Today's Cybersecurity Pulse
Updated 2h agoCloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 27, 2026
Drowning in Spam or Scam Emails? Here’s Probably Why
Inbox overload of spam and scam messages is often traced to multiple technical and human factors. Recent data breaches, botnet‑driven campaigns, and lax email authentication expose addresses to malicious actors. Compromised accounts and aggressive marketing lists amplify the volume. Experts recommend tightening authentication, deploying AI‑powered filters, and educating users to curb the tide.
By WeLiveSecurity
Social•Jan 27, 2026
Cisco AI Summit: Inside Enterprise AI Build, Secure, Scale
Join us online for the Cisco AI Summit livestream. If you care about how enterprise AI is actually being built, secured, and scaled, this is a day worth putting in the diary. Cisco is bringing together many of the people shaping...
By Bernard Marr
News•Jan 27, 2026
What Is the Outlook for Regulation in 2026?
Star Compliance’s 2025 Quarterly Executive Brief highlights a surge in regulatory expectations, especially around digital assets and the UK’s Senior Managers and Certification Regime (SMCR). Market‑abuse supervision is tightening, with regulators expanding insider‑trading definitions to include shadow trading. The report...
By Fintech Global
News•Jan 27, 2026
Major Security Flaws Found in UK Retailer Websites
A recent Ethiack study of 1,722 European retailers uncovered that 19.7% of SSL certificates on UK retailer websites are invalid, expired, or misconfigured, exposing customer data to interception. Additionally, 19.6% of UK web servers reveal software type and version in...
By Finextra
News•Jan 27, 2026
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Hackers are leveraging SEO poisoning to push malicious ZIP archives that contain BAT scripts masquerading as legitimate tools. The fraudulent pages rank highly in search results, directing users to fake repositories where the scripts contact command‑and‑control servers and download remote...
By GBHackers On Security
News•Jan 27, 2026
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Trend Micro researchers have uncovered a JScript‑based command‑and‑control framework called PeckBirdy, used by China‑aligned APT groups since 2023. The framework runs via living‑off‑the‑land binaries across browsers, MSHTA, WScript, Node JS and .NET, delivering modular backdoors such as HOLODONUT and MKDOOR. It powers...
By The Hacker News
News•Jan 27, 2026
Why Cyber Fusion Centers and Zero-Trust Work Better Together
The surge in zero‑trust adoption has not delivered expected protection, as static implementations struggle against zero‑day exploits and a rapidly evolving threat landscape. A leading bank that integrated a cyber fusion center (CFC) with zero‑trust achieved 65% automated incident responses...
By Security Boulevard
Blog•Jan 27, 2026
Reliance Global Group Acquires Stake in Post-Quantum Cybersecurity Firm Enquantum
Reliance Global Group announced a non‑binding term sheet to acquire a controlling interest in post‑quantum cryptography firm Enquantum Ltd. through its new EZRA International subsidiary. Enquantum’s hardware‑accelerated, FPGA‑based solutions promise terabit‑level, quantum‑resistant encryption, addressing performance concerns of software‑only PQC. The...
By Quantum Zeitgeist
News•Jan 27, 2026
Canada Marks Data Privacy Week 2026 as Commissioner Pushes for Privacy by Design
Canada’s Privacy Commissioner Philippe Dufresne launched Data Privacy Week 2026 (Jan 26‑30) with a focus on privacy‑by‑design, urging organizations to embed data protection from the outset. He highlighted recent high‑profile breaches—including Aylo, 23andMe, TikTok, and an investigation into X’s Grok chatbot—to...
By The Cyber Express
News•Jan 27, 2026
Cymulate Joins the Wiz Integration Network (WIN)
Cymulate has joined the Wiz Integration Network, embedding its Continuous Threat Exposure Management platform into Wiz’s cloud‑security ecosystem. The partnership enables automated pre‑ and post‑exploitation simulations across Azure, AWS, and Google Cloud, delivering continuous validation of security controls. Joint customers...
By AI-TechPark
News•Jan 27, 2026
How to Safeguard Executives Through Proactive Planning and Managing Online Presence
Recent high‑profile attacks, including the 2024 assassination of UnitedHealthcare CEO Brian Thompson, have highlighted severe gaps in executive protection, especially online. Organizations are reassessing security operations, investing in physical safeguards while recognizing that digital exposure often reveals executives' locations and...
By Security Magazine (Cybersecurity)
News•Jan 27, 2026
Descope Introduces Dedicated Identity Infrastructure for AI Agents and MCP Ecosystems
Descope has launched an upgraded Agentic Identity Hub that treats AI agents as first‑class identities alongside human users. The platform adds OAuth 2.1, PKCE, DCR, CIMD and tool‑level scopes to MCP servers, letting developers secure agent access with enterprise‑grade policies. It...
By Help Net Security
News•Jan 27, 2026
75% of Visitors Will Switch to a Competitor When a Website Feels Unsafe, Liferay Survey Finds
Liferay’s 2026 Broken Trust Report, based on a survey of 1,000 U.S. adults, finds that 75% of users will abandon a website they perceive as unsafe and often turn to a competitor. A single “off” moment erodes trust for 61%...
By MarTech Series
News•Jan 27, 2026
When Open Science Meets Real-World Cybersecurity
Fermilab CISO Matthew Kwiatkowski explains how open‑science environments create cybersecurity blind spots when scientists design infrastructure without early security input. He notes that collaboration between IT and researchers reduces risky implementations and that publicly releasable data is often mislabeled, prompting...
By Help Net Security
News•Jan 27, 2026
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
By CSO Online
News•Jan 27, 2026
Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
January 2026 saw CERT‑In publish three critical advisories targeting SAP, Microsoft, and Atlassian products. The alerts disclose high‑severity flaws—including remote code execution, privilege escalation, and data exfiltration—affecting SAP S/4HANA, Windows, Azure, and on‑premise Atlassian tools such as Jira and Confluence. One...
By Security Boulevard
News•Jan 27, 2026
Waiting for AI Superintelligence? Don’t Hold Your Breath
AI superintelligence remains a theoretical goal, yet artificial intelligence is already woven into the fabric of enterprise operations, accelerating decision‑making and threat detection. Companies report faster, more accurate alert investigations, but the same speed introduces novel vulnerabilities and operational risks....
By Help Net Security
News•Jan 27, 2026
How Financial Institutions Strengthen SAR Readiness With Smarter Risk Practices
Financial institutions are intensifying their suspicious activity reporting (SAR) programs as fraud cycles accelerate and regulators tighten oversight. Strong SAR readiness hinges on real‑time data signals, skilled analysts, clear processes, and modern AML platforms that automate monitoring and case management....
By TechBullion
News•Jan 27, 2026
Data Privacy Week 2026: Why Secure Access Is the New Data Protection Perimeter
The CyberExpress article argues that the traditional network perimeter is no longer sufficient for data privacy, and that the true protection now lies at the moment of access. It highlights the rise of the “Identity‑Data Gap” and the shift toward...
By The Cyber Express
News•Jan 27, 2026
Cybersecurity Jobs Available Right Now: January 27, 2026
A wave of cybersecurity openings posted on January 27, 2026 spans senior leadership, engineering, and analyst roles across the United States, Europe, Asia, and the Middle East. Companies such as micro1, Bringg, Oracle, and Snyk are hiring C‑level executives, incident‑response...
By Help Net Security
News•Jan 27, 2026
Ivanti Expands Neurons Platform with Agentic AI and Autonomous Endpoint Management
Ivanti announced a major upgrade to its Neurons platform, adding Agentic AI‑driven personas to the IT Service Management suite, autonomous endpoint management (AEM) that unifies DEX, UEM and security, and enhanced asset visibility through Discovery. The Agentic AI preview launches...
By Help Net Security
News•Jan 27, 2026
Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain
Agentic AI assistants such as Clawdbot are moving from simple chatbots to persistent, privileged entities that can act across Slack, Teams, Discord and other platforms. Their ability to retain context, execute commands, and use user‑provided API keys creates new attack...
By Security Boulevard
News•Jan 27, 2026
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
By DataBreaches.net
News•Jan 27, 2026
Single Sign-On Account Management in App Stores
App store identities remain fragmented, with developers often using personal emails that expose enterprises to lockout and breach risks. Managed Apple IDs and Enterprise Google accounts tether accounts to corporate domains, ensuring the organization retains control. The industry is moving...
By Security Boulevard
News•Jan 26, 2026
The 7 Essential Elements of a Compliance Framework You Need to Know
The article outlines a seven‑element compliance framework that moves organizations from ad‑hoc checklists to a systematic operating model. It emphasizes leadership governance, risk assessment, policy translation, controls, training, monitoring, and issue management as interlocking components. By aligning these elements, firms...
By Security Boulevard
News•Jan 26, 2026
Secret Service Foils Card Skimmers
The U.S. Secret Service’s fraud‑prevention unit partnered with local law‑enforcement to locate and deactivate 411 illegal point‑of‑sale card‑skimming devices in 2025. Across 22 coordinated operations, agents inspected roughly 9,000 businesses and examined about 60,000 terminals, potentially averting $428.1 million in fraudulent...
By Payments Dive
News•Jan 26, 2026
Zama’s Encrypted Ethereum Token Auction Draws $118M in Commitments
Zama, a fully homomorphic encryption startup, closed a $118.5 million encrypted token auction on Ethereum, marking the first such ICO on the network. The sealed‑bid Dutch auction attracted 11,103 unique bidders, oversubscribed by 218% and clearing at $0.05 per token. Zama’s...
By The Defiant
Blog•Jan 26, 2026
They're Coming for Our Kids: How Extremists Target Children Online
Extremist groups are increasingly targeting children on platforms such as Discord, Instagram, Reddit, and gaming chats, turning these digital third spaces into recruitment hubs. In 2024, teenagers accounted for roughly two‑thirds of ISIS‑linked arrests in Europe, and similar patterns are...
By The Cipher Brief
News•Jan 26, 2026
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
MSSPs face growing risk from shadow IT and data sprawl as hybrid work and SaaS adoption push data into unmanaged cloud locations. Unapproved applications and fragmented data increase attack surface, compliance exposure, and incident‑response delays. Cavelo offers an agent‑less, multi‑tenant...
By Security Boulevard
News•Jan 26, 2026
Unseen Money 16—Synthetic Identity Fraud
In this episode, Paul Amery and guest Timur Yunusov dissect a bizarre DPD delivery of a non‑existent eBay purchase that led them to explore synthetic identity fraud—a scheme where criminals blend stolen personal data with fabricated details to create usable...
By New Money Review
News•Jan 26, 2026
Genetec Outlines Data Privacy Best Practices Ahead of Data Protection Day
In this episode, Genetec highlights data‑privacy best practices for physical‑security systems ahead of International Data Protection Day. Principal Security Architect Mathieu Chevalier stresses the need for clear data‑use limits, privacy‑by‑design controls, and continuous protection throughout the data lifecycle. The company recommends...
By insideBIGDATA
News•Jan 26, 2026
NDSS 2025 – All Your (Data)base Are Belong to Us: Characterizing Database Ransom(ware) Attacks
Researchers at the IMDEA Software Institute delivered the first systematic analysis of database ransomware attacks, examining 23,736 ransom notes from 60,427 compromised servers over three years. Their honeypot experiments showed new infections rising 60% year‑over‑year, with 6,000 fresh victims in...
By Security Boulevard
Blog•Jan 26, 2026
Reduce Ecommerce Account Takeovers: Where a VPN Actually Helps
The episode explains how e‑commerce businesses can curb account takeovers by integrating a dedicated IP VPN into their admin workflows. It outlines an access‑control playbook that routes all Shopify and financial dashboard logins through an encrypted VPN tunnel, reducing false...
By eCommerce Fastlane
News•Jan 26, 2026
ShinyHunters, CL0P Return with New Claimed Victims
ShinyHunters has resurfaced with an onion‑based data leak site, claiming breaches of SoundCloud, Betterment and Crunchbase tied to a new vishing campaign targeting SSO credentials at Okta, Microsoft and Google. The group warns that more victims will follow. In parallel,...
By The Cyber Express
Blog•Jan 26, 2026
Emergency Microsoft Update Fixes In-the-Wild Office Zero-Day
Microsoft released emergency out‑of‑band updates to remediate CVE‑2026‑21509, a zero‑day flaw actively exploited in the wild. The vulnerability bypasses OLE security controls in Office 2016 through 2024 and Microsoft 365 Apps, allowing attackers to execute malicious code via crafted Office...
By Security Affairs
News•Jan 26, 2026
EScan Antivirus Supply Chain Breach Delivers Signed Malware
On January 20 2026, MicroWorld Technologies’ eScan antivirus was compromised through its legitimate update infrastructure, delivering digitally signed malware to global endpoints. The multi‑stage payload installed a 64‑bit backdoor, persisted via disguised scheduled tasks, and altered hosts and registry settings to block...
By Infosecurity Magazine
News•Jan 26, 2026
Why MSPs Should Add Privileged Access Management (PAM) To Their Security Offerings
Managed service providers (MSPs) are urged to add Privileged Access Management (PAM) to their portfolios as identity‑based attacks surge, with data breaches up 72% since 2021. PAM dovetails with Zero Trust principles, securing administrative credentials that attackers most often target....
By Security Boulevard
News•Jan 26, 2026
Why Digital Identity Systems Are Moving Away From Centralized Data Storage
Digital identity systems are transitioning from centralized databases to decentralized architectures. Centralized stores pose massive breach risks, prompting firms to seek models that limit data exposure. Decentralized solutions leverage cryptography and distributed ledgers, granting users control over their credentials. This...
By TechBullion
News•Jan 26, 2026
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
By DataBreaches.net
News•Jan 26, 2026
Saudi Satirist Hacked with Pegasus Spyware Wins Damages in Court Battle
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
By TechCrunch (Cybersecurity)
News•Jan 26, 2026
Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security
The episode examines Google’s Universal Commerce Protocol (UCP), an open‑source standard designed to unify AI‑driven shopping across retailers and payment providers. It highlights UCP’s advantages—single‑point integration, leverage of Google Merchant Center, modular flexibility, and merchant‑first control—while noting the competitive landscape...
By Security Boulevard
News•Jan 26, 2026
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
By The Hacker News
News•Jan 26, 2026
Grid Protection in Severe Weather: What Security Leaders Need to Know
A historic winter storm on Jan. 24‑25 left over 820,000 energy customers without power and placed 200 million people under severe‑cold alerts. While utilities scramble to restore service, cyber adversaries target pre‑existing grid weaknesses such as unpatched systems and lax remote‑access controls....
By Security Magazine (Cybersecurity)
News•Jan 26, 2026
CISA Releases List of Post-Quantum Cryptography Product Categories
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
By Infosecurity Magazine
Social•Jan 26, 2026
Beware: Clawdbot Could Unleash Unaligned AI Risks
Rahul warns us about Clawdbot. I'm not too worried about the nerds here who load it, but it got so popular over the weekend that non-techies will get drawn in. And that's where the trouble starts. I don't know how...
By Robert Scoble
Social•Jan 26, 2026
Journalists Should Use Signal Usernames, Not Personal Numbers
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....
By Runa Sandvik
News•Jan 26, 2026
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
By SecurityWeek
News•Jan 26, 2026
NDSS 2025 – ERW-Radar
The episode delves into ERW‑Radar, a novel detection system designed to combat evasive ransomware by leveraging the unique repetitive I/O patterns ransomware exhibits during encryption and statistical analysis of encrypted byte streams. The authors—Lingbo Zhao, Yuhui Zhang, Zhilu Wang, Fengkai...
By Security Boulevard
News•Jan 26, 2026
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1
In September 2025 Zscaler ThreatLabz uncovered two Pakistan-linked APT campaigns, Gopher Strike and Sheet Attack, targeting Indian government entities. Gopher Strike delivers malicious PDFs that trigger ISO downloads, employing a new Golang downloader called GOGITTER, a lightweight backdoor GITSHELLPAD that...
By Security Boulevard
Blog•Jan 26, 2026
01 Quantum Reports Q4 2025 Revenue Growth & PQC Deployments
01 Quantum Inc., rebranded from 01 Communique Laboratory, reported FY 2025 revenue of $767,993—up 86% from the prior year—driven by commercial deployments of post‑quantum cryptography (PQC) solutions such as DoMobile Ver.5. The company raised $3.78 million in equity financing and continues to...
By Quantum Zeitgeist