Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
CompTIA Launches SecAI+ Certification
CompTIA unveiled SecAI+, its first Expansion Series certification, aimed at securing AI systems and leveraging AI tools within cybersecurity operations. The credential builds on foundational certifications such as Security+, CySA+ and PenTest+, requiring three to four years of IT experience and two years of hands‑on security work. The 60‑minute exam features 60 multiple‑choice and performance‑based questions, with a passing score of 600 on a 100‑900 scale. SecAI+ addresses the growing skills gap as enterprises embed AI into core security processes.
How to Transform Your SOC Through XDR and MDR
In a recent Palo Alto Networks webcast, experts highlighted that modern attackers compress breach timelines to under an hour, overwhelming traditional SOC processes. They argued that XDR platforms like Cortex XDR solve the data‑silo problem by unifying telemetry across endpoints,...
Flaws in Popular VSCode Extensions Expose Developers to Attacks
Security researchers at Ox Security uncovered critical and high‑severity vulnerabilities in four widely used Visual Studio Code extensions, collectively downloaded over 128 million times. The flaws—affecting Code Runner, Markdown Preview Enhanced, Live Server, and Microsoft Live Preview—allow attackers to execute remote...
OpenClaw Flaw Enables AI Log Poisoning Risk
A log‑poisoning flaw was discovered in OpenClaw’s gateway server, affecting versions up to 2026.2.12. The vulnerability arises from unsanitized WebSocket headers—such as Origin and User‑Agent—being written directly to structured logs when a handshake is aborted. An unauthenticated attacker could inject...
Cyber Attacks Enabled by Basic Failings, Palo Alto Analysis Finds
Palo Alto Networks’ 2026 Global Incident Response Report shows cyber‑attack timelines have collapsed, with the fastest breaches moving from initial access to data exfiltration in just 72 minutes, down from nearly five hours in 2024. The acceleration is largely driven...
CVE-2026-25903 Impacts Apache NiFi Users
A new vulnerability, CVE‑2026‑25903, affects Apache NiFi versions 1.1.0 through 2.7.2 and was patched in 2.8.0. The flaw allows users with limited privileges to modify the configuration of already‑deployed restricted components, bypassing the platform’s authorization checks. While it does not...
HCP Packer Adds SBOM Vulnerability Scanning
HashiCorp announced that HCP Packer now offers SBOM vulnerability scanning in public beta, while its package‑visibility feature has moved to general availability. The new scanning capability cross‑references each artifact’s software bill of materials against the MITRE CVE database and flags...
Quesma Releases BinaryAudit
Quesma unveiled BinaryAudit, an independent benchmark that measures how well artificial‑intelligence models can spot hidden threats in software binaries. The tool aims to shift binary analysis from a reactive, post‑breach activity to a proactive safeguard applied before deployment, during updates,...
Boards Pivot to Recovery as Breach Assumption Grows
As more companies “assume breach,” I am seeing a shift from prevention to recovery. Boards are starting to ask different questions.
Continuous Security Audit Across 62,000+ Open Skills
We partnered with @socketsecurity, @snyksec, and @gendigitalinc to continuously audit https://t.co/NfXI7skfWe for security vulnerabilities. There are now 62,000+ skills in the open ecosystem https://t.co/rtwkKCBeBz
The 2026 Security 100
AI has become the baseline for security vendors in 2026, with advanced generative AI and agentic features now considered essential rather than differentiators. Leaders like MicroAge note that clients increasingly expect AI‑enhanced upgrades across their security stacks. As large language...
Aware Points to Independent PAD and Bias Testing as Remote ID Pressure Mounts
Aware announced that its biometric platform has earned independent validation for presentation‑attack detection (PAD) at ISO/IEC 30107‑3 Levels 1‑3, completed bias testing under ISO/IEC 19795‑10, and participated in the U.S. Department of Homeland Security’s 2025 Remote Identity Validation Rally. The company ties these...
WSO2 Joins MOSIP and IIIT-Bangalore to Refresh eSignet Authentication for National IDs
WSO2 has partnered with IIIT‑Bangalore and the MOSIP project to overhaul eSignet, the open‑source authentication layer used in national digital ID systems. The effort focuses on boosting scalability, OpenID Connect‑style flows, and offline QR support for low‑connectivity environments. By integrating...
Energy Department ‘Center of Excellence’ Delves Into OT Cybersecurity
The U.S. Department of Energy has established a Center of Excellence to tackle operational technology (OT) cybersecurity across its labs and agencies. Sponsored by the Office of Science and the National Nuclear Security Administration, the effort unites cyber experts to...
Bluefin and Basis Theory Offer Unified Token Strategy Across Digital and In-Person Payments
Bluefin and Basis Theory have formed a strategic partnership to deliver a unified token strategy that bridges digital and in‑person payment channels. By integrating Bluefin’s PointConex platform with Basis Theory’s API‑driven tokenization and vaulting, merchants can capture, tokenize, and reuse...
CAN Networks Can Meet EU CRA Requirements, but Security Levels Matter
The CAN in Automation (CiA) group warns that all CAN‑based products sold in the EU now fall under the European Union Cyber Resilience Act (EU CRA) unless covered by sector‑specific rules. Compliance hinges on achieving the appropriate IEC 62443 security level (SL),...
Deep Dive Into Weaponized Malicious SVG Files
Good read and research on malicious SVG file analysis and how it's weaponized by Adam Paulina @Binary_Defense https://t.co/65gf6f2XNn #BinaryDefense
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
In this episode, CredShields announces the release of the OWASP Smart Contract Top 10 2026, a risk prioritization framework built from a structured analysis of 2025 smart contract incidents that caused hundreds of millions in losses. The discussion highlights that governance and...
UL Solutions Develops New Certification Program for Solar Inverter Cybersecurity
UL Solutions has introduced a new certification program that establishes the first industry‑wide cybersecurity baseline for distributed energy resources (DER) and inverter‑based devices. The program follows UL 2941, a standard covering access management, cryptography, and data handling, and complements the existing...
What 5 Million Apps Revealed About Secrets in JavaScript
Intruder scanned five million JavaScript bundles and uncovered more than 42,000 exposed secrets, including active GitHub, GitLab, and SaaS API tokens. The research revealed 688 repository tokens that granted full access to private code and CI/CD pipelines. Traditional static and...
Palo Alto Networks To Acquire ‘Agentic Endpoint’ Security Startup Koi
Palo Alto Networks announced it will acquire AI‑agent security startup Koi, a move aimed at strengthening visibility and protection for AI‑driven workloads on endpoint devices. While the purchase price was not disclosed, a prior report suggested a $400 million valuation. Koi’s...
New Keenadu Backdoor Found in Android Firmware, Google Play Apps
Kaspersky has uncovered a sophisticated Android backdoor named Keenadu, embedded in firmware of multiple device brands and distributed through compromised OTA updates, system apps, and even Google Play applications. The malware can infiltrate every installed app, grant attackers unrestricted control,...
Cybersecurity Excellence Awards Reveal Nomination Shift From AI Hype to Governance Execution
Cybersecurity Insiders' 2026 Excellence Awards reveal a notable shift in vendor nominations from AI hype toward concrete governance, identity, and data security solutions. While agentic AI categories are growing rapidly, nominations now emphasize oversight mechanisms, ISO‑42001‑aligned frameworks, and human‑in‑the‑loop controls....
The Signal: The Real "Payment Meets Fraud" Journey with Brian Rust at Worldpay | Episode 467
In this episode, Brian Rust, SVP and Deputy CISO at Worldpay, explains how fraudsters now target SaaS platforms and ISVs by exploiting weak onboarding, transaction logic, and refund processes. He outlines the fraud kill‑chain—from synthetic business creation and card‑testing spikes...
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
Zero‑day Chrome Exploit, Chinese Telco Breach, AI‑crafted Malware
DHOM SitRep #002 just dropped. Chrome's first zero-day of 2026 is being exploited NOW. Chinese hackers owned ALL 4 Singapore telcos. And AI just built its first malware framework. Your weekly cybersecurity briefing — subscribe to Don't Hack On Me. https://t.co/eOI2j9M68A
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport’s 2026 State of AI in Enterprise Infrastructure Security report reveals that AI workloads with excessive access rights suffer a 4.5‑times higher incident rate than those governed by least‑privilege controls. Seventy percent of surveyed security leaders say AI systems enjoy...
Poorly Crafted Phishing Campaign Leverages Bogus Security Incident Report
A phishing campaign leveraged a fake PDF security incident report hosted on Amazon S3 to intimidate MetaMask users into enabling two‑factor authentication. The PDF, created with ReportLab, contains no malicious code but mimics an official security alert. Researchers noted the...
SMEs Must Expect Cyber Attacks, NCSC Warns
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine https://t.co/DjHx7581nV
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Researchers have uncovered a new SmartLoader campaign that distributes a trojanized Oura Health Model Context Protocol (MCP) server to install the StealC infostealer. The malicious server is hosted in fabricated GitHub repositories and submitted to the MCP Market registry, exploiting...
Side-Channel Attacks Against LLMs
Recent research uncovers multiple side‑channel attacks that exploit timing, packet‑size, and speculative decoding characteristics of large language model (LLM) services. By monitoring encrypted network traffic, attackers can infer conversation topics with over 90 % precision, fingerprint specific prompts with up to...
Checkmarx Enhances IDE-Native Agentic Application Security in Kiro
Checkmarx announced that its AI‑driven Developer Assist tool is now embedded directly within the AWS Kiro integrated development environment. The integration scans source code and dependencies in real time, surfacing security findings inside the IDE and synchronizing them with the...
Sovereignty-First ITSM: How Geopolitical Risk Is Reshaping Service Management in 2026
In 2026 enterprises are treating data location as a strategic risk rather than a compliance checkbox, prompting a shift toward sovereignty‑first IT service management (ITSM). Traditional cloud‑based ITSM platforms that store data in foreign jurisdictions expose organizations to sudden geopolitical...
Poland Arrests Suspect Linked to Phobos Ransomware Operation
Polish authorities detained a 47‑year‑old man suspected of collaborating with the Phobos ransomware group during a joint operation in the Małopolska region. The arrest, part of Europol‑coordinated Operation Aether, yielded computers and phones loaded with stolen credentials, credit‑card data, and server‑access...
How to Securely Edit and Redact Sensitive PDFs: A Cybersecurity Guide
PDFs remain the go‑to format for confidential data, yet hidden metadata, annotations, and embedded objects often leak information despite password protection. In 2023, over 400 breach incidents were traced to incomplete redactions or metadata exposure. The guide outlines a six‑step...
Encrypted RCS Messaging Support Lands in Apple’s iOS 26.4 Developer Build
Apple introduced end‑to‑end encrypted Rich Communication Services (RCS) messaging in the iOS 26.4 developer beta, extending the feature to iPadOS, macOS and watchOS in future updates. The encryption is currently limited to iPhone‑to‑iPhone conversations and depends on carrier support, with a...
Cloud On Demand & StorVault Announce Partnership to Strengthen Local Data Protection
Cloud On Demand and South African backup specialist StorVault have announced a partnership that combines scalable cloud delivery with locally‑grounded, immutable data protection. The joint offering targets ransomware, hardware failures and endpoint vulnerabilities that threaten hybrid workforces, while delivering point‑in‑time...
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
Unit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse
Unit 42’s annual incident‑response report reveals identity abuse now initiates roughly two‑thirds of network intrusions, with social engineering responsible for one‑third of the 750 incidents examined. Compromised credentials, brute‑force attacks and permissive identity policies further fuel the trend, while identity‑related...
Citizen Lab Links Cellebrite to the Hacking of a Kenyan Presidential Candidate’s Phone
Citizen Lab’s forensic analysis uncovered Cellebrite’s phone‑cracking software on Kenyan activist Boniface Mwangi’s device, indicating that state authorities used the tool after his arrest. The evidence shows the phone was unlocked without a password, exposing personal photos, messages, and his...
Magnet Virtual Summit 2026 Kicks Off February 23!
The Magnet Virtual Summit 2026 runs February 23‑26, featuring over 50 leading experts who will discuss AI, mobile forensics, cloud investigations, deepfakes, eDiscovery, and incident response. The event spotlights the new Magnet One platform, promising faster, AI‑enhanced case building, and...
The Copilot Problem: Why Internal AI Assistants Are Becoming Accidental Data Breach Engines
Internal AI copilots are being deployed across enterprises as search and decision‑aid layers, inheriting every permission granted to users. Their ability to index, retrieve, and combine data from email, file shares, and SaaS tools exposes vast amounts of previously hidden...
Harnessing AI to Secure the Future of Identity
Artificial intelligence is reshaping identity management, with machine and AI agents now surpassing human users in many environments. This surge creates a broader attack surface, as each automated identity demands governance yet often appears outside IT‑approved systems. Channel partners are...
![Security Service Edge (SSE) (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Security Service Edge (SSE) (Noun) [Word Notes]
In this brief episode, host Rick Howard defines Security Service Edge (SSE) as a cloud‑centric security architecture that blends the shared responsibility model, vendor‑provided security stacks, and direct network peering with major content providers and their fiber networks. He highlights...
India’s Cybersecurity Cost Equation
India’s enterprises are boosting cybersecurity spend as multi‑cloud, API‑led ecosystems expand, yet Security Operations Centre (SOC) capacity lags behind. The average data‑breach cost has climbed to ₹22 crore (≈US$2.6 million), highlighting the financial stakes. Tool proliferation generates more alerts, but analyst throughput...
Netrio Named to CRN’s MSP 500 List For 2026
Netrio has been named to CRN’s 2026 Managed Service Provider (MSP) 500 list in the Elite 150 category, highlighting its role as a leading AI‑driven managed IT and cybersecurity provider for mid‑market enterprises. The Elite 150 spot recognizes Netrio’s end‑to‑end...
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
A malicious fork of the legitimate Triton macOS client was posted on GitHub, masquerading as an official release while embedding a Windows‑only malware payload. The attacker, operating under the account “JaoAureliano,” used a deceptive README and raw asset links to...
How to Choose a Password Manager for Your Business
Choosing a password manager is now a strategic security decision, not just a convenience tool. While consumer‑focused apps handle basic storage, enterprise‑grade solutions add centralized provisioning, role‑based access, and detailed audit trails. Decision‑makers must evaluate encryption models, zero‑knowledge architecture, MFA...
Resilience’s Long: 2026 Cyberthreat Landscape Poses New Challenges for Insurers
The episode examines the evolving cyber‑threat landscape of 2026 and its implications for insurance carriers, focusing on rising ransomware, supply‑chain attacks, and AI‑driven exploits. It highlights how insurers must adapt underwriting criteria, pricing models, and claims handling to address more...
DSS Files Charges Against El-Rufai Over Alleged NSA Phone Interception
The Department of State Services has filed a three‑count criminal charge against former Kaduna governor Nasir El‑Rufai for allegedly intercepting the telephone communications of National Security Adviser Nuhu Ribadu. Prosecutors say El‑Rufai admitted the illegal interception during a televised interview on 13 February 2026,...