🎯Today's Cybersecurity Pulse
Updated 2h agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform as a remedy for fragmented legacy VPNs and hardware firewalls. The solution uses a single‑pass architecture that runs security checks across a global network spanning over 300 cities, removing service‑chaining bottlenecks. It also integrates zero‑trust capabilities.
Also developing:
By the numbers: Zafran Security raises $60M Series C
News•Feb 5, 2026
Bolt Picks Socure to Secure ID Verification Platform
Bolt, the checkout and payments platform, announced a partnership with identity‑verification specialist Socure. By embedding Socure’s RiskOS and its global Identity Graph into Bolt ID, the service gains predictive risk signals and compliance decisioning. The integration is designed to boost merchant confidence, reduce fraud and false‑positive declines, and streamline the checkout experience. The move follows Socure’s recent launch of its SocureGov RiskOS for government agencies, underscoring the growing strategic value of digital identity.
By PYMNTS
News•Feb 5, 2026
CISA Orders Agencies to Patch and Replace End-of-Life Devices, Citing Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding operational directive requiring federal agencies to inventory, replace, and continuously monitor end‑of‑support (EOS) edge devices after detecting active exploitation by advanced threat actors, some linked to nation‑states. Agencies have three...
By FCW (GovExec Technology)
News•Feb 5, 2026
OIG Audit of Hospital’s Cybersecurity Finds Vulnerabilities in Common Web Applications
The U.S. Department of Health and Human Services Office of the Inspector General audited a large southeastern hospital and identified security gaps in four internet‑accessible web applications. The hospital, a 300‑bed facility that relies on the HITRUST Common Security Framework...
By DataBreaches.net
News•Feb 5, 2026
Berlin Hospitals Threatened by Spate of Attacks
Berlin’s Hospital Association has warned of a surge in unexplained incidents targeting hospitals, ranging from drone incursions and cyberattacks to forced entries and arson. Intelligence agencies have classified at least some of these events as potential security threats, prompting heightened...
By DataBreaches.net
News•Feb 5, 2026
Microsoft to Shut Down Exchange Online EWS in April 2027
Microsoft announced that the Exchange Web Services (EWS) API for Exchange Online will be blocked on October 1, 2026 and fully retired on April 1, 2027. Administrators can create an allow‑list by August 2026 to bypass the October block, after which Microsoft will pre‑populate allow...
By BleepingComputer
News•Feb 5, 2026
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The AISURU/Kimwolf botnet launched a record‑setting DDoS attack in November 2025, peaking at 31.4 Tbps and lasting just 35 seconds. Cloudflare, which automatically mitigated the traffic, said the attack is part of a surge in hyper‑volumetric HTTP assaults, with average sizes...
By The Hacker News
News•Feb 5, 2026
Italian University La Sapienza Goes Offline After Cyberattack
Rome’s La Sapienza, Europe’s largest university, suffered a cyberattack that forced a complete shutdown of its IT network. Authorities and the university’s technical task force identified the incident as a ransomware operation attributed to the pro‑Russian group Femwar02, using the...
By BleepingComputer
News•Feb 5, 2026
Irish SMEs Turn to Practical Cyber Solutions as AI-Driven Threats Rise, Vodafone Tells SFA Event
At the Small Firms Association’s SFA Connect event, Vodafone Ireland highlighted that 94% of Irish SMEs feel unprepared for AI‑driven cyber attacks, yet adoption of basic safeguards remains low. Only 21% of SMEs use multifactor authentication and more than half...
By Irish Tech News
News•Feb 5, 2026
Trust by Design: Updating Your Digital Workplace Charter for the Age of AI Assistants
AI adoption is outpacing employee trust, driving widespread use of unsanctioned "Shadow AI" tools. This behavior creates institutional amnesia, where valuable insights disappear from corporate knowledge bases. The article argues that a one‑page digital‑workplace charter—updated with AI‑specific purpose, vision, and...
By TechRadar
News•Feb 5, 2026
Data Breach at Govtech Giant Conduent Balloons, Affecting Millions More Americans
A ransomware attack in January 2025 crippled Conduent’s systems and has now been linked to at least 15.4 million affected Texans and 10.5 million Oregonians, far exceeding the company’s earlier estimate of four million victims. The breach exposed names, Social Security numbers, medical...
By TechCrunch (Cybersecurity)
News•Feb 5, 2026
Domestic Surveillance Fears Loom over Congress Debate to Renew Spying Power
Congress is debating the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, which allows warrantless collection of foreign communications but often sweeps up U.S. persons. Recent Trump-era domestic surveillance orders and expanded data‑provider definitions have heightened Democratic concerns...
By FCW (GovExec Technology)
News•Feb 5, 2026
Romanian Oil Pipeline Operator Conpet Discloses Cyberattack
Romanian pipeline operator Conpet disclosed a ransomware attack that crippled its corporate IT systems and took its public website offline, while its core transport operations remained unaffected. The Qilin gang claimed responsibility, alleging the theft of nearly 1 TB of internal...
By BleepingComputer
News•Feb 5, 2026
When Cloud Logs Fall Short, the Network Tells the Truth
Cloud migrations create fragmented logs that leave blind spots, making real‑time visibility essential for security. Network telemetry provides a consistent, provider‑agnostic signal that overcomes log inconsistencies across multi‑cloud environments. By integrating traffic mirroring, flow logs, and TLS/DNS metadata, organizations can...
By BleepingComputer
Blog•Feb 5, 2026
New Encryption Method Withstands Attacks From Both Computers and Artificial Intelligence
Researchers introduced Eidolon, a post‑quantum digital signature scheme built on the NP‑complete k‑colourability problem. By extending zero‑knowledge protocols and using Merkle‑tree commitments, the scheme compresses signatures from O(t n) to O(t log n). Empirical tests against integer‑linear‑programming, DSatur, and a custom graph neural...
By Quantum Zeitgeist
News•Feb 5, 2026
FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access
FireCompass introduced Explorer, a credit‑based freemium platform that delivers AI‑powered autonomous penetration testing for web applications, APIs, and external infrastructure. The service lets security teams launch self‑serve tests within minutes and receive evidence‑backed exploit paths rather than generic alerts. By...
By AiThority
News•Feb 5, 2026
Operant AI Debuts Agent Protector to Secure Autonomous AI Agents at Scale
Operant AI announced Agent Protector, a real‑time security platform for autonomous AI agents. The solution delivers shadow‑agent discovery, zero‑trust enforcement, inline threat detection, and secure enclaves to protect both managed and unmanaged agents across cloud, SaaS, and development environments. It...
By SiliconANGLE
News•Feb 5, 2026
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Security researcher Sygnia uncovered a coordinated network of more than 150 cloned law‑firm websites used in an AI‑powered fraud scheme. The domains are spread across multiple registrars, each with its own SSL certificate and often hidden behind Cloudflare to evade...
By SecurityWeek
News•Feb 5, 2026
Intruder Warns of Data Risks in Moltbot AI Assistant
Intruder released research exposing critical security gaps in Moltbot, an open‑source, self‑hosted AI assistant. The study shows that default deployments often lack firewalls, credential validation, and sandboxing, leaving cloud instances exposed. Attackers are exploiting misconfigurations to harvest API keys, conduct...
By AI-TechPark
News•Feb 5, 2026
Cohesity Deepens Google Cloud Integration
Cohesity has integrated Google Cloud Threat Intelligence directly into the Cohesity Data Cloud UI and added Google Private Scanning for secure, privacy‑preserving malware detonation. The enhancement gives customers real‑time visibility into indicators of compromise and streamlines threat analysis without leaving...
By Blocks & Files
Blog•Feb 5, 2026
Quantum Industry Canada Backs 2026 Year of Quantum Security Initiative
Quantum Industry Canada (QIC) has officially joined the global 2026 Year of Quantum Security (YQS2026) initiative, aligning Canada with an international effort to protect digital infrastructure against emerging quantum threats. The program will bring together government, industry, finance and academia...
By Quantum Zeitgeist
News•Feb 5, 2026
VS Code Configs Expose GitHub Codespaces to Attacks
Orca Security discovered that GitHub Codespaces automatically executes VS Code configuration files in the *.vscode* folder when a repository or pull request is opened. Malicious JSON files such as settings.json or devcontainer.json can inject bash commands, leading to remote code execution...
By SecurityWeek
Blog•Feb 5, 2026
Quantum Signatures Bypass Tricky Quantum Memory with Classical Computing Power
Researchers unveiled a quantum‑digital‑signature protocol that uses classical shadows of random quantum circuits as public keys, eliminating the need for fragile quantum memory. An enhanced state‑certification primitive improves noise tolerance and cuts sample complexity, enabling a proof‑of‑principle signature on a...
By Quantum Zeitgeist
News•Feb 5, 2026
Smartphones Now Involved in Nearly Every Police Investigation
A new Cellebrite report shows digital evidence, especially from smartphones, now underpins almost every police investigation. Ninety‑five percent of law‑enforcement practitioners consider it essential, and 97% identify smartphones as the top source, up from 73% in 2024. Consequently, 62% of...
By Infosecurity Magazine
News•Feb 5, 2026
Torq Hires Virgin Atlantic CISO to Lead Agentic AI Shift
Torq, an agentic security operations platform, announced the hiring of former Virgin Atlantic CISO John White as Field CISO. White, who led a multi‑year transformation of Virgin Atlantic’s cyber defenses using Torq’s AI SOC platform, joins the company after its...
By AI-TechPark
News•Feb 5, 2026
Sanctioned Bulletproof Host Linked to Hijacking of Old Home Routers
Researchers at Infoblox uncovered a global DNS hijacking campaign that compromised outdated home routers in more than 30 countries. Attackers altered router DNS settings, redirecting traffic through servers owned by Aeza International, a U.S.-sanctioned Russian bulletproof hosting provider. The rerouted...
By HackRead
News•Feb 5, 2026
Substack Discloses Breach Exposing Its User Details After Four-Month Delay
Substack announced that a security breach exposed subscriber email addresses, phone numbers and internal metadata after attackers accessed the data in October 2025. The intrusion went undetected until February 2026, giving threat actors a four‑month dwell time. The company confirmed...
By The Cyber Express
News•Feb 5, 2026
Space Force May Be Done with R-GPS, but Congress Isn’t
The Space Force ended funding for the Resilient GPS (R‑GPS) program in FY2026, opting to focus on the GPS III F modernization path, while Congress added $15 million in the 2026 spending bill to keep R‑GPS development alive. R‑GPS sought to use commercial,...
By SpaceNews
News•Feb 5, 2026
The Buyer’s Guide to AI Usage Control
Enterprises are grappling with an explosion of AI tools embedded in SaaS, browsers, and shadow applications, yet most security programs still rely on legacy, perimeter‑focused controls. The new Buyer’s Guide for AI Usage Control highlights that AI risk resides in...
By The Hacker News
News•Feb 5, 2026
Asset Intelligence as Context Engineering for Cybersecurity Operations
The article introduces Asset Intelligence as a disciplined approach to context engineering for cybersecurity operations. It argues that fragmented security data—ranging from patch status to identity records—creates contradictory views that hinder both human analysts and AI agents. By aggregating, correlating,...
By Security Boulevard
News•Feb 5, 2026
Data Breach at Fintech Firm Betterment Exposes 1.4 Million Accounts
Fintech platform Betterment disclosed a data breach affecting roughly 1.435 million accounts, exposing email addresses, names, birth dates, physical addresses, phone numbers, and employment details. Threat actors also launched a social‑engineering campaign, sending fraudulent cryptocurrency reward emails to compromised contacts....
By BleepingComputer
News•Feb 5, 2026
The Silent Security Gap in Enterprise AI Adoption
Enterprises are rapidly integrating generative AI into core workflows, but security models have not kept pace. Sensitive data now flows through AI inference requests—prompts containing source code, contracts, PII, and strategic logic—yet these streams sit outside traditional visibility and control...
By CSO Online
News•Feb 5, 2026
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries
Palo Alto Networks identified a state‑sponsored cyber‑espionage group, TGR‑STA‑1030, conducting a "Shadow Campaign" that has breached at least 70 organizations in 37 countries, including government ministries, law‑enforcement agencies, and telecom operators. The group, likely linked to China, leverages sophisticated phishing...
By SecurityWeek
News•Feb 5, 2026
The Compliance Convergence Challenge: Permission Sprawl and AI Regulations in Hybrid Environments
Enterprise security leaders confront a convergence of U.S. state privacy laws, the EU's DORA and AI Act, and exploding AI data demands, all of which amplify permission sprawl. With 91% of offboarded employees still retaining file access, the attack surface...
By Security Boulevard
News•Feb 5, 2026
EU Fintechs Face New AML Duties as APP Scams Surge
APP (Authorized Push Payment) scams have become Europe’s most damaging payment fraud, now surpassing card fraud in total losses. In 2024 the average fraudulent credit‑transfer exceeded €2,000 and credit‑transfer fraud accounted for €2.5 bn, about 60 % of all payment‑fraud losses in...
By Fintech Global
News•Feb 5, 2026
Axle and Experian Partner to Boost Auto Fraud Detection
Axle, an insurance‑data API provider, has teamed up with Experian to embed real‑time automotive insurance verification into Experian’s Fraud Protect platform. The integration lets dealerships and lenders instantly confirm active coverage while running identity and income checks, adding a new...
By Fintech Global
News•Feb 5, 2026
Zendesk Spam Wave Returns, Floods Users with 'Activate Account' Emails
A fresh wave of spam is exploiting unsecured Zendesk support portals, flooding users worldwide with fake “Activate account” emails. Attackers submit tickets through open Zendesk forms, triggering automatic confirmation messages to large address lists. The campaign mirrors a January incident,...
By BleepingComputer
News•Feb 5, 2026
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+
Pindrop’s 2025 report reveals a 1,210% surge in AI‑enabled voice and virtual‑meeting fraud, dwarfing the 195% rise in traditional scams. Synthetic voice bots and deepfake executives are now bypassing contact‑center IVRs and infiltrating remote interviews, financial transactions, and other trust‑based...
By Infosecurity Magazine
News•Feb 5, 2026
Healthcare Cybersecurity Is in Crisis — These Proven Controls Could Be the Cure
The U.S. healthcare sector experienced twice as many cyber breaches in 2025 as in 2024, with average insured losses exceeding $2 million per incident. Resilience’s analysis of claims data identified five high‑ROI controls that materially reduce risk, including anti‑fraud training, breach‑and‑attack...
By Security Magazine (Cybersecurity)
News•Feb 5, 2026
Cisco, F5 Patch High-Severity Vulnerabilities
Cisco and F5 released emergency patches this week addressing multiple high‑severity flaws across their flagship products. Cisco fixed two critical bugs—CVE‑2026‑20119, a remote, unauthenticated DoS in TelePresence CE and RoomOS, and CVE‑2026‑20098, an authenticated file‑upload that grants root command execution...
By SecurityWeek
News•Feb 5, 2026
Microsoft Launches LiteBox, a Security-Focused Open-Source Library OS
Microsoft unveiled LiteBox, an open‑source library operating system designed to act as a secure kernel layer for protecting guest kernels through hardware virtualization. Developed alongside the Linux Virtualization Based Security (LVBS) project, LiteBox runs security‑critical code in a hardened, isolated...
By Help Net Security
News•Feb 5, 2026
US FDA Reissues Cybersecurity Guidance to Reflect QMSR Transition and ISO 13485 Alignment
The FDA reissued its final medical‑device cybersecurity guidance on February 4, updating references to reflect the new Quality System Management Regulation (QMSR) that took effect on February 2. The revision aligns the guidance with ISO 13485:2016, embedding the international standard into the U.S....
By The Cyber Express
News•Feb 5, 2026
AiStrike Introduces AI-Powered MDR to Reduce Costs and Alert Fatigue
AiStrike has launched AiStrike MDR, an AI‑powered managed detection and response service that replaces traditional human‑intensive SOCs with an AI‑led, expert‑guided model. The platform unifies threat intelligence, detection, investigation and response across cloud, endpoint and identity data, delivering automated triage...
By Help Net Security
News•Feb 5, 2026
Software Supply Chain Risks Join the OWASP Top 10 List, Access Control Still on Top
The 2025 OWASP Top 10 introduces software supply chain failures and mishandling of exceptional conditions as new entries, while broken access control retains the top spot after 20 years. Security misconfiguration rises to second place, and AI‑generated code is highlighted in the...
By CSO Online
News•Feb 5, 2026
Smart Glasses Are Back, Privacy Issues Included
After the failure of Google Glass, smart glasses are re‑emerging, led by the Ray‑Ban Meta collaboration that blends fashion with AI‑enabled camera and microphone. Harvard students showed the device’s video can be fed into facial‑recognition systems to identify strangers, while...
By Help Net Security
News•Feb 5, 2026
Cyberhaven Introduces Unified AI and Data Security Platform
Cyberhaven launched a unified AI‑driven Data Security Posture Management platform that integrates DSPM, DLP, insider risk management and AI security across endpoints, SaaS, cloud and on‑prem environments. The solution leverages comprehensive data lineage and agentic AI to provide continuous visibility,...
By Database Trends & Applications (DBTA)
News•Feb 5, 2026
Cybersecurity Planning Keeps Moving Toward Whole-of-Society Models
National governments are reshaping cybersecurity into whole‑of‑society frameworks that link risk management, workforce development, technology standards, and cross‑sector coordination. Centralized authorities act as hubs for incident response, intelligence sharing, and international cooperation, while private operators remain pivotal for critical infrastructure...
By Help Net Security
News•Feb 5, 2026
Measuring AI Use Becomes a Business Requirement
A Larridin survey reveals a 16‑point visibility gap between executives and directors on AI usage, highlighting pervasive shadow AI and fragmented governance. Large enterprises run an average of 23 AI tools, yet only 38 percent maintain a comprehensive inventory, leaving many...
By Help Net Security
News•Feb 5, 2026
Tribunal Partially Overturns Ruling on Bunnings Privacy Breach
The Administrative Review Tribunal (ART) partially overturned the Australian Information Commissioner’s finding that Bunnings breached privacy law with its facial‑recognition trial. While the tribunal accepted Bunnings’ reasonable belief that the technology was necessary to combat retail crime, it cleared the...
By Inside Retail Australia
News•Feb 5, 2026
Two Ivy League Universities Had Donor Information Breaches. Will Donors Be Notified?
Harvard University disclosed a November phishing attack that exposed alumni, donor and limited staff data, while the University of Pennsylvania confirmed a ShinyHunters intrusion that accessed Salesforce, SAP and other systems, compromising roughly 1.2 million students, alumni and donors. Both breaches...
By DataBreaches.net
Podcast•Feb 5, 2026•6 min
SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
In this Stormcast episode, the hosts discuss a multi‑stage malicious script that injects into Chrome, downloads a seemingly benign wallpaper image, and then installs additional payloads like Xworm to evade AV detection. They highlight a critical, unauthenticated web‑admin vulnerability (CVE‑2026‑1633)...
By SANS Internet StormCast