🎯Today's Cybersecurity Pulse
Updated 1h agoWhat's happening: Cloudflare pushes agile SASE to replace fragmented VPNs and firewalls
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One platform, positioning it as an agile SASE solution to the growing fragmentation of legacy VPNs and hardware firewalls. The platform uses a single‑pass architecture that runs security checks across a global network spanning more than 300 cities, removing service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
By the numbers: Zafran Security raises $60M Series C
Blog•Feb 10, 2026
The Current State of RDAP
The IETF‑ratified Registration Data Access Protocol (RDAP) has entered a rapid growth phase after the mandatory whois sunset on 28 January 2025. Who‑is queries fell 60 % while RDAP queries surged from 7 billion to 65 billion per month, overtaking whois by June 2025. Adoption now spans 60 % of ccTLDs and nearly all gTLDs, supported by expanding client and server software ecosystems. New extensions such as RIR Search, RPKI integration, and a shift to JSContact signal continued technical evolution.
By APNIC Blog
Social•Feb 10, 2026
Three Key Security Challenges and Their Solutions
New research: 3 big challenges facing security teams (and how to overcome them) | Cybersecurity Dive https://t.co/mN9t6BWiD6
By Chuck Brooks
News•Feb 10, 2026
Tesla Exec Raj Jegannathan Leaves Automaker After 13 Years
Tesla Vice President Raj Jegannathan announced his departure after a 13‑year tenure, most recently overseeing IT, AI infrastructure, business applications, and information security. He previously led North American sales following the dismissal of Troy Jones, a period marked by declining...
By CNBC – US Top News & Analysis
Blog•Feb 9, 2026
Quantum-Proof Software Tools Tackle Looming Cyber Threats with Novel Adaptation Framework
Scientists warn that quantum computers threaten today’s cryptographic defenses, and simply swapping libraries will not suffice. Researchers led by Lei Zhang propose a new discipline—Quantum‑Safe Software Engineering—and introduce the Automated Quantum‑Safe Adaptation (AQuA) framework. AQuA’s three‑pillar approach tackles PQC‑aware detection,...
By Quantum Zeitgeist
News•Feb 9, 2026
OT Attacks Get Scary With 'Living-Off-the-Plant' Techniques
Operational technology (OT) cyberattacks have so far been limited by attackers' lack of deep process knowledge, but experts warn that a shift toward "living‑off‑the‑plant" techniques could enable more damaging exploits. Recent ransomware spillovers into OT and incidents like the Norway...
By Dark Reading
News•Feb 9, 2026
Navigating FedRAMP 20x and the Continuous Compliance Imperative
FedRAMP 20x seeks to modernize federal cloud compliance by replacing static checklists with continuous validation through Key Security Indicators (KSIs). The initiative promises faster, more flexible authorization for SaaS providers, but progress is hampered by funding cuts, staff shortages, and...
By FCW (GovExec Technology)
News•Feb 9, 2026
Google and Entrust Team to Combat Identity Fraud
Identity verification firm Entrust has announced a strategic partnership with Google Cloud to launch an AI‑powered solution that tackles rising identity fraud. The joint offering combines Entrust’s verification platform and fraud intelligence with Google’s Gemini AI models, threat intelligence, and...
By PYMNTS
Blog•Feb 9, 2026
Critical Fortinet FortiClientEMS Flaw Allows Remote Code Execution
Fortinet disclosed a critical vulnerability (CVE‑2026‑21643) in its FortiClientEMS product, earning a CVSS 9.1 rating. The flaw is an unauthenticated SQL‑injection that allows remote code execution via crafted HTTP requests. Only FortiClientEMS 7.4.4 is affected, and Fortinet recommends upgrading to...
By Security Affairs
News•Feb 9, 2026
Georgia Woman Sentenced for $1.5 Million Bank Fraud Scheme
A Georgia woman, Dechanta Benning, was sentenced to 70 months in federal prison for a mail‑theft‑related check fraud scheme. Prosecutors allege the scheme stole between $550,000 and $1.5 million by intercepting business checks, altering payees, and using mobile‑deposit technology. Benning opened...
By American Banker Technology
News•Feb 9, 2026
Ripple Expands Institutional Custody Stack with Staking and Security Integrations
Ripple announced new integrations with Securosys and Figment, bolstering its institutional custody platform with hardware security modules and staking capabilities. The upgrades let banks and custodians manage cryptographic keys on‑premises or in the cloud while offering staking on Ethereum, Solana...
By Cointelegraph
News•Feb 9, 2026
The Rise of Secure Digital Payments in a Cashless Economy
Secure digital payment solutions are gaining traction as businesses and consumers prioritize fraud protection and operational efficiency. Innovations such as dynamic credentials, limited‑use authorizations, and virtual cards address data‑breach risks while simplifying expense oversight. These tools enable real‑time transaction monitoring,...
By TechBullion
Blog•Feb 9, 2026
Windows Vps: How It Works, What To Choose, And How To Run It Safely
The episode explains what a Windows VPS is, why you’d choose it over Linux or shared hosting, and how to run it securely. It stresses that buying a Windows VPS also means buying responsibility for updates, access control, and backups,...
By eCommerce Fastlane
News•Feb 9, 2026
What AI Builders Can Learn From Fraud Models that Run in 300 Milliseconds
Mastercard’s Decision Intelligence Pro (DI Pro) uses a sub‑300 ms recurrent neural network to assign risk scores to each payment transaction in real time. The platform treats fraud detection as an "inverse recommender" problem, comparing current merchant behavior to historical patterns. By...
By VentureBeat
News•Feb 9, 2026
Utah Advances Policy-First Digital Identity Framework Centered On Individual Control
Utah is drafting comprehensive State‑Endorsed Digital Identity (SEDI) legislation that puts individuals in control of their cryptographic keys while the government acts only as an endorser. The policy relies on open standards, supports both long‑lived and short‑term credentials, and preserves...
By StateTech Magazine
Blog•Feb 9, 2026
Unhackable Random Number Generator Sidesteps Device Flaws for Ultimate Security
Researchers from Shanxi University and the Chinese Academy of Sciences have unveiled a semi‑device‑independent quantum random number generator (QRNG) that tolerates device imperfections while resisting general attacks. By imposing only an energy bound on emitted quantum states and applying the...
By Quantum Zeitgeist
News•Feb 9, 2026
What Organizations Need to Change When Managing Printers
Jim LaRoe, CEO of Symphion, warns that most enterprises only manage printers for uptime and cost, leaving them unprotected despite comprising 20‑30% of endpoints. He highlights an ownership vacuum, missing budget lines, and reliance on default configurations as core leadership...
By Dark Reading
News•Feb 9, 2026
Leidos Partners with RegScale to Bolster Federal Cybersecurity
Leidos announced the integration of its UpHold Armor platform with RegScale’s Continuous Controls Monitoring solution to strengthen cybersecurity across the Department of Defense and other federal agencies. The joint offering will initially roll out to the U.S. Air Force, automating risk...
By Airforce Technology
News•Feb 9, 2026
Storage News Ticker – 9 February 2026
The storage‑focused news ticker highlighted a wave of AI‑centric and security‑driven product launches, from Aerospike’s default Dynamic Data Masking to Cloudera’s on‑prem AI inference and Trino‑powered warehouse. Databricks secured a $5 billion equity round, reporting $5.4 billion ARR with strong AI revenue,...
By Blocks & Files
News•Feb 9, 2026
Hacktivist Scrapes over 500,000 Stalkerware Customers’ Payment Records
A hacktivist identified as “wikkid” scraped more than 536,000 payment records from the stalkerware vendor Struktura, also operating as Ersten Group. The leaked dataset reveals customer email addresses, the specific surveillance app purchased, payment amounts, card type and last four...
By TechCrunch (Cybersecurity)
News•Feb 9, 2026
Flaw in Anthropic Claude Extensions Can Lead to RCE in Google Calendar: LayerX
LayerX researchers disclosed a zero‑click remote code execution flaw in Anthropic's Claude Desktop Extensions (DXT) that leverages Google Calendar events to trigger arbitrary code on the host system. The unsandboxed extensions, which operate with full system privileges, affect more than...
By Security Boulevard
News•Feb 9, 2026
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
Ontinue’s February 9 report details VoidLink, a Linux‑based command‑and‑control framework that can infiltrate enterprise and multi‑cloud environments. The implant adapts to AWS, Azure, GCP, Alibaba and Tencent clouds, harvesting credentials, escaping containers and employing kernel‑level stealth via eBPF or loadable modules....
By Infosecurity Magazine
News•Feb 9, 2026
Aerospike 8.1.1 Introduces New Native Dynamic Data Masking for PII Protection and Regulatory Compliance
Aerospike released version 8.1.1, introducing native Dynamic Data Masking (DDM) for its high‑performance NoSQL database. The feature lets administrators define masking rules that hide personally identifiable information at the database layer, automatically applying to all users and machines except those...
By Database Trends & Applications (DBTA)
Podcast•Feb 9, 2026•29 min
EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security
In this episode, Global CISO Alex Shulman‑Peleg argues that the traditional, centralized security model is obsolete in the cloud‑native and AI‑driven era, advocating for a federated "freedom and responsibility" approach where engineers own security outcomes. He likens security to code...
By Cloud Security Podcast
News•Feb 9, 2026
Password Guessing without AI: How Attackers Build Targeted Wordlists
Password attacks increasingly rely on targeted wordlists harvested from an organization’s public‑facing content rather than generic dictionaries or AI models. Tools like the open‑source CeWL crawler extract company‑specific terminology, which attackers mutate with common patterns to generate plausible passwords that...
By BleepingComputer
Social•Feb 9, 2026
First‑party Fraud Needs Memory, Not More Blocks
First-party fraud passes every check. The data lines up; the customer's real. The problem is intent, and intent is difficult to quantify. First-party fraud is hard to detect because it's hard to define. A PSP sees risk. A merchant sees a refund. A...
By Alex Johnson
News•Feb 9, 2026
Maryland National Guard Participates in Crossed Swords 25 with Estonian Partners
The Maryland National Guard joined NATO’s Crossed Swords 25 cyber‑defense exercise with Estonian partners at the CCDCOE in Tallinn, Oct. 27‑Nov. 7, 2025. The drill hosted 240 participants from roughly 45 countries and focused on strategic command, AI‑assisted tactical operations, multi‑domain integration, public‑private coordination,...
By U.S. Army – News
News•Feb 9, 2026
OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace
OpenClaw has integrated VirusTotal scanning into its ClawHub marketplace to curb malicious AI skills. The workflow hashes each skill, checks VirusTotal signatures, and submits unknown bundles to Code Insight for deeper analysis, flagging or blocking threats. This move follows security...
By eSecurity Planet
Social•Feb 9, 2026
Make Machine Identity a First-Class Concern
Doubleplus good snapshot of where we are and what we need to do... KeyFlux | Trust Infrastructure https://t.co/BagFR3amVx "What Actually Works Treat machine identity as a first-class problem. Not an afterthought bolted onto service accounts." https://t.co/qc8L7FI6bh
By Dave Birch
News•Feb 9, 2026
DataBee Launches DataBee RiskFlow™
DataBee, a Comcast company, unveiled DataBee RiskFlow™, an agentic AI layer that lets security and IT teams ask natural‑language questions about vulnerability, login risk, and compliance evidence. The tool interprets queries, pulls the relevant data from DataBee’s security fabric, and...
By AI-TechPark
News•Feb 9, 2026
Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats
Outtake, a cybersecurity startup, announced a $40 million Series B round to accelerate its unified digital‑trust platform amid a surge in AI‑driven phishing and impersonation attacks. The round, led by ICONIQ and featuring investors such as Satya Nadella and Nikesh Arora, brings total capital...
By SecurityWeek
News•Feb 9, 2026
Cybersecurity M&A Roundup: 34 Deals Announced in January 2026
January 2026 saw 34 cybersecurity M&A announcements, underscoring rapid consolidation in the sector. CrowdStrike led the pack, agreeing to acquire SGNL for $740 million and Seraphic Security for about $420 million, bolstering its identity and browser‑runtime defenses. Other notable deals include Delinea’s...
By SecurityWeek
Blog•Feb 9, 2026
Rethinking Identity Management: From Who Has Access to What Really Matters
Traditional Identity Governance and Administration (IGA) has focused on compliance, but 99% of granted permissions remain unused, creating “Zombie Access”. This compliance‑only approach leads to rubber‑stamping, with 58% of access reviews ineffective, exposing organizations to insider threats. Integrating data governance...
By Architecture & Governance Magazine – Elevating EA
Blog•Feb 9, 2026
Attackers Abuse SolarWinds Web Help Desk to Install Zoho Agents and Velociraptor
On February 7, 2026, Huntress confirmed active exploitation of multiple critical vulnerabilities in SolarWinds Web Help Desk (WHD), including CVE‑2025‑40551 and CVE‑2025‑26399, which permit arbitrary code execution via untrusted deserialization. Attackers leveraged the flaw to install a Zoho ManageEngine remote‑management...
By Security Affairs
Blog•Feb 9, 2026
The Former Head of NSA on the Future of U.S. Cybersecurity
Retired Gen. Paul Nakasone, former NSA director and U.S. Cyber Command commander, discussed his doctrine of persistent engagement, its role in safeguarding recent U.S. elections, and the evolving cyber threat landscape. He highlighted the need for broader public‑private partnerships, a...
By The Cipher Brief
News•Feb 9, 2026
Men Charged in FanDuel Scheme Fueled by Thousands of Stolen Identities
Two Connecticut men, Amitoj Kapoor and Siddharth Lillaney, were indicted on 45 federal counts for a multi‑year scheme that used roughly 3,000 stolen identities to open fraudulent accounts on FanDuel, DraftKings, BetMGM and other online gambling platforms. They purchased personal...
By BleepingComputer
News•Feb 9, 2026
BeyondTrust Fixes Easy-to-Exploit Pre-Auth RCE Vulnerability in Remote Access Tools (CVE-2026-1731)
BeyondTrust has patched a critical pre‑authentication remote code execution flaw (CVE‑2026‑1731) affecting its Remote Support and Privileged Remote Access products. The vulnerability lets unauthenticated attackers run OS commands on vulnerable on‑premise deployments. SaaS customers received the fix on February 2 2026, while...
By Help Net Security
News•Feb 9, 2026
Show HN: Minimal NIST/OWASP-Compliant Auth Implementation for Cloudflare Workers
A new open‑source repository provides a minimal, standards‑driven authentication stack for Cloudflare Workers, featuring PBKDF2‑SHA384 password hashing, a dual‑token JWT scheme, and strict TypeScript typing. The implementation follows NIST SP 800‑63B, NIST SP 800‑132, OWASP ASVS, and RFC 8725, and includes over 250...
By Hacker News
News•Feb 9, 2026
Hackers Abuse ClawHub Skills to Evade VirusTotal via Social Engineering
Hackers have revamped ClawHub skill attacks by removing embedded malware and instead using clean SKILL.md files that lure users to counterfeit OpenClawCLI download sites. The malicious payload is hosted on look‑alike domains and fetched via an obfuscated bash command, allowing...
By GBHackers On Security
News•Feb 9, 2026
OpenAI Updates Europe Privacy Policy, Adding New Data Categories
OpenAI has refreshed its Europe‑facing privacy policy to align with the November 2024 EU revisions. The new document expands coverage to include files, images, audio, video, and contact data, while adding clearer sections on user controls such as opting out of...
By Help Net Security
News•Feb 9, 2026
Baobab Insurance Extends Cyber Cover with SCOR Capacity Boost
Baobab Insurance, a German cyber‑focused MGA, has broadened its underwriting capacity through an expanded partnership with global reinsurer SCOR. The SCOR syndicate at Lloyd’s now backs Baobab’s binder for companies with up to €1 billion in annual revenue across Germany and...
By Fintech Global
News•Feb 9, 2026
Iran’s Digital Surveillance Machine Is Almost Complete
Iran’s government imposed a near‑total internet shutdown on Jan 8, temporarily crippling even its domestic National Information Network (NIN). Researchers observed that the abrupt blackout deviated from the regime’s refined playbook, suggesting panic or technical failure. The NIN, controlled largely by...
By WIRED (Security)
News•Feb 9, 2026
Never Settle: How CISOs Can Go Beyond Compliance Standards to Better Protect Their Organizations
CISOs are urged to move past traditional compliance checklists and adopt a risk‑first strategy that anticipates emerging threats such as AI‑driven attacks, third‑party vulnerabilities, and future quantum risks. While standards like HIPAA, SOC 2, and ISO 27001 provide a useful baseline, they...
By CSO Online
News•Feb 9, 2026
Steam Game People Playground Hit by Malware via the Steam Workshop
People Playground’s Steam Workshop was compromised in early February 2026 when a malicious mod called “FPS++” acted as a worm, deleting user data and spamming workshop items. The malware erased configurations, maps, and stats while preserving playtime, leaving achievements unrecoverable....
By GamingOnLinux
News•Feb 9, 2026
Why One-Size-Fits-All Mobile Compliance No Longer Works
Regulators are intensifying enforcement of off‑channel mobile communications, forcing firms to capture, supervise, and retain messages. Traditional compliance programs rely on blanket device lockdowns, which push employees toward unapproved consumer apps and increase risk. Theta Lake and other vendors advocate...
By Fintech Global
News•Feb 9, 2026
Microsoft: Exchange Online Flags Legitimate Emails as Phishing
Microsoft is investigating a fault in Exchange Online that began on February 5, causing legitimate emails to be flagged as phishing and quarantined. The problem stems from a newly deployed URL rule that incorrectly labels benign links as malicious. The issue...
By BleepingComputer
News•Feb 9, 2026
StackHawk Launches Alliances Program to Help AppSec Teams Navigate the AI Era
StackHawk unveiled the StackHawk Alliances & Resellers Program (SHARP) to empower channel partners in delivering AI‑ready application security. A recent survey shows 87% of firms use AI coding assistants, making rapid, secure development the top 2026 challenge. SHARP promises 30%+...
By AI-TechPark
News•Feb 9, 2026
Wallet Tied to Infini Exploiter Resurfaces to Buy Ether Dip for $13M
An address linked to the $50 million Infini exploit resurfaced after a year of inactivity, purchasing $13.3 million worth of Ether as the price fell to $2,109. The newly acquired ETH was promptly transferred to the Tornado Cash mixing service, obscuring the...
By Cointelegraph
News•Feb 9, 2026
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware
APT groups, largely China‑linked, are shifting attacks from protected endpoints to edge infrastructure such as firewalls, routers and IoT devices. Taiwan emerged as the most targeted APAC region, logging 173 incidents and serving as a testing ground for new tools....
By GBHackers On Security
News•Feb 9, 2026
Social Media Platforms Earn Billions From Scam Ads
European social media platforms earned nearly £3.8bn ($5.2bn) from scam ads in 2025, driven by almost one trillion impressions across eleven markets. Scam‑related posts represented about 10% of the 993bn ad views, inflating platform revenue while undermining user trust. Juniper...
By Infosecurity Magazine
News•Feb 9, 2026
Schrödinger’s Cat and the Enterprise Security Paradox
Security leaders often operate under a paradox: dashboards show compliance while unseen breaches may exist. The article likens this to Schrödinger’s cat, arguing that without direct observation, an organization is simultaneously secure and compromised. It distinguishes the “paper company” of...
By CSO Online