Cybersecurity

Security researchers have identified a novel cybersecurity threat called ‘prompt hijacking’ that exploits vulnerabilities in AI communication protocols like the Model Context Protocol (MCP). A flaw in the *oatpp-mcp* implementation allows attackers to inject malicious commands into user sessions, potentially leading to code injection, data exfiltration, or arbitrary command execution. Organizations should enforce secure session management with cryptographically secure session IDs, strengthen client-side defenses, and implement zero-trust principles for AI protocols to mitigate this and similar attacks. This highlights the need to adapt established security practices to protect the growing AI ecosystem.

Kyndryl’s 2025 Readiness Report, based on a survey of 3,700 leaders, reveals that while AI investments are yielding increased ROI, scaling AI remains a challenge. Many organizations struggle with outdated IT infrastructure, skills gaps, and a complex regulatory landscape. Despite confidence in tools and processes, foundational tech often hinders innovation. Geopolitical pressures also force cloud strategy reevaluation. Companies are increasing AI spending, prioritizing cybersecurity, and recognizing the need to address talent and culture to fully realize AI’s potential.

A recent survey of UK CFOs reveals that 99% have experienced payment-related cyber incidents in the past two years, making cybersecurity their top operational risk. While 94% plan to increase cybersecurity spending and universally desire automation, particularly in Accounts Payable, integration challenges with legacy systems hinder progress. Only 64% are confident in their systems’ ability to provide essential real-time oversight, highlighting the urgent need for modern, unified solutions to combat cyber threats and improve efficiency.

Cognizant is partnering with SmartestEnergy to enhance its cybersecurity defenses with Managed Extended Detection & Response (MXDR) and a 24/7 Security Operations Centre (SOC). This collaboration aims to protect SmartestEnergy’s critical infrastructure and customer data amidst increasing cyber threats targeting the energy sector. Cognizant will provide continuous monitoring, proactive threat hunting, and rapid incident response, leveraging AI-powered analytics to bolster resilience and ensure business continuity as SmartestEnergy expands its operations and supports the transition to net-zero emissions.

CrowdStrike (CRWD) shares jumped over 12% after an investor day presentation outlining strong long-term financial projections, including a 20% net new ARR growth rate by 2027 and a $10 billion ARR goal by 2031. The company’s acquisition of Pangea, an AI security platform, and a strategic partnership with Salesforce further boosted investor confidence. Analysts cite CrowdStrike’s advanced AI security capabilities and proactive market approach that led to revised upward price targets, highlighting the company’s leadership in the expanding cybersecurity landscape.

Palo Alto Networks launched an AI-driven marketing campaign, “Be A Genius. Deploy Bravely,” showcasing AI’s potential while promoting secure AI deployment. The campaign, featuring AI-generated ads of historical innovators, achieved significant cost and time savings, reducing production timelines from nine months to one week per ad, and costing less than $1,000 per ad. Palo Alto Networks aims to demonstrate AI’s transformative power and position itself as a leader in secure AI adoption, aligning with their AI security platform, Prisma® AIRS™.

Cybersecurity firm Netskope is set to IPO on Nasdaq under the ticker “NTSK,” priced at $19 per share, valuing the company at $7.3 billion. The IPO, expected to raise $908.2 million, comes amidst a resurgence in IPO activity despite economic headwinds. While some IPOs face initial volatility, the cybersecurity sector is experiencing a surge in M&A, underscored by significant acquisitions like Google’s Wiz purchase. Netskope, with $707 million in ARR and 33% year-over-year growth, offers cloud-native security solutions, competing with Broadcom, Cisco, Palo Alto Networks, and Zscaler.

Cloud security firm Netskope is targeting a $7.3 billion valuation for its IPO, offering shares at $17-$19, up from an initial range. The company plans to list on Nasdaq as “NTSK.” This reflects renewed IPO market vigor in tech and cybersecurity following acquisitions like Google’s Wiz deal. Netskope, a CASB provider founded in 2012, competes with Palo Alto Networks, Cisco, and Broadcom. While showing strong growth prospects, it reported a $170 million net loss for the first half of the year.

Senator Ron Wyden has urged the FTC to investigate Microsoft’s dominance in enterprise IT and its alleged cybersecurity negligence, arguing it endangers national security. The senator claims Microsoft prioritizes profit over security, profiting from add-on security services that should be integral. He cites outdated encryption and lax administrator account security. Wyden insists Microsoft’s market position allows complacency, creating risks for government and private sectors reliant on its Windows and Azure platforms. He seeks accountability for damages and investigation into anti-competitive practices.

A former Meta security head, Attaullah Baig, is suing the company, alleging WhatsApp has critical security flaws exposing user data. He claims 1,500 engineers had unrestricted data access and that Meta retaliated against him for raising concerns. Baig reported the issues to the SEC and OSHA. Meta denies the allegations, citing Baig’s poor performance and claiming his concerns misrepresent ongoing security efforts. The lawsuit raises questions about WhatsApp’s data security and whistleblower protection.