🎯Today's Cybersecurity Pulse
Updated 55m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 21, 2026
Using Data Upsert to Optimize Test Data Management
Tonic.ai has added upsert capabilities to its test‑data platform, allowing teams to insert new records while updating existing ones without overwriting valuable test data. The feature supports preserving legacy fixtures, merging multiple data subsets, and retaining mock data for unreleased features. By handling both updates and inserts in a single operation, upsert streamlines test‑environment refreshes and reduces manual data‑management effort. The blog outlines three practical scenarios where upsert delivers measurable efficiency gains for fast‑moving development teams.
By Security Boulevard
Social•Jan 21, 2026
AI Fuels Buggy Bounty Incentives; cURL Exits to Reset
AI was the accelerant on a perverse incentive fire sparked by bug bounty platforms that reward spray & pray. Both open source & orgs without dedicated vuln response teams get overloaded when they offer cash there. cURL is right to...
By Katie Moussouris
News•Jan 21, 2026
Check Point Exposure Management Unifies Threat Intelligence, Context, and Remediation
Check Point unveiled Exposure Management, a platform that fuses threat intelligence, vulnerability prioritization, and automated remediation into a single workflow. The solution offers real‑time situational awareness by correlating dark‑web insights, exploitability context, and attack‑surface visibility. It integrates with more than...
By Help Net Security
News•Jan 21, 2026
How Realm Data Haven Solves Long-Term Log Storage and Fast Resupply for SOC Teams
Realm introduced Data Haven, a dedicated long‑term log archive that separates storage from real‑time SIEM detection. The platform automatically routes all telemetry to secure, low‑cost storage without manual configuration and normalizes logs on ingest. Analysts retrieve archived data by simple...
By Security Boulevard
News•Jan 21, 2026
Cohesity Enhances Identity Resilience with ITDR Capabilities
Cohesity has introduced Identity Threat Detection and Response (ITDR) capabilities, extending its Identity Resilience suite to protect Active Directory and Microsoft Entra ID. The solution continuously monitors identity posture, flags risky changes, and detects attack patterns before an incident. During...
By Help Net Security
Social•Jan 21, 2026
BTQ Partners ITRI for Low-Power
NEW: BTQ is partnering with ITRI to build a new chip architecture for post-quantum security. $BTQ ’s QCIM targets lower-power cryptography, and is now moving into silicon validation with ITRI, the incubator behind $TSMC.
By Wendy O
News•Jan 21, 2026
Executive Brief: Questions AI Is Creating that Security Can’t Answer Today
AI‑assisted development now dominates software creation, with 92% of developers using tools like GitHub Copilot and AI‑generated code comprising roughly 40% of new code. Traditional application security controls, designed for post‑commit review, fail to see code at the moment it...
By Security Boulevard
News•Jan 21, 2026
Stellar Cyber Appoints Eric Van Sommeren as Vice President of EMEA to Accelerate Regional Expansion
Stellar Cyber announced the appointment of Eric van Sommeren as Vice President of EMEA, accelerating the firm’s push into Europe, the Middle East and Africa. Van Sommeren brings senior leadership experience from SentinelOne, Palo Alto Networks and Corelight, positioning the company...
By AiThority
News•Jan 21, 2026
XBOW Appoints WonLae Lee as General Manager, South Korea
XBOW has named former Samsung SDS penetration‑testing leader WonLae Lee as General Manager for South Korea, tasking him with spearheading the company’s Asia‑Pacific expansion. Lee brings three decades of Red Team, vulnerability research and incident‑response experience to the autonomous offensive...
By AiThority
News•Jan 21, 2026
Furl Lands $10M for AI-Powered Security Remediation
Furl, a security remediation platform, closed a $10 million seed round led by Ten Eleven Ventures, with participation from Rapid7 CEO Corey Thomas and Open Opportunity Fund. The company targets the chronic execution gap in cybersecurity, where only one in ten...
By Just AI News
News•Jan 21, 2026
I Scanned 2,500 Hugging Face Models for Malware/Issues. Here Is the Data
Veritensor launches as a zero‑trust security solution for the AI model supply chain, offering deep static analysis and cryptographic verification of popular model formats such as Pickle, PyTorch, Keras, GGUF, and Python wheels. The tool can detect malicious code—including RCE,...
By Hacker News
News•Jan 21, 2026
Vectra AI Helps Organizations Prevent AI-Powered Cyberattacks
Vectra AI unveiled a next‑generation platform designed to safeguard the emerging AI enterprise, where machine‑speed workloads span on‑premises, multi‑cloud, SaaS, IoT and edge environments. The solution delivers unified observability, automatically discovers AI agents as first‑class identities, and uses behavior‑driven AI...
By Help Net Security
News•Jan 21, 2026
AiFWall Emerges From Stealth With an AI Firewall
aiFWall Inc emerged from stealth, releasing a free AI firewall that protects both inbound prompts and outbound responses of agentic AI deployments. The product leverages contextual analysis and a central AI engine to create just‑in‑time threat markers from malicious prompts....
By SecurityWeek
News•Jan 21, 2026
Sumo Logic Targets Data Pipeline Blind Spots with New Snowflake and Databricks Tools
Sumo Logic announced two new applications for Snowflake and Databricks that enhance real‑time visibility into data pipelines. The Snowflake Logs App provides login analytics, query performance insights, and centralized log correlation, while the Databricks Audit App offers unified monitoring of...
By SiliconANGLE
News•Jan 21, 2026
Nightfall Expands Data Protection with AI Browser Security for Browsers, Endpoints and SaaS
Nightfall unveiled an AI Browser Security solution that protects browsers, endpoints, and SaaS applications from real‑time data theft driven by AI tools. The offering intercepts uploads, clipboard pastes, screenshots and other browser‑based actions that traditional DLP cannot see. Powered by...
By SiliconANGLE
News•Jan 21, 2026
Accelerating Digital Transformation Is the Keystone to Deterring Space War
The article argues that the United States must accelerate digital transformation in its national‑security space architecture to maintain deterrence against a rapidly modernizing China. It highlights current shortcomings such as legacy single‑prime contracts, stovepiped systems, and slow acquisition cycles that...
By SpaceNews
News•Jan 21, 2026
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Security researchers discovered that dozens of publicly exposed, intentionally vulnerable training applications—such as Hackazon, OWASP Juice Shop, DVWA and bWAPP—are being run on real cloud infrastructure. These apps often carry over‑permissioned IAM roles, allowing attackers to harvest temporary credentials and...
By Dark Reading
News•Jan 21, 2026
Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms
Pentera uncovered nearly 2,000 publicly exposed security‑testing web apps—such as DVWA, Juice Shop and bWAPP—hosted on AWS, GCP and Azure. These intentionally vulnerable tools were linked to over‑privileged IAM roles, allowing attackers to steal cloud credentials and gain admin access....
By BleepingComputer
News•Jan 21, 2026
GitLab Warns of High-Severity 2FA Bypass, Denial-of-Service Flaws
GitLab announced patches for a high‑severity two‑factor authentication bypass (CVE‑2026‑0723) and multiple denial‑of‑service flaws affecting both Community and Enterprise editions. The 2FA bypass lets attackers with a known account ID circumvent the second factor, while CVE‑2025‑13927 and CVE‑2025‑13928 enable unauthenticated...
By BleepingComputer
News•Jan 21, 2026
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
Reflectiz’s 2026 State of Web Exposure Research reveals that 64 % of third‑party applications on 4,700 leading websites access sensitive data without a legitimate business justification, up from 51 % a year earlier. The study also shows a sharp rise in malicious...
By HackRead
News•Jan 21, 2026
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
Microsoft Azure’s Private Endpoint design has a DNS flaw that can turn secure Private Link connections into denial‑of‑service conditions. When a Private DNS zone is linked across multiple virtual networks, Azure prefers that zone for name resolution; if the target...
By eSecurity Planet
News•Jan 21, 2026
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
North Korean threat actors have launched a new campaign that abuses Visual Studio Code task configuration files to deliver macOS malware. The attackers masquerade as recruiters, enticing developers to clone malicious GitHub or GitLab repositories under the guise of job...
By SecurityWeek
News•Jan 21, 2026
Rust Package Registry Adds Security Tools and Metrics to crates.io
The Rust package registry crates.io has introduced a Security tab that surfaces RustSec advisories and flags vulnerable versions on each crate page. Publishing workflows were enhanced with Trusted Publishing support for GitLab CI/CD, enabling OIDC‑based authentication without long‑lived tokens. New...
By Help Net Security
Social•Jan 21, 2026
Banks Overlook Billion-Dollar Fraud Crisis
[New Episode] The Billion Dollar Fraud Crisis Most Banks Are Missing. With @shanthi_peace, CEO of Casap. Watch the latest episode now: https://t.co/aCTj9YH63K https://t.co/dJky1nDo6a
By Jim Marous
News•Jan 21, 2026
Why AI Keeps Falling for Prompt Injection Attacks
Prompt injection exploits the textual nature of large language models, allowing users to bypass safety guardrails with cleverly phrased commands. The article compares this vulnerability to a fast‑food worker refusing to hand over a cash drawer, highlighting how humans rely...
By IEEE Spectrum AI
News•Jan 21, 2026
DigitalOcean Appoints Vinay Kumar as Chief Product and Technology Officer
DigitalOcean announced Vinay Kumar as its new Chief Product and Technology Officer, tasked with steering product strategy, cloud infrastructure, and security as the firm expands its AI inference cloud. Kumar, a founding member of Oracle Cloud Infrastructure and former AWS...
By AI-TechPark
News•Jan 21, 2026
Cyber Fallout Continues as M&S CTO Exits Months After Ransomware Attack
Marks & Spencer’s chief technology officer Josie Smith is leaving the firm, a move that comes nine months after a ransomware attack by the Scattered Spiders group wiped out roughly £229 million and halved the retailer’s 2025 profit. The breach forced...
By InternetRetailing
News•Jan 21, 2026
Alerted to a Breach in November, Advanced Family Surgery Center Remains Publicly Silent
Advanced Family Surgery Center, part of Covenant Health, was notified by the Genesis hacking group on November 26 2025 that its systems had been compromised and 100 GB of sensitive data—including protected health information—had been exfiltrated. Genesis later posted a file‑tree on a...
By DataBreaches.net
News•Jan 21, 2026
Why Identity Security Must Move Beyond MFA
Enterprise MFA usage has reached roughly 70% in early 2025, cementing it as a core defense against automated attacks. Yet cybercriminals exploit AI‑driven phishing, SIM swapping, and credential theft to bypass even strong multi‑factor controls. Recent data shows a 63%...
By SecurityWeek
News•Jan 21, 2026
Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 37 zero‑day vulnerabilities in Tesla's infotainment system, earning $516,500 on day one. Synacktiv secured $35,000 by chaining an information leak and out‑of‑bounds write to gain root, while other teams exploited EV chargers and navigation...
By BleepingComputer
Blog•Jan 21, 2026
Internet Voting Is Too Insecure for Use in Elections
A recent open letter warns that internet voting remains fundamentally insecure, with no existing or foreseeable technology able to guarantee its safety. Despite decades of academic consensus, vendors continue to market online voting solutions as secure. The letter specifically calls...
By Schneier on Security
News•Jan 21, 2026
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
SecurityWeek’s Cyber Insights 2026 warns that APIs, already handling roughly 83 % of internet traffic, will become even more critical as agentic AI proliferates. The rise of autonomous AI agents is set to double the number of API endpoints by 2026, expanding...
By SecurityWeek
News•Jan 21, 2026
Adversa AI Wins 2026 BIG Innovation Award for Agentic AI Security Platform
Adversa AI’s Agentic AI Security Platform has been named a winner in the 2026 BIG Innovation Awards for Innovative Products – Software, as announced by the Business Intelligence Group. The platform tackles the emerging attack surface of autonomous AI agents,...
By AI-TechPark
News•Jan 21, 2026
Last Rites for Perpetual Enterprise Software Licenses?
Enterprise software vendors are accelerating the retirement of perpetual‑license products, declaring many versions End of Availability and pushing customers toward cloud‑based SaaS suites. While the shift may raise short‑term costs, research shows that modern subscription models deliver better cybersecurity, functionality,...
By CIO.com
News•Jan 21, 2026
Enterprise-Grade Identity Verification for AI-Enhanced Workflows
Enterprises accelerating AI adoption face a critical gap in identity verification. A GBG report shows 31% of businesses struggle to detect fraud during onboarding, exposing AI workflows to manipulation. Enterprise‑grade verification combines biometrics, document validation, API checks, MFA and continuous...
By Security Boulevard
Blog•Jan 21, 2026
Qers Achieves Universal Post-Quantum Cryptography Resilience Scoring for IoT and IIoT Systems
Researchers at Luleå University of Technology introduced QERS, a Quantum Encryption Resilience Score that evaluates post‑quantum cryptography (PQC) suitability for IoT and IIoT devices. The framework aggregates six normalized metrics—latency, packet reliability, CPU load, energy use, RSSI, and key size—into...
By Quantum Zeitgeist
News•Jan 21, 2026
ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix”
ErrTraffic is a traffic‑distribution system that powers ClickFix social‑engineering attacks by deliberately corrupting website visuals—a technique dubbed “GlitchFix.” When a victim visits a compromised page, the script distorts text, CSS and cursor movement before presenting a fake update prompt that...
By GBHackers On Security
Blog•Jan 21, 2026
Crooks Impersonate LastPass in Campaign to Harvest Master Passwords
LastPass disclosed an active phishing campaign that began around January 19, 2026, in which attackers impersonated the service with urgent‑maintenance emails to harvest master passwords. The messages contain links to an Amazon S3‑hosted page that redirects to a counterfeit LastPass...
By Security Affairs
News•Jan 21, 2026
Oracle’s First 2026 CPU Delivers 337 New Security Patches
Oracle has issued its first Critical Patch Update for 2026, delivering 337 security patches that address roughly 230 unique CVEs across more than 30 products. More than two dozen of the fixes target critical‑severity bugs, and over 235 patches remediate...
By SecurityWeek
News•Jan 21, 2026
Meet Confer: Signal Founder’s Privacy-Focused, End-to-End Encrypted ChatGPT Alternative
Signal founder Moxie Marlinspike has launched Confer, a privacy‑first AI chatbot that encrypts every conversation end‑to‑end. The service uses passkey authentication, server‑side encryption, and runs in a Trusted Execution Environment to prevent data leakage. A free tier allows 20 messages...
By Indian Express AI
News•Jan 21, 2026
Exposure Assessment Platforms Signal a Shift in Focus
Gartner’s inaugural Magic Quadrant introduces Exposure Assessment Platforms (EAP) as a formal replacement for traditional vulnerability management, emphasizing Continuous Threat Exposure Management. The report evaluated 20 vendors on continuous discovery, risk‑informed prioritization, and cross‑environment visibility. Data shows 74 % of identified...
By The Hacker News
News•Jan 21, 2026
Vulnerability Prioritization Beyond the CVSS Number
The article argues that relying solely on CVSS scores misguides vulnerability prioritization. Real‑world incidents like Equifax, SolarWinds, and Log4Shell show that medium‑scoring flaws can cause outsized damage when they propagate through interconnected systems. It introduces the Unified Linkage Model (ULM)...
By CSO Online
News•Jan 21, 2026
Linux Users Targeted by Crypto Thieves via Hijacked Apps on Snap Store
Security researcher Alan Pope revealed that crypto thieves are hijacking expired domains linked to Snap Store publishers to gain Snapcraft account access and push malicious updates. The attackers replace benign snaps with crypto‑wallet malware that steals recovery phrases via automatic...
By Help Net Security
News•Jan 21, 2026
Magecart Hack Injects JavaScript to Steal Online Payment Data
Security researchers have uncovered a new Magecart‑style campaign that injects obfuscated JavaScript from cc-analytics.com/app.js into e‑commerce checkout pages. The script captures credit‑card numbers and billing details, then exfiltrates them to attacker‑controlled servers at pstatics.com via XMLHttpRequest POSTs. Infrastructure analysis reveals...
By GBHackers On Security
News•Jan 21, 2026
Cside Targets Hidden Website Privacy Violations with Privacy Watch
cside unveiled Privacy Watch, an AI‑driven platform that continuously monitors client‑side third‑party scripts for hidden data collection and privacy violations. The tool automatically generates evidence logs and regulation‑specific reports to help organizations meet GDPR, CPRA, HIPAA and emerging state‑level requirements. With...
By Help Net Security
Blog•Jan 21, 2026
IonQ Appoints New SVP to Lead Quantum Networking and Security Division
IonQ announced the appointment of Domenico Di Mola as Senior Vice President of Engineering for its Quantum Networking, Security, and Sensing (QNSS) division. Di Mola will steer engineering and strategy for quantum‑secure networking, distributed‑sensing architectures, and the integration of quantum processors with...
By Quantum Zeitgeist
News•Jan 21, 2026
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts that within the next two years up to 50% of global enterprises will adopt zero‑trust data governance as AI‑generated content floods books, code repositories, and research papers. The feedback loop of large language models training on prior AI...
By Infosecurity Magazine
News•Jan 21, 2026
Crittora Introduces APP, an Execution-Time Authorization Layer for AI Agents
Crittola launched the Agent Permission Protocol (APP), a runtime authorization layer that cryptographically binds a specific AI agent, its intended action, and the tools it may use. The protocol enforces least‑privilege, time‑bound permissions and fails closed if verification is missing....
By AI-TechPark
News•Jan 21, 2026
13 Cyber Questions to Better Vet IT Vendors and Reduce Third-Party Risk
Enterprises are increasingly exposed to cyber‑risk through third‑party IT providers, as recent high‑profile breaches—Marks & Spencer’s £300 million loss, a Chinese group stealing OAuth tokens from 700 firms, and a SAP NetWeaver zero‑day—demonstrate. Attackers exploit trusted vendor pathways, bypassing traditional perimeter...
By CSO Online
News•Jan 21, 2026
Cybercriminals Speak the Language Young People Trust
Criminal networks are systematically recruiting minors through familiar platforms such as TikTok, Instagram, Snapchat and Discord, using encrypted messaging and crypto payments to mask their activities. They speak in coded, game‑like language that makes illegal tasks appear low‑risk and rewarding,...
By Help Net Security