🎯Today's Cybersecurity Pulse
Updated 9m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform as a remedy for fragmented legacy VPNs and hardware firewalls. The solution uses a single‑pass architecture that runs security checks across a global network spanning over 300 cities, removing service‑chaining bottlenecks. It also integrates zero‑trust capabilities.
Also developing:
By the numbers: Zafran Security raises $60M Series C
News•Feb 19, 2026
Automating Unix Security Across Hybrid Clouds
The article introduces a “Patching as Code” framework that automates Unix security updates across hybrid‑cloud environments by containerizing the patching toolchain and driving it through a CI/CD pipeline. A CSV‑based schedule stored in Git triggers a Python controller that launches Ansible playbooks inside Docker, while secrets are fetched just‑in‑time from Vault or Thycotic. Pre‑ and post‑patch checks validate system health, and any failure notifies on‑call staff. The result is a zero‑touch, auditable process that reduces patch latency from weeks to hours.
By DZone – DevOps & CI/CD
News•Feb 19, 2026
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
INTERPOL’s Operation Red Card 2.0, conducted from Dec 8 2025 to Jan 30 2026, resulted in 651 arrests across 16 African nations and the seizure of more than $4.3 million. The eight‑week crackdown exposed scams responsible for roughly $45 million in losses and identified 1,247 victims worldwide....
By The Hacker News
News•Feb 19, 2026
Better-Auth Flaw Allows Unauthenticated API Key Creation
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
By eSecurity Planet
News•Feb 19, 2026
When Air Gaps Are Not Enough—Managing File and Media Risk in Nuclear Facilities
Urenco, a global uranium enrichment firm, faced fragmented, manual controls for removable media and file transfers across its air‑gapped nuclear facilities. To achieve consistent security, it deployed OPSWAT’s MetaDefender platform, routing all devices through centralized, zero‑trust inspection checkpoints. The solution...
By POWER Magazine
News•Feb 19, 2026
Flaw in Grandstream VoIP Phones Allows Stealthy Eavesdropping
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
By BleepingComputer
News•Feb 19, 2026
MSP Next Dimension Consolidates Security Stack on Todyl Platform
Next Dimension has entered a strategic partnership with Todyl to migrate its managed security services onto Todyl’s cloud‑native platform, unifying SIEM, EDR and MXDR under a single console. The integration replaces fragmented toolsets with AI‑driven, contextual case management, cutting investigation...
By ChannelE2E
News•Feb 19, 2026
Google Blocked over 1.75 Million Play Store App Submissions in 2025
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
By BleepingComputer
News•Feb 19, 2026
Saving Banks From Technical Debt: How Atruvia Built Secure, Self-Service Infrastructure
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
By HashiCorp Blog
News•Feb 19, 2026
Chinese Telecom Hackers Likely Holding Stolen Data ‘in Perpetuity’ for Later Attempts, FBI Official Says
The FBI disclosed that the Chinese state‑backed group Salt Typhoon infiltrated dozens of telecom operators worldwide, exfiltrating data from over a million Americans. The hackers accessed U.S. lawful‑intercept systems, targeting communications of senior officials in a campaign that began at least...
By FCW (GovExec Technology)
News•Feb 19, 2026
How to Create a Mobile Device Management Policy for Your Org
Mobile device management (MDM) policies are now a core governance tool for protecting data across corporate, BYOD, and hybrid workforces. The guide outlines five essential steps—defining purpose, engaging stakeholders, drafting usage rules, setting enforcement, and ongoing review—to build a robust...
By TechTarget SearchERP
News•Feb 19, 2026
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
By SC Media
News•Feb 19, 2026
Federal AI Series: Security Priorities
Federal agencies are rapidly integrating artificial intelligence, prompting heightened focus on securing the underlying data and systems. Zscaler’s Federal Field CTO Chad Tetreault outlined the evolving AI threat landscape, highlighting supply‑chain vulnerabilities, data‑poisoning, prompt‑injection, and emerging agentic AI risks. He...
By GovernmentCIO Media & Research
News•Feb 19, 2026
Remcos RAT Expands Real-Time Surveillance Capabilities
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
By Infosecurity Magazine
News•Feb 19, 2026
Palo Alto Networks CEO Sees AI as Demand Driver, Not a Threat
Palo Alto Networks CEO Nikesh Arora told investors AI will drive, not diminish, cybersecurity demand. He argued AI expands attack surfaces, creating new risk categories that require robust security solutions. The company posted 15% year‑over‑year revenue growth to $2.6 billion and...
By Cybersecurity Dive (Industry Dive)
News•Feb 19, 2026
Analysis: Palo Alto Networks Vs. Everyone
Palo Alto Networks marked the two‑year anniversary of its platformization strategy, a move that initially sank its stock but has since become an industry standard. CEO Nikesh Arora highlighted a “flywheel” effect as new customers consolidate tools onto Palo Alto’s...
By CRN (US)
News•Feb 19, 2026
ICO Wins Appeal over Data Protection Obligations in Currys Cyber Attack
The UK Court of Appeal upheld the Information Commissioner’s Office decision to fine Currys Group Ltd (formerly DSG Retail) £500,000 for failing to protect personal data after a 2017‑18 cyber‑attack. The ruling confirms that organisations must safeguard all personal data,...
By ComputerWeekly – DevOps
News•Feb 19, 2026
The New Geography of Enterprise Risk
Enterprises are seeing risk migrate from downstream system failures to upstream decision‑making as software adoption cycles shrink. Identity and access management, once a gatekeeper for core systems, now sits at the top of the IT stack, shaping workflows, roles, and...
By TechTarget SearchERP
News•Feb 19, 2026
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
By Infosecurity Magazine
News•Feb 19, 2026
University of Mississippi Medical Center Closes All Clinics in Wake of Cyberattack
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
By DataBreaches.net
Blog•Feb 19, 2026
Best Western Nordic Hit By Data Breach: Cybercriminals Targeting Guests Via WhatsApp & SMS
Best Western hotels in Sweden, Denmark and Norway suffered a data breach that exposed guest names, check‑in dates, email addresses and phone numbers. Cybercriminals are now using the stolen details to launch phishing attacks via WhatsApp and SMS, directing victims...
By LoyaltyLobby
News•Feb 19, 2026
Connected and Compromised: When IoT Devices Turn Into Threats
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
By Dark Reading
Blog•Feb 19, 2026
Markel Expands Cybersecurity Support for Policyholders Through Upfort Partnership
Markel announced a partnership with cyber‑security firm Upfort to extend AI‑driven protection tools to eligible U.S. cyber‑insurance policyholders. The collaboration introduces the Upfort Shield platform and an endpoint detection and response (EDR) solution with behavioural analytics. Markel says the offering...
By Reinsurance News
News•Feb 19, 2026
Adronite Secures $5M Series A to Scale AI Code Platform
Adronite announced a $5 million Series A round led by Gatemore Capital Management, appointing Gatemore’s Liad Meidar as board chair. The funding will accelerate development of its AI‑powered platform that scans entire software codebases across more than 20 languages, delivering deterministic, explainable...
By Just AI News
News•Feb 19, 2026
Criminals Outpacing Banks as Firms Struggle with AI Defence, Report Warns
A new State of Financial Crime 2026 report from ComplyAdvantage reveals that financial institutions are falling behind AI‑enabled criminal networks. Over 600 senior compliance leaders reported 99% detection weaknesses, with only 33% employing AI for core AML functions and manual...
By The Fintech Times
News•Feb 19, 2026
How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
By Docker – Blog
News•Feb 19, 2026
Google's Air Gapped Cloud Gets "Public-Like" Networking
Google Cloud has unveiled a new networking layer that gives its air‑gapped, confidential computing environments public‑like connectivity. The feature leverages zero‑trust VPC Service Controls to keep workloads isolated while allowing them to communicate with external services as if they were...
By The Stack (TheStack.technology)
News•Feb 19, 2026
Industrial Control System Vulnerabilities Hit Record Highs
Forescout’s 2026 report shows industrial control system (ICS) advisories surpassed 500 in 2025, the highest level since tracking began. The 2,155 CVEs tied to those advisories pushed average CVSS scores above 8.0, reflecting increasingly critical flaws. Manufacturing and energy assets...
By Infosecurity Magazine
Podcast•Feb 19, 2026•1h 1m
Product-Market Fit: From Edtech Vitamin to $100M Painkiller
In this episode, Adam Markowitz recounts his transition from a decade‑long edtech venture to building Drata, a compliance automation platform that quickly proved its product‑market fit as a painkiller rather than a vitamin. He explains how rigorous validation—dog‑fooding the product...
By The SaaS Podcast (SaaS Club)
News•Feb 19, 2026
Belkasoft Advances AI-Assisted DFIR With Major Update To Belkasoft X And BelkaGPT
Belkasoft released a major update to its DFIR platform Belkasoft X and the offline AI assistant BelkaGPT. The upgrade adds context‑aware conversational Q&A, expands relevance scoring to up to ten artifacts, and introduces a GPU‑enabled BelkaGPT Hub for media processing. It...
By Forensic Focus
News•Feb 19, 2026
How This Cybersecurity Firm’s Graph Database Investment Is Paying Off
Darktrace, fresh from its $5.3 billion Thoma Bravo acquisition, migrated its security platform to Amazon Neptune, a managed graph database, to map threats across complex cloud environments in real time. The shift enables multi‑hop relationship queries that relational databases struggle with at...
By The Stack (TheStack.technology)
News•Feb 19, 2026
Data Protection Failures on Moldovan Portals Leave Citizens at Risk
Moldovan job‑seeker portal cariere.gov.md exposed 7,758 applicant dossiers, including personal IDs, medical forms and criminal records, due to a lack of authentication. The data were accessible simply by altering a URL parameter, revealing nearly 19,000 JSON files. After a researcher...
By DataBreaches.net
News•Feb 19, 2026
How MSPs Can Ensure Regulatory Compliance and Secure Sensitive Data
Managed Service Providers (MSPs) serving healthcare, finance and legal sectors must embed regulatory expertise into every service layer to meet HIPAA, SEC, FINRA and related compliance mandates. The article outlines how MSPs can implement encryption, MFA, role‑based access, documentation and...
By ChannelE2E
Social•Feb 19, 2026
Fractional CISO: Full Accountability, 24/7 Availability
Fractional CISO does not mean fractional accountability. Every client I work with has my cell phone. Security incidents do not respect office hours, and advisory only works if there is shared ownership.
By Sean D. Mack
News•Feb 19, 2026
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new phishing kit called Starkiller has emerged on the dark web as a commercial‑grade, subscription‑based service. It proxies live login pages through attacker‑controlled infrastructure, eliminating static HTML templates and allowing real‑time credential capture. By routing authentication traffic through the...
By Infosecurity Magazine
Blog•Feb 19, 2026
CISA Alerts to Critical Auth Bypass CVE-2026-1670 in Honeywell CCTVs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for a critical authentication‑bypass vulnerability (CVE‑2026‑1670) in several Honeywell CCTV models, receiving a CVSS score of 9.8. The flaw lets unauthenticated attackers change the recovery email address, enabling...
By Security Affairs
News•Feb 19, 2026
Stephen Chapman Praises UK Passport System, Calls for International Standards to Support National Systems
Stephen Chapman, a veteran UK passport official, lauded the country's end‑to‑end passport issuance system for its efficiency, security, and alignment with ICAO standards. He warned that rising fraud and border‑security threats are driving the adoption of advanced features such as...
By Identity Week
News•Feb 19, 2026
Québec Has a New Digital Sovereignty Plan. Will It Work?
Quebec announced a $1.4 billion digital sovereignty plan to shift data hosting and procurement to local providers, aiming to reduce reliance on US tech giants. The policy emphasizes sovereign cloud services, hydro‑powered data centres, and free‑software development. However, recent cost‑overrun scandals...
By BetaKit (Canada)
News•Feb 19, 2026
Using AI to Generate Passwords Is a Terrible Idea, Experts Warn
Cybersecurity firm Irregular found that popular AI chatbots such as ChatGPT, Claude, and Google Gemini generate highly predictable passwords with low entropy. Tests showed repeated strings and narrow character selection, yielding only about 27 bits of entropy for a typical...
By ITPro
News•Feb 19, 2026
PromptSpy Ushers in the Era of Android Threats Using GenAI
ESET researchers have identified PromptSpy, the first Android malware that leverages Google’s Gemini generative AI to maintain persistence on infected devices. The AI receives a real‑time XML snapshot of the screen and returns JSON‑formatted tap instructions, allowing the app to...
By WeLiveSecurity
News•Feb 19, 2026
USB Drives and the Hidden Front Door Into Secure Systems for Startup Security
Removable media remains a critical attack vector despite the rise of cloud‑based file sharing. Recent Honeywell research shows USB drives are increasingly used to deliver malware in industrial environments, and historic incidents like Stuxnet illustrate how air‑gapped networks can be...
By Startups Magazine
News•Feb 19, 2026
Why Traditional Upskilling Strategies Fall Short in Cybersecurity
Traditional cybersecurity upskilling programs are losing relevance as threats and technologies evolve rapidly. Ha Hoang, CIO of Commvault, argues that organizations now need hybrid talent that blends security fundamentals with automation, cloud, and data‑governance expertise. Conventional certification‑centric paths are too...
By Security Magazine (Cybersecurity)
News•Feb 19, 2026
How the Cybersecurity and Resilience Bill Could Impact MSPs
The UK Cybersecurity and Resilience Bill (CSRB) cleared its first two parliamentary readings, extending the 2018 NIS Directive to cover Managed Service Providers (MSPs) with at least 50 employees and €10 million turnover—roughly 1,100 firms. The legislation forces these MSPs to...
By ITPro
Podcast•Feb 19, 2026•19 min
Why Stack Overflow and Cloudflare Launched a Pay-per-Crawl Model
In this episode, Stack Overflow’s Janice Manningham and Josh Zhang chat with Cloudflare VP Will Allen about the newly launched pay‑per‑crawl model that lets publishers charge crawlers for access. They explain how AI‑driven content scraping has upended the traditional open‑versus‑block...
By Stack Overflow Podcast
News•Feb 19, 2026
Paytently Strengthens Regulatory Compliance and Fraud Defence with SEON Partnership
Paytently, a Malta‑licensed payment institution, announced a partnership with fraud‑prevention specialist SEON to embed the latter’s command‑centre technology into its orchestration platform. The integration brings real‑time AML screening, risk scoring, device intelligence and centralized case management to the core of...
By The Fintech Times
News•Feb 19, 2026
Is Poshmark Safe? How to Buy and Sell without Getting Scammed
Poshmark, a leading social‑commerce app for fashion and home goods, is attracting a surge of fraud as the broader $1.1 trillion industry expands. Its 20 % commission on items over $15 pushes users to negotiate off‑platform, exposing them to phishing, counterfeit, and...
By WeLiveSecurity
News•Feb 19, 2026
More Than 40% of South Africans Were Scammed in 2025
South Africa experienced a staggering 77% scam victimization rate in the 12 months to early 2025, with 42% of adults losing money, averaging $130 per incident. GASA estimates scammers extracted roughly $2.3 billion from over 17.5 million South Africans, equating to about...
By Dark Reading
Blog•Feb 19, 2026
Cyber Risk Management In Remote-First Environments
Executive-led cyber risk management has shifted from traditional IT‑centric frameworks to a leadership‑first model that aligns digital hygiene with corporate governance. In remote‑first environments, the loss of a centralized perimeter expands the attack surface, making every executive login a potential...
By Think Insights
News•Feb 19, 2026
Advantest Cyberattack Triggers Ransomware Investigation Across Internal Network
Advantest Corp., a Tokyo‑listed semiconductor test equipment maker, disclosed a cyberattack that surfaced on February 15, when unusual activity triggered its incident‑response protocols. Preliminary analysis suggests an unauthorized third party infiltrated parts of the internal network and deployed ransomware, prompting...
By The Cyber Express
News•Feb 19, 2026
Mozilla Firefox Issues Emergency Patch for Heap Buffer Overflow in Firefox V147
Mozilla released an out‑of‑band update, Firefox v147.0.4, to fix a high‑severity heap buffer overflow in the libvpx video codec (CVE‑2026‑2447). The flaw, discovered by researcher jayjayjazz, could allow attackers to execute arbitrary code by delivering crafted VP8/VP9 video streams. Parallel patches...
By The Cyber Express
Podcast•Feb 19, 2026•45 min
The Voice on the Other End.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan examine a wave of social engineering attacks, including a sophisticated phishing campaign that dupes Apple Pay users via fake emails and voice calls, Australia’s ClickFit initiative exposing romance scams,...
By Hacking Humans