🎯Today's Cybersecurity Pulse
Updated 2h agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform as a remedy for fragmented legacy VPNs and hardware firewalls. The solution uses a single‑pass architecture that runs security checks across a global network spanning over 300 cities, removing service‑chaining bottlenecks. It also integrates zero‑trust capabilities.
Also developing:
By the numbers: Zafran Security raises $60M Series C
News•Jan 29, 2026
Enterprise API Security: Protecting Your Digital Ecosystem From Modern Threats
APIs have become the backbone of digital business, but they also represent the most frequent attack vector for enterprise web applications, according to Gartner. The guide outlines common vulnerabilities such as broken authentication, excessive data exposure, and rate‑limiting gaps, and recommends controls like strong OAuth 2.0, JWT management, and mutual TLS. It emphasizes the role of API gateways, service meshes, and continuous monitoring in protecting both external and microservice‑to‑microservice traffic. Building a formal API security program—covering inventory, risk classification, and automated CI/CD gates—is presented as essential for modern enterprises.
By TechBullion
News•Jan 29, 2026
ImmuniWeb Reports Double-Digit Growth and Platform Advances
ImmuniWeb reported an all‑time sales record for 2025, maintaining double‑digit year‑over‑year growth while staying profitable. The company rolled out four major AI Platform updates, adding AI‑specific testing for web, mobile, API, LLM vulnerabilities and post‑quantum encryption readiness. Independent ISO 9001 and...
By Help Net Security
News•Jan 29, 2026
NSFOCUS Unveils Enhanced AI LLM Risk Threat Matrix for Holistic AI Security Governance
NSFOCUS announced an upgraded AI LLM Risk Threat Matrix, adding 14 new threat categories that focus on AI agent, multimodal, and Multi‑Agent Communication Protocol (MCP) vulnerabilities. The matrix expands coverage across identity, application, model, data, and infrastructure security throughout the...
By Security Boulevard
News•Jan 29, 2026
AI-Enabled Scams Rose 500% in 2025 as Crypto Theft Goes ‘Industrial’
TRM Labs reports a five‑fold surge in large language model‑powered scams in 2025, propelling AI‑generated deepfakes, voice clones and synthetic images into mainstream fraud. Crypto theft amounted to $35 billion, a slight dip from 2024, while illicit crypto wallet inflows jumped...
By Cointelegraph
News•Jan 29, 2026
Regtech Prove Highlights Transformation of Identity Verification and Digital Onboarding Processes
Regtech firm Prove says identity verification is evolving from a single, static check to a continuous, adaptive process. The shift is driven by deepfake threats, AI‑powered fraud, real‑time payment demands, and multi‑device interactions. Prove argues that dynamic verification can maintain...
By Crowdfund Insider
News•Jan 29, 2026
UK Plans Sweeping Overhaul of Policing Amid Surge in Online Crimes
The UK government announced a sweeping reform of policing that will create a new National Police Service, modeled after the FBI, to lead the fight against cybercrime, fraud and other internet‑enabled offenses. The proposal consolidates responsibilities currently spread across dozens...
By DataBreaches.net
News•Jan 28, 2026
OPNsense 26.1 Brings Updates to Open-Source Firewall Management
OPNsense released version 26.1, code‑named Witty Woodpecker, enhancing firewall management, traffic visibility, and automation interfaces. The update revamps the live firewall log, redesigns the firewall rules UI, and expands API coverage to include Source NAT tagging and Destination NAT port...
By Help Net Security
Blog•Jan 28, 2026
Bridging Compliance and Cybersecurity in Financial Reporting in 2026
The SEC is drafting rules that will require public companies to disclose their cybersecurity controls as part of regular financial reporting. This links cyber risk directly to compliance, forcing firms to treat security as a core reporting element. The article...
By Erdal Ozkaya’s Cybersecurity Blog
News•Jan 28, 2026
Silicon Valley Wades Into a Trade Spat with South Korea
Coupang, South Korea’s e‑commerce powerhouse with $35 bn in sales, suffered a massive data breach that has escalated into a diplomatic dispute. U.S. officials, backed by allies in the Trump administration, are pressing for tighter security controls on the firm’s handling...
By The Economist » Business
Blog•Jan 28, 2026
Universal Privacy Framework Achieves Untrusted Data Security in Distributed Quantum Sensing
Researchers from Korea Institute of Science and Technology and Yonsei University introduced a universal operational privacy framework for distributed quantum sensing. The framework defines privacy through the experimentally accessible classical Fisher information matrix, making it protocol‑independent and applicable to singular...
By Quantum Zeitgeist
News•Jan 28, 2026
Open Banking Continues to Outperform on Fraud
Open Banking’s latest financial‑crime report shows fraud rates of just 0.013 % of transactions, far below the 0.045 % industry average, and an improved performance versus 2024. While overall fraud remains low, Authorised Push Payment (APP) scams now represent 74 % of Open...
By Payments Cards & Mobile
News•Jan 28, 2026
NDSS 2025 – Recurrent Private Set Intersection For Unbalanced Databases With Cuckoo Hashing
Researchers from NYU Abu Dhabi introduced a recurrent Private Set Intersection (PSI) protocol tailored for unbalanced databases. The solution combines leveled Fully Homomorphic Encryption with cuckoo hashing, delivering real‑time performance for repeated small‑set queries against a large set. Benchmarks using...
By Security Boulevard
News•Jan 28, 2026
Survey Surfaces Lots of Room for DevSecOps Improvement
A new UserEvidence survey of 506 security leaders reveals that while 80% of organizations have security and DevOps teams sharing observability tools, only 45% feel the teams are very aligned on tooling and workflows. Most respondents (93%) use three or...
By Security Boulevard
News•Jan 28, 2026
SSO Vs. Federated Identity Management: A Guide
Modern enterprises face escalating identity challenges as employees and automated workloads proliferate across SaaS, micro‑services, and multi‑cloud environments. Single Sign‑On (SSO) centralizes human authentication, reducing password fatigue and providing a unified audit trail, while federated identity extends access across organizational...
By Security Boulevard
.jpg?height=635&t=1769625646&width=1200)
News•Jan 28, 2026
2026 Enterprise Security Trends: What Leaders Must Prepare For In An Interconnected Risk Landscape
Enterprise security in 2026 is defined by the merging of cyber and physical domains, the rise of AI as both an attack accelerator and defense multiplier, and the recognition that cloud outages are now security incidents. Recent incidents like the...
By Security Magazine (Cybersecurity)
News•Jan 28, 2026
Student Data at Risk: What the Victoria Education Breach Exposes About Public Sector Security
The Victoria Department of Education suffered a data breach that exposed personal information of current and former students, prompting a privacy investigation. The breach highlighted longstanding issues in public‑sector access governance, such as dormant accounts and overly broad permissions. Attackers...
By Security Boulevard
News•Jan 28, 2026
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack
Fortinet has confirmed that the FortiCloud Single Sign‑On (SSO) authentication bypass vulnerability (CVE‑2026‑24858) is being actively exploited in the wild. The flaw, rated 9.4 on the CVSS scale, affects FortiOS, FortiManager, FortiAnalyzer and FortiProxy, allowing attackers with a valid FortiCloud...
By eSecurity Planet
News•Jan 28, 2026
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Moltbot, an open‑source AI coding assistant with over 85,000 GitHub stars, has no official Visual Studio Code extension, yet a counterfeit "ClawdBot Agent – AI Coding Assistant" appeared on the Marketplace. Published on January 27 2026, the malicious extension automatically runs on IDE launch...
By The Hacker News
Social•Jan 28, 2026
Open‑Source AI Gains Power, Raises Massive Security Risks
On one hand we should expect many open source models to get great at computer use because of clawdbot proving demand On the other hand random free oss models controlling millions of computers sounds like a nightmare
By Aaron Ng
News•Jan 28, 2026
What Are Service Accounts and Why Are They a Security Risk?
Service accounts are non‑human identities that power cloud, container and CI/CD workloads, but they often rely on static, long‑lived credentials. Over‑privileged and poorly managed accounts generate a majority of cloud security alerts and have been leveraged in high‑profile breaches such...
By Security Boulevard
News•Jan 28, 2026
Outtake Raises $40M Series B
Outtake, a digital‑trust platform that safeguards organizations from AI‑driven impersonation, closed a $40 million Series B round. The financing was led by ICONIQ with participation from CRV, S32, and a roster of high‑profile tech and security executives, including Microsoft CEO Satya Nadella and...
By VC News Daily
News•Jan 28, 2026
Why Your Security Team Needs to Hire Non-Traditional Professionals
Security leaders are urged to consider candidates with non‑traditional backgrounds, as highlighted in a recent Security Magazine podcast with threat analyst Aaron Walton. Examples like CISO Holly Drake, who transitioned from Russian literature and social work, illustrate how diverse education...
By Security Magazine (Cybersecurity)
News•Jan 28, 2026
Russian Cybercrime Platform RAMP Forum Seized by FBI
U.S. FBI seized the clearnet and dark‑web domains of the Russian‑language cybercrime forum RAMP, known for ransomware and access‑broker services. The operation, coordinated with the DOJ’s Computer Crime and Intellectual Property Section and the Southern District of Florida, redirected both...
By HackRead
News•Jan 28, 2026
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
A critical vulnerability (CVE‑2025‑56005) has been disclosed in the Python PLY library version 3.11, allowing attackers to execute arbitrary code by loading a crafted pickle file via the undocumented *picklefile* parameter. The flaw triggers during parser initialization, meaning code runs before...
By eSecurity Planet
News•Jan 28, 2026
Great Refractor Initiative Looks to AI to Harden Critical Code
The Great Refactor initiative proposes using AI to automatically translate vulnerable C and C++ open‑source code into Rust, targeting 100 million lines by 2030 with a $100 million investment. Rust’s memory‑safety design could eliminate roughly 70 % of software vulnerabilities that stem from...
By IEEE Spectrum AI
News•Jan 28, 2026
NDSS 2025 – Iris: Dynamic Privacy Preserving Search In Authenticated Chord Peer-To-Peer Networks
The NDSS 2025 paper introduces Iris, a scheme that enables privacy‑preserving searches in authenticated Chord peer‑to‑peer networks while remaining compatible with the existing protocol. Iris defines a new alpha‑delta privacy notion, extending k‑anonymity to protect query information across iterative hops....
By Security Boulevard
News•Jan 28, 2026
Critical and High Severity N8n Sandbox Flaws Allow RCE
Two critical sandbox bypasses were discovered in the n8n workflow automation platform, affecting its JavaScript expression engine (CVE‑2026‑1470, CVSS 9.9) and Python Code node (CVE‑2026‑0863, CVSS 8.5). Both flaws let authenticated users escape the sandbox and execute arbitrary commands on the host...
By Infosecurity Magazine
Blog•Jan 28, 2026
SEALSQ to Showcase Post-Quantum Cybersecurity Solutions at Tech&Fest 2026 in Grenoble
SEALSQ Corp (NASDAQ: LAES) will display its post‑quantum cybersecurity portfolio at Tech&Fest 2026 in Grenoble on February 4‑5, highlighting hardware‑based roots of trust. The French subsidiary, SEALSQ France, builds on three decades of secure‑semiconductor expertise inherited from Gemplus and employs nearly 200 staff...
By Quantum Zeitgeist
Blog•Jan 28, 2026
Satellite Quantum-Internet to Reach $1.82B in 2026 with 32.9% CAGR
A new ResearchAndMarkets.com report projects the satellite quantum‑internet market to reach $1.82 billion in 2026, up from $1.37 billion in 2025, representing a 32.9% compound annual growth rate. The market is expected to expand to $5.63 billion by 2030 with a sustained 32.6%...
By Quantum Zeitgeist
News•Jan 28, 2026
Veracode’s Platform Enhancements Help Prevent Software Supply Chain Attacks
Veracode unveiled a suite of platform enhancements for the second half of 2025, highlighted by the launch of Package Firewall, a preventive control that blocks malicious third‑party packages before they enter development environments. The feature integrates with major package managers...
By Help Net Security
News•Jan 28, 2026
SolarWinds Warns of Critical Web Help Desk RCE, Auth Bypass Flaws
SolarWinds issued emergency patches for its Web Help Desk platform, fixing four critical vulnerabilities—two authentication bypass flaws (CVE‑2025‑40552, CVE‑2025‑40554), two remote code execution bugs (CVE‑2025‑40553, CVE‑2025‑40551), and a hard‑coded credentials issue (CVE‑2025‑40537). The flaws can be exploited remotely without authentication,...
By BleepingComputer
News•Jan 28, 2026
Bedrock Data Extends DSPM to Atlassian Confluence, Mapping SaaS Data to AI Inference Risk
Bedrock Data announced native Data Security Posture Management (DSPM) support for Atlassian Confluence, enabling automatic discovery of spaces, pages and blogs. The platform classifies unstructured content for PII, secrets and intellectual property, resolves inherited permissions, and maps that data to...
By AiThority
News•Jan 28, 2026
EPC Issues RFI for Fraud Information Sharing Platform
The European Payments Council (EPC) has issued a Request for Information (RFI) to find operators for a central fraud‑information sharing platform under its Frida scheme. The initiative anticipates the EU Payment Services Regulation (PSR) that will take effect in early...
By Finextra
News•Jan 28, 2026
Show HN: Sandbox Agent SDK – Unified API for Automating Coding Agents
The Sandbox Agent SDK introduces a Rust‑based server and TypeScript client that let developers run AI coding agents—Claude Code, Codex, OpenCode, and Amp—inside isolated sandboxes while controlling them over a unified HTTP/SSE API. By normalizing disparate agent interfaces into a single...
By Hacker News
News•Jan 28, 2026
Abstract Security Partners with Netskope to Bring Real-Time Detection Into Security Data Streams
Abstract Security announced a partnership with cloud‑security leader Netskope to embed real‑time detection directly into Netskope One telemetry streams. The integration streams high‑fidelity Secure Service Edge data into Abstract’s adaptive pipeline, allowing on‑the‑fly enrichment, filtering and routing to SIEMs, data...
By SiliconANGLE
News•Jan 28, 2026
Apiiro Introduces Guardian Agent to Secure AI-Driven Software Development
Apiiro Ltd. launched Guardian Agent, an AI‑driven application security agent that prevents vulnerable and non‑compliant code generation. The solution continuously monitors software architecture, attack surface, runtime exposure, and policy compliance, rewriting prompts to secure AI coding assistants in real time....
By SiliconANGLE
News•Jan 28, 2026
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
Point Wild’s Lat61 Threat Intelligence team has identified the GoTo Resolve remote‑administration tool, specifically the HEURRemoteAdmin.GoToResolve.gen component, as a Potentially Unwanted Application that can install silently and maintain a hidden, persistent presence on Windows machines. The tool bundles a hidden “32000~”...
By HackRead
News•Jan 28, 2026
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open‑source scheduling platform, patched critical broken‑access‑control vulnerabilities that allowed attackers to hijack accounts and expose booking data. The flaws included an authentication bypass in the organization signup flow that let attackers take over any user by using an...
By GBHackers On Security
News•Jan 28, 2026
Hackers Hijack Exposed LLM Endpoints in Bizarre Bazaar Operation
Researchers at Pillar Security uncovered a large‑scale cyber‑crime operation dubbed “Bizarre Bazaar” that hijacks exposed LLM endpoints. Over 40 days they logged 35,000 attack sessions, showing attackers exploit misconfigured AI APIs to mine cryptocurrency, resell access, exfiltrate data, and pivot...
By BleepingComputer
News•Jan 28, 2026
ESkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
Source Defense’s year‑long study of 550 e‑commerce sites shows e‑skimming remains a chronic problem, with 18 % of sites still infected after twelve months. Over half of the persistent infections (57 %) have evolved into new script variants, indicating attackers adapt once...
By GBHackers On Security
News•Jan 28, 2026
Slovakian Man Pleads Guilty to Operating Darknet Marketplace
A Slovakian national, Alan Bill, pleaded guilty to operating the Kingdom Market darknet platform, which sold drugs, forged IDs, stolen data and cyber‑crime tools from March 2021 to December 2023. The marketplace listed about 42,000 illicit items and processed payments in privacy‑focused cryptocurrencies....
By BleepingComputer
News•Jan 28, 2026
SKADI and HelloGard Robotics Partner to Embed Autonomous Cybersecurity in Robotics
SKADI Cyber Defense and HelloGard Robotics announced a strategic partnership to embed autonomous cybersecurity directly into AI‑powered robots and connected automation systems. The collaboration will co‑develop cross‑platform security solutions for Windows, Android and Linux that protect robotic operating systems, AI...
By AiThority
News•Jan 28, 2026
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
IDIS Cloud Manager’s Windows viewer contains a critical flaw (CVE‑2025‑12556) that lets attackers trigger remote code execution with a single click. The vulnerability stems from CWGService.exe accepting unsanitized command‑line arguments via a local WebSocket, which are passed to the Chromium...
By GBHackers On Security
News•Jan 28, 2026
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers at Symantec and Carbon Black have uncovered a PureRAT trojan campaign that is being authored with artificial‑intelligence tools. The malware is distributed through phishing emails masquerading as job offers and contains code comments and emojis typical of AI‑generated scripts....
By Infosecurity Magazine
News•Jan 28, 2026
Rein Security Launches with a Focus on Real-Time Production Application Security
Rein Security launched a platform that delivers real‑time production visibility for applications, targeting blind spots in API, AI‑generated code, and Model Context Protocol security. The solution uses an agentless architecture to capture runtime behavior, validate vulnerabilities, and enforce protections without...
By SiliconANGLE
Podcast•Jan 28, 2026•1h
The Future of Hardware and Software Integration - Rand Hindi | ATC #596
In this episode, Stephen Sargeant interviews Rand Hindi, CEO of Zama, about the company's work on Fully Homomorphic Encryption (FHE) for Web3. They explore how FHE enables confidential transactions on public blockchains such as Ethereum and Solana without sacrificing security...
By Around the Coin
News•Jan 28, 2026
From Triage to Threat Hunts: How AI Accelerates SecOps
AI‑driven SOC agents are moving from hype to practical augmentation, handling every alert with human‑level accuracy. By automatically correlating telemetry from EDR, identity, cloud and network sources, they eliminate the triage bottleneck and achieve near‑zero dwell time. The continuous investigation...
By The Hacker News
News•Jan 28, 2026
AI Security Threats Loom as Enterprise Usage Jumps 91%
Zscaler’s ThreatLabz 2026 AI Security Report reveals a 91% surge in enterprise AI usage, encompassing 989.3 billion transactions across more than 3,400 applications in 2025. Despite this rapid adoption, every AI system examined harbored critical vulnerabilities, with 90% compromised within 90...
By Infosecurity Magazine
News•Jan 28, 2026
Sicarii Ransomware Locks Your Data and Throws Away the Keys
Sicarii ransomware generates a fresh RSA key pair on each victim system and discards the private key, making encrypted data unrecoverable even after ransom payment. This defect breaks the standard ransomware‑as‑a‑service model that relies on attacker‑held private keys for decryption....
By CSO Online
News•Jan 28, 2026
Best IT Managed Services for Large Enterprises
Large enterprises are shifting IT from a support function to a strategic growth engine, and the article outlines the criteria that define the best managed services for this scale. It highlights five enterprise‑tier attributes—strategic partnership, transparent governance, proactive operations, comprehensive...
By HackRead