Cyber Tips Guide

@cybertipsguide
15 Followers
6 Following
237 Posts
Cybersecurity expert sharing cyber safety advice & tips with 20+ years of experience | CISSP, CISM, CRISC, and CISA. Tweets and opinions are my own. Thanks for following.
Websitecybertipsguide.com
All Social Media Linkshttps://linktr.ee/cybertipsguide
Traditional STRIDE-style threat modeling breaks down for agentic AI. Learn how five zones, scenarios,& attack trees capture cross-zone, goal-hijacking attacks and tie them to OWASP & MAESTRO for better mitigation. #AgenticAI #AIsecurity #ThreatModeling đź”—https://zurl.co/fwJpA
Threat modeling agentic AI: a scenario-driven approach

A practical workflow for threat modeling agentic AI systems: use a five-zone navigation lens to trace attack paths, formalize them as attack trees, and map to OWASP's threat taxonomy and playbooks.

Christian Schneider - Application & AI Security Architect
AI recommendation poisoning is an emerging tactic for quietly biasing what your AI assistant recommends via “Summarize with AI” and similar buttons, writing it into its memory. 🔗Read more about it - https://zurl.co/7NU38 #AIsecurity #PromptInjection #MLSecOps #GenAI
Luxury brands don’t get a pass on data protection. 🇰🇷 regulators just fined Louis Vuitton, Dior & Tiffany ~$25M after SaaS-access gaps, weak controls & slow detection led to breaches impacting 5.5M+ people. 🔗 https://zurl.co/S6P6j #Cybersecurity #DataPrivacy #SaaS #GRC
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers.

BleepingComputer
Most orgs think they’re “AI mature,” but only ~1 in 5 are truly ready to manage AI at scale. The real gap isn’t tools, it’s foundations: unified IAM, governance, and security that can keep up with AI and shadow AI. #AIReadiness #ShadowAI #CyberSecurity 🔗https://zurl.co/j8dOH
The Dual Disconnect: Why Your AI Maturity Now Fails To Scale

JumpCloud

JumpCloud

PortSwigger’s “Top 10 Web Hacking Techniques of 2025” shows where web attacks are headed, from side channels and protocol quirks to framework bugs and Unicode/SOAP tricks. Good read for Blue Teamers.

#AppSec #WebSecurity #BugBounty #Infosec đź”— https://zurl.co/j3wBR

When your VPN or MDM vendor gets popped, it's not “just another patch,” it's a supply chain incident. Recent Ivanti zero-days show how a single internet-facing gateway can become a foothold into your network customers’. #CyberSecurity #InfoSec #Ivanti #VPN #SupplyChainSecurity

AI security isn’t just “protect the model.” It’s securing the whole lifecycle: data, pipelines, and runtime. Keep sensitive data out, trace risk from dev to prod, and govern GenAI and agents with one view.

đź”— https://zurl.co/pMY36 | #AIsecurity #GenAI #Cybersecurity #CISO

Coinbase’s insider breach is a reminder that our biggest risks sit inside the tools we trust most. One contractor overpowered support access & customer data on Telegram. 🔗 https://zurl.co/vsIJh #InsiderThreats #CyberSecurity #Coinbase #SaaS #vCISO #ZeroTrust #ThirdPartyRisk
Coinbase confirms insider breach linked to leaked support tool screenshots

Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December.

BleepingComputer
Interesting. Attackers are abusing a revoked EnCase forensic driver as an EDR-killer to silently terminate 59 security tools in kernel mode, bypassing PPL and legacy signing checks. đź”— https://zurl.co/2l987
#CyberSecurity #EDR #Ransomware #BlueTeam #IncidentResponse
New EDR killer tool used by eight different ransomware groups

A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs.

BleepingComputer
When one engineer can walk out with thousands of pages of AI trade secrets, you don’t have a “user problem” — you have an insider‑threat problem. Insider‑threat programs must monitor behaviors & risk indicators. #InsiderThreat #InsiderRisk #AISecurity 🔗https://zurl.co/Avvtu