Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Meta halts partnership with Mercor after breach exposes AI training data
Meta announced an indefinite pause on all collaborations with data‑contracting firm Mercor after a breach leaked proprietary training datasets. The leak prompted AI leaders such as OpenAI and Anthropic to reassess their relationships with Mercor, citing risks to competitive intelligence.
Also developing:
By the numbers: Noma Security raises $132M growth‑stage funding
Property agents are being warned that manual identity checks expose them to sophisticated scams. SmartSearch reports that 54% of verification checks remain manual, leaving gaps for AI‑generated IDs and deepfake documents. A recent survey of 1,000 decision‑makers shows fraud incidents rising, with 70% of estate agents noting increased fraud and over half encountering fake IDs. The firm urges a shift to digital verification to meet regulatory duties and protect both businesses and consumers.
A KnowBe4 report reveals human‑related security incidents surged 90% in 2025, driven largely by social‑engineering attacks and employee error. Email‑based threats grew 57%, with 64% of organizations hit by external attacks exploiting staff inboxes. Human mistakes affected 90% of firms,...
A GetReal Security survey reveals that 41 % of IT, cybersecurity, risk and fraud leaders admit their firms have hired and onboarded a fraudulent candidate, underscoring AI‑driven identity attacks’ real‑world impact. The same study shows 88 % of organizations encounter deep‑fake or...
In this episode, Johannes Ulrich highlights three emerging threats: Japanese-language phishing campaigns that bypass English‑centric defenses, AI agents that ignore security guardrails and inadvertently expose data or make unauthorized changes, and the Starkiller phishing framework which proxies real login pages...
Ethereum co‑founder Vitalik Buterin proposed using transaction simulations to boost wallet and smart‑contract security. He argues that showing users a preview of on‑chain consequences lets them confirm intent before execution. The approach pairs simulations with spending limits and multisig approvals...
HYPR has launched a context‑based attestation framework to strengthen identity verification across hiring, onboarding, and account recovery. The method layers traditional document, location, and biometric checks with internal role data, workflow cues, calendar events, and peer validations. By continuously cross‑referencing...
This is an emerging fraud. Everything looks legit, until you realize that it isn’t. @garrett_makes you should add a domain creation born on date search to do domain verification.
IBM’s Chief Architect Devan Shah outlines how the company’s OnePipeline platform now supports over 450 developers by shifting from Travis CI to Tekton and Argo CD, trading longer build times for automated security scans. He details the internal AI coding assistant...
Elliptic reports North Korea stole a record $2 billion in cryptocurrency in 2025, pushing its total illicit haul past $6 billion and financing the regime’s weapons programs. The ByBit breach, which yielded $1.46 billion, saw more than $1 billion laundered within six months via...
In this episode, host David Ruiz talks with Malwarebytes senior social media manager Zach Hinkle and content creator MinJi Pae about the sudden technical glitches on TikTok after its ownership transferred to American stewards, which many users interpreted as censorship of...
Can AI replace security platforms? I asked Claude to build a CrowdStrike replacement. Claude: "I have to be straightforward: building a replacement for CrowdStrike isn't something I can do here. CrowdStrike is a massive platform built by thousands of engineers over...
The University of Mississippi Medical Center (UMMC) suffered a ransomware attack on February 19 that crippled its Epic EHR, IT network, and phone systems, forcing the shutdown of nearly 30 clinics and a shift to paper‑based documentation. Vice Chancellor LouAnn...
Imagine waking up to find your AI agent has hacked Uniswap v3. 🤣 Kain explores potential mishaps that could arise from AI-driven crypto audits 👇 #artificialintelligence #crypto #openclaw
‼️US Cybersecurity stocks are getting CRUSHED by AI fears: CrowdStrike fell -8.0% on Friday, Cloudflare -8.1%, Okta -9.2%, and SailPoint -9.4% after Anthropic unveiled a new Claude AI security tool that scans codebases for vulnerabilities and suggests patches. The Cybersecurity ETF, $BUG,...
A cache‑deception flaw was found in SvelteKit applications deployed on Vercel, where the `__pathname` query parameter can override request paths and cause private API responses to be cached as public assets. The vulnerability affects any route under `/_app/immutable/`, which Vercel...
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one https://t.co/tVaHZLzT8E "For four weeks starting January 21, Microsoft's Copilot read and summarized confidential emails despite every sensitivity label and DLP policy telling it not...
RT Data Privacy Week is over. Lawsuits, breaches, and AI experiments don't pause the other 51 weeks of the year. Privacy is now a leadership accountability issue, not a back office task. #CIO #CMO #CISO #DataPrivacy @Star_CIO https://t.co/Naq82FuMWZ
The episode presents ChatDetector, a novel LLM‑empowered system for detecting misuse of resource‑management APIs (RM‑APIs) in open‑source software. By leveraging a ReAct‑inspired chain‑of‑thought prompting framework and cross‑validation techniques, ChatDetector overcomes LLM hallucinations to accurately extract allocation/release API pairs and constraints,...
Finding Security Bugs in Code With AI Chatbots and Agents 🤖🦊 Although you can't trust code written by an AI chatbot or model you can use one to help you better secure your code https://t.co/mhQJgBlHPe https://t.co/VO48Wro7LJ
A new POLITICO poll reveals that citizens in the United States, Canada and other key NATO allies overwhelmingly consider cyberattacks on hospitals to be acts of war. Despite this public sentiment, NATO’s official response remains measured, emphasizing diplomatic channels and...
The Security Affairs Malware Newsletter Round 85 aggregates the latest research and incident reports on global malware threats. Highlights include new Android threats like Ninja Browser, Lumma Infostealer, PromptSpy and Phantom Trojans, a surge in ATM jackpotting across the U.S., and...
The hospitality sector faced three data breaches this week. Choice Hotels International disclosed a social‑engineering attack that accessed franchisee and applicant records, including names and Social Security numbers, despite multi‑factor authentication. Wynn Resorts is alleged to have had 800,000 employee...
Security researchers at Veracode uncovered a malicious NPM package named buildrunner-dev that exploits a typosquatting trick to mimic the legitimate buildrunner tool. The package drops a massive batch script that conceals its true commands among random text and then downloads...
Agentic AI is rapidly entering the travel sector, automating itinerary management and personalizing experiences. However, its ability to process massive volumes of sensitive travel data introduces new security vulnerabilities. Experts stress encryption, strict access controls, continuous behavior monitoring, and compliance...
How can a company like @TIBCO win in the age of AI? Was just reading about their current market strategy and risk. I was involved with a TIBCO project while implementing a tax solution at a Fortune 1000 company. Focus...
Figure Technology Solutions, the largest non‑bank home‑equity lender, disclosed a data breach affecting roughly 967,000 customer accounts. The breach resulted from a social‑engineering (vishing) attack on a single employee, allowing the ShinyHunters group to exfiltrate personal identifiers such as names,...
Most people see the 🔒 in the browser, but few think about the engineering behind it. Here’s the real difference: HTTP (Port 80) The postcard Data travels as plain text Anyone on the same network can read credentials or session tokens Okay for local testing. Dangerous in...
Things Are Getting Wild: Re-Tool Everything for Speed The compounding set of changes we are experiencing in cybersecurity is deeply concerning. But this is a transition point. We should be short term pessimistic about the risks we face. At the same...
Intellexa’s Predator spyware can silently record iPhone camera and microphone feeds by hijacking iOS 14’s SpringBoard UI layer. Using a kernel‑level hook called HiddenDot::setupHook, the malware nullifies the SBSensorActivityDataProvider, preventing the green and orange privacy dots from ever lighting up. Jamf’s...
The author warns that AI is reshaping cybersecurity, creating a tidal wave of new software‑generated vulnerabilities while simultaneously giving attackers tools to industrialize exploits. Simultaneously, AI‑generated content erodes trust, making authenticity a critical challenge. Enterprises must build a robust agentic...
Researchers at EPFL and KIT introduced DUMPLING, a fine‑grained differential fuzzer that instruments JavaScript engines rather than the input code. By extracting detailed execution state dumps from both interpreted and JIT‑compiled paths, DUMPLING can spot subtle divergences that traditional fuzzers...
Smart glasses and covert filming. Are they a real privacy concern? https://t.co/TehOK0XVKI via @YouTube #smartglasses #glass #AR #privacy #CyberSecurity #CyberSec @sonu_monika @enilev @Jagersbergknut @TysonLester @chidambara09 @labordeolivier @BetaMoroney @tlloydjones @Nicochan33 @jeancayeux @RLDI_Lamy @pierrepinna @pierrecappelli @pchamard @JeromeMONANGE @thierry_pires @MaiaGabunia @amalmerzouk @NewsNeus @mary_gambara @PawlowskiMario...
The Polymarket oracle issue highlighted by Vitalik Buterin Oracle disaster: Russia-Ukraine market bet on city control. Oracle = ISW's X account maps. Account got hacked, fake map showed Russian control of train station, triggered $1.3M in payouts at 33,000% returns. One...
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports,...
AI Polymorphic Threats Are Forcing A Rethink Of Cybersecurity by @ChuckDBrooks https://t.co/bLFH7errME #cybersecurity #ai #tech @Forbes
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
Discord’s new age‑verification system, powered by identity vendor Persona, has a critical frontend exposure. Security researchers discovered that verification components are reachable on the public web, potentially revealing users’ age‑related data. The flaw adds urgency to Discord’s 2026 compliance roadmap,...
Decentralized identity platform IoTeX confirmed a breach of one of its token safes, with on‑chain analyst Specter estimating losses around $4.3 million across USDC, USDT, IOTX and WBTC. The project’s team is working with major exchanges and security partners to trace...
Microsoft Teams chat can be monitored using native Microsoft 365 compliance features and third‑party solutions. Monitoring requires an E5 license or an E3 plan with the E5 Compliance add‑on, after which admins enable communication‑compliance, assign roles, and create policies. Tools such...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws—CVE-2025-49113, a deserialization bug with a 9.9 CVSS score, and CVE-2025-68461, an SVG‑based XSS issue scoring 7.2—target...
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
The explosion of IoT and IIoT devices—projected at 200 billion—has dramatically widened the cyber‑attack surface, prompting organizations to treat security as a core priority. A recent Gartner study shows cybersecurity now eclipses AI and cloud as the top CIO spend, fueling...
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
The post outlines how AI is reshaping the WordPress ecosystem, from a flood of AI‑generated plugins that introduce new security risks to the need for large‑scale audit infrastructure. It advises agencies to pivot from billable hours to outcome‑based pricing, leveraging...
Didier Stevens announced on 21 February 2026 the release of rtfdump.py version 0.0.15. The update specifically fixes a bug in the –yarastrings option, restoring reliable extraction of YARA strings from RTF files. The release package is available for download and...
The episode examines how recent large‑scale cloud outages are forcing insurers and risk managers to rethink cyber policy language around third‑party vendor failures. Experts discuss coverage gaps, underwriting hurdles, and new claims handling approaches to avoid disputes and ensure clients...
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence...
The Office of Management and Budget has withdrawn the mandatory software bill of materials (SBOM) requirement, replacing it with a risk‑based menu of options for federal agencies. This shift moves compliance from a prescriptive checklist to agency‑driven risk assessment, granting...
Texas Attorney General Ken Paxton sued Temu, alleging the discount marketplace operates as Chinese Communist spyware that harvests user data for the Chinese government. The lawsuit targets PDD Holdings, accusing it of deceptive marketing and seeking substantial civil penalties. It...
AdGuard is offering its Family Plan as a lifetime subscription for $15.97 through February 22, covering up to nine devices. The deal bundles enterprise‑grade ad blocking, tracker suppression, malware and phishing protection, and built‑in parental controls. Users receive continuous updates without...
