🎯Today's Cybersecurity Pulse
Updated 2h agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform as a remedy for fragmented legacy VPNs and hardware firewalls. The solution uses a single‑pass architecture that runs security checks across a global network spanning over 300 cities, removing service‑chaining bottlenecks. It also integrates zero‑trust capabilities.
Also developing:
By the numbers: Zafran Security raises $60M Series C
News•Feb 11, 2026
Once-Hobbled Lumma Stealer Is Back with Lures that Are Hard to Resist
Lumma Stealer has reemerged at scale after a 2025 law‑enforcement takedown that crippled its command‑and‑control infrastructure. The malware‑as‑a‑service operation now relies on ClickFix lures—fake CAPTCHAs that trick users into running malicious commands—and the memory‑only CastleLoader to evade detection. Researchers report that the rebuilt infrastructure leverages trusted CDNs such as Steam Workshop and Discord, allowing rapid distribution of credential‑stealing payloads to Windows machines worldwide.
By Ars Technica – Security
Social•Feb 11, 2026
Recruiters Overlook Security While Demanding Identity Verification
I just saw a Recruiter say "people share their data with every app out there, I don't understand why adding extra security layers to the ATS asking people to verify their identity is a problem."
By Dani (DEI by Dani)
News•Feb 11, 2026
Interim CISA Chief: ‘When the Government Shuts Down, Cyber Threats Do Not’
Acting CISA Director Madhu Gottumukkala warned that a DHS shutdown would cripple the agency’s ability to issue timely cyber guidance, force over a third of frontline security staff to work without pay, and halt proactive threat‑hunting activities. The shutdown would...
By The Record by Recorded Future
News•Feb 11, 2026
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk
CVE‑2026‑25646 reveals a heap‑buffer overflow in libpng’s png_set_quantize function, a flaw that has existed for nearly three decades across all historic releases. The bug triggers when a PNG image contains a palette chunk without a histogram and requests color quantization,...
By eSecurity Planet
News•Feb 11, 2026
Review: Box Facilitates Secure Collaboration for Healthcare Workers
Box Intelligent Content Management delivers a cloud‑based, zero‑trust platform tailored for healthcare’s strict security and compliance needs. The solution unifies over 1,500 integrations, enabling seamless collaboration between Office 365, Google Workspace and other systems while providing built‑in e‑signatures and workflow automation....
By HealthTech Magazine
News•Feb 11, 2026
CISA’s Acting Chief Says 70 Staff Were Reassigned to Other DHS Offices in Last Year
Acting CISA director Madhu Gottumukkala told House appropriators that roughly 70 CISA employees were reassigned to other DHS components over the past year, while more than 30 staff were moved into the agency. A small number of those transfers went...
By FCW (GovExec Technology)
Social•Feb 11, 2026
Vercel Sandbox Adds Simple Network Isolation Support
Vercel Sandbox isolation levels: ✅ Compute & memory resource isolation ✅ Filesystem and durability isolation 🆕 Network isolation Wild how easy this is: --𝚊𝚕𝚕𝚘𝚠𝚎𝚍-𝚍𝚘𝚖𝚊𝚒𝚗 (CLI) or 𝚗𝚎𝚝𝚠𝚘𝚛𝚔𝙿𝚘𝚕𝚒𝚌𝚢 in 𝚂𝚊𝚗𝚍𝚋𝚘𝚡.𝚌𝚛𝚎𝚊𝚝𝚎. Try it out: https://t.co/UoWXCW9Ien
By Guillermo Rauch
News•Feb 11, 2026
DOJ Says Trenchant Boss Sold Exploits to Russian Broker Capable of Accessing ‘Millions of Computers and Devices’
The DOJ has charged Peter Williams, former general manager of Trenchant—a cyber‑offensive unit of L3Harris—with stealing eight zero‑day exploits and selling them to a Russian broker for about $1.3 million in cryptocurrency. Prosecutors say the tools could grant access to millions of...
By TechCrunch (Cybersecurity)
News•Feb 11, 2026
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft disclosed CVE‑2026‑21514, an actively exploited vulnerability in Word that bypasses Object Linking and Embedding (OLE) security controls. The flaw lets specially crafted documents execute code without triggering Protected View or enable‑content prompts, requiring only a user to open the...
By eSecurity Planet
News•Feb 11, 2026
Arcjet Release V1 of Its SDK for Enabling Security Capabilities in JavaScript Apps
Arcjet launched version 1.0 of its JavaScript SDK, delivering a stable, production‑ready API for security functions such as bot mitigation, email verification, rate limiting, and data redaction. The SDK can block malicious bots, enforce custom traffic rules, and protect against...
By SD Times
News•Feb 11, 2026
Digital Forensics Round-Up, February 11 2026
The February 11 digital forensics round‑up highlights a wave of open‑source tools—including triagectl for macOS, Hindsight v2026.01’s Chrome Sync parsing, a chunked BitLocker‑key recovery script, a Velociraptor Notepad++ artifact, and FOSSOR for malware hash lookup—aimed at streamlining evidence collection. It also...
By Forensic Focus
Blog•Feb 11, 2026
Black Duck Signs MSSP Agreement with Accenture
Black Duck announced a managed security service provider (MSSP) agreement with Accenture, designating the Black Duck Polaris platform as the standard tool for Accenture’s Application Security Practice. Polaris combines static, dynamic, and software composition analysis into a single SaaS offering,...
By IT Security Guru
Blog•Feb 11, 2026
EU Commission Breach – The Importance of Upholding Strong Device Management Infrastructure
Last week the European Commission disclosed a cyberattack that compromised its mobile device management (MDM) platform, exposing staff names and phone numbers. Security experts from Huntress, Keeper Security, and CyberSmart warned that MDM systems are now a primary attack vector,...
By IT Security Guru
News•Feb 11, 2026
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Pentera Labs identified nearly 2,000 publicly exposed training applications across cloud platforms, with about 60% hosted on AWS, Azure or GCP. Roughly one‑fifth of these instances contained crypto‑mining scripts, web‑shells or persistence tools, indicating active exploitation. The vulnerable apps were...
By The Hacker News
News•Feb 11, 2026
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
By SecurityWeek
News•Feb 11, 2026
Identy.io Announces Strategic Expansion in Africa
Identy.io, a global biometric authentication firm, announced a strategic expansion into Africa, focusing initially on Kenya and Nigeria. The company will deploy its software‑first Automated Biometric Identification System (ABIS) that captures biometrics via standard smartphones, reducing hardware costs. To support...
By AI-TechPark
News•Feb 11, 2026
CISOs Must Separate Signal From Noise as CVE Volume Soars
The FIRST forecast predicts 2026 will see roughly 59,000 CVEs, with extreme scenarios approaching 118,000, far exceeding the 48,000 reported in 2025. The surge stems from more CVE Numbering Authorities, expanded bug‑bounty programs, and AI‑driven discovery, not a sudden drop...
By CSO Online
News•Feb 11, 2026
CrowdStrike Appoints Jonathon Dixon as JAPAC Lead
CrowdStrike announced Jonathon Dixon as vice‑president and managing director for Japan and Asia Pacific, tasking him with leading AI‑powered cyber‑security transformation across the region. Dixon arrives with more than 25 years of experience, most recently serving as JAPAC head at Verkada and...
By ARN (Australia)
Podcast•Feb 11, 2026•56 min
Risky Business #824 -- Microsoft's Secure Future Is Looking a Bit Wobbly
In episode 824 of Risky Business, Patrick Gray and Adam Boileau dissect a wave of cybersecurity headlines, from Microsoft’s unsettling reshuffle of its security leadership and upcoming Secure Boot certificate refresh to aggressive state‑backed campaigns by Russia targeting the Winter...
By Risky Business
News•Feb 11, 2026
The European Supervisory Authorities and UK Financial Regulators Sign Memorandum of Understanding on Oversight of Critical ICT Third-Party Service Providers...
The European Supervisory Authorities (EBA, EIOPA and ESMA) have signed a Memorandum of Understanding with the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority to coordinate oversight of critical ICT third‑party service providers under the Digital...
By ESMA – Press
News•Feb 11, 2026
Asia Fumbles With Throttling Back Telnet Traffic in Region
Telnet remains a major security weakness in the Asia‑Pacific, accounting for roughly half of the world’s exposed Telnet endpoints. Global throttling on Jan. 14 cut Telnet sessions by 83 % but Asian providers applied inconsistent filters, leaving the region’s traffic relatively high....
By Dark Reading
News•Feb 11, 2026
Know Before You Share: Be Mindful of Data Aggregation Risks
Financial data aggregators consolidate accounts into a single dashboard, using either APIs or screen‑scraping to retrieve information. While APIs provide scoped, credential‑free access, many providers still rely on screen‑scraping, which requires users to share login details. The article highlights privacy,...
By FINRA – News Releases
News•Feb 11, 2026
Advance-Fee Frauds Keep Dropping the FINRA Name—Don’t Fall for “Regulator” Imposter Ploys
Fraudsters are increasingly impersonating FINRA and its executives, using authentic‑looking logos, signatures, and fake email domains to lure victims into advance‑fee scams. The scams typically demand payment for alleged regulatory or tax charges tied to worthless securities or nonexistent inheritances,...
By FINRA – News Releases
News•Feb 11, 2026
UK to Lead Multinational Cyber Defence Exercise From Singapore.
Britain will lead the Defence Cyber Marvel 2026 exercise, bringing together more than 2,500 personnel from 29 nations in Singapore. The week‑long drill simulates real‑world cyber attacks, pitting blue and red teams against each other while integrating military, government and...
By UK Ministry of Defence (GOV.UK)
News•Feb 10, 2026
Cyber Command, NSA Nominee Rudd Advances to Senate Floor
The Senate Intelligence Committee voted 14‑3 to advance Army Lt. Gen. Joshua Rudd’s nomination as head of U.S. Cyber Command and the National Security Agency. Rudd, currently deputy chief of U.S. Indo‑Pacific Command, has no prior cyber warfare or intelligence...
By The Record by Recorded Future
Social•Feb 10, 2026
Aave V4 Security Audit Published, Thanks Trail of Bits
The first Aave V4 security audit is now public. Big thanks to the @trailofbits team for the effort.
By Stani Kulechov
News•Feb 10, 2026
Best Tools for Test Data Management to Accelerate QA Teams in 2026
Test Data Management (TDM) tools are becoming essential for QA and DevOps teams as CI/CD pipelines demand rapid, compliant data provisioning. In 2026, vendors such as K2view, Delphix, Datprof, IBM Optim, Informatica, and Broadcom lead the market, each emphasizing self‑service,...
By HackRead
News•Feb 10, 2026
February Patches for Azure DevOps Server
Microsoft released February 2026 patches for its self‑hosted Azure DevOps Server suite, covering the core product and the 2022.2, 2020.1.2, and 2019.1.2 releases. Each patch is available via direct download links and includes detailed release notes. The company urges all...
By Azure DevOps Blog
News•Feb 10, 2026
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed CVE‑2026‑22153, an authentication‑bypass flaw in FortiOS versions 7.6.0 through 7.6.4. The bug lets unauthenticated attackers skip LDAP checks for Agentless VPN or FSSO policies when the directory permits anonymous binds, potentially granting access to internal networks via SSL‑VPN....
By eSecurity Planet
Blog•Feb 10, 2026
Balancer DAO Caps Recovery Bounty at 10% After $128M Exploit
Balancer DAO approved a proposal (BIP‑908) to allocate up to 10% of any recovered assets as a bounty for the November exploit that siphoned roughly $128 million from its V2 pools. The vote achieved a 158% quorum, though only nine votes...
By Camila Russo
News•Feb 10, 2026
Regional Bank Execs Love Mobile Apps, Fear Wire Transfer Fraud
Regional midsize and community banks are prioritizing mobile banking apps, with 54% ranking them among the top five technology spend categories for 2026. At the same time, 42% of respondents view agentic artificial intelligence as the most significant catalyst for...
By American Banker Technology
News•Feb 10, 2026
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
By SecurityWeek
Blog•Feb 10, 2026
Quantum Communication Secured by Choosing Measurement Basis Offers Ultimate Privacy
Researchers have unveiled a one‑way quantum secure direct communication (QSDC) protocol that hides the secret in the choice of measurement basis—computational or Hadamard—rather than a pre‑shared key. Using finite ensembles of entangled EPR pairs and a public authenticated channel, the...
By Quantum Zeitgeist
News•Feb 10, 2026
Volvo Group North America Customer Data Exposed in Conduent Hack
Volvo Group North America announced that an indirect data breach exposed personal information of about 17,000 customers and staff. The breach stemmed from Conduent, a U.S. business‑process‑outsourcing firm, whose systems were compromised between October 21, 2024 and January 13, 2025. Threat actors accessed names,...
By BleepingComputer
News•Feb 10, 2026
Microsoft Rolls Out New Secure Boot Certificates Before June Expiration
Microsoft has begun distributing updated Secure Boot certificates through the regular monthly Windows updates, replacing the original 2011 certificates that will expire in late June 2026. The refresh targets Windows 11 24H2 and 25H2 devices, with many newer PCs already shipping the...
By BleepingComputer
Blog•Feb 10, 2026
OQC Demonstrates Quantum Algorithm on Toshiko System, Boosting Defence Network Resilience
OQC and QinetiQ have demonstrated a quantum‑based solution that identifies critical vulnerabilities in Mobile Ad‑Hoc Networks used for military and emergency communications. By running QinetiQ’s Quantum Approximation Optimisation Algorithm on OQC’s Toshiko processor, the collaboration pinpointed nodes whose failure would...
By Quantum Zeitgeist
News•Feb 10, 2026
Web3 Audit: What It Is, What It Covers, and How Teams Choose an Auditor (2026)
In 2026 a web3 audit must be scoped around the entire value‑moving system—on‑chain code, privileged controls, integrations, and any off‑chain components that can affect outcomes. Most security gaps arise from what teams leave out of scope, such as front‑end risk,...
By TechBullion
Blog•Feb 10, 2026
Post-Quantum Encryption Bypasses Digital Certificates for Faster, More Secure 5G Networks
Researchers have introduced a post‑quantum identity‑based encryption framework that eliminates X.509 certificates for TLS in 5G core networks and Kubernetes environments. By deriving public keys from identity strings and employing lattice‑based primitives such as ML‑KEM and Module‑NTRU, the scheme offers...
By Quantum Zeitgeist
News•Feb 10, 2026
Airrived Named Gartner Tech Innovator in Agentic AI
Airrived has been named a Gartner Tech Innovator in Agentic AI, highlighted for its composable multi‑agent architecture and domain‑specialized cybersecurity agents. The company’s Agentic OS offers a no‑code platform with pre‑built agents and tools such as RAG, RLHF and LoRA...
By AI-TechPark
Social•Feb 10, 2026
Executive Backing Turns Data Governance From Reactive to Strategic
Data governance is critical but tough. Without executive support, clear roles, and resources, committees stay reactive. Done right, it drives strategic decisions and strengthens both insights and cyber resilience. https://t.co/brZ80xsiyu
By Cristina Dolan
News•Feb 10, 2026
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
A newly released Aryaka report details a Pakistan‑attributed APT36 campaign that has launched a three‑pronged cyber assault on Indian government and defense entities. The operation employs three distinct Remote Access Trojans—GETA (a .NET Windows RAT), ARES (a Python‑based Linux RAT),...
By SecurityWeek
News•Feb 10, 2026
Vega Raises $120M Series B to Rethink How Enterprises Detect Cyber Threats
Vega Security announced a $120 million Series B round, lifting its valuation to $700 million. The Boston‑based startup aims to overturn the traditional SIEM model by analyzing security data where it already resides—in cloud services, data lakes, and existing storage—using an AI‑native platform....
By TechCrunch AI
News•Feb 10, 2026
Microsoft 365 Outage Takes Down Admin Center in North America
Microsoft confirmed a service outage affecting the Microsoft 365 admin center for some business and enterprise administrators in North America. The disruption also extends to the M365 app, with users experiencing degraded functionality and inability to raise support tickets. Thousands...
By BleepingComputer
News•Feb 10, 2026
Safer Internet Day – How the VPN Industry Is Reacting to the Rising Risks of AI
Safer Internet Day 2026 spotlighted the safe, responsible use of AI, prompting VPN leaders to embed privacy into generative tools. Proton introduced Lumo, an open‑source chatbot that encrypts every conversation and refuses to train on user data. ExpressVPN announced ExpressAI,...
By TechRadar
News•Feb 10, 2026
How to Automate AWS Incident Investigation with Tines and AI
The article details a pre‑built Tines workflow that automates AWS incident investigation by running CLI commands through secure Tines agents. Instead of analysts manually logging into the AWS console and crafting commands, the workflow pulls the required data directly into...
By BleepingComputer
News•Feb 10, 2026
Flash Freezing Flash Boys: Per-Transaction Encryption to Fight Malicious MEV
Malicious MEV, especially sandwich attacks, still extracts over $2 million monthly from Ethereum traders. Researchers propose Flash Freezing Flash Boys (F3B), a per‑transaction threshold encryption scheme that keeps transaction data hidden until finality. The protocol can be built with TDH2 or...
By Cointelegraph
News•Feb 10, 2026
Imprivata Delivers Passwordless Access to Improve Security, Compliance, and Productivity
Imprivata has expanded its Enterprise Access Management platform with context‑aware passwordless authentication, AI‑powered risk signaling, and behavioral analytics. The new suite supports FIDO passkeys, facial recognition, and zero‑trust VPN‑less remote access, aiming to streamline access for frontline staff and knowledge...
By Help Net Security
News•Feb 10, 2026
58% of Brits Faced Significant Online Risk in 2025 – Increased AI Usage Is Reducing Digital Trust
Microsoft’s 2026 Global Online Safety Survey reveals that 58% of UK residents encountered a major online risk in 2025, with fraud and cyberbullying topping the list. Generative AI usage has surged to 28% weekly, up from 9% three years earlier,...
By TechRadar
News•Feb 10, 2026
Portnox Expands ZTNA with Passwordless Access for RDP, SSH, and Enterprise Consoles
Portnox has broadened its zero‑trust network access (ZTNA) platform to include passwordless connectivity for console‑based protocols such as RDP, SSH, VNC and Telnet. The expansion removes credential‑based authentication, a vector behind roughly 80 % of data breaches, while preserving a frictionless...
By Help Net Security
News•Feb 10, 2026
Closing the Security Gap in AI-Driven Telco Operations
Communications service providers are deploying AI in billing, service configuration and revenue recognition faster than they are building governance structures. McKinsey reports that while eight‑in‑ten firms use generative AI, only one percent consider their AI strategy mature, highlighting a gap...
By TechBullion