Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Syrian government X accounts hijacked, revealing MFA failures
In early March 2026, several Syrian government accounts on X—including the presidency and central bank—were seized and used to post pro‑Israel messages and explicit content. investigators traced the breach to shared credentials and the absence of multifactor authentication. Officials pledged urgent remedial steps and new regulations to strengthen credential security.
Also developing:
By the numbers: Noma Security raises $132M to expand AI‑driven security platform
Microsoft Intune now lets organizations protect corporate data on BYOD devices without enrolling them in a full MDM solution. By applying app‑protection policies to apps that embed the Intune SDK, IT can enforce PINs, data‑sharing restrictions, and multi‑identity separation. Conditional access in Azure AD ensures only approved, protected apps can access corporate resources. The feature is in preview for OneDrive and Outlook, expanding the zero‑touch BYOD model.
Camunda introduced a Skyflow connector that tokenizes and de‑identifies PII/PHI within BPMN workflows. The connector forwards selected fields to Skyflow’s vault, replaces them with tokens, and permits controlled re‑identification only at approved steps. This approach shrinks the cleartext data footprint...
Dutch telecom operator Odido confirmed a breach by the Shinyhunters cyber‑criminal group, which claims to have exfiltrated data on up to eight million customers. The attackers are demanding more than one million euros in ransom and have issued a final...
Ukrainian officials are urging tighter regulation of Telegram after Russian intelligence allegedly used the app to recruit saboteurs for attacks, including a deadly Lviv strike that killed a police officer. Interior Minister Ihor Klymenko and SBU deputy head Ivan Rudnytskyi...
Peruvian telecom regulator Osiptel announced a new phase of its anti‑fraud campaign, blocking an additional 100,000 handsets deemed high‑risk. The devices are not listed in the official Renteseg database and are associated with repeated use of invalid or cloned IMEIs....
Slotegrator has launched an AI‑powered anti‑fraud assistant for iGaming operators, turning existing dashboard metrics into concise, structured insights. The tool does not create new data or make autonomous blocking decisions, instead offering analytical recommendations for human review. It targets new...
New Zealand health‑tech firm MediMap was forced offline after an unauthorized intrusion altered patient records, including changing names to “Charlie Kirk” and marking individuals as deceased. The breach affected dozens of providers in aged‑care, disability, hospice and community settings, prompting the...
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
Microsoft’s Windows 11 25H2 update consolidates a year’s worth of incremental features and security patches, delivering enhancements such as AI‑driven File Explorer actions, Quick Machine Recovery, and enterprise‑grade Wi‑Fi 7 support. Recent out‑of‑band builds address critical bugs, from Remote Desktop sign‑in...
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
APQC’s new research highlights the critical gap between cybersecurity and enterprise risk management, revealing that only 41 % of organizations have integrated cyber risk into their ERM processes. The study introduces the Cyber‑ERM Integration Index, which measures governance alignment, risk quantification,...
Identity programs still rank remediation like IT tickets, ignoring context. The article argues that true prioritization must treat identity risk as a function of controls posture, hygiene, business impact, and user intent, not just checklist completion. When these factors align,...
Microsoft introduced Windows 365 for Agents, a cloud platform that lets AI agents securely access managed cloud PCs without handling underlying infrastructure. Built on Azure virtual machines, the service leverages Microsoft Intune and Entra ID for device management and identity, offering shared PC...
North Korean state‑backed Lazarus group has been linked to recent Medusa ransomware attacks targeting U.S. healthcare providers. Symantec’s report identifies a Lazarus sub‑unit, possibly Andariel/Stonefly, using the Medusa RaaS platform, which has affected more than 380 organizations since its 2021...
.webp?ssl=1)
A coordinated supply‑chain campaign published four malicious NuGet packages between August 2024, amassing over 4,500 downloads before removal. The lead package, NCryptYo, typosquats the legitimate NCrypto library and installs JIT hooks that drop a hidden payload establishing a localhost proxy....
An Eurojust‑backed international operation dismantled a fraudulent call centre operating from three offices in Dnipro, arresting 11 suspects and seizing more than €400,000 in cash along with electronic equipment. Victims in Latvia and Lithuania reported losses exceeding €160,000 after being...
CrowdStrike’s 2026 Global Threat Report reveals AI‑enabled cyber attacks surged 89% year‑over‑year, making AI systems a prime target for criminals. Prompt‑injection techniques are now being used to subvert AI‑driven security tools, while threat actors exploit vulnerabilities in AI development platforms....
Automated threat‑modeling tools streamline the identification of risks and generate remediation recommendations, reducing the manual effort traditionally required. The article outlines a selection framework that blends business objectives, SDLC alignment, and functional criteria such as data‑ingestion ease, threat‑intel integration, and...
Microsoft announced that its Sovereign Cloud now includes Azure Local disconnected operations, Microsoft 365 Local, and Foundry Local with large‑model support. The new services let enterprises run core infrastructure, productivity suites, and multimodal AI models entirely offline while preserving Azure‑consistent...
The Cybersecurity and Infrastructure Security Agency (CISA) has seen its workforce shrink from roughly 3,400 to under 2,400, with fewer than 1,000 staff actively working amid the current DHS shutdown. Political turmoil—most notably the firing of director Chris Krebs and...
Druva unveiled Deep Analysis Agents as an extension of its DruAI platform, promising to shrink forensic and compliance investigations from days to minutes. The agents leverage the Dru MetaGraph, a graph‑powered data map, to automatically correlate telemetry, logs, identity data, and...
AI‑generated image‑based harm is emerging as a fast‑moving security threat that targets students, employees and the public, causing immediate reputational and emotional damage. Existing moderation tools and legal frameworks struggle to keep pace with synthetic imagery that can be created...
The article walks through configuring DigiCert KeyLocker and the Signing Manager Command‑Line Tool (SMCTL) on Windows, detailing required prerequisites such as the DigiCert ONE API key, client certificate, and administrative rights. It compares four credential‑storage methods—Windows Credential Manager, properties file, temporary and...
SaaS founders must embed identity architecture from day one to avoid the most common breach vectors. A 2025 ReliaQuest study found 44% of cloud workload breaches stem from compromised credentials, underscoring the risk of retrofitting authentication later. Early design choices—separating...
The European Parliament commissioned a study to dissect the European Commission’s Digital Omnibus package released on 19 November 2025. The report separates administrative simplification from substantive changes to safeguards in data protection, privacy, cybersecurity and artificial intelligence. It flags three hot‑button issues...
Operation MacroMaze, a Russia‑linked APT28 campaign, targeted Western and Central European organizations from September 2025 to January 2026. The attackers embedded an INCLUDEPICTURE field in Word documents that fetched a JPG from webhook.site, creating a covert tracking pixel and confirming document opening....
Discord has become a popular channel for corporate collaboration, supporting everything from developer communities to customer‑support servers. Its fast APIs and webhook integrations let teams create functional workspaces in minutes, but the platform also stores years of code snippets, credentials,...
5G introduces a service‑based, cloud‑native architecture that replaces 4G's hardware‑centric design, bringing modular network functions and edge computing. The standard embeds stronger 256‑bit encryption, privacy‑preserving identifiers, and a new authentication protocol to protect user data and device identities. Additional features...
ZeroDayRAT, a Malware‑as‑a‑Service kit, now targets both Android and iOS devices, merging real‑time surveillance with direct financial theft through a browser‑based control panel. The service is marketed on Telegram, with subscriptions ranging from $250 per day to $3,500 per month,...
Maryland’s Department of Labor awarded the Center for Critical Infrastructure Security a Cyber & AI Clinic Grant, part of Gov. Wes Moore’s $4 million AI workforce initiative. The grant funds the launch of the Think Like a CISO Academy, a statewide...
A critical remote code execution vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization with the Ruby Oj library. The flaw allows attackers to craft malicious JSON that triggers object injection, instantiating a Node class whose...
Obsidian Systems has signed an exclusive reseller and implementation agreement with California‑based BlueFlag Security to bring the latter’s identity‑first SDLC protection platform to South African enterprises and the public sector. The partnership targets developer and machine identities, CI/CD pipelines, and...
CrowdStrike’s 2025 Global Threat Report reveals that attacker breakout time fell to an average of 29 minutes, a 65% acceleration from the previous year. The speed of initial intrusion to lateral movement is now measured in seconds for the fastest...
Security researchers have disclosed CVE‑2026‑0714, a high‑severity flaw in Moxa’s UC‑1222A Secure Edition industrial computer. The vulnerability allows an attacker with physical access to the SPI bus to sniff the TPM2_NV_Read command and capture the LUKS full‑disk encryption key in...
Thales has launched the Authenticator Lifecycle Manager, a SaaS solution that centralizes enrollment, replacement, and revocation of FIDO2 security keys across enterprises. The platform offers a single‑pane‑of‑glass dashboard, on‑behalf key registration, granular policy controls, and comprehensive audit logging. By automating...
Data protection authorities from 61 countries issued a joint warning that AI content generation systems, especially those creating realistic images and videos, pose serious privacy and deep‑fake risks. The statement cites recent incidents, such as Grok’s non‑consensual “nudified” images, and...
Enterprises adopting a mobile‑first workstyle expose a new attack surface through the apps employees use daily. Traditional signature‑based defenses lag behind the rapid proliferation of malicious or poorly coded apps in official and third‑party stores. Behavior‑based mobile threat defense and...
Do you have a forward-thinking security strategy to combat weaponized AI? I’m hosting @mikeriemer830, Field CISO at @GoIvanti for a live webinar tomorrow February 24. We’ll cover: ✅ Real-world AI-driven attack patterns ✅ Why kernel-level security matters more than ever ✅ Practical steps to...
CISA’s Binding Operational Directive 26‑02 obliges all federal agencies to inventory, report, decommission, and replace unsupported edge devices such as firewalls, routers, switches, load balancers, and wireless access points. Agencies have three months to identify vulnerable equipment and twelve to eighteen...
Anthropic unveiled Claude Code Security, an AI‑driven tool that scans codebases for vulnerabilities and proposes patches. The system leverages the Claude Opus 4.6 model to reason about data flows and business‑logic errors, reducing false positives through multi‑stage verification. Its launch triggered...
CrowdStrike appoints veteran Joe McPhillips as JAPAC SMB senior director after a year‑long sabbatical. McPhillips brings more than 30 years of cybersecurity experience, previously serving at SentinelOne, Cylance, Symantec, Intel Security, Riverbed and Commvault. He will build and scale the...
The February 24 2026 roundup highlights a surge of cybersecurity openings across North America, Europe, the Middle East, and Asia‑Pacific. Roles span application security, cloud security, product security, and OT/ICS specialties, with many positions emphasizing AI‑driven threat detection and zero‑trust architectures. Companies...
Smarsh deployed an AI‑powered support agent, Archie, on Salesforce Agentforce 360 to create a unified front‑door for regulated‑industry customers. The system lets users describe needs in plain language, routing them to the right solution and reducing navigation friction. Early results...
Kaspersky Lab faces a cascade of Western sanctions that have crippled its European and U.S. operations. Germany’s BSI warning has slashed German sales by roughly 80%, while the U.S. Treasury and Commerce departments have barred Kaspersky products and placed senior...
Nvidia announced expanded partnerships with Akamai, Forescout, Palo Alto Networks, Siemens and Xage to embed AI‑driven security into operational technology (OT) and industrial control systems (ICS). Using Nvidia BlueField DPUs, the collaborations offload security workloads from host CPUs, enabling hardware‑isolated,...
𝗨𝗹𝘁𝗶𝗺𝗮𝘁𝗲 𝗗𝗲𝘃𝗦𝗲𝗰𝗢𝗽𝘀 𝗢𝗽𝗲𝗻-𝗦𝗼𝘂𝗿𝗰𝗲 𝗟𝗶𝗯𝗿𝗮𝗿𝘆✅ One repo covering: • SAST • DAST • Supply Chain • Kubernetes Security • Cloud Guardrails • Policy as Code • DevSecOps Tooling. If you want to understand real production DevSecOps stacks, this is worth saving. Comment “𝗗𝗲𝘃𝗦𝗲𝗰𝗢𝗽𝘀” & I’ll send...
We want to address the inaccuracies in the Financial Times' reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims. https://t.co/0ApCIDNsJT
The UK government’s Digital Service and Innovation Team (DSIT) is moving to curb the use of email attachments by civil servants, urging a shift to cloud‑based file sharing. Ministers highlighted that attachments increase human error and data‑loss risk, and new...
Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security. Read the full piece: The Cybersecurity Challenges of the Supply Chain by @ChuckDBrooks https://t.co/THnR3VKAJx #cybersecurity #technology #supplychain
Yikes. If this is true, then it’s both pretty ingenious and supremely negligent. I wonder what percentage of users have done a code audit of Openclaw. And what other fun ToS-voiding surprises lurk in there.
