🎯Today's Cybersecurity Pulse
Updated 55m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 27, 2026
When Hospitals Go Dark and Browsers Turn Rogue
Recent incidents across healthcare, finance, and infrastructure reveal attackers exploiting lateral movement to maintain long‑term footholds. In Belgium a hospital shut down its servers after an undetected breach, while U.S. health providers endured weeks‑long unauthorized access. Phishing and malicious browser extensions further enable initial entry, and compromised IoT/OT devices provide persistent footholds. Experts stress network segmentation and east‑west traffic blocking as the most effective containment measures.
By Security Boulevard
News•Jan 27, 2026
NDSS 2025 – On the Robustness Of LDP Protocols For Numerical Attributes Under Data Poisoning Attacks
The NDSS 2025 paper investigates how local differential privacy (LDP) protocols for numerical attributes can be subverted by data‑poisoning attacks, where a small set of malicious clients manipulates server estimates. Researchers evaluate state‑of‑the‑art categorical frequency oracles, binning, consistency, and distribution‑reconstruction...
By Security Boulevard
News•Jan 27, 2026
Memcyco Receives $37M Series A Financing
Memcyco announced a $37 million Series A round, bringing its total funding to $47 million. The oversubscribed round was led by NAventures, E. León Jimenes, and PagsGroup, with existing backers Capri Ventures and Venture Guides participating. Memcyco’s real‑time, agentless platform protects enterprises from phishing,...
By VC News Daily
News•Jan 27, 2026
WinRAR Path Traversal Flaw Still Exploited by Numerous Hackers
Multiple threat actors, including state‑sponsored groups and cybercriminals, are exploiting the high‑severity WinRAR path‑traversal vulnerability CVE‑2025‑8088. The flaw uses Alternate Data Streams to write malicious LNK, HTA, BAT or script files to arbitrary locations such as the Windows Startup folder,...
By BleepingComputer
News•Jan 27, 2026
OpenAI CEO Altman Admits He Broke His Own AI Security Rule After Just Two Hours, Says We're All About to...
OpenAI CEO Sam Altman admitted he violated his own rule by granting the Codex model full access to his computer within two hours, citing the agent's reasonable behavior. He warned that the convenience of AI agents can lead users to...
By THE DECODER
News•Jan 27, 2026
Amid Trump Attacks and Weaponized Sanctions, Europeans Look to Rely Less on US Tech
European leaders are accelerating efforts to curb dependence on U.S. technology after a series of Trump‑era sanctions, including the placement of ICC judge Kimberly Prost on a sanctions list that crippled her daily life. The European Parliament’s recent report highlighted...
By TechCrunch (Cybersecurity)
News•Jan 27, 2026
How Anti-Detect Browsers Change the Way We Work on the Web
Anti-detect browsers, originally privacy tools, now enable online professionals to compartmentalize digital identities across multiple client accounts and projects. By creating isolated browser instances, they prevent data cross‑contamination, reduce login overhead, and streamline workflow management. The technology enhances security by...
By TechBullion
News•Jan 27, 2026
How Data Masking & Synthesis Support Zero Trust
Zero Trust demands continuous verification of every access request, extending the principle of least‑privilege to the data layer. Data masking swaps sensitive values with realistic stand‑ins, while synthetic data creates entirely fictitious records that retain statistical fidelity. Together they shrink...
By Security Boulevard
News•Jan 27, 2026
Responding to Exposed Secrets – An SRE’s Incident Response Playbook
The article outlines an SRE‑focused incident‑response playbook for handling exposed secrets, starting with thorough preparation—defining goals, roles, and communication protocols. It details detection techniques such as API usage anomalies, IAM activity monitoring, and automated code‑scanning integrated into CI/CD pipelines. Once...
By Security Boulevard
News•Jan 27, 2026
SoundCloud Data Breach Now on HaveIBeenPwned
In December 2025 SoundCloud disclosed unauthorized activity that exposed profile data for roughly 30 million users, about 20 % of its base. The breach revealed email addresses, usernames, avatars, follower counts and limited geographic information, which were later mapped to individual accounts. Attackers...
By Hacker News
News•Jan 27, 2026
Calian to Kick-Start $100M Sovereign C5ISRT Strategic Initiative
Calian has launched a $100 million sovereign C5ISRT strategic initiative to accelerate Canada’s command, control, computing, communications, cyber, intelligence, surveillance, reconnaissance and targeting capabilities. The funding will flow through Calian VENTURES, a platform that partners with Canadian SMEs and draws on...
By SpaceQ
News•Jan 27, 2026
Critical Sandbox Escape Flaw Found in Popular Vm2 NodeJS Library
A critical‑severity vulnerability (CVE‑2026‑22709) has been discovered in the popular vm2 Node.js sandbox library, allowing attackers to bypass Promise sanitization and escape the sandbox. The flaw enables arbitrary code execution on the host system and affects versions prior to 3.10.3,...
By BleepingComputer
News•Jan 27, 2026
FinovateEurope 2026 Sneak Peek Series: Part 4
FinovateEurope 2026 will showcase three innovative fintech solutions. Elephant, from Pipl, offers GDPR‑compliant identity intelligence and fraud signals to streamline onboarding and compliance. Opentech’s OpenPay for Merchants embeds Buy‑Now‑Pay‑Later into merchant checkout, creating a new credit distribution channel for banks....
By Finovate
News•Jan 27, 2026
1Kosmos Partners Hopae to Scale Portable Digital Identity
1Kosmos and Hopae have announced a global partnership to integrate Hopae Connect into the 1Kosmos platform, extending support to more than 60 government‑issued digital identity schemes. The joint solution enables organizations to verify eIDs securely without centralized databases, aiming to...
By Fintech Global
News•Jan 27, 2026
Top AI Technology & Cybersecurity Podcasts to Follow in 2026
The article curates a list of essential AI and cybersecurity podcasts for 2026, highlighting shows that deliver deep technical insight, business strategy, and security expertise. It emphasizes the rise of AI agents, the Model Context Protocol (MCP), and AI security...
By Security Boulevard
News•Jan 27, 2026
How Kidas Adapts Fraud Protection In An AI World
Kidas, founded by gaming‑fraud veterans, now offers AI‑driven protection against multi‑channel scams that leverage deep‑fake audio, video and large‑language models. CEO Ron Kerbs says traditional filters miss sophisticated GenAI‑generated attacks, prompting the company to expand from Discord and gaming chat to...
By Crowdfund Insider
News•Jan 27, 2026
Overcoming 26 Rigorous Tests: Why Is Bullbit’s App Rollup Architecture Highly Rated by Security Experts?
Bullbit’s App Rollup architecture passed a rigorous Hacken audit, clearing 26 security findings. The team resolved 19 issues, accepted five with mitigations, and mitigated two external risks, achieving 93.23% code coverage. A redesigned verifier contract with unique nonce tracking prevents...
By TechBullion
News•Jan 27, 2026
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Researchers at Censys have uncovered a growing ecosystem that weaponizes fake CAPTCHA pages to deliver malware. While the pages visually resemble legitimate verification challenges, they conceal more than 30 distinct payload types, including clipboard‑driven scripts, MSI installers, and server‑controlled, fileless...
By eSecurity Planet
News•Jan 27, 2026
From Cipher to Fear: The Psychology Behind Modern Ransomware Extortion
Modern ransomware has moved beyond file encryption to a pressure‑centric extortion model that weaponizes stolen data, regulatory threats, and reputation damage. 2025 saw ransomware groups fragment into affiliate networks, making attribution harder while scaling double‑extortion campaigns. Research shows SMBs in...
By BleepingComputer
News•Jan 27, 2026
Meta Cleans up as ‘High Risk’ Dodgy Finance Ads Spread
Meta’s ad platform is exposing users to an estimated 15 billion high‑risk finance advertisements each day, generating roughly $7 billion in annual revenue. A study by BrokerChooser of over 1,200 active finance ads found that 43.36% of UK‑targeted ads are classified as...
By DecisionMarketing
News•Jan 27, 2026
Tenable One AI Exposure Delivers Unified Visibility and Governance Across AI, Cloud and SaaS
Tenable has made its Tenable One AI Exposure product generally available, extending the Tenable One Exposure Management Platform to provide unified visibility, discovery, and governance of AI assets across SaaS, cloud, APIs and on‑premises agents. The solution continuously identifies both...
By Help Net Security
News•Jan 27, 2026
Syncro and IRONSCALES Partner to Strengthen Email Security Offerings for MSPs
Syncro and IRONSCALES announced a partnership that places the AI‑driven email security platform in the Syncro Marketplace. MSPs can now provision IRONSCALES protection instantly and have all licensing fees consolidated through Syncro’s Universal Billing. The integration removes the need for...
By AiThority
News•Jan 27, 2026
Screening vs Monitoring: Stopping Fraud in Payments
Fraud losses surged to $12.5 billion in 2024, a 25% rise, as criminals embed illicit activity within everyday payments. The article distinguishes transaction screening—pre‑approval checks against sanctions, PEPs and watchlists—from transaction monitoring, which analyzes post‑payment behavior for anomalous patterns. Relying on...
By Fintech Global
News•Jan 27, 2026
NICE Actimize Insights Network Combats Fraudulent Transfers
NICE Actimize introduced the Actimize Insights Network, a real‑time intelligence platform that aggregates counterparty risk data across financial institutions. The network leverages the company’s fraud and financial‑crime expertise to deliver cross‑channel, millisecond‑level risk signals for authorized push‑payment scams, BEC and...
By Help Net Security
News•Jan 27, 2026
Swimlane Unleashes Agentic AI Fleet and Agent Builder for Cybersecurity
Swimlane unveiled its AI Agent workforce, branding the new Hero AI agents as native extensions of the Turbine platform. The agents claim to perform work equivalent to over 60,000 SOC analysts each day and can be dragged into low‑code playbooks via...
By SiliconANGLE
News•Jan 27, 2026
Over 80% of Ethical Hackers Now Use AI
Bugcrowd’s latest report shows that 82% of ethical hackers now rely on AI, up from 64% a year earlier. The adoption enables faster, broader assessments and higher‑quality vulnerability reports, with automation and deep code analysis cited as primary use cases....
By Infosecurity Magazine
News•Jan 27, 2026
You See an Email Ending in .eu.org. Must Be Legit, Right?
The article warns that email addresses ending in .eu.org, while appearing institutional, are increasingly used by disposable‑email services to evade reputation checks. .eu.org is a free sub‑domain service, not a conventional top‑level domain, and its open registration lets fraudsters host...
By Security Boulevard
News•Jan 27, 2026
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors exploited a design flaw in GitHub’s fork architecture to distribute malware masquerading as the official GitHub Desktop installer. By forking the repository and altering the README download link, they created malicious commits that appear under the official namespace,...
By GBHackers On Security
News•Jan 27, 2026
HackerOne Brings Agentic PTaaS to Continuous, Expert-Validated Pentesting
HackerOne has launched Agentic Pentest as a Service (Agentic PTaaS), a hybrid AI‑human offering that delivers continuous, real‑world exploit validation at enterprise scale. The solution pairs proprietary AI agents with a vetted community of elite pentesters to automate reconnaissance, exploitation and...
By Help Net Security
News•Jan 27, 2026
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
Security researchers identified a malicious npm package, ansi-universal-ui, that houses the G_Wagon infostealer. The package pretends to be a UI component library but delivers a Python‑based payload that extracts browser passwords, cryptocurrency wallets, cloud credentials, and messaging tokens. Over ten...
By GBHackers On Security
News•Jan 27, 2026
Microsoft Brings AI-Powered Investigations to Security Teams
Microsoft has made its Purview Data Security Investigations tool generally available, embedding generative AI to streamline breach, fraud, and content investigations across Microsoft 365. The solution pulls data from emails, Teams, documents, and Copilot, allowing natural‑language searches that group related artifacts...
By Help Net Security
News•Jan 27, 2026
AWS Adds IPv6 Support to IAM Identity Center Through Dual-Stack Endpoints
Amazon Web Services announced IPv6 support for its IAM Identity Center by introducing dual‑stack endpoints that accept both IPv4 and IPv6 traffic. The new URLs apply to user access portals, administrative APIs, and managed applications, while existing IPv4‑only endpoints continue...
By Help Net Security
News•Jan 27, 2026
Teleport Launches Framework to Secure Identities of AI Agents
Teleport unveiled its Agentic Identity Framework, a zero‑trust solution that secures AI agents without relying on static passwords or secrets. The platform builds on Teleport’s existing IAM technology, using a hardware root of trust to create cryptographic identities that are...
By Security Boulevard
News•Jan 27, 2026
Savannah Best Buy Employee Says ‘Hacker Group’ Blackmailed Him Into Theft Ring Scheme
Best Buy employee Dorian Allen, 20, was sentenced to jail after police say he helped a group of suspected shoplifters leave a Savannah store with over $40,000 in merchandise. Allen alleges an online hacker group blackmailed him, threatening to expose personal...
By DataBreaches.net
Blog•Jan 27, 2026
Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump's Tax Records
The U.S. Treasury Department announced it is terminating all 31 contracts with consulting firm Booz Allen Hamilton, representing $4.8 million in annual spend and $21 million in obligations, after a Booz Allen contractor, Charles Littlejohn, stole and leaked more than 400,000 taxpayer records,...
By Zero Day
News•Jan 27, 2026
Fiddler AI Raises $30M in Series C Funding
Fiddler AI announced a $30 million Series C round led by RPS Ventures, bringing its total funding to $100 million. The Palo Alto‑based AI observability and security platform plans to use the capital to scale across regulated sectors such as healthcare, financial services,...
By FinSMEs
News•Jan 27, 2026
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
A threat actor published sixteen browser extensions on Chrome Web Store and Microsoft Edge Add‑ons, posing as ChatGPT productivity tools. The extensions inject main‑world JavaScript into chatgpt.com to harvest authentication tokens, chat history, telemetry, and other metadata. Over 900 combined...
By SecurityWeek
News•Jan 27, 2026
From Legacy to Leading Edge: Modernizing Workforce Identity in BFSI
BFSI firms are rapidly acknowledging the need to modernize workforce Identity and Access Management, with 93% planning upgrades and budgets rising over 11% this year. Legacy IAM systems are seen as a major barrier to innovation, cited by 75% of...
By TechBullion
News•Jan 27, 2026
DoControl Launches Adaptive AI Alerts to Continuously Pinpoint SaaS Risk
DoControl unveiled an AI‑powered, agentic alerting system that continuously learns a company’s SaaS usage to spot genuine risk. Unlike static rule‑based alerts, the new solution analyzes patterns, intent, and business context from HRIS and identity sources, dramatically cutting noise. It...
By AI-TechPark
News•Jan 27, 2026
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Continuous Threat Exposure Management (CTEM) is a Gartner‑defined, continuous cycle that links threats, vulnerabilities, and attack‑surface data to prioritize exploitable exposures. It moves security from isolated scans to an operational model of scoping, discovery, prioritization, validation, and mobilization. By integrating...
By The Hacker News
News•Jan 27, 2026
NETSCOUT Adds Wi-Fi 7 Observability and Real-Time SSL Certificate Monitoring
NETSCOUT unveiled new nGeniusONE enhancements that add Wi‑Fi 7 deep packet inspection to its Edge Sensors and introduce real‑time SSL/TLS certificate monitoring. The Wi‑Fi 7 support, backward compatible with Wi‑Fi 6E/6/5, closes observability gaps in remote sites as the market is projected to...
By Help Net Security
News•Jan 27, 2026
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A newly identified threat supergroup called SLSH, formed by Scattered Spider, LAPSUS$ and ShinyHunters, is targeting more than 100 high‑profile enterprises through sophisticated human‑led vishing attacks on Single Sign‑On platforms, especially Okta. The attackers use a live phishing panel to...
By GBHackers On Security
News•Jan 27, 2026
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A former employee of a crypto‑romance scam compound in Laos, calling himself Red Bull, leaked extensive internal documents exposing how pig‑butchering operations function. He described forced‑labor conditions, daily quotas, and a reward system that celebrates six‑figure fraud wins. After being captured...
By WIRED (Security)
News•Jan 27, 2026
Introduction to Fund Recovery: HonestGuardPrime.com
HonestGuardPrime.com offers a structured fund‑recovery service for victims of online scams, guiding clients through each legal and documentation step. The company’s transparent, step‑by‑step approach is repeatedly highlighted in Trustpilot and other reviews for reducing client stress. Reviewers praise the firm’s...
By TechBullion
News•Jan 27, 2026
What It Doxxing? How It Happens, and How to Stay Safe?
The article defines doxxing as the public disclosure of private personal data without consent, highlighting that over 43 million Americans have been targeted and 90 % of cases reveal the victim’s address. It outlines how doxxers gather information from public records, data...
By Security Boulevard
Social•Jan 27, 2026
Cisco AI Summit: Inside Enterprise AI Build, Secure, Scale
Join us online for the Cisco AI Summit livestream. If you care about how enterprise AI is actually being built, secured, and scaled, this is a day worth putting in the diary. Cisco is bringing together many of the people shaping...
By Bernard Marr
Social•Jan 27, 2026
WhatsApp Adds Anti‑spyware Blocks for Unknown Media
Powerful new features announced by @WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. https://t.co/nvd2F83n4Z
By Runa Sandvik
News•Jan 27, 2026
Drowning in Spam or Scam Emails? Here’s Probably Why
Inbox overload of spam and scam messages is often traced to multiple technical and human factors. Recent data breaches, botnet‑driven campaigns, and lax email authentication expose addresses to malicious actors. Compromised accounts and aggressive marketing lists amplify the volume. Experts...
By WeLiveSecurity
Social•Jan 27, 2026
Crypto Crime Soars: $16.1B Laundered in One Year
$16.1 billion laundered in a single year. 1,799 wallets. $44M per day. A new Chainalysis report shows how crypto crime has quietly scaled. Full story here: https://t.co/oXjntBhduW
By Laura Shin
News•Jan 27, 2026
What Is the Outlook for Regulation in 2026?
Star Compliance’s 2025 Quarterly Executive Brief highlights a surge in regulatory expectations, especially around digital assets and the UK’s Senior Managers and Certification Regime (SMCR). Market‑abuse supervision is tightening, with regulators expanding insider‑trading definitions to include shadow trading. The report...
By Fintech Global