🎯Today's Cybersecurity Pulse
Updated 55m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
Blog•Jan 30, 2026
ML-Kem-Based IPsec Advances 5G O-Ran Security Via E2 Interface Evaluation
Researchers experimentally validated post‑quantum cryptography on the 5G O‑RAN E2 interface using ML‑KEM (CRYSTALS‑Kyber) within IPsec. Their open‑source testbed compared baseline, traditional ECDH, and ML‑KEM IPsec configurations, measuring tunnel‑setup latency and xApp behavior. Results show only a 3–5 ms overhead for tunnel establishment, with no impact on Near‑RT RIC xApp performance. The study provides concrete evidence that quantum‑safe IPsec can be deployed in live O‑RAN networks without violating timing constraints.
By Quantum Zeitgeist
News•Jan 30, 2026
New AI-Developed Malware Campaign Targets Iranian Protests
HarfangLab uncovered the RedKitten campaign, an AI‑assisted operation delivering the SloppyMIO malware to Iranian human‑rights activists and NGOs. The attack uses shock‑value Excel files masquerading as forensic records to lure victims into enabling macros. Once activated, SloppyMIO pulls additional payloads...
By Infosecurity Magazine
Blog•Jan 30, 2026
SmarterTools Patches Critical SmarterMail Flaw Allowing Code Execution
SmarterTools released build 9511 to remediate two critical SmarterMail flaws, CVE-2026-24423 and CVE-2026-23760, each scoring 9.3 on the CVSS scale. The first vulnerability allowed unauthenticated attackers to execute arbitrary OS commands via the ConnectToHub API, while the second bypassed authentication...
By Security Affairs
News•Jan 30, 2026
Microsoft Sets New Timeline for Sentinel Transition to Defender Portal
Microsoft has postponed the migration of Microsoft Sentinel from the Azure portal to the Microsoft Defender portal, setting a new sunset date of March 31 2027—about nine months later than originally planned. The shift responds to extensive customer and partner feedback requesting...
By Help Net Security
News•Jan 30, 2026
Badges, Bytes and Blackmail
Orange Cyberdefense compiled a dataset of 418 publicly announced law‑enforcement actions against cybercrime from 2021 to mid‑2025. The analysis shows extortion, malware distribution and hacking as the most frequently targeted offenses, with arrests accounting for 29% of responses. The United...
By The Hacker News
News•Jan 30, 2026
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
Researchers uncovered a sophisticated traffic‑distribution system (TDS) that leverages education‑themed domains to deliver phishing pages, scams, and malware. The infrastructure is hosted on bullet‑proof providers in AS202015 (HZ Hosting) and shares WHOIS details such as oreshnik@mailum.com and Regway nameservers. A...
By GBHackers On Security
News•Jan 30, 2026
Top 6 Data Breaches of January 2026
In January 2026 six high‑profile data breaches—Nike, Melwood, SNP Transformations, Venezia Bulk Transport, Global Shop Solutions, and Grubhub—highlight a shift toward exposure through internal access paths and third‑party tools. Breaches ranged from a 1.4 TB internal data exfiltration at Nike to a...
By Security Boulevard
News•Jan 30, 2026
National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat
NatWest Bank and the UK National Crime Agency have launched a joint awareness campaign to combat invoice fraud, a cyber‑crime that siphons millions from businesses each year. The partnership highlights the scale of the threat, citing September 2025 data where...
By Infosecurity Magazine
News•Jan 30, 2026
Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads
Annex Security uncovered a malicious VS Code extension in the Open VSX registry that pretended to be the Angular Language Service, amassing 5,066 downloads before activating sophisticated malware. The extension decrypts a payload with AES‑256‑CBC, contacts a Solana blockchain address for command‑and‑control,...
By GBHackers On Security
News•Jan 30, 2026
Top 10 B2B Healthcare SaaS SSO Solutions in 2026
Healthcare SaaS vendors now face a non‑negotiable requirement: integrate Single Sign‑On with hospital identity providers to secure access and meet procurement standards. Data breaches in the sector average $12 million per incident, driving CISOs to demand instant revocation and compliance‑ready authentication....
By Security Boulevard
News•Jan 30, 2026
Ad Fraud Is Exploding — Dhiraj Gupta of mFilterIt Explains How Brands Can Respond
Ad fraud is escalating into a systemic threat that undermines the digital economy’s trust. In 2024 mobile ad fraud rose 21% and programmatic scams siphoned nearly $50 billion, while the ad‑fraud detection market is set to exceed $2 billion by 2034. Dhiraj...
By The Cyber Express
News•Jan 30, 2026
DynoWiper Update: Technical Analysis and Attribution
ESET researchers identified a new data‑wiping malware, DynoWiper, used against a Polish energy company in December 2025. Technical analysis attributes the campaign to the Russian‑aligned Sandworm group with medium confidence, noting similarities to the previously observed ZOV wiper. The malware deployed...
By WeLiveSecurity
News•Jan 30, 2026
Cardamon Partners Microsoft to Scale Secure AI in Compliance
Cardamon, a RegTech firm specializing in secure AI for compliance, has entered Microsoft’s AI Partnership Program to deliver enterprise‑grade, auditable AI solutions to highly regulated organizations. The collaboration combines Cardamon’s rapid delivery platform, which claims to automate up to 95%...
By Fintech Global
News•Jan 30, 2026
Why Passwordless Authentication Is Critical for Online Learning & Student Services
Online learning has become core campus infrastructure, but passwords remain the weakest link, exposing grades, payments, and personal data. Passwordless authentication replaces reusable secrets with device‑bound credentials such as passkeys, security keys, magic links, OTPs, and push approvals. The shift...
By Security Boulevard
News•Jan 30, 2026
Arkose Titan Aims to Make Bot, Scraping, and AI Fraud Economically Unviable
Arkose Labs unveiled Arkose Titan, a unified platform that defends against both human‑driven and AI‑powered fraud, scraping, and bot attacks. The solution consolidates bot detection, device and email intelligence, API security, behavioral biometrics, and phishing protection into a single API...
By Help Net Security
News•Jan 30, 2026
Intruder Grows Enterprise Customers by 81% as Part of Record 2025 Momentum
Intruder announced record 2025 growth, with enterprise annual recurring revenue climbing 81% year‑over‑year. The surge was fueled by a 51% rise in new business and a 2.5‑fold jump in expansion revenue, alongside the rollout of Cloud Security Posture Management and...
By AI-TechPark
News•Jan 30, 2026
EFF Calls Out Major Tech Companies on Encryption Promises
The Electronic Frontier Foundation (EFF) has launched the "Encrypt It Already" campaign, urging major tech firms to fulfill announced end‑to‑end encryption promises, enable encryption by default, and broaden encrypted storage. The initiative groups demands into three categories—Keep your promises, Defaults...
By Help Net Security
News•Jan 30, 2026
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access
Cyble Research & Intelligence Labs uncovered ShadowHS, a Linux post‑exploitation framework that operates entirely in memory. The tool leverages a weaponized version of hackshell with an AES‑256‑CBC encrypted loader, enabling fileless execution via /proc//fd/. ShadowHS provides an operator‑controlled environment for...
By The Cyber Express
News•Jan 30, 2026
Apple’s New Privacy Feature Limits How Precisely Carriers Track Your Location
Apple introduced a new privacy setting called Limit Precise Location in iOS 26.3, which reduces the granularity of location data shared with cellular networks. When enabled, carriers can only determine a user’s approximate neighborhood rather than the exact address, while app‑level...
By Help Net Security
News•Jan 30, 2026
KnowBe4 Celebrates a Decade of AI Innovation with 7 Active AI Agents in Market
KnowBe4 marks a decade of AI-driven cybersecurity by celebrating the tenth anniversary of its AIDA platform and the deployment of seven active AI agents in the market. The company appointed Harlan Parrott as Vice President of AI Innovation to head...
By AiThority
News•Jan 30, 2026
The CSO Guide to Top Security Conferences
The CSO editorial team compiled a calendar of security conferences slated for February through May 2026, covering more than 30 events across Asia, Europe, North America and Australia. Highlights include multiple Gartner Security & Risk Management Summits, the BSides community...
By CSO Online
News•Jan 30, 2026
Abusers Using AI and Digital Tech to Attack and Control Women, Charity Warns
Domestic‑abuse charity Refuge reports a sharp rise in technology‑enabled abuse, with a 62% increase in complex cases amounting to 829 women in Q4 2025. Referrals of victims under 30 grew 24%, highlighting younger women’s vulnerability to smart‑device stalking. Perpetrators are exploiting...
By The Guardian AI
News•Jan 30, 2026
Human Risk Management: CISOs’ Solution to the Security Awareness Training Paradox
Human risk management (HRM) is emerging as a solution to the security awareness training (SAT) paradox, where 70‑90% of breaches originate from employee actions despite billions spent on training. While SAT spending is projected to grow 15% annually, its efficacy...
By CSO Online
News•Jan 30, 2026
Black Duck Expands Federal Cloud Offerings with FedRAMP Push
Black Duck announced it has begun the FedRAMP Moderate authorization process for its Polaris Platform, aiming to secure a federal‑grade cloud offering. The company partnered with stackArmor, a FedRAMP engineering specialist, to fast‑track the Authorization to Operate (ATO). Black Duck...
By AI-TechPark
News•Jan 30, 2026
Attackers Weaponize Microsoft 365 Outlook Add-Ins to Quietly Exfiltrate Email Data
Researchers have uncovered a stealthy data‑theft method called “Exfil Out&Look” that abuses Microsoft 365 Outlook Web add‑ins to siphon email content. The technique leverages minimal‑permission manifests that execute on the OnMessageSend event, silently fetching email bodies and forwarding them via a fetch()...
By GBHackers On Security
News•Jan 30, 2026
Helpdesk Impersonation: A High-Risk Social Engineering Attack
Helpdesk impersonation is a social‑engineering technique where attackers pose as employees or partners to trick IT support staff into granting unauthorized access. By leveraging publicly available information and urgency cues, they can obtain password resets, MFA device changes, and privileged...
By Security Boulevard
News•Jan 30, 2026
The Future of Digital Asset Security: Institutional-Grade Strategies for Private Investors in 2026
Digital investors face escalating cyber threats, making traditional passwords obsolete. Bexalon’s guide advocates institutional‑grade defenses, including AES‑256 encryption, segregated accounts, and a blend of cold storage with limited hot wallets. It also recommends abandoning SMS‑2FA in favor of hardware keys,...
By TechBullion
News•Jan 30, 2026
Wearable Tech Adoption Continues as Privacy Worries Grow
Over one billion people now wear fitness trackers that continuously collect health metrics, creating a massive stream of sensitive personal data. A recent Clutch survey shows 74% of users are worried about how this data is handled, while only 58%...
By Help Net Security
News•Jan 30, 2026
Securing Trust: Why Crisis Communication Is Your First Line of Defense
The article argues that crisis communication is a core security control, not merely a public‑relations task. It shows how timely, accurate messaging curbs panic, protects brand reputation, and satisfies strict regulatory timelines such as the SEC’s four‑day rule and GDPR’s...
By Security Magazine (Cybersecurity)
News•Jan 30, 2026
Trump Sues IRS and the Treasury for $10 Billion Because His Tax Returns Were Leaked
The 2023 leak orchestrated by former Booz Allen consultant Charles Littlejohn exposed tax returns for an estimated 400,000 affluent Americans, a cache that quickly landed on the desks of the New York Times and ProPublica. Littlejohn’s guilty plea in 2023 and subsequent...
By DataBreaches.net
News•Jan 30, 2026
Bybit Made ‘Slow but Steady Comeback’ in 2025 After Massive Hack: CoinGecko
Bybit posted the second‑largest trading volume among crypto exchanges in 2025, reaching $1.5 trillion and capturing an 8.1% market share despite a $1.5 billion hack earlier in the year. The exchange kept withdrawals open, honored all user transactions, and secured external liquidity,...
By Cointelegraph
News•Jan 30, 2026
Top 5 PCI Compliant Hosting Providers
The article outlines the five leading PCI‑compliant hosting providers—AWS, Microsoft Azure, Google Cloud Platform, Rackspace, and specialized PCI hosts—explaining how each aligns its infrastructure with PCI DSS requirements. It emphasizes the shared‑responsibility model, where providers manage the underlying hardware while...
By Security Boulevard
News•Jan 30, 2026
Cisco Foundation AI Debuts Agentic Security Tools to Protect Autonomous AI Systems
Cisco Foundation AI unveiled a suite of agentic security tools aimed at safeguarding increasingly autonomous AI systems in enterprise environments. The flagship offering, Foundation‑sec‑8B‑Reasoning, is an open‑weight model optimized for multistep cybersecurity analysis and produces explicit reasoning traces. Complementary releases...
By SiliconANGLE
News•Jan 29, 2026
PwC Expands Google Cloud Alliance with $400M Push Into AI-Driven Security Operations
PwC announced an expanded alliance with Google Cloud, committing $400 million over three years to accelerate AI‑driven security operations. The partnership blends Google Cloud’s AI‑powered security platforms with PwC’s transformation, risk, and managed‑service expertise to modernize security across hybrid and multicloud...
By SiliconANGLE
News•Jan 29, 2026
Hugging Face Abused to Spread Thousands of Android Malware Variants
Researchers at Bitdefender uncovered a new Android malware campaign that exploits the Hugging Face platform as a distribution hub for thousands of polymorphic APK variants. The dropper app, TrustBastion, masquerades as a security tool, redirects victims to a Hugging Face...
By BleepingComputer
News•Jan 29, 2026
Ivanti Warns of Two EPMM Flaws Exploited in Zero-Day Attacks
Ivanti disclosed two critical code‑injection flaws (CVE‑2026‑1281 and CVE‑2026‑1340) in its Endpoint Manager Mobile (EPMM) platform, each scoring 9.8 on the CVSS scale and already leveraged in limited zero‑day attacks. The company issued immediate RPM‑based mitigations that require no downtime,...
By BleepingComputer
News•Jan 29, 2026
Measuring Agentic AI Posture: A New Metric for CISOs
The episode introduces a new metric—Agentic AI Posture—to help CISOs assess readiness against fast‑moving AI‑driven threats, arguing that traditional security metrics like MTTR are insufficient. It outlines three pillars for measuring AI readiness: Visibility Ratio (tracking shadow agents and API...
By Security Boulevard
News•Jan 29, 2026
Quantum-Ready Security Drives Keyfactor to 2025 Inc. 5000 List
Keyfactor earned a spot on the 2025 Inc. 5000 list for the sixth year in a row, driven by surging demand for quantum‑ready security solutions. The Cleveland‑based firm launched the AI‑powered Keyfactor Command MCP Server to streamline PKI and certificate...
By The Qubit Report
News•Jan 29, 2026
Quantum Cybersecurity Policy: ITI’s Guide for Secure Innovation
On World Quantum Day 2025 the Information Technology Industry Council (ITI) published a Quantum Technology Policy Guide that frames quantum cybersecurity as a dual‑track challenge. The guide urges immediate deployment of post‑quantum cryptography (PQC) while promoting quantum communications such as...
By The Qubit Report
News•Jan 29, 2026
Still Trying to Reduce Technical Debt Manually?
In this episode, Azul discusses the growing challenge of technical debt in Java applications, especially as Java versions approach end‑of‑support windows. It outlines manual best practices—such as educating product owners, modular architecture, automated testing, and maintaining a debt register—alongside governance...
By Security Boulevard
News•Jan 29, 2026
Ex-Google Engineer Guilty of Stealing AI Tech for Chinese Firm
A federal jury in Northern California found former Google engineer Linwei Ding guilty of 14 counts of economic espionage and trade‑secret theft. Ding allegedly exfiltrated 1,255 internal documents—about 14,000 pages—related to Google’s AI chip technology between May 2022 and January 2024. He...
By DataBreaches.net
News•Jan 29, 2026
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Enterprises rushing to the cloud often overlook security, leading to costly gaps. Common pitfalls include naïve lift‑and‑shift migrations, weak identity controls, and inadequate data protection. The article outlines ten frequent mistakes and provides concrete steps—such as workload‑by‑workload assessment, least‑privilege access,...
By HackRead
News•Jan 29, 2026
Marquis Blames Ransomware Breach on SonicWall Cloud Backup Hack
Marquis Software Solutions, a Texas‑based provider to over 700 banks and credit unions, attributes its August 2025 ransomware incident to a breach of SonicWall’s MySonicWall cloud backup service. The attackers allegedly used firewall configuration files stolen from SonicWall to bypass Marquis’s...
By BleepingComputer
News•Jan 29, 2026
Massive AI Chat App Leaked Millions of Users Private Conversations
Chat & Ask AI, a popular AI chatbot with over 50 million installs, suffered a massive data exposure due to a Firebase misconfiguration. An independent researcher accessed roughly 300 million messages belonging to more than 25 million users, revealing full conversation histories, timestamps,...
By Slashdot
Social•Jan 29, 2026
VPS as Reliable Fallback for Browser‑Only Tasks
Why not a VPS for Molt? In my use cases, research and testing, sometimes fetch and browser tools are blocked by anti-bot tech, or there is some workflow that doesn't have an API.... it's purely browser driven. With cui and...
By Jason Haddix
Blog•Jan 29, 2026
Security Proofs Advance Quantum Key Distribution with Asymmetric Failure Detection
Researchers from the University of Waterloo and NUS uncovered a critical flaw in existing Quantum Key Distribution (QKD) security proofs: they assume perfectly reliable authentication. They introduced a reduction theorem that shows protocols proven secure under ideal authentication remain secure...
By Quantum Zeitgeist
News•Jan 29, 2026
An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account
Security researchers discovered that Bondu, an AI‑enabled stuffed‑dinosaur toy, left over 50,000 child chat transcripts accessible to anyone with a Gmail account through its parent portal. The flaw required no hacking—simply logging in with a Google ID revealed names, birthdates,...
By WIRED AI
News•Jan 29, 2026
Moltbot Personal Assistant Goes Viral—And So Do Your Secrets
The episode dives into Moltbot, an open‑source, self‑hosted AI personal assistant that surged in popularity in January 2026, amassing tens of thousands of GitHub stars and forks. While its powerful automation capabilities are praised, the hosts reveal a wave of...
By Security Boulevard
Social•Jan 29, 2026
Self‑controlled Crypto Wallets Aren't Safe for Life Savings Yet
“We are not in a place where anyone should store their life savings on chain in a wallet they control. It’s probably not safe for that yet.” https://t.co/JTgHPOAJbx
By Laura Shin
News•Jan 29, 2026
Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity
The FBI has launched Operation Winter SHIELD, a cyber‑resilience campaign that outlines ten concrete actions for organizations to harden both IT and OT environments. The initiative aligns with the U.S. National Cyber Strategy and draws on recent investigations of cyber‑criminal and...
By Infosecurity Magazine