When AI Codes in Hours - But Security Fixes Still Take Months

Michael Novinson • July 2, 2025

Generative AI can write applications in hours when it once took months, but traditional security approaches can't keep pace. Sohail Iqbal, CISO at Veracode, explains why 40% of AI-generated code contains vulnerabilities and why organizations must rethink their security strategies.

►

Access Management

AI Agents Used in Cybersecurity Need Safeguards Too

Latest

Cyberwarfare / Nation-State Attacks

Chinese Hackers Exploited Ivanti Flaw in France

Akshaya Asokan • July 2, 2025

A hacking campaign linked to Chinese threat actors chained zero-days in Ivanti server software to target French government, defense and media entities, the national cyber agency said. The hacker has similarities to a Chinese threat actor tracked as UNC5174.

Data Privacy

Court Approves 23andMe Sale to TTAM Research Institute

Marianne Kolbasuk McGee • July 2, 2025

A bankruptcy court gave the green light for TTAM Research Institute - a firm launched by 23andMe's co-founder and former CEO Anne Wojcicki - to buy 23andMe for $305 million. TTAM has promised to uphold the consumer genetics testing firm's current privacy policies and implement more data safeguards.

Cyberwarfare / Nation-State Attacks

Iran's 'Robert' Hack Targets Trump - and Tests US Cyber Gaps

Chris Riotta • July 2, 2025

An Iranian hacking group collectively using the pseudonym "Robert" claims to have 100 gigabytes of emails from President Donald Trump's inner circle as Tehran seemingly attempts to project strength in cyberspace in the wake of U.S.-led attacks on three of its key nuclear sites.

Critical Infrastructure Security

Vulnerable Protection Relays Put Power Grid at Risk

Prajeet Nair • July 2, 2025

Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, warn researchers. There are "systemic patterns across substations, utilities and industrial sites worldwide," Mandiant warned.

Fraud Management & Cybercrime

Scattered Spider Suspected in Qantas Data Breach

Akshaya Asokan , David Perera • July 2, 2025

The band of English-speaking adolescent hackers collectively tracked as Scattered Spider are focusing on the airliners - and possibly preparing a pivot to the oil and gas sector. Its loose membership tends to hyperfocus on single sectors at a time.

Critical Infrastructure Security

Hacktivists' Claimed Breach of Nuclear Secrets Debunked

Mathew J. Schwartz • July 2, 2025

Security experts have dismissed pro-Iranian hacktivist group LulzSec Black's claim to have breached Indian nuclear secrets in reprisal for the country's support of Israel. Pro-Iran hacktivist groups' SCADA-targeting, DDoS launching, data leaking and nuisance-level activities have surged.

Leadership & Executive Communication

Your Security Stack Is Only as Secure as Your Sales Team

Brandy Harris • July 2, 2025

Thanks to Cybersecurity Awareness Month, everyone knows security is a priority, but what are we doing differently to change the culture? If our goal is to reduce risk, not just meet regulatory expectations, then we need to focus on behavior, not just boxes on a checklist.

HIPAA/HITECH

20 States Sue HHS to Stop Medicaid Data Sharing with ICE

Marianne Kolbasuk McGee • July 1, 2025

California and 19 other states are suing the Trump administration to stop the U.S. Department of Health and Human Services from allegedly disclosing Medicaid beneficiaries' personal health information to the Department of Homeland Security and Immigration and Customs Enforcement.

Artificial Intelligence & Machine Learning

Senate Strips AI Moratorium Amid Sharp Bipartisan Opposition

Chris Riotta • July 1, 2025

Senate Republicans removed a state moratorium on artificial intelligence regulations from its version of President Donald Trump's "big, beautiful bill" following bipartisan warnings the component could risk data privacy and civil rights - particularly without a strong federal regulatory framework.

Artificial Intelligence & Machine Learning

'Skynet' Tries to Outwit AI Malware Analysis

Rashmi Ramesh • July 1, 2025

If you can't outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis.

Critical Infrastructure Security

Infrastructure Operators Leaving Control Systems Exposed

Mathew J. Schwartz • July 1, 2025

Many types of commonly used types of industrial control systems continue to be deployed in a manner that leaves them publicly exposed to the internet, often by U.S.-based critical infrastructure operators, in what amounts to a preventable security risk, researchers warn.

Artificial Intelligence & Machine Learning

Cloudflare Aims to Make AI Bots Pay for Crawling Websites

Rashmi Ramesh • July 1, 2025

An internet infrastructure firm that routes 16% of global web traffic will block AI bots from new domains it hosts unless it has explicit permission from the owner. Cloudflare on Tuesday launched "pay per crawl," a platform that allows publishers to charge AI crawlers each time they access a site.