Delinea Expands Identity Security Platform Through StrongDM Acquisition
Delinea has signed a definitive agreement to acquire StrongDM. Delinea’s leadership in enterprise privileged access management (PAM), combined with StrongDM’s just-in-time (JIT) runtime authorization capabilities and developer-first access model, will form a new class of identity security platform designed for continuous, always-on environments. As AI adoption accelerates and non-human identities (NHIs) continue to outnumber human users, enterprises must secure privileged access in real-time across increasingly diverse cloud-native, hybrid, and on-prem environments. StrongDM’s JIT runtime authorization … More → The post Delinea expands identity security platform through StrongDM acquisition appeared first on Help Net Security.
Auto-Close Tickets only when AI Reply Succeeds
Any @Zendesk experts out there? We have a gen AI reply out there for @haveibeenpwned which attempts to answer a support question, but has a fallback for if it can’t. How can we automatically close the ticket if a reply...
Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns
ISACA’s State of Privacy 2026 report reveals that data privacy teams remain understaffed and underfunded, despite growing regulatory demands and rising technical privacy challenges
New Vulnerability in N8n
This isn’t good: We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version...
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.
4 Outdated Habits Destroying Your SOC's MTTR in 2026
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully...
FTC Bans GM From Selling Drivers' Location Data for Five Years
The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. [...]
Guarding Europe’s Hidden Lifelines: How AI Could Protect Subsea Infrastructure
By Michael Allen Thousands of kilometres of cables and pipelines criss-cross Europe’s sea floors, carrying the gas, electricity and data that keep modern life running. Yet these critical links lie mostly unprotected. A series of recent incidents, such as the...
Cyb3r Operations Raises $5.4M in Financing
Cyb3r Operations, a London, UK-based provider of continuous third-party cyber risk visibility solutions, raised $5.4m in financing. The round was led by Octopus Ventures, with follow-on investment from Pi Labs, bringing total funding to $6.75m. The company intends to use the funds to...
AWS Flips Switch on Euro Cloud as Customers Fret About Digital Sovereignty
Bitwarden Advances Passkeys and Credential Risk Controls
Bitwarden revealed continued product innovation and ecosystem maturity to advance identity security capabilities for users and enterprises. Bitwarden introduced enterprise credential risk insights and guided remediation through Bitwarden Access Intelligence, expanded passkey interoperability across browsers, devices, and operating systems, and...
Arcjet Python SDK Sinks Teeth Into Application-Layer Security
A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code. The post Arcjet Python SDK Sinks Teeth Into Application-Layer Security appeared first on Security Boulevard.
F5 Targets AI Runtime Risk with New Guardrails and Adversarial Testing Tools
F5 has unveiled general availability of F5 AI Guardrails and F5 AI Red Team, two solutions that secure mission-critical enterprise AI systems. With these releases, F5 is providing a comprehensive end-to-end lifecycle approach to AI runtime security, including enhanced ability...
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact
Only a dozen new advisories have been published this Patch Tuesday by industrial giants. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact appeared first on SecurityWeek.
Palo Alto Networks Warns of DoS Bug Letting Hackers Disable Firewalls
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. [...]
Asimily Extends Cisco ISE Integration to Turn Device Risk Into Segmentation Policy
Asimily announced enhanced microsegmentation capabilities, including new support for Security Group Access Control Lists (SGACL) within Cisco Identity Services Engine (ISE). The release builds on Asimily’s longstanding ISE integration, enabling organizations to translate device intelligence and risk context into enforceable...
DeFi Quietly Breaks up with Discord as Scams Overwhelm Public Channels
Ticketed help desks and live support are replacing always-on Discord channels at major DeFi protocols.
Modern Executive Protection: Digital Exposure & Physical Risk
Nisos Modern Executive Protection: Digital Exposure & Physical Risk Executive protection has long focused on physical security measures such as trained personnel, secure travel, and site assessments... The post Modern Executive Protection: Digital Exposure & Physical Risk appeared first on Nisos by...
Microsoft Shuts Down RedVDS Cybercrime Subscription Service Tied to Millions in Fraud Losses
Microsoft has announced a coordinated legal action in the United States and the United Kingdom to disrupt RedVDS, a global cybercrime subscription service tied to large-scale fraud losses. The effort forms part of a broader joint operation with international law...
From Typos to Takeovers: Inside the Industrialization of Npm Supply Chain Attacks
A massive surge in attacks on the npm ecosystem over the past year reveals a stark shift in the software supply‑chain threat landscape. What once amounted to sloppy typosquatting attempts has evolved into coordinated, credential-driven intrusions targeting maintainers, CI pipelines, and...
China Bans U.S. and Israeli Cybersecurity Software over Security Concerns
China has told domestic firms to stop using U.S. and Israeli cybersecurity software, citing national security concerns amid rising tech tensions. Reuters reported that China has ordered domestic companies to stop using cybersecurity solutions from more than a dozen U.S....
Cyb3r Operations Raises £4M to Address Third-Party Risk Blind Spots
London-based Cyb3r Operations hasraised £4 million to provide organisations with continuous visibility intothird-party cyber risk. The round was led by Octopus Ventures, with follow-oninvestment from ...
New Cloudflare Report Warns of a ‘Technical Glass Ceiling’ Stifling AI Growth and Weakening Cybersecurity
New research shows that organizations modernizing apps are 3x more likely to see AI payoffs, while those clinging to legacy systems face rising security risks and developer talent shortages Cloudflare, Inc. , the leading connectivity cloud company, published its inaugural...
LinkedIn Wants to Make Verification a Portable Trust Signal
In this Help Net Security interview, Oscar Rodriguez, VP Trust Product at LinkedIn, discusses how verification is becoming a portable trust signal across the internet. He explains how LinkedIn is extending professional identity beyond its platform to address rising AI-driven...
GoLogin vs MultiLogin vs VMLogin – What’s the Anti-Detect Browsers Difference?
A web browser is a door to the Global Network, allows to surf through different resources, obtain all required information, watch films, earn money, and many more legal and partly legal activities. It depends on the size of the door,...
QR Codes Are Getting Colorful, Fancy, and Dangerous
QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with caution, but QR codes still carry an assumption of safety. Researchers from...
When a Scammer Meets the Force.
The episode reviews the latest social engineering threats, highlighting CrowdStrike's 2025 Global Threat Report which notes faster breach times, a rise in vishing and account abuse, and a shift toward malware‑free intrusions. It then examines the industrialization of "pig‑butchering" romance...
Cybersecurity Spending Keeps Rising, so Why Is Business Impact Still Hard to Explain?
Cybersecurity budgets keep climbing, but many security leaders still struggle to explain what that spending delivers to the business. A new study by Expel examines that disconnect through a survey of security and finance executives at large enterprises. The research...
The NSA Lays Out the First Steps for Zero Trust Adoption
Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting out what they own, how access works, and where authority sits. That...
Microsoft, Law Enforcement Disrupt RedVDS Global Cybercrime Service
Microsoft and law enforcement agencies in Europe disrupted the operations of RedVDS, a global cybercrime service that sold cheap and disposable dedicated virtual servers to threat actors that used them to run BEC, phishing, and other fraud campaigns. The vendor...
Depthfirst Secures $40M to Expand Agentic Approach to Software Security
Artificial intelligence-native security platform startup depthfirst Inc. revealed today that it had raised $40 million in new funding to support its research and development, go-to-market efforts and hiring across applied research, engineering, product and sales. Founded in 2024, depthfirst was...
Aikido Security Raises $60M Series B at $1B Valuation to Unify Application Security
Belgian cybersecurity company Aikido Security NV today announced that it had raised $60 million in new funding at a $1 billion valuation to further enhance its unified platform for code, cloud and runtime security and introduce autonomous self-securing software. Founded in 2022,...
How to Build a Stateless, Secure, and Asynchronous MCP-Style Protocol for Scalable Agent Workflows
In this tutorial, we build a clean, advanced demonstration of modern MCP design by focusing on three core ideas: stateless communication, strict SDK-level validation, and asynchronous, long-running operations. We implement a minimal MCP-like protocol using structured envelopes, signed requests, and...
Project Eleven Scores $20M Series A
NEW YORK, NY, Project Eleven, the leader in post-quantum security and migration for digital assets, announced a $20 million Series A funding round led by Castle Island Ventures.
Secure Your Spot at RSAC 2026 Conference
NDSS 2025 – PolicyPulse:Precision Semantic Role Extraction For Enhanced Privacy Policy Comprehension
Session 8D: Usability Meets Privacy Authors, Creators & Presenters: Andrick Adhikari (University of Denver), Sanchari Das (University of Denver), Rinku Dewri (University of Denver) PAPER The effectiveness of natural language privacy policies continues to be clouded by concerns surrounding their readability, ambiguity,...
Iran’s Partial Internet Shutdown May Be a Windfall for Cybersecurity Intel
The near-total internet blackout imposed by the Iranian government starting January 8, reportedly due to a crackdown on protesters, may offer a rare opportunity to SOC staffers and other cybersecurity analysts, briefly allowing all government traffic sources to be identified...
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest...
Structure and Reliability in E-Commerce Platforms
A successful e-commerce platform requires more than just a good-looking design. Security, stability, speed, and scalability are key…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada, on January 27, 2026, at 1:30 PM ET. I’m speaking at the Université...
From Backup to Business Resilience: Inside Cognizant and Rubrik’s New BRaaS Model
Ransomware, infrastructure outages, supply chain disruptions, and the rapid operationalization of AI have fundamentally changed what business resilience means. For CIOs, keeping the lights on is no longer enough. Today’s mandate is to ensure the business can withstand disruption and recover...
Microsoft Updates Windows DLL that Triggered Security Alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week. [...]
US Cargo Tech Company Publicly Exposed Its Shipping Systems and Customer Data to the Web
Shipping tech company Bluspark left internal plaintext passwords, including those of executives, exposed to the internet, at a time when hacks in the shipping industry are on the rise.
From Bot Noise to Real Insights: How Jobrapido Achieved True Marketing ROI
Discover how Jobrapido blocked 15% of malicious traffic with DataDome, achieving true marketing ROI, reducing cloud costs, and gaining trustworthy insights into genuine user activity. The post From Bot Noise to Real Insights: How Jobrapido Achieved True Marketing ROI appeared first...
RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement
RedVDS enables threat actors to set up servers that can be used for phishing, BEC attacks, account takeover, and fraud. The post RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement appeared first on SecurityWeek.
Hacker Claims Full Breach of Russia’s Max Messenger, Threatens Public Leak
A hacker claims a full breach of Russia’s Max Messenger, threatening to leak user data and backend systems if demands are not met.
AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps
AppOmni, a provider of a platform for securing software-as-a-service (SaaS) applications, this week disclosed it has discovered a flaw in the ServiceNow platform that could be used to create a malicious artificial intelligence (AI) agent. Dubbed BodySnatcher (CVE-2025-12420), AppOmni researchers...
Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026
Join former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing, Lane Billings, on January 20th for an exclusive insider look at how email security vendors will be evaluated in 2026. Backed by years of analyst experience and deep...
Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps
As software supply chains become longer and more interconnected, enterprises have become well aware of the need to…