Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Open Cybersecurity Schema Framework gains traction as de‑facto standard
The Open Cybersecurity Schema Framework (OCSF) is emerging as a de‑facto standard for describing security events, findings, and context across vendors. Since its 2022 launch, the community has grown to roughly 900 contributors after joining the Linux Foundation, and major cloud and SIEM providers now ship OCSF‑native data. Recent releases add AI‑specific telemetry, expanding its utility for security teams.
Also developing:
By the numbers: Noma Security raises $132M to scale AI agent security platform
Researchers have uncovered a new SmartLoader campaign that distributes a trojanized Oura Health Model Context Protocol (MCP) server to install the StealC infostealer. The malicious server is hosted in fabricated GitHub repositories and submitted to the MCP Market registry, exploiting developer trust in AI‑enabled tooling. Once downloaded, the server drops an obfuscated Lua script that loads SmartLoader, which then harvests credentials, passwords, and cryptocurrency wallet data. The operation marks a shift from targeting casual software pirates to high‑value developer environments.
Recent research uncovers multiple side‑channel attacks that exploit timing, packet‑size, and speculative decoding characteristics of large language model (LLM) services. By monitoring encrypted network traffic, attackers can infer conversation topics with over 90 % precision, fingerprint specific prompts with up to...
Checkmarx announced that its AI‑driven Developer Assist tool is now embedded directly within the AWS Kiro integrated development environment. The integration scans source code and dependencies in real time, surfacing security findings inside the IDE and synchronizing them with the...
In 2026 enterprises are treating data location as a strategic risk rather than a compliance checkbox, prompting a shift toward sovereignty‑first IT service management (ITSM). Traditional cloud‑based ITSM platforms that store data in foreign jurisdictions expose organizations to sudden geopolitical...
Polish authorities detained a 47‑year‑old man suspected of collaborating with the Phobos ransomware group during a joint operation in the Małopolska region. The arrest, part of Europol‑coordinated Operation Aether, yielded computers and phones loaded with stolen credentials, credit‑card data, and server‑access...
PDFs remain the go‑to format for confidential data, yet hidden metadata, annotations, and embedded objects often leak information despite password protection. In 2023, over 400 breach incidents were traced to incomplete redactions or metadata exposure. The guide outlines a six‑step...
Apple introduced end‑to‑end encrypted Rich Communication Services (RCS) messaging in the iOS 26.4 developer beta, extending the feature to iPadOS, macOS and watchOS in future updates. The encryption is currently limited to iPhone‑to‑iPhone conversations and depends on carrier support, with a...
Cloud On Demand and South African backup specialist StorVault have announced a partnership that combines scalable cloud delivery with locally‑grounded, immutable data protection. The joint offering targets ransomware, hardware failures and endpoint vulnerabilities that threaten hybrid workforces, while delivering point‑in‑time...
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
Unit 42’s annual incident‑response report reveals identity abuse now initiates roughly two‑thirds of network intrusions, with social engineering responsible for one‑third of the 750 incidents examined. Compromised credentials, brute‑force attacks and permissive identity policies further fuel the trend, while identity‑related...
Citizen Lab’s forensic analysis uncovered Cellebrite’s phone‑cracking software on Kenyan activist Boniface Mwangi’s device, indicating that state authorities used the tool after his arrest. The evidence shows the phone was unlocked without a password, exposing personal photos, messages, and his...
The Magnet Virtual Summit 2026 runs February 23‑26, featuring over 50 leading experts who will discuss AI, mobile forensics, cloud investigations, deepfakes, eDiscovery, and incident response. The event spotlights the new Magnet One platform, promising faster, AI‑enhanced case building, and...
Internal AI copilots are being deployed across enterprises as search and decision‑aid layers, inheriting every permission granted to users. Their ability to index, retrieve, and combine data from email, file shares, and SaaS tools exposes vast amounts of previously hidden...
Artificial intelligence is reshaping identity management, with machine and AI agents now surpassing human users in many environments. This surge creates a broader attack surface, as each automated identity demands governance yet often appears outside IT‑approved systems. Channel partners are...
![Security Service Edge (SSE) (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
In this brief episode, host Rick Howard defines Security Service Edge (SSE) as a cloud‑centric security architecture that blends the shared responsibility model, vendor‑provided security stacks, and direct network peering with major content providers and their fiber networks. He highlights...
India’s enterprises are boosting cybersecurity spend as multi‑cloud, API‑led ecosystems expand, yet Security Operations Centre (SOC) capacity lags behind. The average data‑breach cost has climbed to ₹22 crore (≈US$2.6 million), highlighting the financial stakes. Tool proliferation generates more alerts, but analyst throughput...
Netrio has been named to CRN’s 2026 Managed Service Provider (MSP) 500 list in the Elite 150 category, highlighting its role as a leading AI‑driven managed IT and cybersecurity provider for mid‑market enterprises. The Elite 150 spot recognizes Netrio’s end‑to‑end...
A malicious fork of the legitimate Triton macOS client was posted on GitHub, masquerading as an official release while embedding a Windows‑only malware payload. The attacker, operating under the account “JaoAureliano,” used a deceptive README and raw asset links to...
Choosing a password manager is now a strategic security decision, not just a convenience tool. While consumer‑focused apps handle basic storage, enterprise‑grade solutions add centralized provisioning, role‑based access, and detailed audit trails. Decision‑makers must evaluate encryption models, zero‑knowledge architecture, MFA...
The episode examines the evolving cyber‑threat landscape of 2026 and its implications for insurance carriers, focusing on rising ransomware, supply‑chain attacks, and AI‑driven exploits. It highlights how insurers must adapt underwriting criteria, pricing models, and claims handling to address more...
The Department of State Services has filed a three‑count criminal charge against former Kaduna governor Nasir El‑Rufai for allegedly intercepting the telephone communications of National Security Adviser Nuhu Ribadu. Prosecutors say El‑Rufai admitted the illegal interception during a televised interview on 13 February 2026,...
A critical remote code execution flaw, CVE‑2026‑1357, has been discovered in the WPvivid Backup & Migration WordPress plugin, affecting over 900,000 active sites. The vulnerability lets unauthenticated attackers upload and run arbitrary PHP files via the plugin’s backup‑receive endpoint, granting...
Frontline and deskless workers comprise roughly 80% of the global labor force, yet traditional identity systems struggle with shared devices, shift changes, and high turnover. Single Sign‑On (SSO) consolidates credentials, cutting password‑reset tickets and speeding up access at shift handovers....
REMnux released version 8, rebuilt on Ubuntu 24.04 LTS, and introduces a new Cast‑based installer that handles fresh deployments, upgrades, and container installs. The highlight is the REMnux MCP server, which implements the Model Context Protocol to connect AI agents with the...
Red Teaming, also known as adversary simulation, pits authorized security experts against an organization’s defenses to expose real‑world attack gaps. By mimicking the full cyber kill chain—from OSINT‑driven reconnaissance to covert data exfiltration—teams reveal weaknesses that traditional scans miss. The...
Forcepoint X‑labs uncovered a new phishing campaign that spoofs the US Social Security Administration to deliver a malicious .cmd script. The script auto‑elevates, disables Windows SmartScreen and Mark‑of‑Web, and leverages Alternate Data Streams to hide before silently installing a compromised...
Livingston HealthCare in Montana announced that its phone system has been fully restored after a recent cybersecurity incident forced the hospital to shut down communications and other network services. The disruption, first reported on Feb. 13, stemmed from a potential...
Freedom of Information (FOI) requests on cybersecurity governance are exposing a stark inconsistency in public‑sector disclosures. Large NHS trusts and other big bodies tend to refuse or invoke national‑security exemptions, while smaller organisations often provide granular details. This uneven approach...
"America is dangerously unprepared for a GPS attack," Adm. Michael Rogers, U.S. Navy (ret.), former commander of the U.S. Cyber Command and director of the National Security Agency. https://t.co/hYWXOZoxEZ
Red Hat has announced the general availability of its own build of Podman Desktop, delivering an enterprise‑grade, secure‑by‑design local container development environment. The offering bridges the long‑standing gap between developers’ laptops and hardened OpenShift clusters, leveraging the same trusted RHEL components....
The BridgePay Network Solutions ransomware attack disrupted the City of Marietta’s online credit‑card processing, halting business‑license payments on February 6, 2026. BridgePay’s forensic review found no payment‑card data was compromised, and the ransomware group remains unidentified. The city is deploying a temporary,...
Credential stuffing attacks are surging as attackers exploit reused passwords harvested from past breaches. The technique is cheap, highly automated, and blends into normal traffic, making detection difficult. Small‑to‑mid‑size businesses, SaaS platforms, and customer‑facing portals are prime targets because they...
Washington Hotel, a Japanese hospitality chain with 30 properties and 11,000 rooms, disclosed a ransomware breach on February 13, 2026 that compromised business data on its servers. The hotel immediately isolated the affected systems, formed an internal task force and enlisted police,...
The Model Context Protocol (MCP) was introduced as a universal interface that lets AI agents tap into enterprise data and services. In practice, the protocol has become a lightning rod for privacy breaches: a rogue MCP server harvested WhatsApp chats...
Eurail B.V., the Dutch operator of European rail passes, confirmed that data stolen in a breach earlier this year is now being offered for sale on the dark web. A threat actor also posted a sample of the compromised records...
A new social‑engineering campaign uses a fake Cloudflare‑style CAPTCHA to trick Windows users into pasting a malicious PowerShell command. The clipboard‑to‑run technique launches the fileless StealC malware, which injects reflective shellcode into svchost.exe and exfiltrates browser credentials, cryptocurrency wallets, Outlook...
Attackers are actively exploiting CVE‑2026‑1731, an unauthenticated OS command injection flaw in self‑hosted BeyondTrust Remote Support and Privileged Remote Access appliances. The vulnerability enables remote code execution, allowing threat actors to run commands as SYSTEM, install the SimpleHelp RMM tool,...
Indian firms WAISL and GRAMAX have created AeroWise, an AI‑driven airport predictive operation centre that blends digital‑twin technology with embedded cyber‑security. The solution includes miniature physical models of terminals, runways and ancillary systems that can be “war‑gamed” to visualize attack...
Virtual IT Group has appointed Maurice McCarthy, a former Optus customer‑success director, as its new chief executive officer, succeeding founder Christian Pacheco. McCarthy brings 25 years of telecom leadership and will focus on client outcomes, service reliability, and responsible AI integration. Pacheco transitions...
State and local governments are shifting from perimeter‑based defenses to an identity‑first security model, as highlighted in the State CIO Top 10 Priorities for 2026. The article argues that who a user—or nonhuman account—is matters more than where they connect,...
Control system upgrades are back on plant executives' agendas as new capital budgets roll out for the year. The article highlights three primary risks of aging automation: hardware failure, cybersecurity vulnerabilities, and the erosion of tribal knowledge. It urges decision‑makers...
Plant managers face pressure to refresh aging control systems as new capital budgets roll out. Older PLCs and DCS platforms expose facilities to hardware failures, heightened cybersecurity vulnerabilities, and loss of tribal knowledge. Experts recommend a ten‑year upgrade cadence to...
Hudson Rock reported the first in‑the‑wild incident of an infostealer stealing OpenClaw configuration files. The malware, identified as a Vidar variant, exfiltrated files such as openclaw.json, device.json, and soul.md on February 13, 2026, revealing API tokens, private keys, and personal data. These...
As AI Agents Take on Tasks in the Real World, New Risks Emerge By 2026, human website visits drop 20% while machine-initiated traffic surges 40%. Zero-click economy emerging where personal AI negotiates on your behalf. Banks must authenticate agents, not just...
⏳ Data stolen today will be cracked tomorrow. Post-Quantum Cryptography (PQC) isn't a "next year" problem—it’s a multi-year migration that starts now. I’m looking for "Crypto Agility" on the floor at #RSAC2026. Are you ready for the Q-Day countdown? https://t.co/6PIC4o7OmO #QuantumSecurity...
Telefónica Tech is launching a unified digital identity platform for Spain’s insurance sector, enabling secure, self‑sovereign access to digital services. The initiative builds on a 2023 European trial and integrates cloud, IoT, big‑data and blockchain capabilities. Partnering with the insurance...
The Milano Cortina 2026 Winter Olympics will see mobile devices become the primary attack surface, mirroring the digital surge seen at Paris 2024 where billions engaged via apps and streaming. Cybercriminals are already deploying Olympic‑themed phishing, fake ticketing sites, malicious apps and QR‑code...
OysterLoader, a C++‑based multi‑stage malware loader also known as Broomstick and CleanUp, has been updated through early 2026 with enhanced command‑and‑control infrastructure and obfuscation techniques. The loader now employs a three‑step HTTP/HTTPS handshake, custom Base64 alphabets, and a modified LZMA...
IT integrator Ailanto announced a sovereign cloud service for Swiss organizations built on Cubbit’s DS3 Composer software‑defined object storage. The offering launches with 1 PB of capacity hosted in Swiss‑based data centres and will expand later in 2026. It provides S3‑compatible,...
South African law firms face steep financial and reputational losses from IT downtime, with a single hour costing an average R360,000 for a 20‑person practice and up to R6.5 million for larger firms. The article distinguishes disaster recovery (DR) from simple...
