All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This study tested whether Western theories about why employees follow security policies apply to Saudi workers by surveying 401 employees. The research found that cultural differences and local policies significantly affect how employees think about security compliance, meaning that strategies to encourage safe behavior need to be tailored to specific cultures rather than using one-size-fits-all approaches.
A path traversal vulnerability (a type of attack where an attacker manipulates file paths to access files outside the intended directory) was found in fishaudio Bert-VITS2, specifically in the generate_config function of the Gradio Interface (a web-based tool for interacting with AI models). The vulnerability can be triggered remotely by manipulating the data_dir argument, and the exploit is now publicly known.
This article covers a legal dispute between Elon Musk and Sam Altman over OpenAI, where Musk has accused Altman of 'stealing a charity.' The trial featured testimony from major tech industry figures and revealed private communications about OpenAI's history and leadership practices. The article focuses on the courtroom drama and business conflict rather than any technical or security issue related to AI systems.
Cerebras Systems' successful IPO, where shares jumped 70% in value, has created excitement around AI investment opportunities, but smaller tech companies are struggling to attract investor attention because massive AI firms like SpaceX, OpenAI, and Anthropic (each valued near or above $1 trillion) are preparing their own IPOs that will overshadow all other offerings. Companies without strong AI-related stories, particularly SaaS companies (software-as-a-service, meaning applications accessed over the internet), face especially difficult conditions in the public market right now.
Two brothers, Muneeb and Sohaib Akhter, were caught and pleaded guilty to destroying 96 government databases after being fired from their jobs at federal contractor Opexus. They were caught because they forgot to close a Microsoft Teams meeting (a video conferencing tool) during their termination meeting, and the software continued recording hours of their detailed planning and discussion of how they would delete the company's databases as revenge.
This research examines why patients hesitate to share health information with health information technology systems (HIT, software that stores and manages medical records). The study found that patients are more willing to share information when they feel in control of how the technology is used, when they trust that their data is protected by security measures and regulations, and when they perceive real benefits from sharing. Conversely, patients become less willing to share when they feel their data is being tracked without their knowledge.
A study of 350 MBA students and 42 information systems graduates found that feedback from generative AI (AI systems that create new text or content) has mixed effects on workers: it boosts confidence in their abilities and motivation, but simultaneously makes them feel devalued and replaceable because the AI can perform the same tasks independently. The research also discovered that GenAI creates 'prompt engineering convergence' (where different types of work become repetitive prompting and reviewing tasks), which doesn't motivate workers the way traditional job variety does.
This report presents a framework for measuring research impact in Information Systems, a field where traditional academic metrics (like citation counts) don't capture the full value of research for organizations and society. Researchers from a global workshop developed a matrix that evaluates research across six themes (such as stakeholder engagement and ethics) and four project phases (planning, delivering, measuring, communicating) to help IS researchers design more impactful work.
Remote patient monitoring (RPM), a system using information and communication technologies to track patients' health from a distance, has expanded rapidly due to COVID-19 and payment policy changes, but faces significant challenges in how healthcare data is managed across fragmented systems. The main obstacles fall into three areas: trust and responsibility issues, limited and disconnected infrastructure (the technical systems that don't work well together), and changes in how healthcare workers do their jobs and what skills they need. The article calls for future research and curriculum changes to help information systems professionals address these challenges.
This study describes the design of a data space, which is a system that lets multiple organizations share and exchange data while protecting privacy and giving countries control over their data. The researchers created a data space for the cultural sector, where participants vary widely in size and technical skill, and they found that successful data spaces should be designed to make it easy for all types of organizations to join, regardless of their resources or technical expertise.
A panel of Australian information systems academics examined how generative AI (GenAI, AI systems that create new text, images, or code based on patterns in training data) is changing higher education, drawing on research from 45 universities across Australia and New Zealand. The panel identified key challenges including learning assurance (ensuring students actually learn the material), privacy, intellectual property rights, and security, while also exploring opportunities for innovation in teaching and research. The discussion emphasized the need for responsible AI governance and policies to guide institutions in adopting GenAI safely and ethically.
Technology-facilitated domestic and family abuse (TFDFA, which is abuse carried out through digital devices and platforms) affects one in two Australian adults, yet the Information Systems research field has largely ignored this problem compared to other disciplines. The authors argue that IS researchers need to urgently study how digital platforms enable abuse, develop design principles to reduce harm, and create frameworks that protect vulnerable people while respecting their digital access.
A panel of academics discussed how AI is changing their work in teaching, research, and service roles, finding both opportunities to boost productivity and concerns about ethical and professional risks. The impact of AI in academia depends on factors at multiple levels, including individual understanding of AI, how institutions govern its use, and discipline-specific practices. The researchers recommend that Information System scholars study human-AI collaboration, build trustworthy AI tools, and examine how AI affects academics' careers.
Twin transition refers to the deliberate alignment of digital and sustainability transformations, which has become a priority for policymakers and corporations but lacks sufficient research and practical guidance. A workshop identified five key challenges: conceptual confusion about what twin transition means, difficulty measuring progress, gaps between stated goals and actual practices, issues of political power and influence, and the need for researchers to examine their own biases. The researchers warn that progress is threatened by four pitfalls: assuming technology alone will solve problems, overconfidence in ideological approaches, fragmented efforts across different organizations, and getting stuck in endless analysis rather than taking action.
Google has introduced Gemini for Science, a collection of AI tools designed to help researchers work faster and tackle complex scientific problems. The tools include Hypothesis Generation (which uses AI to synthesize research and propose ideas), Computational Discovery (which tests thousands of code variations automatically), and Literature Insights (which organizes and analyzes scientific papers). These tools aim to free up researchers from time-consuming manual work so they can focus on high-impact scientific questions.
This academic paper examines how cybercrime threats have changed during times of crisis and uncertainty, particularly focusing on the pandemic period. The study analyzes the relationship between unstable conditions and increased cyber attacks, helping researchers and security professionals understand how criminals exploit situations when organizations and people are stressed or distracted.
This research paper examines TLS 1.3 (the protocol that encrypts data sent between your browser and websites) with a focus on validating its security and performance when used with Intelligent Transport System certificates (digital credentials for vehicles and infrastructure in connected transportation systems). The authors are working toward formal validation, which means mathematically proving the protocol works correctly and securely in this specific context.
This research paper proposes a method for securely sharing data across different organizations or systems using threshold secret sharing (a technique where data is split into pieces so that a minimum number of pieces are needed to reconstruct it) and zero-knowledge proofs (cryptographic methods that let one party prove something is true without revealing the actual information). The approach aims to allow data sharing while maintaining auditability, meaning organizations can track and verify that data was shared appropriately.
This is a survey paper that examines vulnerabilities and attack methods targeting embodied AI systems (AI systems that control physical robots or devices in the real world). The paper reviews the landscape of security risks in embodied AI and appears to focus on understanding these threats rather than proposing specific fixes.
This academic paper proposes a policy-based conjunctive scheme, which is a method for managing how groups of people can collectively decide to delete shared data they all own together. The research addresses the challenge of 'digital forgetting' (the ability to have data permanently removed) when multiple parties have rights to the same information, requiring agreement from all co-owners before deletion occurs.