Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Open Cybersecurity Schema Framework (OCSF) emerges as de‑facto standard for security data
Since its 2022 launch, OCSF has attracted roughly 900 contributors and is now supported by major cloud and SIEM vendors. Recent updates introduce AI‑specific telemetry, helping security teams standardize event and finding data across products.
Also developing:
By the numbers: Noma Security raises $132M to expand AI agent security platform
Google’s Threat Intelligence Group released a new report detailing how adversarial AI is increasingly weaponized against enterprises. The study highlights a surge in model‑extraction attacks, where threat actors query commercial LLMs like Gemini to create compact replicas, and documents AI‑enhanced malware such as HONESTCUE that generates code on‑the‑fly. State‑linked actors from North Korea, Iran, China and Russia are also leveraging generative tools for sophisticated phishing and OSINT operations. Google responded by disabling offending accounts, tightening its Secure AI Framework, and sharing indicators with the security community.
Bell Cyber and Radware have launched an AI‑driven, cloud‑delivered security service that merges Radware’s machine‑learning application protection with Bell Cyber’s fully managed SOC operations. The offering safeguards web applications, APIs, bots and DDoS attacks for ERP and SaaS environments while...
Two former Google engineers and a spouse were indicted for allegedly stealing trade secrets related to Google’s Tensor processor and other hardware designs, then transferring the data to Iran. The defendants used personal devices, messaging channels, and manual photographs to...
AI Risk tool, a browser‑only privacy layer, anonymises sensitive data before it reaches any generative AI model. The solution runs entirely client‑side, ensuring no text is transmitted, stored, or tracked on external servers. By eliminating the need for accounts, it...
The U.S. Department of Health and Human Services Office for Civil Rights settled with Top of the World Ranch Treatment Center after a phishing attack exposed ePHI for 1,980 patients. OCR fined the provider $103,000 and imposed a two‑year corrective...
Thomas Peer Solutions has teamed with Wasabi to deliver immutable cloud‑based backups that protect enterprise data against ransomware and other disruptions. CEO Udara Dharmadasa emphasizes selling the solution to C‑suite executives by framing it in terms of risk mitigation, ROI...
A new phishing campaign is leveraging the OAuth 2.0 device authorization grant to sidestep Microsoft 365 multi‑factor authentication. Attackers send emails that appear to reference payments, bonuses or voicemails, then direct recipients to a genuine Microsoft login page where a...
Law firms rely on WordPress sites for client intake, branding, and confidential communications, making website continuity critical. The article outlines a practical backup strategy, recommending daily off‑site backups using plugins such as UpdraftPlus, BackupBuddy or BlogVault, and storing copies in...
GitLab announced that the GPG key used to sign its Omnibus packages will now expire on February 16, 2028, extending the previous 2026 deadline. The key, which authenticates package integrity across CI pipelines, remains separate from repository metadata signing keys...
These 4 critical AI vulnerabilities are being exploited faster than defenders can respond | ZDNET https://t.co/e0SyjsSpBv
Federal agencies are increasingly turning to Security as a Service (SECaaS) to maintain cyber defenses amid staffing cuts and the recent shutdown. The Navy, VA, Energy, Justice and Homeland Security rely on FedRAMP‑authorized AWS and Azure tools such as GuardDuty,...
Chiplet technology is reshaping semiconductor design by allowing modular, mix‑and‑match silicon components, accelerating AI data‑center and autonomous‑vehicle development. However, the distributed manufacturing model creates new supply‑chain vulnerabilities, as a single compromised chiplet can introduce hardware Trojans that affect entire systems....
Meriden, Connecticut, temporarily shut down its municipal internet and public Wi‑Fi after detecting an attempted cyber disruption. The city’s IT department isolated the network within minutes, limiting impact to non‑essential municipal operations while emergency services remained functional. Police have opened...
The National Security Agency has issued a two‑phase Zero Trust Implementation Guidelines to help organizations adopt zero‑trust architecture in line with Department of Defense standards. The guidance details specific activities and requirements, acknowledging that implementation can be resource‑intensive and costly....
Dark Reading reported that the npm package for Cline version 2.3.0 was compromised, causing it to silently download the OpenClaw tool during an eight‑hour window. The breach stemmed from a prompt‑injection flaw that allowed an attacker to steal release tokens and...
ATM jackpotting has shifted from a security demo to a lucrative crime, with hackers now pulling millions from cash dispensers. The FBI reports over 700 attacks in 2025 alone, netting at least $20 million in stolen cash. The primary tool, Ploutus...
Cybersecurity stocks have lagged behind the broader software sector this year, with the Amplify Cybersecurity ETF down 4.8% while the S&P 500 barely rose. Jefferies analyst Joseph Gallo argues the sell‑off is overstated, pointing to rising AI‑driven threat vectors and strong...
Mycroft, a Canadian AI‑driven cybersecurity startup, has surpassed 100 B2B customers and is approaching $2 million CAD in ARR after a $3.5 million USD seed round. Founder Mike Kim built the platform as a virtual CISO, using AI agents to automate policy...
The U.S. National Institute of Standards and Technology (NIST) has launched the AI Agent Standards Initiative under the Center for AI Standards and Innovation (CAISI) to develop industry‑led standards for autonomous AI agents. The effort aims to cement U.S. leadership,...
Google is reportedly developing a third‑generation Titan M security coprocessor, dubbed Titan M3, for its upcoming Tensor G6 chipset, internally codenamed “Google Epic.” Leaked internal listings reference firmware named “longjing,” suggesting the chip is in early development. The move appears aimed at narrowing...
Veteran CISOs are urged to abandon technical dashboards and become business risk leaders who speak the board’s language. By translating security concepts into revenue‑impact terms, aligning initiatives with corporate growth plans, and quantifying cyber risk in monetary values, they secure...
Windows 11’s privacy controls are dispersed across multiple menus, forcing users to hunt through dozens of toggles to limit data collection. The operating system still enables telemetry by default, and many settings only reduce—not eliminate—Microsoft’s tracking. Users and tech writers are...
The White House announced that future U.S. cyber responses will be directly linked to specific adversary actions and will involve close coordination with state and local governments as well as private‑sector operators of critical infrastructure. The approach will be codified...
HHS is intensifying its focus on third‑party vendor security after the 2024 Change Healthcare ransomware attack, which exploited a remote‑access portal lacking multifactor authentication and exposed the data of about 190 million individuals. The breach threatened the liquidity of the entire...
The Office of the National Cyber Director announced that the Trump administration will accelerate the deployment of AI-driven cyber defensive tools while safeguarding against expanded attack surfaces. Principal Deputy Assistant Cyber Director Alexandra Seymour said the effort will be coordinated...
The article introduces a “Patching as Code” framework that automates Unix security updates across hybrid‑cloud environments by containerizing the patching toolchain and driving it through a CI/CD pipeline. A CSV‑based schedule stored in Git triggers a Python controller that launches...
INTERPOL’s Operation Red Card 2.0, conducted from Dec 8 2025 to Jan 30 2026, resulted in 651 arrests across 16 African nations and the seizure of more than $4.3 million. The eight‑week crackdown exposed scams responsible for roughly $45 million in losses and identified 1,247 victims worldwide....
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
Urenco, a global uranium enrichment firm, faced fragmented, manual controls for removable media and file transfers across its air‑gapped nuclear facilities. To achieve consistent security, it deployed OPSWAT’s MetaDefender platform, routing all devices through centralized, zero‑trust inspection checkpoints. The solution...
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
Next Dimension has entered a strategic partnership with Todyl to migrate its managed security services onto Todyl’s cloud‑native platform, unifying SIEM, EDR and MXDR under a single console. The integration replaces fragmented toolsets with AI‑driven, contextual case management, cutting investigation...
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
The FBI disclosed that the Chinese state‑backed group Salt Typhoon infiltrated dozens of telecom operators worldwide, exfiltrating data from over a million Americans. The hackers accessed U.S. lawful‑intercept systems, targeting communications of senior officials in a campaign that began at least...
Mobile device management (MDM) policies are now a core governance tool for protecting data across corporate, BYOD, and hybrid workforces. The guide outlines five essential steps—defining purpose, engaging stakeholders, drafting usage rules, setting enforcement, and ongoing review—to build a robust...
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
Federal agencies are rapidly integrating artificial intelligence, prompting heightened focus on securing the underlying data and systems. Zscaler’s Federal Field CTO Chad Tetreault outlined the evolving AI threat landscape, highlighting supply‑chain vulnerabilities, data‑poisoning, prompt‑injection, and emerging agentic AI risks. He...
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
Palo Alto Networks CEO Nikesh Arora told investors AI will drive, not diminish, cybersecurity demand. He argued AI expands attack surfaces, creating new risk categories that require robust security solutions. The company posted 15% year‑over‑year revenue growth to $2.6 billion and...
Palo Alto Networks marked the two‑year anniversary of its platformization strategy, a move that initially sank its stock but has since become an industry standard. CEO Nikesh Arora highlighted a “flywheel” effect as new customers consolidate tools onto Palo Alto’s...
The UK Court of Appeal upheld the Information Commissioner’s Office decision to fine Currys Group Ltd (formerly DSG Retail) £500,000 for failing to protect personal data after a 2017‑18 cyber‑attack. The ruling confirms that organisations must safeguard all personal data,...
Enterprises are seeing risk migrate from downstream system failures to upstream decision‑making as software adoption cycles shrink. Identity and access management, once a gatekeeper for core systems, now sits at the top of the IT stack, shaping workflows, roles, and...
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
Best Western hotels in Sweden, Denmark and Norway suffered a data breach that exposed guest names, check‑in dates, email addresses and phone numbers. Cybercriminals are now using the stolen details to launch phishing attacks via WhatsApp and SMS, directing victims...
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
Markel announced a partnership with cyber‑security firm Upfort to extend AI‑driven protection tools to eligible U.S. cyber‑insurance policyholders. The collaboration introduces the Upfort Shield platform and an endpoint detection and response (EDR) solution with behavioural analytics. Markel says the offering...
Adronite announced a $5 million Series A round led by Gatemore Capital Management, appointing Gatemore’s Liad Meidar as board chair. The funding will accelerate development of its AI‑powered platform that scans entire software codebases across more than 20 languages, delivering deterministic, explainable...
A new State of Financial Crime 2026 report from ComplyAdvantage reveals that financial institutions are falling behind AI‑enabled criminal networks. Over 600 senior compliance leaders reported 99% detection weaknesses, with only 33% employing AI for core AML functions and manual...
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
