Today's Cybersecurity Pulse
Updated 2h agoCloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 24, 2026
Evaluating the Best Value Cybersecurity Platforms for Enterprises
The article evaluates enterprise‑grade cybersecurity platforms, outlining key criteria such as AI/ML capabilities, coverage breadth, autonomous response, total cost of ownership, and scalability. It reviews five leading solutions—Darktrace, CrowdStrike, SentinelOne, Palo Alto Networks, and Microsoft Defender—detailing each vendor’s strengths and AI approach. A methodology for assessing "best value" is presented, focusing on automation, platform coverage, and integration ease. Finally, the guide offers a phased integration roadmap to help organizations adopt a platform with minimal disruption and measurable risk reduction.
By SmartData Collective
News•Jan 24, 2026
Fintech Plaid Reports Growth in Open Banking Adoption, Improves Platform Security
Plaid reported a 55% increase in new European customers and a 53% annual rise in UK open‑banking payments as it expands its footprint across the continent. The fintech data‑connectivity provider added virtual‑account processing for over half of its European transactions...
By Crowdfund Insider
Social•Jan 24, 2026
AI Expands Risks Yet Powers Scalable Security Solutions
Tech and AI lead the global risk landscape as they increasingly expand the attack surface. The good news? The same tools can help us move faster, see more clearly, and respond at scale. Our Risk & Security Outlook explores what's...
By Nigel Walsh
News•Jan 24, 2026
Metriport (YC S22) Is Hiring a Security Eng to Harden Healthcare Data Infra
Metriport, a YC‑backed open‑source platform that moves patient data for over 300 million individuals, is hiring a senior security engineer in San Francisco. The role will harden its HIPAA‑compliant infrastructure, building audit‑logging, RBAC, and security policies. The company reports multi‑million ARR,...
By Hacker News
Social•Jan 24, 2026
Government May Subpoena Google, Proton for Natanson’s Accounts
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
By Runa Sandvik
Blog•Jan 24, 2026
The CISO's Craft: Watchmaker or Gardener?
The article contrasts two CISO archetypes—the Watchmaker, who builds tightly controlled, auditable security frameworks, and the Gardener, who cultivates an adaptive, culture‑driven security ecosystem. Each style offers distinct strengths: predictability and strong foundations versus flexibility and empowerment. However, both suffer...
By Phil Venables’ Blog
News•Jan 24, 2026
NDSS 2025 – Secure Data Analytics
Researchers at NDSS 2025 introduced Laputa, a framework that adds fine‑grained policy enforcement to Apache Spark by inspecting physical execution plans. The system isolates Spark workloads using confidential computing compartments, protecting data from malicious users and compromised cloud managers. Laputa’s...
By Security Boulevard
News•Jan 24, 2026
Self-Custody Is No Longer a Retail Hobby. It Is Becoming Institutional Infrastructure
Institutional perception of self‑custody is shifting from a retail‑only risk to core crypto infrastructure. New hardware wallets, multi‑party authorization, and non‑custodial delegation let firms retain direct asset control while satisfying compliance requirements. Proof‑of‑Stake networks now support staking without transferring ownership,...
By CryptoSlate
News•Jan 24, 2026
Konni Hackers Target Blockchain Engineers with AI-Built Malware
North Korean hacker group Konni, linked to APT37, is deploying AI‑generated PowerShell malware to infiltrate blockchain developers. The campaign uses Discord‑hosted links that deliver a ZIP file containing a PDF lure and a malicious LNK shortcut. The shortcut triggers a...
By BleepingComputer
News•Jan 24, 2026
DAST vs Penetration Testing: Key Differences in 2026
The article contrasts modern Dynamic Application Security Testing (DAST) with traditional and AI‑driven penetration testing, highlighting how AI‑powered tools are built on advanced DAST architectures. Modern DAST now offers CI/CD integration, business‑logic testing, and a graph‑based knowledge model that feeds...
By Security Boulevard
News•Jan 24, 2026
Call-On-Doc Allegedly Had a Breach Affecting More than 1 Million Patients. They’ve yet to Comment.
Telehealth platform Call‑On‑Doc is accused of a data breach that may have exposed more than 1.1 million patient records, according to a listing on a hacking forum. The alleged leak includes personal identifiers, contact details, medical conditions and payment amounts, with...
By DataBreaches.net
News•Jan 24, 2026
DOGE May Have Misused Social Security Data, DOJ Admits
The Department of Justice disclosed that operatives from the Department of Government Efficiency (DOGE) may have improperly accessed and shared Social Security Administration (SSA) data. Internal emails show a password‑protected file containing roughly 1,000 individuals’ names and addresses was transmitted...
By WIRED (Security)
Blog•Jan 24, 2026
GBAC Launches Quantum Strategic Intelligence Standard at World Economic Forum
Global Board Advisors Corp and BoardroomEducation.com introduced the Quantum Strategic Intelligence (QSI) framework at the World Economic Forum in Davos, positioning it as an open Sovereignty Standard for quantum‑computing and agentic‑AI risks. QSI extends existing ERM models such as COSO,...
By Quantum Zeitgeist
News•Jan 24, 2026
How Founder Oversight Prevents Costly Security Gaps
Founder oversight transforms security from a static checklist into a living, strategic asset. By staying involved in access controls, audits, and vendor management, leaders spot hidden vulnerabilities before they become costly incidents. This hands‑on approach reinforces compliance, reduces downtime, and...
By TechBullion
Blog•Jan 24, 2026
U.S. CISA Adds a Flaw in Broadcom VMware vCenter Server to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical VMware vCenter Server flaw CVE-2024-37079 to its Known Exploited Vulnerabilities (KEV) catalog. The heap‑overflow bug in the DCERPC implementation carries a CVSS score of 9.8 and enables remote...
By Security Affairs
News•Jan 24, 2026
ISO 27001:2013 vs 2022 – A Quick Comparison Guide
ISO 27001:2022 supersedes the 2013 version, introducing a streamlined set of 93 controls organized into four thematic categories—Organizational, People, Physical, and Technological. The update adds 11 new controls targeting cloud security, threat intelligence, secure coding, and data protection, while tightening requirements...
By Security Boulevard
News•Jan 24, 2026
The New Reality of Business Protection When Data, AI, and Risk Collide
Businesses now view protection as safeguarding decisions, trust, continuity, and reputation rather than physical assets. The rise of AI intensifies risk, as models trained on sensitive data can be compromised, leading to regulatory, reputational, and financial fallout. Companies are turning...
By TechBullion
News•Jan 24, 2026
Ethereum Foundation Makes Post Quantum Security a Top Priority as New Team Forms
The Ethereum Foundation announced a dedicated Post‑Quantum team, elevating quantum‑resistant security to a top strategic priority. Led by Thomas Coratger and supported by Emile, the group will accelerate wallet safety upgrades, research prizes and test networks. A bi‑weekly developer session...
By CoinDesk
News•Jan 23, 2026
Equifax Launches AI-Powered Tool to Combat Synthetic Identity Fraud
Equifax unveiled Synthetic Identity Risk, an AI‑driven solution that flags synthetic identity fraud using machine‑learning analysis of identity data, credit histories, and behavioral signals. The tool can be deployed at account opening or continuously for ongoing monitoring, enabling lenders to...
By PYMNTS
Blog•Jan 23, 2026
Device-Independent QKD Achieves Key Generation with Photonic Devices, Overcoming 1 Challenge
Researchers at Université Paris‑Saclay and Université Côte d’Azur have demonstrated a device‑independent quantum key distribution (DIQKD) protocol using a photonic circuit identified through machine learning. By introducing a block‑hierarchy semidefinite programming method and a finite‑size security analysis, they show that...
By Quantum Zeitgeist
News•Jan 23, 2026
CertiK Keeps IPO on the Table as Valuation Hits $2B, CEO Says
CertiK co‑founder and CEO Ronghui Gu told reporters at Davos that the blockchain security firm is still weighing a public listing, with a current valuation of roughly $2 billion. While no concrete IPO timeline exists, Gu said the company would need additional...
By Cointelegraph
News•Jan 23, 2026
Digital Wallet: A Smarter Way to Manage and Move Money
Digital wallets are software platforms that store payment credentials and enable instant, encrypted transactions via smartphones or computers. They combine convenience, security features like biometrics and tokenization, and financial organization tools such as spending categorization. For merchants, offering wallet payments...
By TechBullion
News•Jan 23, 2026
OpenAI's Upcoming Codex Update Will Hit the Company's "High" Cybersecurity Risk Level for the First Time
OpenAI announced that upcoming updates to its Codex code‑generation model will push it into the “High” cybersecurity risk tier in the company’s internal risk framework, the first time a model has reached that level. The “High” designation means Codex could...
By THE DECODER
News•Jan 23, 2026
NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves
Researchers from Southern University of Science and Technology and ByteDance presented WAVEN, a WebAssembly memory virtualization layer designed for trusted execution environments (TEEs). WAVEN enables cross‑module memory sharing and page‑level access control, addressing the linear memory model’s limitations in Wasm‑based...
By Security Boulevard
Social•Jan 23, 2026
Gain Real Visibility Over Fast‑Moving Agentic AI
Agentic AI is moving fast and most teams lack visibility into what’s actually happening. Meet our sponsor for this weeks newsletter: @harmonicsec ! Harmonic's Security’s MCP Gateway is a lightweight, developer-friendly gateway that gives security teams real visibility...
By Jason Haddix
News•Jan 23, 2026
DeFi Protocol MakinaFi Exploit Analyzed by Blockchain Security Firm CertiK
Blockchain security firm CertiK dissected a sophisticated exploit on the MakinaFi DeFi protocol that drained approximately 1,299 ETH, valued at $4.13 million. The attacker leveraged massive flash loans to manipulate Curve pool valuations, inflating the protocol’s share price and extracting USDC from...
By Crowdfund Insider
News•Jan 23, 2026
NETSCOUT Recognized for Leadership in Network Detection and Response
NETSCOUT has been named a leader in network detection and response (NDR) by Quadrant Knowledge Solutions’ 2025 SPARK Matrix. The company’s Omnis Cyber Intelligence platform leverages Adaptive Service Intelligence to inspect packets at up to 100 Gbps, delivering deep, context‑rich metadata...
By CSO Online
News•Jan 23, 2026
Smarter DDoS Security at Scale
NETSCOUT introduced Arbor Edge Defense (AED), a selective decryption solution that inspects only suspicious encrypted traffic to mitigate DDoS attacks hidden in TLS 1.3 sessions. Traditional full‑traffic decryption is resource‑intensive, creating blind spots for security teams. AED combines known‑source blocking,...
By CSO Online
News•Jan 23, 2026
French Authorities Investigate Data Breach of Crypto Tax Platform
French prosecutors and the National Cyber Unit have opened a preliminary investigation into a data breach at Waltio, a cryptocurrency tax platform that exposed personal information of roughly 50,000 users, most of them in France. The hacker group Shiny Hunters...
By Cointelegraph
News•Jan 23, 2026
Venezuelan Nationals Face Deportation After Multi State ATM Jackpotting Scheme
Two Venezuelan nationals were convicted of a multi‑state ATM jackpotting scheme that hit banks in South Carolina, Georgia, North Carolina and Virginia. Using laptops and custom malware, they opened older ATMs at night, forcing the machines to dispense cash until...
By HackRead
Blog•Jan 23, 2026
Cyberattack Targeting Poland’s Energy Grid Used a Wiper
At the end of December, a wiper‑type malware dubbed DynoWiper attempted to compromise Poland’s power generation and distribution systems. European security firm ESET traced the code to the Russian Sandworm group with medium confidence, noting similarities to previous attacks on...
By Zero Day
News•Jan 23, 2026
Shift Left QA for AI Systems. Catching Model Risk Before Production
Shift‑left QA repositions testing to the earliest stages of AI development, targeting data selection, prompt design, and model behavior before any user interface exists. Traditional software QA, which validates deterministic code after UI creation, misses the probabilistic failures that AI...
By Security Boulevard
News•Jan 23, 2026
A Hacker’s $23 Million ‘Flex’ Backfires After Sleuth Traces Funds to a Massive U.S. Government Seizure
A self‑styled hacker known as “John” publicly displayed control over roughly $23 million in cryptocurrency during a live “band for band” showdown on X. Blockchain analyst ZachXBT later traced the wallet to a chain of addresses that include funds seized by...
By CoinDesk
News•Jan 23, 2026
Corr-Serve Strengthens South Africa’s Cybersecurity Market Through Expanded Seceon Partnership
Corr-Serve has expanded its seven‑year partnership with global cyber‑security firm Seceon, becoming the exclusive distributor for Seceon's AI‑driven Open Threat Management platform across the Southern African Development Community. The deal positions South Africa as the operational hub, delivering real‑time threat...
By Security Boulevard
News•Jan 23, 2026
Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser
The browser has evolved from a simple web gateway into the primary enterprise endpoint, handling over 70% of global traffic. Generative AI agents that can act autonomously inside browsers are turning them into intelligent workspaces, prompting incumbents and startups to...
By Security Boulevard
News•Jan 23, 2026
From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience
Ransomware attacks now cost $156 million daily, prompting firms to rush system restoration. However, without forensic recovery, organizations lack the evidence needed to confirm breach eradication and understand attacker tactics. Modern forensic solutions capture and analyze digital artifacts in real time,...
By Security Boulevard
News•Jan 23, 2026
What an AI-Written Honeypot Taught Us About Trusting Machines
Intruder used an AI model to draft a honeypot prototype, but the generated code mistakenly trusted client‑supplied IP headers, allowing attackers to inject payloads via spoofed headers. The flaw went unnoticed by static analysis tools like Semgrep and Gosec, highlighting...
By BleepingComputer
Social•Jan 23, 2026
Spain's Top Court Stalls Pegasus Probe over Israeli Silence
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab go back to 2021. https://t.co/GUEJ1Mq02R
By Runa Sandvik
News•Jan 23, 2026
NHS Issues Open Letter Demanding Improved Cybersecurity Standards From Suppliers
The UK National Health Service has issued an open letter to suppliers, demanding proactive cybersecurity collaboration across the health and social care system. The initiative builds on last year’s voluntary supply‑chain charter and aligns with the Cyber Security and Resilience...
By Infosecurity Magazine
Social•Jan 23, 2026
Microsoft Will Surrender BitLocker Keys to Police upon Court Order
If you store your BitLocker key with Microsoft, Microsoft can and will hand the key over to law enforcement in response to valid court orders. https://t.co/FPUJZPSU3h
By Runa Sandvik
News•Jan 23, 2026
CyberAlloy Launches to Unite Europe’s Cyber Defenders in a Single Trusted Network
CyberAlloy, an independent network launched this week, brings together corporations, governments, academia, venture capital and security experts across Europe to create a trusted cyber‑resilience ecosystem. The platform enables real‑time threat‑intelligence sharing, collective decision‑making and standardized governance, aiming to lighten the...
By Tech.eu
News•Jan 23, 2026
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
SecurityWeek’s weekly roundup highlights a record €1.2 billion in GDPR fines in 2025, with Ireland accounting for the bulk of penalties, and a 22 % jump in breach notifications. Mandiant released Net‑NTLMv1 rainbow tables that can crack legacy hashes in under 12 hours,...
By SecurityWeek
Social•Jan 23, 2026
Essential Digital Security Guide Still Relevant After FBI Seizure
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn in 2024, which remains up to date and relevant. https://t.co/9vBMK8r1vV
By Runa Sandvik
News•Jan 23, 2026
ExaGrid Announces All Flash/SSD Tiered Backup Storage Solution
ExaGrid has launched an all‑flash, SSD‑based tiered backup storage solution that ships with software version 8 and a unique front‑end Landing Zone paired with a non‑network‑facing repository tier. The new appliances—EX90‑SSD through EX540‑SSD—scale to over 17 PB in a single scale‑out...
By AI-TechPark
News•Jan 23, 2026
Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Concern
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
By DataBreaches.net
News•Jan 23, 2026
TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
TrustAsia revoked 143 SSL/TLS certificates after uncovering a critical vulnerability in its LiteSSL ACME service. The flaw allowed domain‑validation data to be reused across different ACME accounts, enabling unauthorized issuance of wildcard certificates. The issue stemmed from a logic error...
By GBHackers On Security
News•Jan 23, 2026
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
By DataBreaches.net
News•Jan 23, 2026
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
In 2025 phishing evolved from a nuisance into a professional, subscription‑based service. Threat actors now rent disposable infrastructure, use generative AI to craft high‑fidelity pages, and repurpose mainstream no‑code platforms, while large language models eliminate the classic bad‑writing tell. These...
By Security Boulevard
News•Jan 23, 2026
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
By HackRead
News•Jan 23, 2026
Arqit Launches ‘Encryption Intelligence’ to Automate Discovery for Post-Quantum Migration
Arqit Quantum has launched Encryption Intelligence (EI), an automated SaaS platform that inventories an organization’s cryptographic assets across cloud, OT and legacy systems. The tool identifies obsolete algorithms and protocols, providing real‑time visibility to accelerate post‑quantum cryptography (PQC) migration and...
By Quantum Computing Report