🎯Today's Cybersecurity Pulse
Updated 54m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Feb 21, 2026
Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports, used brute‑force with common passwords, and then employed AI‑assisted Python and Go tools to parse configurations, extract credentials, and orchestrate lateral movement. No zero‑day exploits were used; instead, the operation relied on weak authentication, lack of MFA, and AI‑generated scripts to target VPNs, Veeam backups, and domain controllers. Amazon highlighted the growing risk that commercial AI lowers the skill barrier for sophisticated attacks.
By BleepingComputer
Social•Feb 21, 2026
Oracle Hack Triggers $1M Payout; Vitalik Profits $70K
The Polymarket oracle issue highlighted by Vitalik Buterin Oracle disaster: Russia-Ukraine market bet on city control. Oracle = ISW's X account maps. Account got hacked, fake map showed Russian control of train station, triggered $1.3M in payouts at 33,000% returns. One...
By Efi Pylarinou
News•Feb 21, 2026
This Is How You Do It: Dentist Speaks Out After Practice Hit by Cyber Attack
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
By DataBreaches.net
News•Feb 21, 2026
Discord’s Age Verification Data Has a Frontend Leak — Now What?
Discord’s new age‑verification system, powered by identity vendor Persona, has a critical frontend exposure. Security researchers discovered that verification components are reachable on the public web, potentially revealing users’ age‑related data. The flaw adds urgency to Discord’s 2026 compliance roadmap,...
By DataBreaches.net
News•Feb 21, 2026
IoTeX Confirms ‘Suspicious Activity’ Involving Token Safe, Says Losses Contained
Decentralized identity platform IoTeX confirmed a breach of one of its token safes, with on‑chain analyst Specter estimating losses around $4.3 million across USDC, USDT, IOTX and WBTC. The project’s team is working with major exchanges and security partners to trace...
By Cointelegraph
News•Feb 21, 2026
Can Microsoft Teams Chat Be Monitored?
Microsoft Teams chat can be monitored using native Microsoft 365 compliance features and third‑party solutions. Monitoring requires an E5 license or an E3 plan with the E5 Compliance add‑on, after which admins enable communication‑compliance, assign roles, and create policies. Tools such...
By TechTarget SearchERP
Blog•Feb 21, 2026
U.S. CISA Adds RoundCube Webmail Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws—CVE-2025-49113, a deserialization bug with a 9.9 CVSS score, and CVE-2025-68461, an SVG‑based XSS issue scoring 7.2—target...
By Security Affairs
News•Feb 21, 2026
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
By GBHackers On Security
News•Feb 21, 2026
Best Cyber Security Consulting Companies
The explosion of IoT and IIoT devices—projected at 200 billion—has dramatically widened the cyber‑attack surface, prompting organizations to treat security as a core priority. A recent Gartner study shows cybersecurity now eclipses AI and cloud as the top CIO spend, fueling...
By Security Boulevard
News•Feb 21, 2026
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
By The Hacker News
Blog•Feb 21, 2026
WordPress, AI, Plugins, Future of Software Engineering
The post outlines how AI is reshaping the WordPress ecosystem, from a flood of AI‑generated plugins that introduce new security risks to the need for large‑scale audit infrastructure. It advises agencies to pivot from billable hours to outcome‑based pricing, leveraging...
By Matt Mullenweg
Blog•Feb 21, 2026
Update: rtfdump.py Version 0.0.15
Didier Stevens announced on 21 February 2026 the release of rtfdump.py version 0.0.15. The update specifically fixes a bug in the –yarastrings option, restoring reliable extraction of YARA strings from RTF files. The release package is available for download and...
By Didier Stevens’ Blog
Blog•Feb 20, 2026
When the Cloud Fails: Protecting Insureds in a Third-Party Outage Crisis
The episode examines how recent large‑scale cloud outages are forcing insurers and risk managers to rethink cyber policy language around third‑party vendor failures. Experts discuss coverage gaps, underwriting hurdles, and new claims handling approaches to avoid disputes and ensure clients...
By Insuring Cannabis (Insurance Journal)
News•Feb 20, 2026
Resource: Privacy Law Directory — Codamail
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence...
By DataBreaches.net
News•Feb 20, 2026
The White House Scrapped SBOMs in Favor of Agency-Managed Cyber Risk. Flexibility, Meet Accountability.
The Office of Management and Budget has withdrawn the mandatory software bill of materials (SBOM) requirement, replacing it with a risk‑based menu of options for federal agencies. This shift moves compliance from a prescriptive checklist to agency‑driven risk assessment, granting...
By Federal News Network
Blog•Feb 20, 2026
Texas Sues Temu for Allegedly Functioning as Chinese Spyware
Texas Attorney General Ken Paxton sued Temu, alleging the discount marketplace operates as Chinese Communist spyware that harvests user data for the Chinese government. The lawsuit targets PDD Holdings, accusing it of deceptive marketing and seeking substantial civil penalties. It...
By Shopifreaks
News•Feb 20, 2026
AI Apps On The Google Play Store Are Leaking Customer Data And Photos
AdGuard is offering its Family Plan as a lifetime subscription for $15.97 through February 22, covering up to nine devices. The deal bundles enterprise‑grade ad blocking, tracker suppression, malware and phishing protection, and built‑in parental controls. Users receive continuous updates without...
By Mashable AI
News•Feb 20, 2026
HID Reports Delicate Opportunity for Biometrics Adoption in Shaky Trust Environment
HID’s 2026 State of Security and Identity Report, based on a survey of over 1,500 security and IT leaders, shows digital identity management is a top priority for 73% of respondents. Three‑quarters of organizations have already deployed or are evaluating...
By Biometric Update
News•Feb 20, 2026
Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Department
A 45‑year‑old Romanian national, Catalin Dragomir, pleaded guilty to breaching Oregon’s Department of Emergency Management in June 2021 and selling the compromised access for roughly $3,000 in Bitcoin. The hacker also infiltrated ten additional U.S. companies, generating at least $250,000...
By DataBreaches.net
News•Feb 20, 2026
Media Authentication an Emerging Front in Battle Against Deepfakes: Microsoft Report
Microsoft released a report on media integrity and authentication (MIA), detailing techniques such as C2PA provenance, imperceptible watermarking, and soft‑hash fingerprinting to verify digital content origins. The study concludes that no single method can stop deepfakes, urging a layered approach...
By Biometric Update
News•Feb 20, 2026
5 Things To Know On Anthropic’s Claude Code Security
Anthropic announced that its Claude Code platform will now include Claude Code Security, an AI‑driven vulnerability‑scanning feature that reads and reasons about code like a human researcher. The tool, launched in a limited research preview, aims to uncover complex issues...
By CRN (US)
News•Feb 20, 2026
Apache Tomcat Vulnerability Circumvents Access Rules
Apache Tomcat’s CVE‑2026‑24733 vulnerability allows attackers to bypass security constraints that permit HEAD but deny GET requests by sending a malformed HEAD request using the obsolete HTTP/0.9 protocol. The flaw stems from Tomcat’s legacy handling of HTTP/0.9, which does not...
By eSecurity Planet
News•Feb 20, 2026
Fort Gordon to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Fort Gordon, Georgia, as the preferred site for two new Air National Guard cyber operations squadrons. The 117th Air Control Squadron will be inactivated at Hunter Army Airfield, releasing manpower that will...
By U.S. Air Force
News•Feb 20, 2026
Des Moines ANGB to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Des Moines Air National Guard Base in Iowa as the preferred site to convert reassigned manpower into Air National Guard cyber operations. The 2025 defense budget eliminated half of the ANG Tactical...
By U.S. Air Force
Blog•Feb 20, 2026
Check Point Software Earns Leader & Fast Mover Position in GigaOm Radar for Cloud Network Security
Check Point Software has been named a Leader and Fast Mover in the GigaOm Radar for Cloud Network Security 2025, marking its third consecutive year at the top. GigaOm highlighted the company’s prevention‑first Infinity architecture, unified cloud security platform, and...
By IT Security Guru
News•Feb 20, 2026
Fusaka Upgrade Fuels Record Address Poisoning on Ethereum
The recent Fusaka upgrade slashed Ethereum gas fees by sixfold, creating record‑low transaction costs. This price drop sparked a dramatic rise in address‑poisoning attacks, with daily dust transactions jumping from roughly 30,000 to 167,000 and peaking at 510,000. In just...
By The Defiant
News•Feb 20, 2026
Microsoft: ‘Summarize With AI’ Buttons Used To Poison AI Recommendations via @Sejournal, @MattGSouthern
Microsoft’s Defender Security Research team unveiled a new threat called “AI Recommendation Poisoning,” where website buttons labeled “Summarize with AI” embed hidden prompt‑injection instructions. Clicking these buttons feeds AI assistants a URL‑encoded command that tells the model to remember the...
By Search Engine Journal
News•Feb 20, 2026
AI Empowers Cyber Criminals. Could It Also Help Schools Fight Them?
School districts are experimenting with generative and agentic AI to bolster cybersecurity, but results are mixed. While vendor‑built AI features provide more reliable insights than generic models, many districts still rely on traditional tools due to staffing and budget constraints....
By GovTech — Education (K-12)
News•Feb 20, 2026
One Billion Identity Records Exposed in Unsecured ID Verification Database
A cloud‑based identity verification database tied to IDMerit was found exposed without password protection or encryption, leaking roughly one billion personal records across at least 26 countries. The trove, estimated at one terabyte, contained names, dates of birth, addresses, phone...
By Biometric Update
Blog•Feb 20, 2026
Q&A: Organisations Are Spending Millions on Cybersecurity and Still Getting It Wrong
Organizations are pouring billions into cybersecurity yet continue to suffer breaches because they treat security as a purely technical issue. Senior cyber leader Purvi Kay argues that weak governance, poor communication, and unclear accountability are the primary failures. She emphasizes...
By IT Security Guru
News•Feb 20, 2026
Your Own Voice Could Be Your Biggest Privacy Threat. How Can We Stop AI Technologies Exploiting It?
Researchers at Aalto University warn that AI-driven voice analysis can extract sensitive personal data—from political views to health conditions—simply from speech patterns. Their study, published in IEEE Proceedings, highlights risks such as price‑gouging, discriminatory profiling, and stalking if corporations or...
By Live Science AI
News•Feb 20, 2026
Microsoft: Critical Security Issue Found in Windows Notepad
Microsoft patched a high‑severity vulnerability (CVE‑2026‑20841) in the modern Windows Notepad app that adds Markdown support. The flaw allows remote code execution when a user opens a malicious .md file and clicks a crafted link. The issue affects only the...
By TechRepublic – Articles
News•Feb 20, 2026
Cynet’s MacKenzie Brown: ‘MSPs Don’t Need Drama. They Need Clarity And Process.’
Cynet has hired MacKenzie Brown as Vice President of Threat Intelligence Strategy to turn the vendor’s global telemetry into a practical, operational threat‑intelligence system for managed service providers (MSPs). Brown emphasizes moving beyond generic monthly reports toward actionable, tactical intel...
By CRN (US)
News•Feb 20, 2026
The 25 Most Vulnerable Passwords of 2026
Plasma’s 2026 study identified the 25 most vulnerable passwords based on global search volume and common‑password lists. “password” led the list with over 10 million searches, followed by “admin”, “qwerty”, and other simple sequences. The research also highlighted ten insecure password...
By Security Magazine (Cybersecurity)
Social•Feb 20, 2026
Collaboration & Agility Drive Cyber‑resilient Innovation Ecosystems
As the digital domain presents challenges of extraordinary scale and complexity from a constantly evolving threat landscape, it is clear that empowering cyber-resilient innovation ecosystems requires a fundamental reimagining of how we synergize across modalities. The convergence of public-private partnership...
By The Grugq
News•Feb 20, 2026
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST announced a chip that reliably generates a single photon on demand using quantum‑dot technology. The device achieves near‑perfect efficiency and, when paired with superconducting nanowire single‑photon detectors, can transmit photons up to 600 miles. Mass‑production of the chip is...
By SecurityWeek
Social•Feb 20, 2026
MFA: Simple, High-Leverage Security for SMBs
Multi factor authentication is still one of the highest leverage security controls for SMBs. It is not flashy, but it closes real doors. Simple controls done consistently still win. https://buff.ly/jk1Ucgh
By Sean D. Mack
Social•Feb 20, 2026
Bitcoin Community Condemns BIP110 Centralization Attack
Finally more public Bitcoiners are willing to speak out on #BIP110's Attack to Centralize the Network... 👏 @MartyBent , starts at 9 min for 25 min: https://t.co/abwVenvoqo
By Tone Vays
News•Feb 20, 2026
Why the Shift Left Dream Has Become a Nightmare for Security and Developers
The article argues that the long‑standing "shift‑left" mantra has backfired, overloading developers with security tasks while business demands prioritize speed. Qualys analyzed 34,000 public container images and found 7.3% malicious, many containing cryptomining code or exposed secrets. This risk stems...
By BleepingComputer
Social•Feb 20, 2026
BIP-110: A Misguided Attack on Bitcoin’s Core
BIP-110 is an attack on Bitcoin. An attack run by those who espouse the same ideals as bcashers, are intellectually dishonest, and fundamentally misunderstand how Bitcoin works. Bitcoin’s most retarded enemy so far 😂
By Dan Held
Social•Feb 20, 2026
GraySwanAI Launches Real-World AI Safeguards Challenge
AI safeguards shouldn’t just sound good, they should hold up under pressure. @GraySwanAI is putting them to the test with the Safeguards Challenge: real prompts, real attacks, real failures. Think you can break them (or prove they work)? We will be playing...
By Jason Haddix
News•Feb 20, 2026
There’s Always Something: Secrets Detection at Engagement Scale with Titus
Praetorian released Titus, an open‑source secret scanner built in Go that runs as a CLI, library, Burp Suite, or Chrome extension. It inherits Nosey Parker’s 450+ detection rules and adds binary file extraction and a validation framework that confirms whether...
By Security Boulevard – DevOps
Social•Feb 20, 2026
Turn Cybersecurity Into Competitive Advantage with Proactive Leadership
Cybersecurity leadership today goes beyond defense. We need to turn security from a barrier into a business advantage. We do this by building teams and systems that anticipate threats before they disrupt operations.
By Cristina Dolan
Blog•Feb 20, 2026
State-Actor Cyber Catastrophes: $40bn over 26 Years
A new article in the Journal of Strategic Competition, “Rewriting History: Understanding Historical Catastrophic Cyber Economic Losses,” introduces the first systematic database of cyber‑related economic disasters. It catalogs 24 events from 1998 onward, estimating a cumulative $40 bn loss over 26...
By Irregular Warfare Podcast
News•Feb 20, 2026
Latin America's Cyber Maturity Lags Threat Landscape
Intel 471’s 2025 report shows Latin America’s cyber‑maturity is improving but the region faces a rapidly intensifying threat landscape. Ransomware incidents jumped 78% year‑over‑year, with more than 450 breaches recorded, while Brazil alone accounted for 30% of ransomware and extortion attacks....
By Dark Reading
News•Feb 20, 2026
Liquibase Secure 5.1 Closes Gap in Data Platform Security, Compliance, and AI Readiness
Liquibase announced Secure 5.1, extending its modeled change‑control framework to Snowflake’s control plane. The release treats Snowflake access, sharing, and cost‑control changes as first‑class, auditable objects, enabling policy enforcement, drift detection and automated rollback. Secure 5.1 also adds support for Databricks, MongoDB,...
By Database Trends & Applications (DBTA)
News•Feb 20, 2026
LLMs Change Their Answers Based on Who’s Asking
A MIT Center for Constructive Communication study reveals that leading large language models—GPT‑4, Claude 3 Opus, and Llama 3‑8B—alter answer quality based on perceived user traits. When prompted with biographies suggesting lower education, non‑native English proficiency, or foreign nationality, all three models show...
By Help Net Security
Blog•Feb 20, 2026
Firewalla Orange Review: A Pocket-Sized Firewall That Followed Me to Tokyo
The Firewalla Orange is a 244‑gram, pocket‑sized firewall that turns any untrusted Wi‑Fi into a protected network in about ten minutes. In real‑world tests it delivered 1.72 Gbps wired throughput and 151 Mbps hotel Wi‑Fi speed while applying IPS, ad‑blocking and VPN...
By The Gadgeteer
News•Feb 20, 2026
From IT Controls to Engineering Resilience: Rethinking Smart Building Cybersecurity
Smart building operators are importing IT‑centric cybersecurity controls—encryption, authentication, zero‑trust—into legacy automation systems, but these measures can unintentionally disrupt deterministic control loops. A real‑world HVAC example shows a missed certificate renewal causing controllers to stop responding, leaving occupants uncomfortable and...
By Buildings.com
News•Feb 20, 2026
San Jose Slow to Tell Workers About Data Breach
San Jose city officials disclosed that a lost USB drive may have exposed Social Security numbers of current and former employees. The breach occurred on Jan. 9, but the city delayed notifying affected workers, providing no estimate of how many were...
By DataBreaches.net