formerly known as Twitter, has faced data security problems too. The platform experienced two separate breaches that compromised data from roughly 200M accounts, a large portion of its 586M users. Unlike Weibo’s high permission demands, X asks for about 50 app permissions. Still, its policy of sharing user data with third parties may be leaving users vulnerable beyond the breaches themselves.

Pinterest comes in fourth place for data safety risks. The image-sharing platform experienced a single breach affecting 70M users out of its 537 million user base. While Pinterest requests only 29 permissions, it still shares user data with third parties, increasing potential security risks.

Telegram lands in fifth despite its privacy-focused reputation. The app collects 21 permissions and only shares data with third parties when users give consent. However, even with these lighter demands, Telegram has still seen two breaches that exposed around 57M users.

ChatGPT is ranked in sixth position. While not experiencing a confirmed breach, the AI chatbot reportedly had an information leak earlier this year. The incident allegedly resulted in 20M of its accounts being compromised.

Leave a comment »

Quorum Cyber Announces That It Is A Participant In The Microsoft Sentinel Partner Ecosystem

Posted in Commentary with tags on October 1, 2025 by itnerd

Quorum Cyber, a proactive, threat-led cybersecurity company founded to help organizations defend themselves in an increasingly hostile digital landscape, today announced its inclusion in the Microsoft Sentinel partner ecosystem. Quorum Cyber was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft. 

Quorum Cyber is working with Microsoft product teams to shape Sentinel product development, including validation of new scenarios, feedback on product operations, and API extensibility – while also extending Sentinel’s capabilities as part of the partner ecosystem. By creating solutions such as connectors, analytics, playbooks, hunting queries, Jupyter notebook jobs, and Security Copilot agents that leverage Sentinel’s open architecture and advanced analytics, Quorum Cyber is helping make innovation accessible to customers worldwide through the Microsoft Security Store. 

Microsoft Sentinel is evolving beyond its traditional role as a SIEM to also be an AI-ready platform – equipping defenders with unified security data, intelligent reasoning tools to help agents interpret data, and enriched context through graph-powered visibility. By bringing all these features together, Microsoft Sentinel now provides a scalable backbone for modern defense.

The Microsoft Security Store is setting a new benchmark for cybersecurity procurement and deployment. By centralizing a wide range of security solutions and AI agents—organizations can now streamline how they discover, acquire, and operationalize advanced security technologies. With features like industry framework alignment, simplified billing, and guided deployment, the Security Store helps security teams reduce complexity, accelerate adoption, and maximize the value of their security investment.

Leave a comment »

Kyndryl announces advanced agentic AI capabilities that enable customers to scale AI across their businesses

Posted in Commentary with tags on October 1, 2025 by itnerd

Kyndryl today unveiled capabilities that augment the Kyndryl Agentic AI Framework and accelerate AI adoption at scale across industries. The enhancements incorporate a unique design process and an innovative engagement methodology. This enables customers to break free from limited proof-of-concept AI projects to scale real-world AI-native solutions that boost efficiency and drive business outcomes.

The company is deploying forward engineers, capabilities and intellectual property to drive rapid adoption of the expanded Agentic AI Framework with customers, leveraging differentiated methodologies through Kyndryl Vital. By co-creating customized projects that minimize time between design and deployment, Kyndryl is speeding time to value for organizations in government, banking, insurance, manufacturing and other industries.

Backed by an infrastructure-first mindset and decades of experience running mission-critical systems, Kyndryl has a proven track record of implementing AI-native workflows at scale. This foundation uniquely positions the company to deliver the step change that customers need to deploy an enterprise-grade framework with intelligent AI agents that dynamically learn, evolve, and turn insights into measurable outcomes.

In fact, Kyndryl is already seeing that a quarter of its signings contain AI-related content, including data architecture, cloud and digital workplace services.

The company is also collaborating with its global alliance partners to create joint solutions across the ecosystem that enable customers to embrace Kyndryl’s Agentic AI Framework and efficiently blend AI into their core business operations. In addition, Kyndryl is partnering with several universities globally to engage their researchers and students with a focus on educating and fostering the next generation of skilled AI professionals.

At the core of the Kyndryl Agentic AI Framework is the advanced capability that orchestrates, secures and scales a customer’s technology footprint into agentic AI workflows. This is strengthened by input from Kyndryl’s agentic ingestion capability, which extracts and analyzes the customer’s code, policies, data interdependencies, business goals and insights – including from Kyndryl Bridge. The Kyndryl Agentic AI Framework is secure-by-design, with guardian concepts – enabling autonomous, transparent and compliant operations.

The core capability helps customers deliver an agentic system with a future workforce model, including defined roles agents will play in an organization and how they will work with employees. Kyndryl’s experts use the model to identify the professional roles people will play and the skills required to deliver business outcomes in partnership with their agent counterparts.

Harnessing the model, Kyndryl’s agent builder uses the company’s industry and domain reference architectures and catalog of AI agents and agentic workflows to help make it easier for enterprises to design, test and deploy AI agents that perform tasks such as writing code, running tests, or automating complex processes. The agent builder also creates and deploys agents in harmony with compliance standards and security protocols, while ensuring they are ready for mission-critical use.

Kyndryl is furthering adoption of its Agentic AI Framework across industries by:

  • Working with insurance industry customers on an agentic AI-enabled actuarial solution that creates and embeds AI agents to deliver an end-to-end intelligent, automated workflow. The agents dynamically generate regulatory filings, support proactive regulatory compliance checks and deliver insights to drive real-time analysis and decision-making.
  • Developing and deploying AI agents that connect and streamline government processes spanning multiple departments, from tax and licensing to immigration and government benefits. The solution incorporates knowledge of policies and procedures, works alongside civil servants, and proactively acts to serve the needs of citizens, businesses and government employees.
  • Collaborating with a banking customer to streamline and automate an intensive manual client onboarding process that involves application submission, review, validation and vetting with external parties. Using intelligent AI agents embedded within all stages of the process, the Framework is enabling the customer to streamline and accelerate onboarding time, while enhancing the overall customer experience.

Learn more about Kyndryl’s expanded and enhanced approach to enabling customer adoption of agentic AI. 

Leave a comment »

TCP/IP Inventor Vinton Cerf Featured in New National Inventors Hall of Fame Video

Posted in Commentary with tags on October 1, 2025 by itnerd

Vinton G. Cerf, a National Inventors Hall of Fame® Inductee and renowned inventor of transmission control protocol/internet protocol (TCP/IP), is being featured in a long-form video about his inspiring innovations, life and legacy produced by the Hall of Fame in partnership with the United States Patent and Trademark Office.

The video is now available to view here:

Cerf was inducted into the Hall of Fame in 2006 for his co-invention (with Robert Kahn) of the architecture of the internet and the software known as the transmission control protocol/internet protocol, or TCP/IP, that allows supercomputers and our everyday devices to share the internet.

Leave a comment »

Major Retailers, Gift Card Networks, and Law Enforcement Unite for 2025 Holiday Gift Card Fraud Awareness Campaign

Posted in Commentary with tags , on October 1, 2025 by itnerd

As the 2025 holiday shopping season approaches, an alliance of leading retailers, card networks, and law enforcement agencies is launching a nationwide social media campaign to combat the alarming surge in gift card fraud. The campaign, led by the Gift Card Fraud Prevention Alliance (GCFPA), aims to educate, empower, and protect consumers during the busiest shopping time of the year.

From October 1 through December 25, holiday shoppers will see daily tips and information on the latest scams on LinkedIn and Instagram platforms, spotlighting the tactics scammers use and steps every consumer can take to avoid falling victim. This collaborative effort marks a landmark partnership among industry giants, national and state retail associations, and public safety organizations, all dedicated to protecting the public from gift card-related crimes.

Gift Card Fraud on the Rise: A United Response

According to recent reports, gift card fraud costs consumers millions of dollars annually, with incidents peaking during the holiday season. Scammers frequently target unsuspecting shoppers, tricking them into purchasing gift cards as payment for a fake debt or tampering with cards in stores and draining card funds as soon as the cards are purchased.

Recognizing the urgent need for greater awareness, retailers—including national chain stores, grocery outlets, and specialty merchants—are joining forces with major gift card networks, state retail associations, and local, state, and federal law enforcement agencies to spread vital information.

Empowering Shoppers with Knowledge and Action

The campaign’s social media posts will focus on these essential warnings:

  • Legitimate organizations will never ask you to pay fees or debts with gift cards.
  • Never buy gift cards to pay a debt or to bail someone out of jail.
  • Inspect gift cards carefully before purchasing. If a card looks altered, report it and choose another.
  • Check Gift Card Balances Safely! Scammers set up fake websites and buy Google ads to trick you into entering your gift card details. Always use the official retailer’s site to check your card balance.
  • Report gift card scams to local police, state attorneys general, and the FTC. Every report matters.

By sharing clear, actionable guidance and real-world examples, partner organizations hope to reduce   fraud and ensure shoppers enjoy a safe, stress-free and joy-filled holiday season.

A Shared Commitment to Consumer Protection

This collaborative campaign represents a shared commitment by retailers, gift card issuers, and law enforcement to stand together against fraud. Gift card fraud isn’t just a small-time scam—it’s often the work of organized retail crime rings. These groups use sophisticated tactics to target consumers. The GCFPA is working with a diverse group of stakeholders to keep gift cards safe.

How to Get Involved

Consumers are encouraged to follow the RILA Communities Foundation on LinkedIn and @ProtectMyGiftCard on Instagram for daily tips and updates throughout the campaign. For more information or to report a scam, contact local law enforcement, state attorney general’s offices, or visit the Federal Trade Commission’s website.

Leave a comment »

Auto dealership software company notifies 767,000 people of data breach

Posted in Commentary with tags on October 1, 2025 by itnerd

Comparitech today reported that auto dealership software company Motility Software Solutions this week notified 766,670 people of an August 2025 data breach that compromised names, SSNs, phone numbers, email addresses, DOBs, and driver’s license numbers. 

Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:

“This ransomware attack becomes the ninth largest this year so far (based on records affected) and is the second-largest breach on a technology company.

It’s also yet another attack on a software company that’s used by multiple organizations. In recent months, we’ve seen a number of disruptive attacks like these which have had far-reaching consequences either in the large quantities of data breached and/or the disruption of encrypted systems. Other examples include the attack on Collins Aerospace which caused chaos across European airports and the attack on a Swedish technology company, Miljödata, which impacted over 200 municipalities with system downtime and has seen a breach of at least 1 million records.

As hackers continue to evolve and look for the most disruptive ways to have an impact, attacks on companies like Motility Software Solutions offer great appeal because of how many entities can be targeted through one company. While this attack on Motility Software Solutions doesn’t appear to have caused a lot of disruption to car dealers (like the attack on CDK did back in June 2024), it has resulted in a significant data breach.”

Victims of this breach should be prepared for secondary attacks as you know those will be inbound. Thus it highlights the fact that organizations should make every effort to keep the bad guys out at all costs.

Leave a comment »

59% of employees use unapproved AI tools at work – most of them also share sensitive data with them

Posted in Commentary with tags on October 1, 2025 by itnerd

Cybernews conducted a survey on employees in the US to figure out how they use AI tools at work. The research revealed that the vast majority of respondents used AI tools that were not approved by their employers.

Here are the key findings:

  • 59% of employees use AI tools that their employer has not approved.
  • Out of those using unapproved tools, 57% claim that their direct managers are OK with it and support it, and 16% claim their direct manager doesn’t care.
  • 75% of those who use unapproved AI tools at work admit to sharing sensitive data with them.
  • Executives and senior managers are most likely to use unapproved AI tools at work.

For more information, here’s the full report: https://cybernews.com/ai-news/59-of-employees-use-unapproved-ai-tools-at-work-most-of-them-also-share-sensitive-data-with-them/

Leave a comment »

OVHcloud announces members of new blockchain and Web3 startup / scaleup accelerator

Posted in Commentary with tags on October 1, 2025 by itnerd

OVHcloud today announces the members of its new startup / scaleup accelerator. The Fast Forward Blockchain & Web3 Accelerator runs from September 17 to November 20 and includes sixteen startups. The accelerator provides cohort members with business and technical support, turbocharging their growth trajectories through mentoring, workshops, infrastructure credits and technical support.

Empowering the next generation of blockchain startups

All of the accelerator startups are focused on developing efficient solutions that run on more optimized mechanisms like Proof of Stake, continuing to build blockchain as a highly sustainable and enterprise-ready industry. 

The accelerator is supported by OVHcloud and six ecosystem partners: Alchemy, Degen House, CryptoMondays London, Super Team Solana, Fintech District and Dysnix. The startups include:

  1. ARZE, an AI-powered ERP suite composed of three integrated tools: payroll, invoicing, and back office business intelligence.
  2. Kavodax Inc, a blockchain-powered B2B cross-border payment platform.
  3. Kross Blockchain, Africa’s first smart contract layer 1 chain and Nigeria’s first blockchain.
  4. Mira Network AG, a Swiss-based blockchain ecosystem revolutionizing how communities fund, earn from, and participate in real-world businesses.
  5. KALICERTIF, a blockchain-based certification platform for digital assets and identity verification.
  6. tokenforge GmbH, a white-label platform for tokenizing real-world assets in a fully compliant and scalable.
  7. Insurechain SL, offering a modular and interoperable infrastructure designed to simplify and accelerate the adoption of blockchain technology across industries.
  8. AzurSafe, providing advanced transactional analytics solutions for enterprises and financial institutions to help them fight fraud.
  9. Credshields technologies, a Web3 cybersecurity tooling company.
  10. CryptoMate, a blockchain-based platform for effortless global transactions.
  11. Huralya, a blockchain-based platform for anonymous sign-ins and crypto payments for easy subscriptions.
  12. Pirichain Technology, a blockchain-based data ecosystem designed for secure data storage, management, and analysis.
  13. Sollpay, a next-generation non-custodial wallet and payment platform.
  14. Vizyon France, a decentralized teleradiology platform.
  15. AYUMIA, a blockchain-based platform for secure and transparent food tracking and tracing.
  16. Epoch Protocol, a coordination layer for intent solvers – tools designed to analyze and understand the intent behind smart contract code or blockchain transactions.

A transformative accelerator designed for maximum impact

The program includes three phases, supporting startups in fine-tuning their go-to-market strategy before coaching them in infrastructure optimization strategies and finally helping them to establish scalable growth and prepare for investor engagement. The program comes during the tenth anniversary of OVHcloud’s Startup Program and follows its highly successful AI Accelerator. The Blockchain & Web3 Accelerator will culminate with a Showcase event at the OVHcloud Partner Network Summit on 20 November 2025.

The 10-week program also offers:

  • €50k in free cloud credits to use on OVHcloud Public Cloud solutions, in addition to existing Startup Program credits
  • 1-on-1 mentoring from external and OVHcloud experts
  • Engagement with corporates and partners for possible POCs
  • Engagement with Venture Capitalists (VCs) for possible funding

Leave a comment »

« Older Entries