Author: Eternity Lab

Citrix has issued patches to fix three newly designated common vulnerabilities and exposures (CVEs) in the widely used NetScaler Application Delivery Controller (ADC) and NetScaler Gateway lines, at least one of which is known to be under active exploitation by an undisclosed threat actor.

The trio of bugs, which are tracked as CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 are, respectively, a memory overflow vulnerability that leads either to pre-authentication remote code execution (RCE) or denial of service (DoS), or both; another memory overflow vulnerability that gives rise to unexpected behaviour and DoS; and an access control vulnerability in NetScaler’s management interface.

“Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible,” said Citrix in a statement. The supplier added that there are no effective workarounds.

Per independent security analyst Kevin Beaumont, of the three flaws CVE-2025-7775 appears to be the most immediately dangerous issue. Citrix also confirmed talk of exploitation, noting in its advisory that: “Exploits of CVE-2025-7775 on unmitigated appliances have been observed”.

Commenting on the latest disclosure, Benjamin Harris, CEO and founder of watchTowr, said: “Well, well, well…another day ending in ‘day.’ Once again, we’re seeing new vulnerabilities in Citrix NetScaler facilitating total compromise, with CVE-2025-7775 already being actively exploited to deploy backdoors.

“Patching is critical, but patching alone won’t cut it. Unless organisations urgently review for signs of prior compromise and deployed backdoors, attackers will still be inside. Those that only patch will remain exposed,” he added.

No further information about the observed incidents, or whom they may have affected, has yet come to light. This said, the significance of NetScaler – which provides application delivery and secure remote access for internal- and external-facing applications – to many enterprises means that any vulnerabilities in the products are frequently a prime target for threat actors, particularly ransomware gangs.

This is borne out by the not-infrequent cadence of vulnerability disclosures impacting NetScaler. Earlier this summer Citrix fixed CVE-2025-5777, a flaw that enabled a threat actor to circumvent authentication measures by inputting malicious requests to steal a valid session token from memory.

Due to its similarity to the Citrix Bleed issues of 2023, CVE-2025-5777 quickly earned the nickname Citrix Bleed 2, and it was swiftly exploited by threat actors, although at the time of writing it does not appear to have been named in any major confirmed or attributed cyber attacks.

‘Tricky to exploit’

On a positive note, VulnCheck vice-president of security research Caitlin Condon said memory corruption flaws such as CVE-2025-7775 and CVE-2025-7776 were generally somewhat “tricky to exploit” and as such, tend to be used either by exceptionally highly skilled adversaries or more commonly, state-sponsored threat actors, as opposed to more commodity attackers.

As a case in point, Condon told Computer Weekly in emailed comments, another NetScaler flaw, CVE-2025-6543 with a similar description to CVE-2025-7775 has yet to see exploitation at scale despite having been rattling around since the end of June.

But, she added, this does not mean patching should be any less of a priority, particularly given recent trends.

“While the Citrix advisory only explicitly mentions active exploitation of CVE-2025-7775, management interfaces for firewalls and security gateways have been targeted en masse in recent threat campaigns,” said Condon.

“It’s likely that exploit chains targeting these vulnerabilities in the future may try to combine an initial access flaw like CVE-2025-7775 with a flaw like CVE-2025-8424 with management interface compromise as a goal. Vulnerability response prioritisation should include CVE-2025-8424 rather than being limited to the higher-severity, but harder-to-exploit, memory corruption CVEs alone,” she said.

Source

The Trades Union Congress (TUC) is calling for the government to make changes to company tax regulations and extend the powers of regulators to ensure artificial intelligence (AI) is not abused by employers to weaken staff.

In response to Labour’s Plan for Change, industrial strategy and memorandum of understanding with large language model (LLM) providers, including OpenAI, the TUC has published a paper focused on the importance of collective bargaining as AI becomes embedded in the workplace.

The TUC’s Building a pro-worker AI innovation strategy paper warns that short-term priorities driven by the UK’s corporate governance system mean AI may be used by some employers to cut costs and automate existing processes, rather than invest, expand and innovate.

“Such decisions will more likely displace or deskill workers rather than augment, expand or retrain the workforce as part of technological upgrading,” said the TUC. The paper’s authors noted that if machines do more tasks and reduce the demand for skilled workers or for labour overall, workers could become less able to command a fair share, with the surplus increasingly captured by employers and AI companies.

The TUC wants to see businesses incentivised to look beyond short-term shareholder value, and when reporting on employment matters, they should cover the impact of AI on employment. It also wants to see worker representation on company boards to provide a workforce perspective on business decision-making, including engagement in technology strategy. 

It called on the government to require company directors to focus on long-term company success as their primary aim, taking account of the interests of stakeholders, including the workforce, shareholders, suppliers, customers and the local community, along with impacts on human rights and the environment. There also needs to be changes to the tax regime, which the TUC said should be evaluated to consider effective means to incentivise investment in labour-augmenting, rather than displacing, AI automation technologies.

Looking at regulators, the TUC said the Competition and Markets Authority (CMA) should be directed by the government to investigate the impact of market power on employment, alongside its current focus on “consumer benefit”. The paper said the Enterprise and Regulatory Reform Act 2013 should be amended to extend the CMA’s remit from consumer protection to worker protection.

The TUC also wants the Information Commissioner’s Office’s current remit to protect individual data rights to include collective data rights. This includes extending the ability of unions or worker organisations to access and exercise rights on behalf of individual workers. An example of how this could be used Ω the paper, is the ability of a union to gain access to data on how algorithms are used to set pay in the platform economy dynamically.

TUC assistant general secretary Kate Bell said: “AI could have transformative potential – and if developed properly, workers can benefit from the productivity gains this technology may bring. But for this to happen, workers must be placed at the heart of AI innovation.

“That means ensuring public money comes with strings attached, and isn’t siphoned away into the pockets of billionaire tech bosses. It means ensuring workers get a share in any productivity gains from new technologies. And it means dedicated training and skills programmes to protect workers in industries that may be disrupted by AI.”

Bell warned that if AI in the workplace is left unchecked, the AI revolution could entrench rampant inequality where shareholders are enriched while jobs are degraded or displaced.

“We cannot let that happen. Unmanaged disruption is not inevitable or acceptable. It’s time for an urgent and active policy response that makes sure workers are not left behind. AI technologies can help build a better future – we’re setting out a plan that shows how it can be done,” she added.

Source

The number of ransomware attacks observed worldwide held steady in July, increasing by just 1% to 376 recorded cases, according to the latest monthly Threat Pulse figures from cyber security services firm NCC Group.

This comes in the wake of an unfortunate record-breaking start to 2025, but as NCC’s analysts observed, the more stagnant summer should not give security teams cause to rejoice, for the threat remains as persistent as ever. In July, this held especially true for the industrial sector, which bore 101, or 27%, of recorded attacks.

The consumer discretionary sector, including retail, was the second most attacked sector in July, with attacks rising from 76 to 82, followed by IT with 31 reported incidents, and healthcare with 30.

As ever, the majority of these attacks unfolded in the North American theatre, which accounted for 54% of incidents, down 3% month-on-month, followed by Europe with 21%, Asia with 12%, and South America with 6%.

NCC’s global head of threat intelligence, Matt Hull, urged organisations to fix the roof while the sun is still shining.

“While ransomware activity remained relatively flat in July, this lull should not be mistaken for a reduced threat. We saw a similar dip during the summer months last year, yet the overall threat level remained high,” he said.

While ransomware activity remained relatively flat in July, this lull should not be mistaken for a reduced threat Matt Hull, NCC Group

“Looking ahead, we anticipate the return of previously disrupted groups, likely in collaboration with social engineering actors to start launching more sophisticated and coordinated attacks. Now is not the time for complacency.”

Broken out by threat actor activity, INC Ransom emerged as the leader of the pack in July, accounting for 54 attacks, or 14% of the total. INC Ransom’s attacks have been on a steady upward trend since the spring, targeting providers of critical national infrastructure (CNI).

INC Ransom is noteworthy in the UK for being behind a spate of NHS-linked intrusions towards the end of 2024, and in the US for its attack on Ahold Delhaize, the Benelux-based parent of the well-known Food Lion and Giant supermarket chains.

It is also known for targeting Citrix products and services, several new flaws in which were reported in the past few months.

Other particularly active gangs in July were Qilin and Safepay, with 40 attacks apiece, and Akira with 37. DragonForce, used to great effect against Marks & Spencer in the UK, accounted for just under 20 incidents in July.

Qilin time

This month’s Threat Pulse report also offered a deeper dive into the Qilin ransomware operation. Qilin was the gang behind the June 2024 attack on NHS pathology lab services provider Synnovis, but since then, it has grown into the most active ransomware crew seen by NCC in June 2025, and, with almost 300 recorded victims so far this year, is easily one of the most formidable foes currently operating.

The predominantly Russian-speaking gang aggressively targets known vulnerabilities in widely used enterprise software tools from the likes of Fortinet, SAP and Veeam, and like many of its peers, makes a sport of targeting CNI organisations.

Regarded as a master of the ransomware-as-a-service (RaaS) crime model, Qilin swept up many homeless affiliates following the closure of RansomHub, and has gone out of its way to catch the eyes of less technically minded affiliates, said NCC.

The operation stands out for its technical proficiency and user-friendly interface that enables affiliates to easily build their payloads to target specific systems and manage victim negotiations and payments. It also has a competitive commission structure, with between 80% and 85% of payouts going to the affiliate, and even offers them legal services – after a fashion – to help guide them in their negotiations.

“The emergence of Qilin has been a product of wider trends observed throughout the ransomware landscape,” wrote NCC’s analysts.

“Threat actors engaging in specialised roles within the RaaS ecosystem offer affiliates a wide range of choices.

“RaaS platform developers can specialise in creating a service that attracts affiliates and produces profits for them as well. This has resulted in technically proficient developers and affiliates operating in major gangs like Qilin,” they added.

Source

While the CEOs of the major tech firms have lined up to support US president Donald Trump’s 9.9% equity stake in chipmaker Intel, the company itself sees many potential adverse effects going forward.

A few weeks ago, Trump questioned the suitability of Intel CEO Lip-Bu Tan, claiming he had links to China. The pair then met. Intel described the meeting as “a candid and constructive discussion” on the firm’s commitment to strengthening US technology and manufacturing leadership. Now, the US government has taken a significant stake in the company.

The wording of the agreement suggests the US government is making an $8.9bn investment in Intel, but what appears to have happened is that the US Department of Commerce has used funding provided by the previous administration’s US Chips Act, covering $5.7bn of grants together with $3.2bn awarded to the company in 2024 as part of the Secure Enclave programme, which provides semiconductor technology to the Department of Defence.

Amazon Web Services and Microsoft along with HP and Dell welcomed the US government investment.

“The industry needs a strong and resilient US semiconductor industry, and no company is more important to this mission than Intel,” said Michael Dell, chairman and chief executive officer at Dell Technologies. “It’s great to see Intel and the Trump Administration working together to advance US technology and manufacturing leadership.

“Dell fully supports these shared priorities, and we look forward to bringing a new generation of products to market powered by American-designed and manufactured Intel chips.”

But as these companies try to win in the artificial intelligence (AI) arms race, Intel’s grip on the x86 PC and server market is under threat as rival chips offer better performance needed to run AI and high performance workloads. The 27 August PassMark high-performance benchmark for processors has 24 AMD processors ahead of Intel’s first entry, and it is third, behind two AMD chips, when measured against price and performance.

In a US Security and Exchange Commission (SEC) filing, Intel said the conversion of future grant funding into investments in common stock by the US government means it no longer benefits from the reduced future operating costs made possible by such grant funding.

Given Intel is a highly capital intensive business and has other grant arrangements with government entities, the SEC filing noted that these grants could also be converted into common stock in the future or there could be an unwillingness to provide further grants to support its expansion.

Intel also warned that its non-US business may be adversely impacted by the US government being a significant stockholder. Given that sales outside the US accounted for 76% of the company’s revenue for the fiscal year ended 28 December 2024, it said that having the US government as a significant stockholder could lead to additional regulations, obligations or restrictions, such as foreign subsidy l in other countries.

The SEC filing also notes that with the US government as a major shareholder, the company could experience adverse reactions from investors, employees, customers, suppliers, other business or commercial partners, foreign governments, or competitors. It could also face increased public or political scrutiny.

Source

The Police Digital Service (PDS) has completed a “strategic restructuring” of its senior leadership team, more than a year after two of its employees were arrested for suspected bribery, fraud and misconduct in public office.

The two PDS employees were arrested, interviewed and bailed by City of London Police in July 2024, and since then, the organisation’s senior leadership team has undergone a complete revamp.

Within two weeks of the news of the arrests breaking, Computer Weekly confirmed that PDS chief executive Ian Bell had resigned from his post, before later being replaced by interim CEO Tony Eastaugh in August 2024.

According to the PDS website, Eastaugh’s appointment has now been made permanent, and the senior leadership team appears to have been streamlined, with fewer roles now listed, and is now staffed with interim leaders. They include Ed Preece, who served as PDS’s director of governance and performance between September and February 2025, before taking on the role of interim chief operating officer.

As previously reported by Computer Weekly, the organisation’s chief information security officer (CISO), Jason Corbishley, departed PDS in April 2025 to take up a position in the private sector as a consulting director at Palo Alto Networks Unit 42. He has since been replaced by interim CISO Chris Cope.

The following month, in April 2025, the company’s chief financial officer, Catherine Wilmot, departed PDS, before being replaced by Lisa Cranston.

The website also lists David Bowen as interim deputy CEO and ex-Government Digital Service human resources head Greg Hobbs as interim chief people officer. Both appear to be new roles at PDS.

When asked by Computer Weekly about the raft of interim senior leadership appointments, a PDS spokesperson said they were geared towards assisting the organisation with achieving its push to digitally transform UK policing.

“The Police Digital Service has made appointments to its executive team over the past year to strengthen its leadership and deliver on the ambitious goals of the National Policing Digital Strategy,” said the spokesperson, in a statement.  

“The appointments are designed to bring in fresh expertise and perspectives to better address the complex challenges facing modern policing,” they added. “These individuals bring extensive experience crucial for overseeing the PDS’s corporate strategy and ensuring effective collaboration with police forces and key partners.

“This strategic restructuring ensures the organisation can deliver on its mission to help policing protect the public in an evolving digital world.”

‘Reset programme’

As confirmed in a previous statement to Computer Weekly, attributed to Eastaugh, in the wake of the July 2024 arrests at PDS, the organisation set about a “significant reset programme” that concluded at the end of last year.  

As outlined in Eastaugh’s statement, the reset paved the way for PDS to introduce a “new operating model and an ambitious strategic delivery plan to support policing and public safety”, while allowing PDS to focus on delivering “live services at greater speed, scale and efficiency”.

Meanwhile, and at the time of writing, the criminal investigation involving the two unnamed PDS employees is still ongoing, as confirmed to Computer Weekly by City of London Police.

PDS, incorporated in June 2012, is classified as a private company with no shareholders, and its activities are funded by the Home Office and the wider policing sector. 

Source

Ruslanas Baranauskas/science Photo Library/Getty Images

You might be using generative AI products like ChatGPT and Gemini to create drafts, summarize documents, reason through complex topics, or make viral videos, but others are using these models to come up with solutions to much bigger problems. For example, an MIT Antibiotics-AI Project study recently published in scientific journal Cell details not one but two AI techniques that allowed researchers to discover never-before-seen antibiotics that might neutralize two dangerous drug-resistant bacteria.

Artificial intelligence models did not create the new drugs on their own. Instead, the AI simply followed complex instructions to discover molecules that might be able to destroy Neisseria gonorrhoeae (gonorrhea) and Staphylococcus aureus (MRSA). The AI models generated millions of possible chemical compounds that would harm the bacteria and thus put a stop to infections. In each case, the researchers applied specific filters to narrow down the lists of compounds to adequate candidates. These filters included requirements that the resulting antibiotic should not harm humans nor share common traits with existing antibiotics that have lost their efficacy against the two bacteria. After applying these conditions, the researchers ended up with a few viable candidates that show promise in lab testing.

From millions of options, AI found a novel gonorrhea drug

PeopleImages.com – Yuri A/Shutterstock

Per MIT News, to find a potential antibiotic for gonorrhea, researchers instructed the AI to create molecules based on a key bacteria-killing chemical fragment. They started with a set of 45 million fragments made up of all the possible combinations of 11 atoms and fragments from the Enamine REadily AccessibLe (REAL) Space molecule repository.

From there, the AI refined the list to 4 million fragments that might kill the bacteria. After extracting chemical fragments that would harm the human body, researchers shrank the list to around 1 million candidates. After further tests, the MIT scientists ended up with a fragment called F1 that showed potential for addressing gonorrhea.

They fed the F1 candidate into two generative AI algorithms: chemically reasonable mutations (CReM) and fragment-based variational autoencoder (F-VAE). The former created molecules around F1 by modifying atom configurations and other characteristics. The latter used learned patterns to forge complete molecules from a fragment. These two technologies produced 7 million potential candidates based on F1. That massive list ultimately shrank to some 1,000 viable compounds, out of which 80 were chosen for potential lab synthesis. Just two of the 80 versions could be created, and only one (NG1) effectively destroyed gonorrhea in both a mouse model and lab dish.

Given more freedom, AI also produced results in MRSA tests

Deemerwha studio/Shutterstock

The second experiment saw a similar journey, beginning with millions of candidates that might kill S. aureus and ending with a single top option effective in MRSA therapies. But this time, the researchers did not force the AI to follow a fragment strategy. The only rule the AI had to follow concerned chemistry. The atoms would have to be able to join into “chemically plausible molecules.”

This time, the AI found 29 million compounds potentially effective against MRSA. After implementing the same filters used in the fragment-based experiment for gonorrhea, the team ended up with 90 candidates. The following test was more successful than the gonorrhea experiment, as researchers synthesized 22 molecules, six of which were highly effective against MRSA.

Of those six, they singled out the main candidate, DN1, which successfully addressed a MRSA infection in a mouse model. Interestingly, both DN1 and NG1 disturbed the cell membranes of the two bacteria. However, DN1 had a broader effect, while NG1 only interacted with a single protein. Once the cell membrane is impacted, the bacteria dies.

How dangerous are gonorrhea and MRSA?

Jack_the_sparow/Shutterstock

Gonorrhea is a widely spread sexually transmitted infection. Internationally, 82.4 million new infections were recorded in 2020. Additionally, according to the World Health Organization (WHO), gonorrhea’s drug resistance “is a serious and growing problem” that might make the condition untreatable. Meanwhile, S. aureus ranks high on the WHO’s “list of drug-resistant bacteria most threatening to human health.” The Centers for Disease Control and Prevention (CDC) also labels the bacteria a “serious threat” that can lead to death.

To be used in humans, NG1 and DN1 would have to pass preclinical trials and then clinical trials. These steps might take months to years. MIT News notes that Phare Bio (a nonprofit partnered with the Antibiotics-AI Project) “is now working on further modifying NG1 and DN1 to make them suitable for additional testing.” Before using generative AI to develop potential antibiotics for gonorrhea and MRSA, MIT scientists employed AI to create the antibiotics halicin and abaucin. 

Curious to explore other ways AI is impacting science and medicine? Check out this breakthrough tool that can detect cancer 99% of the time.

Source

Koshiro K/Shutterstock

Google Maps has a stranglehold on many of our smartphones when it comes to navigation, and for good reason. The app offers plenty of features while also giving directions and other information pertinent to your journey. But sometimes it’s worthwhile to give another navigation app a try. If you’ve been eyeing Waze — another navigation app from Google — you might be wondering exactly why you’d choose one over the other.

After all, both apps are made by the same company, so you might think they aren’t very different. Truth be told, the answer isn’t a simple yes or no. Each app offers a different approach to navigation, and they each have a number of unique features that may make one or the other better suited for your needs.

Google Maps is more utilitarian, for starters. It’s focused on providing multiple ways to approach your journey, while also providing you with as much information as possible. Waze, on the other hand, is more personal. The app learns about your journey over time and then uses that information to find the fastest route for you while making you feel like part of a larger community. There are also other features to consider, but ultimately, choosing whether to use Google Maps or Waze comes down to determining what you need out of your navigation app.

The biggest differences

Vlad Ispas/Shutterstock

While Google has slowly been adding some of the more important features from Waze to Google Maps, there are still notable differences between the features offered in each app. One of the biggest is that Waze isn’t particularly great for discovering new locations. You can open the Waze app, search for something like “Costco” or “McDonald’s” and see information about the different locations around you, but it won’t provide much additional information beyond basic details like the phone number, address, and store hours.

On the other hand, discovery on one of the strengths of Google Maps. You’ll find reviews, photos, links to the business’s website, and more. It’s helpful if you’re looking for more information about somewhere, and you just don’t get the same level of information from Waze.

Where Waze does stand above Google Maps is in its traffic and incident reporting. Much of the data is fed to the app by users themselves — something Google brought to Maps last year. But Waze still does the job better thanks to its long-standing community. Further, Waze launched a new feature last year that helps you find up-to-date parking around you, which is great if you live in a big city. Waze is also more personal, allowing you to create a profile that shares information with other users, so you always feel like you’re contributing to the community. Plus, you can customize your experience even further with different voices and icons.

Google Maps is still the best navigation app

Danawan Purbanggoro/Shutterstock

Ultimately, the thing to keep in mind when choosing between Waze or Google Maps is that you need to decide whether you want a navigational app that offers you more information or one that finds you the fastest route while also giving you some of the best traffic and incident reporting information you’ll find in any app.

Both apps offer many of the other features you’ve come to expect from these kinds of tools — voiced directions, a digital speedometer, and the ability to set favorites like your home address, work, and more for faster selections. I’ve never really felt like I was missing anything when switching between one or the other, though I have personally found that the best choice is to utilize Waze during long journeys and to rely on Google Maps for most of my daily driving or when looking for foot-based or local transit directions.

If you don’t want to switch between the two, Google Maps is the better choice for most users. Waze can find the fastest route and has better incident reporting capabilities than Google Maps, but if you prefer to have more information at your fingertips with user-friendly interface, it’s hard to beat everything that Google Maps offers, especially since Waze is ending support for older Android devices soon, too.

Source

José Adorno for BGR

OpenAI recently rolled out GPT-5 to all ChatGPT users. With this new milestone for ChatGPT, the company has also increased the number of queries people on the free tier can submit to the company’s AI chatbot, which is now faster, smarter, and more capable (depending on who you ask).

At this point, you might be wondering whether it even makes sense to pay $20 for a monthly ChatGPT Plus subscription. If you’ve made ChatGPT part of your daily routine and want to avoid running into usage limits in the days and weeks ahead, there might be a few reasons why paying for ChatGPT Plus is worth it, even after GPT-5 rolled out to the general public.

For example, if you’re really into the Deep Research, you’ll only have access to one GPT-5 Thinking message per day on the free tier, while ChatGPT Plus users get 10 GPT-5 Thinking messages every five hours. That makes it’s easier to settle in for lengthy brainstorming sessions, compare products you’re thinking about buying, and more. But that’s not the only reason why ChatGPT Plus is still worth considering.

How GPT-5 upgrades ChatGPT Plus

José Adorno for BGR

If you can’t decide whether or not to subscribe to ChatGPT Plus, here are a few reasons why it might be worth the $20 per month:

• Legacy Models: After the immediate backlash to the new model, OpenAI brought back multiple legacy models. If you’re a paying subscriber, you can switch back to GPT-4o, while the free tier is stuck with GPT-5.
• Context window size: The context window of the free tier offers around 8K tokens while the Plus subscriptions offers over 32K tokens. Therefore, ChatGPT is able to remember more of your conversation, so the AI is less likely to forget anything while you’re chatting.
• Different modes: GPT-5 automatically selects models for you depending on your prompt. However, only the Plus tier offers subscribers the ability to manually toggle between the different models, which include GPT-5 Thinking, GPT-5 Thinking mini, and GPT-5 Fast.
• Usage priority: ChatGPT Plus offers faster responses and priority access when servers are busy. So, if you’re in a meeting and need a quick AI-generated answer, you won’t have to impatiently wait for an answer.
• Early access: Paying subscribers often have access to early features that can take months to arrive on the free tier, such as the ability to upload spreadsheets or create a custom GPT.

With all of these perks in mind, it’s clear that ChatGPT Plus still offers value for users who are spending a great deal of time with OpenAI’s chatbot. That said, it’s entirely possible getting access to GPT-5 for free is enough for your needs.

Source

Although at their heart they focus on post-breach mitigation and remediation, cyber incident response plans are emerging as a very important cyber security control when it comes to reducing overall risk, particularly the risk of having to claim against cyber insurance.

This is according to a newly published report produced by professional services firm Marsh McLennan, through its Cyber Risk Intelligence Centre (CRIC).

Titled Cybersecurity signals: Connecting controls and incident outcomes, the report revealed that organisations that conduct regular tabletop wargame exercises and scenario-based breach response drills are 13% less likely to fall victim to a material cyber incident than those that do not.

“Marsh has long advocated proactive cyber incident response planning as a tool to help organisations effectively and efficiently respond to and recover from a cyber attack,” said Tom Reagan, global cyber practice leader at Marsh McLennan.

“What our latest research confirms is that thoughtful planning also drives secondary benefits like positive security behaviours and strong control implementations, which help build more organisational resilience and reduce breach incidents,” he said.

Two years have elapsed since Marsh McLennan’s CRIC first started tracking the correlation between the core security controls that cyber insurers take into account and the likelihood of making a claim.

To do this, it has been drawing data from thousands of organisations using Marsh McLennan’s Cyber Self Assessment service to examine their risk levels and help them prepare better for investing in cyber insurance, and analysing this information against claims histories to derive relationships between security practice and claim likelihood.

In the intervening time, much has changed, so it is not really possible to draw a direct comparison between 2023 and 2025, but that said, incident response planning now ranks as the fourth most effective control, behind endpoint detection and response (EDR), logging and monitoring, and security awareness training and phishing testing.

Marsh McLennan said it was possible, though not proven, that effective incident response planning and policies are leading to secondary benefits, exposing other gaps in enterprise security programmes and driving further investment.

Upward trend

Across the other core cyber controls explored in the 2023 report, Marsh McLennan found positive indicators that enterprises are generally improving their security postures two years on.

For example, the number of respondents who have implemented EDR has grown by 9%, from 82% to 91%, while the number who evaluate and quarantine inbound email attachments has grown by 8%, from 75% to 83%.

More impressively, enterprises are demonstrating a much more mature approach to patching. The number that now set target windows to patch high-severity and critical-severity vulnerabilities has soared, from 24% to 89% and from 53% to 89% respectively.

Other metrics saw low single-digit percentage point growth – however, against one control, things did appear to be going backwards. The number of respondents who said they used endpoint privilege management to manage desktop or local admin privileges dropped from an already low 35% to 27%.

“Our findings emphasise that simply deploying key cyber security controls is no longer enough – these tools must be properly managed and comprehensively used,” said CRIC head Scott Stransky.

“By drawing on our insights, organisations can make informed decisions to strengthen their security frameworks and help reduce their exposure to cyber risks.”

Source

Virtually all companies regard networks as critical to business success, but as they become more distributed and complex than ever, operations teams are needing tools that speed resolution, boost efficiency and ensure user experience at scale. Looking to address these needs, HPE has made what it says are major innovations to its HPE Juniper Networking portfolio to deliver agentic AIOps through more autonomous, intelligent and proactive network operations.

The advances will be made through enhancements in the artificial intelligence (AI)-native Juniper Mist platform. This includes agentic AI-powered troubleshooting, expanded visibility and control of self-driving actions, a generalised large experience model (LEM), and AIOps features for datacentres. These moves are designed to reduce IT complexity and assure “exceptional” user experiences from client to cloud.

“Today’s networks must do more than connect – they must understand, adapt and act,” said HPE Networking executive vice-president, president and general manager Rami Rahim. “With these new digital experience twin and agentic AI capabilities in Juniper Mist, we continue to turn the network into a proactive partner for IT, capable of solving problems before they impact users. This is a major leap toward truly self-driving operations, helping our customers simplify complexity, reduce costs and deliver exceptional digital experiences at scale.”

The Mist enhancements will be driven by improvements to Marvis, the AI engine that powers the platform. Specifically, these will be grouped around four key areas: enhanced conversational capabilities; expanded self-driving actions; generalised LEM; and AI for datacentre operations.

Marvis AI analyses telemetry across the wired, wireless, WAN and datacentre domains, and creates automated workflows to simplify operations and lower costs. AI-driven support uses trouble ticket data to continually train and increase the efficacy of the Marvis AI engine, and a fully application programming interface-driven model works with external systems and applications, like Zoom, Teams and ServiceNow, to quickly identify and fix the root cause of problems.

The Marvis AI assistant will now have augmented conversational capabilities that facilitate real-time troubleshooting. By using an agentic AI framework, HPE says customised insight is provided with self-driving agents that collaborate across the wired, wireless, WAN, client and application domains. A Marvis Actions dashboard will support the autonomous remediation of more network issues, including misconfigured ports, capacity issues and non-compliant hardware – with full IT oversight.

The LEM is an AI model that is said to be unique to HPE Juniper Networking, analysing billions of data points from applications like Zoom and Teams to troubleshoot the performance of common collaboration tools and predict future issues. Enhanced with Marvis Minis – twins that simulate user experiences – LEM can now predict future application experiences without real-time data from the applications themselves. This is fed into the Marvis AI engine where self-driving actions can be taken to optimise future performance, prior to users even being present.

Within datacentre operations, the Marvis AI Assistant for Data Centre integrates with Apstra’s contextual graph database to deliver intelligent insights and lay the groundwork for autonomous service provisioning. Marvis Minis also extends to the datacentre for continuous service validation and application assurance pertinent to datacentre networks.

These capabilities are also seen as bolstering GreenLake Intelligence, HPE’s next approach to autonomous IT and agentic AIOps, which deploys specialised AI agents in a multi-layered IT architecture. This is designed to enable real-time problem-solving, proactive optimisation and smarter decision-making across networking, storage and compute. 

HPE believes the agentic AI capabilities in Juniper Mist shift IT from reactive to proactive management, laying the groundwork for significant improvements in performance and efficiency.

“Operations teams need tools that speed resolution, boost efficiency and ensure user experience at scale,” said Bob Laliberte, principal analyst at The Cube Research.

“For over a decade, HPE Juniper Networking solutions have pioneered the use of AI in network operations, accelerating the journey toward self-driving networks. With its latest advances in agentic AI and GenAI, powered by Marvis, HPE is delivering real autonomous capabilities that enable predictive intervention, letting ops resolve issues before users even notice.”

Source