Het College voor de Rechten van de Mens is vastgesteld als één van de grondrechtenautoriteiten Artificiële Intelligentie (AI). Het College moet er in Nederland op toezien dat grondrechten worden gerespecteerd bij de inzet van AI.

Onder de AI-verordening zijn alle lidstaten verplicht om grondrechtenautoriteiten op het gebied van AI aan te stellen.

Artikel 77 van de AI-verordening omschrijft de grondrechtenautoriteiten als ‘Nationale overheidsinstanties of -organen die de nakoming van verplichtingen krachtens Unierecht ter bescherming van grondrechten, waaronder het recht op non-discriminatie, met betrekking tot het gebruik van de in bijlage III vermelde AI-systemen met een hoog risico controleren of handhaven.’

The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws.

Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence.

The CWE top 25 most dangerous software weaknesses list was calculated by analyzing public vulnerability information in Common Vulnerabilities and Exposures (CVE) Records for CWE root cause mappings.

BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement.

BianLian has drawn scrutiny for attacks on charities like Save The Children as well as healthcare firms like Boston Children’s Health Physicians.

On Tuesday, the gang took credit for an attack on Amherstburg Family Health Team — a Canadian healthcare company that said it is currently experiencing delays due to technical issues with its phone system.

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.

"They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News.

"New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code, and using a batch script to dynamically generate and execute the Python script."

The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.

The arachnid-inspired crew is thought to have masterminded the ransomware attack on casino operators MGM Resorts and Caesars Entertainment, and to have cracked identity services vendor Okta – then attacked many of its customers. The crew uses SMS phishing and social engineering.

The five suspects have been named as:

A newly unveiled threat actor has been spying on mobile phones in Asia and Africa for more than four years.

On Nov. 19, Adam Meyers, senior vice president for counter-adversary operations at CrowdStrike, testified before the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law, on the subject of Chinese cyber threats to critical infrastructure.

In the process, he unveiled Liminal Panda, an advanced persistent threat (APT) hyper-focused on gathering intelligence from telecommunications networks.

Ransomware group Embargo is threatening to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.

The gang is shaking down AAP for a second installment of an alleged agreed-up ransom deal.

The cybercriminal gang on its dark website claims AAP already paid a $1.3 million ransom for a decryptor key - but still owes another $1.3 million the association agreed to pay in exchange of an Embargo promise to delete the stolen data.

In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches – 25% longer than expected and over a month past the anticipated timeline of 5.9 months, according to Fastly.

Recovery times were even worse for companies that planned on cutting back cybersecurity spending.

They faced an average of 68 incidents each – 70% above the average – and their recovery times stretched to 10.9 months, more than five months longer than those maintaining or increasing their budgets.

Programmable Central Bank Digital Currencies (CBDCs) could be used for state surveillance while posing risks to privacy and cybersecurity that could undermine trust in central bank money, according to an International Monetary Fund (IMF) policy brief.

The latest policy brief that “summarizes the main takeaways from a new wave” of chapters for the IMF’s CBDC Handbook warns that CBDCs could be perceived as an instrument for state surveillance where people’s transaction histories, demographics, and behavioral patterns are collected, processed, and stored.

“CBDC could be perceived as an instrument for state surveillance. Some may worry that the government or the central bank could use it to control or restrict payments users can make with CBDC, thereby undermining public trust in central bank money. This can be a particular concern in countries with severe governance and corruption vulnerabilities”

Passwords have been on their way out for years – and it’s no surprise. Alone, passwords are a flawed means of security, partly because people often choose weak credentials and repeat them across services.

In an enterprise scenario, this is especially problematic when coupled with IT policies that mandate changing passwords regularly. It is with this in mind that attitudes are starting to change.

Passwords no longer need to be changed every year and three random words can be better than lots of characters, according to new guidance from the US National Institute of Standards and Technology (NIST).

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.

The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords.

The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated.

GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software.

The program is funded by companies (AmEx Chainguard, Microsoft, 1Password, Shopify, Stripe, etc.), venture funds (e.g., Mayfield Fund) and nonprofits (e.g., the Alfred P. Sloan Foundation).

“Anyone who is a current maintainer of an open source project with a valid open source license and located in one of the regions supported by GitHub Sponsors can apply,” says Martin Woodward, VP of Developer Relations at GitHub.

The rise of generative AI (GenAI) has reshaped business processes, decision-making, and how we interact with data. While the benefits are clear—improved efficiencies, enhanced creativity, and new growth opportunities—the risks are just as significant, particularly when it comes to security and privacy.

For C-suite leaders, the challenge lies in navigating these complex trade-offs and implementing a framework that balances innovation with responsible governance.

At the heart of the challenge and the risk around AI lies the fundamental uncertainty surrounding how large language models (LLMs) handle data.