Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
AI drives crypto hacks toward near‑zero cost, warns Ledger CTO
Ledger’s chief technology officer says artificial intelligence is dramatically lowering the cost and speed of cryptocurrency attacks, turning what once required high skill and expense into a near‑zero‑cost operation. Over the past year, crypto‑related breaches have siphoned roughly $1.4 billion, highlighted by the $285 million Drift hack and the $25 million Resolv exploit.
North Korean APT ScarCruft launched the Ruby Jumper campaign, employing a chain of malware that includes RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE and BLUELIGHT. The first‑stage payload uses a malicious LNK file to execute PowerShell, which carves and runs additional components. RESTLEAF authenticates to Zoho WorkDrive with a valid token to fetch shellcode, while THUMBSBD and VIRUSTASK weaponize removable media to bridge air‑gapped systems. The operation demonstrates a sophisticated blend of cloud‑based C2 and offline propagation techniques.
The EU’s Digital Networks Act (DNA) is being positioned as a cornerstone for simplifying telecom regulations and reducing market fragmentation across member states. At the Future Connectivity Summit, regulators emphasized the Act’s role in fostering spectrum coherence while also highlighting...
Ukrainian national Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI‑powered subscription service that sold more than 10,000 counterfeit passports, driver’s licenses and Social Security cards to customers worldwide. The site accepted only cryptocurrency, allowed customization of documents, and marketed...
On 19 February 2026 the UK Court of Appeal decided DSG Retail Ltd v The Information Commissioner, holding that a controller’s data‑security duty covers all information it treats as personal, even if an attacker cannot identify individuals. The ruling, based...
Hackers infiltrated the Dutch prisons agency DJI and accessed staff data for at least five months, according to a radio investigation by Argos. The compromised information includes employee email addresses, phone numbers and security certificates. The breach was uncovered after...
BT has launched Sovereign Voice, a cloud‑calling solution that guarantees all voice traffic remains within the United Kingdom’s borders. The service runs on domestic data centres, is managed by local staff, and incorporates Cisco’s secure‑calling platform. It targets heavily regulated...
A wave of phishing campaigns is targeting individuals searching for programming jobs, using fabricated job listings to harvest credentials. At the same time, North Korean APT37 has released new tools that weaponize removable media, raising concerns about air‑gap breaches. The...
Google’s Android 17 second beta adds system‑level privacy tools, including a Contacts Picker that grants apps access only to user‑selected contacts and an EyeDropper API that reads screen colors without screen‑capture permission. A new ACCESS_LOCAL_NETWORK runtime permission controls LAN device...
Application security should begin at the load balancer, not deeper in the stack. Organizations often treat load balancers solely as performance devices, leaving encryption, protocol hygiene, and abuse controls to downstream tools. This architectural gap lets attackers exploit weak TLS...
At last year’s CIO Summit in Mumbai, senior leaders from banking, fintech, telecom and manufacturing debated the growing risk profile of open‑source databases, with PostgreSQL emerging as the focal point. The conversation has moved from pure performance to trust, encompassing...
Illumio announced Illumio Insights, an agent‑less solution that ingests real‑time telemetry from Check Point and Fortinet firewalls to create live traffic maps across data‑center and cloud environments. The platform converts existing firewall data into visibility without installing software agents, extending...
Threat actors are distributing trojanized gaming utilities through browsers and chat platforms to install a Java‑based remote‑access trojan (RAT). The downloader stages a portable Java runtime, executes a malicious JAR via PowerShell and cmstp.exe, then deletes itself and configures Microsoft...
The EU’s NIS2 Directive now obligates senior management to approve, oversee, and assume responsibility for cybersecurity risk, a shift echoed by Ireland’s forthcoming National Cyber Security Bill. The draft legislation mirrors NIS2’s Article 20, imposing personal liability, temporary bans, and fines...
Vulnerability management platforms must evolve beyond basic scanning to address today’s complex attack surface. Core capabilities now include automated asset discovery, continuous scanning with real‑time risk scoring, integrated remediation workflows, threat‑intelligence enrichment, and compliance‑aligned reporting. These functions enable security teams...
Mobile app permissions remain a critical security vector, with both iOS and Android prompting users for dangerous permissions at runtime. Excessive or unnecessary permissions—such as background location, accessibility services, or SMS access—can enable data theft, credential harvesting, and device surveillance....
South Yorkshire Integrated Care Board (ICB) unveiled three coordinated strategies—digital transformation to 2027, a cyber resilience plan, and a digital workforce and skills programme. The digital roadmap emphasizes AI governance, a system‑wide AI and automation forum, and mandatory participation in...
Security researchers discovered a malicious Go module, github.com/xinfeisoft/crypto, that masquerades as the legitimate golang.org/x/crypto library. The backdoored ReadPassword function captures plaintext credentials, writes them to /usr/share/nano/.lock, and exfiltrates them via a dynamically supplied GitHub Raw URL. After exfiltration, the module pulls and...
Incident response traditionally relies on manual log correlation, alert validation, and report drafting, consuming 10‑20 minutes per case and often days for complex attacks. AI‑enabled platforms now ingest telemetry from SIEM, EDR, identity, and cloud sources the moment an alert...
Mysterium VPN’s research uncovered more than 12 million IP addresses serving publicly accessible .env‑style files, leaking credentials such as database passwords, API keys, and JWT signing secrets. The United States leads the exposure count with roughly 2.8 million IPs, while Japan, Germany,...
Defused Cyber uncovered a credential‑stuffing campaign that uses passwords harvested by Infostealers to brute‑force corporate SSO gateways, notably targeting F5 BIG‑IP devices. Analysis of 70 credential pairs showed 77 % originated from known Infostealer infections, confirming a direct supply chain from malware‑infected employee...
Security agency CISA disclosed that Gardyn smart indoor hydroponic gardens suffered two critical and two high‑severity vulnerabilities, affecting an estimated 138,000 devices. The critical flaws include a command‑injection bug (CVE‑2025‑29631) and hard‑coded admin credentials (CVE‑2025‑1242) that enable remote, unauthenticated control...
RefAssured and ID.me have launched an advanced fraud‑prevention solution that embeds identity verification into staffing agencies' existing applicant tracking systems. The joint offering combines RefAssured’s 1.5 million reference reports with ID.me’s digital identity wallet, which serves over 160 million users, to authenticate...
OpenClaw, an open‑source AI agent that quickly amassed over 100,000 GitHub stars, was found to contain a critical vulnerability that lets any website a developer visits hijack the local agent via an unauthenticated WebSocket connection. The flaw bypasses rate‑limiting and...
Oculeus has launched its Two Factor Network (2FN) solution, giving telcos a real‑time framework to authenticate caller identity and stop CLI spoofing. The system creates a parallel verification path with digital signatures that peer‑to‑peer carriers exchange during call setup. Industry...
Researchers unveiled HoneySat at NDSS 2026, the first high‑interaction satellite honeypot that mimics an entire CubeSat mission, including ground‑segment software and orbital dynamics. In three public deployments, attackers issued 22 authentic flight‑software commands, attempting to access ground systems, extract telemetry,...
Updated breaches are a bit messy when it comes to sending domain notifications. We only send ONE email per breach to domain subscribers, so you may get an alert for dump 1 but not for dump 2. It's probably worth...
BIG: 🚨 XRPL validators blocked a critical Batch amendment flaw that could have enabled unauthorized transactions after AI-assisted researchers flagged the bug before mainnet activation
Proofpoint announced the 2025 ANZ Partner Awards at its Protect Tour in Sydney, honoring partners that advance human‑ and agent‑centric cybersecurity. Nextgen Distribution earned Distributor of the Year, while NTT Data was named Partner of the Year. Infotrust secured Growth...
🔍 Face Recognition vs Face Verification 🔑 Face Verification → Confirms if someone is who they claim to be (Yes ✅ / No ❌). 🧑🤝🧑 Face Recognition → Identifies who the person is by comparing against many faces 👥. #FaceRecognition #FaceVerification #AI...
Fun fact I had a senior Director of a facility complain about computer crashing. I would reimage their machine and it would be fine and then it broke again. They kept installing Grammarly which was doing DLL injection into every process.
The Department of Defense is phasing out the decades‑old DD Form 2875, replacing it with an automated Identity, Credential and Access Management (ICAM) workflow. The new system will provision, authorize, and revoke user access within hours, generate immutable audit logs,...
Anthropic’s Claude Code introduces a CLI‑based AI agent that can navigate repositories, draft patches, and run tests, turning code remediation into a near‑instant process. While the speed gains are compelling, the tool also grants autonomous execution rights that blur traditional...
The rise of distributed supply chains has turned vendors into ongoing operational dependencies, prompting the need for a structured Vendor Relationship Management (VRM) framework. By distinguishing day‑to‑day vendor management from strategic Supplier Relationship Management, companies can ensure reliability while fostering...
Cisco disclosed that a critical vulnerability in its Catalyst SD‑WAN platform has been actively exploited since 2023. The flaw carries a CVSS rating of 10.0, granting attackers remote code execution and full administrative control. Hackers have used the bug to...
India has issued comprehensive cybersecurity guidelines for space systems, jointly crafted by the Indian Computer Emergency Response Team (CERT‑In) and the Space and IT Association‑India (SIA‑India). The advisory framework targets satellite operators, ground‑station managers, manufacturers and emerging private space firms,...
Malaysia, through the Malaysia Digital Economy Corporation, has secured ASEAN endorsement for a Regional Framework on Cross‑Border Cloud Computing. The framework, unveiled at the 6th ASEAN Digital Ministers’ Meeting, introduces shared governance principles and "Trusted Data Corridors" to ensure secure...
The third edition of the French version of Cybersecurity For Dummies is now available... #cybersecurity #french #cybersécurité #josephsteinberg #dummies
HackerOne introduced an AI agent that automatically validates reported vulnerabilities, distinguishing real threats from false positives. The agent, built on the Hai platform and trained with a Continuous Threat Exposure Management methodology, assesses risk, identifies duplicates, and recommends remediation priorities....
A fake Zoom update and a parallel Google Meet impersonation are delivering the same Teramind monitoring MSI to Windows PCs. The installer’s filename contains a unique 40‑character hex string that the MSI parses at install time to set attacker‑specific instance IDs,...
Credential‑based fraud and login friction are eroding conversion for high‑value e‑commerce shoppers, prompting merchants to seek stronger, lower‑friction authentication. Passkeys, built on FIDO public‑key cryptography and unlocked via biometrics or PIN, promise to eliminate password reuse and phishing risk. PayPal...
Fintech firm Marquis, which serves over 700 banks, filed a lawsuit against firewall vendor SonicWall after a ransomware breach exposed client data for roughly 780,000 individuals. SonicWall later disclosed that a breach of its own firewall configuration backups affected all...
Enterprises are turning to Non‑Human Identity (NHI) management to close security gaps created by machine‑generated accounts and their secrets. By automating discovery, classification, monitoring and decommissioning, organizations can reduce breach exposure while cutting operational costs. Centralized NHI platforms deliver real‑time...
Non‑Human Identities (NHIs) are machine credentials that protect data in cloud‑first environments. The article outlines a full NHI lifecycle—from discovery to remediation—and stresses that piecemeal tools fall short. It highlights industry‑specific challenges, such as patient data in healthcare and DevOps...
Agentic AI is emerging as a transformative layer for digital security by automating the management of Non‑Human Identities (NHIs) and their secrets. The technology enables proactive threat detection, automated response, and continuous visibility, allowing security teams to shift focus toward...
Non‑human identities (NHIs) such as machine‑generated secrets are becoming a critical attack surface, prompting organizations to adopt comprehensive NHI management across discovery, classification, detection and remediation stages. Effective NHI programs deliver reduced breach risk, regulatory compliance, and operational efficiencies through...
Infotrust has sold its cloud and communications arm Nexgen to Aussie Broadband for up to $50 million, freeing capital to accelerate its sovereign cyber‑security strategy. The proceeds will be redeployed into identity, data‑privacy and broader federal‑government capabilities, as well as potential...
ServiceNow disclosed and patched a critical vulnerability, CVE-2026-0542, in its AI Platform that could allow unauthenticated remote code execution. The flaw bypasses the ServiceNow Sandbox, affecting web interfaces, API endpoints, and automation modules, and carries a CVSS rating of 9.8....
Trinsic has integrated Idemia Public Security’s mobile driver’s license (mDL) solution into its Digital Identity Acceptance Network, adding support for mDLs issued in New York, Arkansas, Iowa, West Virginia and Kentucky. Idemia, the leading U.S. provider of state‑backed mDLs, also serves three...
Project Compass, a Europol‑led operation backed by 28 nations including the Five Eyes, began in January 2025 to dismantle the transnational youth‑focused cybercrime network known as The Com. Since its launch the initiative has secured 30 arrests, fully or partially...
ProcessUnity’s State of Third‑Party Risk Assessments 2026, conducted with the Ponemon Institute, surveyed 1,465 risk leaders and found a stark disconnect between confidence in TPRM programs and actual breach outcomes. Respondents report an average of 12 third‑party breaches per year...
