🎯Today's Cybersecurity Pulse
Updated 55m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Feb 24, 2026
How Discord Can Expose Corporate Data
Discord has become a popular channel for corporate collaboration, supporting everything from developer communities to customer‑support servers. Its fast APIs and webhook integrations let teams create functional workspaces in minutes, but the platform also stores years of code snippets, credentials, and customer data. Recent disclosures of the VVS Stealer malware show how attackers can steal Discord tokens and inject malicious code to hijack entire sessions. The article outlines why a single compromised Discord account can expose critical business information and offers mitigation steps.
By Security Boulevard
News•Feb 24, 2026
5G Security: Everything You Should Know for a Secure Network
5G introduces a service‑based, cloud‑native architecture that replaces 4G's hardware‑centric design, bringing modular network functions and edge computing. The standard embeds stronger 256‑bit encryption, privacy‑preserving identifiers, and a new authentication protocol to protect user data and device identities. Additional features...
By TechTarget SearchERP
News•Feb 24, 2026
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT, a Malware‑as‑a‑Service kit, now targets both Android and iOS devices, merging real‑time surveillance with direct financial theft through a browser‑based control panel. The service is marketed on Telegram, with subscriptions ranging from $250 per day to $3,500 per month,...
By GBHackers On Security
News•Feb 24, 2026
Center for Critical Infrastructure Security Awarded Maryland Cyber & AI Clinic Grant
Maryland’s Department of Labor awarded the Center for Critical Infrastructure Security a Cyber & AI Clinic Grant, part of Gov. Wes Moore’s $4 million AI workforce initiative. The grant funds the launch of the Think Like a CISO Academy, a statewide...
By Homeland Security Today (HSToday)
News•Feb 24, 2026
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A critical remote code execution vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization with the Ruby Oj library. The flaw allows attackers to craft malicious JSON that triggers object injection, instantiating a Node class whose...
By GBHackers On Security
News•Feb 24, 2026
New Partnership Targets Software Supply Chain Vulnerabilities in South Africa
Obsidian Systems has signed an exclusive reseller and implementation agreement with California‑based BlueFlag Security to bring the latter’s identity‑first SDLC protection platform to South African enterprises and the public sector. The partnership targets developer and machine identities, CI/CD pipelines, and...
By IT News Africa
News•Feb 24, 2026
CrowdStrike Says Attackers Are Moving Through Networks in Under 30 Minutes
CrowdStrike’s 2025 Global Threat Report reveals that attacker breakout time fell to an average of 29 minutes, a 65% acceleration from the previous year. The speed of initial intrusion to lateral movement is now measured in seconds for the fastest...
By CyberScoop
News•Feb 24, 2026
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers have disclosed CVE‑2026‑0714, a high‑severity flaw in Moxa’s UC‑1222A Secure Edition industrial computer. The vulnerability allows an attacker with physical access to the SPI bus to sniff the TPM2_NV_Read command and capture the LUKS full‑disk encryption key in...
By GBHackers On Security
News•Feb 24, 2026
Master Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager
Thales has launched the Authenticator Lifecycle Manager, a SaaS solution that centralizes enrollment, replacement, and revocation of FIDO2 security keys across enterprises. The platform offers a single‑pane‑of‑glass dashboard, on‑behalf key registration, granular policy controls, and comprehensive audit logging. By automating...
By Security Boulevard
News•Feb 24, 2026
AI Content Generation Systems Face Global Pressure Over Privacy and Deepfake Risks
Data protection authorities from 61 countries issued a joint warning that AI content generation systems, especially those creating realistic images and videos, pose serious privacy and deep‑fake risks. The statement cites recent incidents, such as Grok’s non‑consensual “nudified” images, and...
By The Cyber Express
News•Feb 24, 2026
The Growing Risk of Malicious Apps in a Mobile-First Workplace
Enterprises adopting a mobile‑first workstyle expose a new attack surface through the apps employees use daily. Traditional signature‑based defenses lag behind the rapid proliferation of malicious or poorly coded apps in official and third‑party stores. Behavior‑based mobile threat defense and...
By Security Boulevard
News•Feb 24, 2026
Binding Operational Directive 26-02 Sets Deadlines for Edge Device Replacement
CISA’s Binding Operational Directive 26‑02 obliges all federal agencies to inventory, report, decommission, and replace unsupported edge devices such as firewalls, routers, switches, load balancers, and wireless access points. Agencies have three months to identify vulnerable equipment and twelve to eighteen...
By Help Net Security
News•Feb 24, 2026
What Is Claude Code Security? The New Anthropic AI Tool that Wiped Billions Off Cybersecurity Stocks
Anthropic unveiled Claude Code Security, an AI‑driven tool that scans codebases for vulnerabilities and proposes patches. The system leverages the Claude Opus 4.6 model to reason about data flows and business‑logic errors, reducing false positives through multi‑stage verification. Its launch triggered...
By Mint â Technology (India)
News•Feb 24, 2026
CrowdStrike Hires Joe McPhillips
CrowdStrike appoints veteran Joe McPhillips as JAPAC SMB senior director after a year‑long sabbatical. McPhillips brings more than 30 years of cybersecurity experience, previously serving at SentinelOne, Cylance, Symantec, Intel Security, Riverbed and Commvault. He will build and scale the...
By ARN (Australia)
News•Feb 24, 2026
Cybersecurity Jobs Available Right Now: February 24, 2026
The February 24 2026 roundup highlights a surge of cybersecurity openings across North America, Europe, the Middle East, and Asia‑Pacific. Roles span application security, cloud security, product security, and OT/ICS specialties, with many positions emphasizing AI‑driven threat detection and zero‑trust architectures. Companies...
By Help Net Security
News•Feb 24, 2026
How Smarsh Built an AI Front Door for Regulated Industries — and Drove 59% Self-Service Adoption
Smarsh deployed an AI‑powered support agent, Archie, on Salesforce Agentforce 360 to create a unified front‑door for regulated‑industry customers. The system lets users describe needs in plain language, routing them to the right solution and reducing navigation friction. Early results...
By VentureBeat
News•Feb 24, 2026
Russia's Kaspersky Fights Western Sanctions
Kaspersky Lab faces a cascade of Western sanctions that have crippled its European and U.S. operations. Germany’s BSI warning has slashed German sales by roughly 80%, while the U.S. Treasury and Commerce departments have barred Kaspersky products and placed senior...
By bne IntelliNews
News•Feb 24, 2026
Nvidia Lines up Partners to Boost Security for Industrial Operations
Nvidia announced expanded partnerships with Akamai, Forescout, Palo Alto Networks, Siemens and Xage to embed AI‑driven security into operational technology (OT) and industrial control systems (ICS). Using Nvidia BlueField DPUs, the collaborations offload security workloads from host CPUs, enabling hardware‑isolated,...
By Network World (sitewide)
News•Feb 24, 2026
Government Looks to Clamp Down on Email Attachments Through ‘Cultural Change, Guidance and Technological Solutions’
The UK government’s Digital Service and Innovation Team (DSIT) is moving to curb the use of email attachments by civil servants, urging a shift to cloud‑based file sharing. Ministers highlighted that attachments increase human error and data‑loss risk, and new...
By PublicTechnology.net (UK)
Blog•Feb 24, 2026
GyroidOS Virtualization Solution Aims to Secure Embedded Devices, Ease Cybersecurity Certification
GyroidOS, an open‑source multi‑architecture OS‑level virtualization platform maintained by Fraunhofer AISEC, isolates guest operating‑system stacks on a single Linux kernel using namespaces, cgroups and capabilities. The solution targets embedded devices and integrates hardware‑root‑of‑trust features such as secure boot, TPM‑linked disk...
By CNX Software – Embedded Systems News
News•Feb 24, 2026
Enhancing Security and Transparency: Introducing Private Notifications for Fastly Maintenance and Incidents
Fastly is rolling out private notifications for security‑related maintenance and incidents, delivered through an SSO‑protected status page and direct Slack alerts. The new system provides service‑specific, detailed updates that remain hidden from the public internet, mitigating information‑leak risks. Integration with...
By Fastly – DevOps (Category)
News•Feb 23, 2026
Android Mental Health Apps with 14.7M Installs Filled with Security Flaws
Security firm Oversecured scanned ten Android mental‑health apps with more than 14.7 million combined installs and uncovered 1,575 vulnerabilities. The flaws include 54 high‑severity and 538 medium‑severity issues such as insecure intent handling, plaintext API keys, and weak random number generation....
By BleepingComputer
News•Feb 23, 2026
More Than Dashboards: AI Decisions Must Be Provable
Enterprise leaders are demanding proof of what AI systems actually did, not just what they were designed to do or what dashboards report. As AI moves into regulated, high‑risk environments, boards and auditors expect decision‑level evidence for each action. The...
By Dark Reading
News•Feb 23, 2026
Sharon AI, Cisco and NVIDIA Bring AI Factory to Australia
Sharon AI, Cisco and NVIDIA are launching Australia’s first Cisco Secure AI Factory, a sovereign AI infrastructure that keeps data and processing within the country. The facility will run on Cisco UCS servers, Nexus Hyperfabric, and 1,024 NVIDIA Blackwell Ultra...
By ARN (Australia)
News•Feb 23, 2026
Microsoft Quietly Changed How BitLocker Works — and It Could Lock You Out of Your Own PC
Microsoft’s Windows 11 24H2 update now activates BitLocker automatically during the out‑of‑box experience when a Microsoft account, TPM 2.0, and Secure Boot are present. The encryption starts silently, using the same engine as the Pro‑only BitLocker but without visible controls on Home devices. Because...
By MakeUseOf
News•Feb 23, 2026
Spain Arrests Suspected Hacktivists for DDoSing Govt Sites
Spanish Civil Guard arrested four alleged members of the hacktivist group Anonymous Fénix, accused of orchestrating DDoS attacks on government ministries, political parties, and public institutions in Spain and South America. The campaign intensified after the October 2024 Valencia floods, with...
By BleepingComputer
_roibu_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
News•Feb 23, 2026
Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
Iran‑linked APT MuddyWater has escalated its campaign, dubbed Operation Olalampo, against organizations in the Middle East and Africa. The group continues to rely on spear‑phishing but also began exploiting public‑facing servers, delivering several previously unseen malware strains such as the...
By Dark Reading
News•Feb 23, 2026
Your Home Assistant Notifications Aren't as Private as You Think
Home Assistant’s mobile app sends push notifications through Google’s Firebase Cloud Messaging (FCM), meaning the message payload is unencrypted while on Google’s servers. This applies to both Android and iOS devices, as Home Assistant cannot directly access Apple’s push service....
By How-To Geek
News•Feb 23, 2026
Enigma Cipher Device Still Holds Secrets for Cyber Pros
The Enigma cipher machine, originally built in 1918 and later adapted by the Nazis, saw only a few hundred surviving units out of an estimated 35,000‑40,000 produced. Historian‑turned‑cybersecurity expert Marc Sachs will discuss the device’s historic failures at RSAC 2026, highlighting...
By Dark Reading
News•Feb 23, 2026
Conduent Breach Surges to Over 25M, Could Be Largest in US History
The cyberattack on government services firm Conduent, first disclosed in January 2025, has swelled to affect more than 25 million Americans, making it potentially the largest U.S. data breach on record. Texas alone accounts for 15.4 million impacted residents, while other states...
By TechRepublic – Articles
News•Feb 23, 2026
APT28 Targeted European Entities Using Webhook-Based Macro Malware
Russia‑linked APT28 launched Operation MacroMaze, a campaign against Western and Central European entities from September 2025 through January 2026. The attackers delivered spear‑phishing documents containing a macro that calls a webhook.site URL, acting as a tracking‑pixel to verify document opening. The macro drops...
By The Hacker News
News•Feb 23, 2026
600+ FortiGate Devices Hacked by AI-Armed Amateur
A financially motivated, Russian‑speaking threat actor used generative AI services to compromise more than 600 Fortinet FortiGate firewalls worldwide between January and February. The campaign avoided exploiting software vulnerabilities, instead leveraging exposed management ports and reused credentials with single‑factor authentication,...
By Dark Reading
Blog•Feb 23, 2026
Forescout Partners with E-ISAC to Bring Threat Intelligence and Research to North American Utilities
Forescout Technologies has become a vendor affiliate of the North American Electricity Information Sharing and Analysis Center (E‑ISAC), extending its threat‑intelligence sharing to U.S. utilities and grid operators. Through its Vedere Labs research unit, the company will feed cyber and...
By IT Security Guru
News•Feb 23, 2026
Anthropic Accuses Deepseek, Moonshot, and MiniMax of Stealing Claude's AI Data Through 16 Million Queries
Anthropic has uncovered a coordinated distillation attack by three Chinese AI labs—Deepseek, Moonshot AI, and MiniMax—targeting its Claude model. Over 24,000 fabricated accounts generated more than 16 million queries to extract reasoning, programming, and tool‑usage capabilities. The labs employed proxy services...
By THE DECODER
News•Feb 23, 2026
You Need a Separate Network to Protect Yourself From Your Smart Devices
Smart devices and IoT gadgets are rarely patched, leaving them vulnerable to malware such as Mirai. These products, from smart TVs to internet‑connected cameras, routinely harvest user data and can be hijacked to spy or launch attacks. Security experts recommend...
By How-To Geek
News•Feb 23, 2026
FFXI and FFXIV Square Enix Account Security Question and Answer Removed
Square Enix announced that the security question and answer tied to Square Enix Accounts for Final Fantasy XI and Final Fantasy XIV will be retired on February 24, 2026. Players will not need to remember or re‑enter this credential, and...
By Siliconera
News•Feb 23, 2026
Why Red Teaming Is Vital for Health Systems, and Not Just for Cybersecurity
Red‑team exercises simulate real cyber‑attacks to test how healthcare organizations respond under pressure. Pieter Ceelen of Fortra explains that these engagements uncover hidden vulnerabilities such as credential sharing, unpatched legacy medical IoT, and unclear emergency procedures like shutting down internet...
By Healthcare IT News (HIMSS Media)
News•Feb 23, 2026
Google, Apple Start Testing Encrypted RCS on Android and iOS 26.4
Google and Apple announced that encrypted Rich Communication Services (RCS) messaging is now in beta testing between Android and iPhone devices. The feature leverages the GSMA RCS Universal Profile and provides end‑to‑end encryption, visible as a lock icon in both...
By 9to5Google
News•Feb 23, 2026
Ad Tech Firm Optimizely Confirms Data Breach After Vishing Attack
Optimizely, a New York‑based ad‑tech firm, disclosed a data breach after a sophisticated voice‑phishing (vishing) attack on February 11. Threat actors accessed the company’s CRM and other internal business systems, extracting only basic contact information and not sensitive customer data. The...
By BleepingComputer
News•Feb 23, 2026
Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks
Researchers at Novee Security uncovered 13 vulnerability categories and 16 zero‑day flaws across Foxit and Apryse PDF platforms, including critical XSS and OS command injection bugs. Using a human‑agent AI swarm, they rapidly identified high‑impact issues such as one‑click attacks...
By HackRead
News•Feb 23, 2026
Mobile Networks Face New Cellular UAV Exploitation Risks
Operation Spiderweb in June 2025 demonstrated how Ukrainian forces hijacked Russian mobile networks to control and stream data from drones, disabling about 20 aircraft. The incident exposed a growing vulnerability as 4G/5G standards now embed native drone support, allowing off‑the‑shelf...
By Telecoms Tech News
Podcast•Feb 23, 2026•29 min
EP264 Measuring Your (Agentic) SOC: Two Security Leaders Walk Into a Podcast
In this episode, Tim Peacock and Anton Chuvakian host Alex Pabst, Deputy CISO at Allianz, and Mike Sinnoh, Director of Detection & Response at Google, to discuss evolving SOC metrics in the age of AI and automation. They critique traditional...
By Cloud Security Podcast
News•Feb 23, 2026
Energy Department Patched Flaws Enabling Email Impersonation in Critical Minerals System
The U.S. Energy Department patched an identity‑verification flaw in its critical minerals portal that let outsiders register with email addresses mimicking official energy.gov accounts. Security researcher Ronald Lovelace uncovered the issue using subdomain enumeration and reported it through the department’s...
By FCW (GovExec Technology)
News•Feb 23, 2026
Belgian Centre for Cybersecurity Reports Significant Phishing Scams
Belgium’s Centre for Cybersecurity recorded a sharp rise in phishing complaints, logging 226 reports in Q4 2025 and 106 in January 2026. Scammers frequently masquerade as police or representatives of telecom and banking firms such as Proximus, Argenta, and Card...
By Identity Week
Blog•Feb 23, 2026
Demand UK Digital Sovereignty
The Open Rights Group is urging the UK government to adopt a digital sovereignty strategy that reduces reliance on foreign tech giants such as Amazon, Microsoft, Google and Palantir. It argues that over‑dependence creates strategic fragility, citing the Trump‑ordered shutdown...
By Open Rights Group — Blog —
News•Feb 23, 2026
Shai-Hulud-Like Worm Targets Developers via Npm and AI Tools
Security researchers have uncovered a supply‑chain worm, dubbed SANDWORM_MODE, spreading through at least 19 malicious npm packages that employ typosquatting. The malware not only steals developer and CI credentials but also injects rogue servers into AI coding assistants such as...
By Infosecurity Magazine
News•Feb 23, 2026
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Healthcare diagnostics firm Vikor Scientific, now operating as Vanta Diagnostics, disclosed a data breach affecting nearly 140,000 individuals. The breach was traced to Catalyst RCM, a revenue-cycle‑management vendor, whose compromised credentials allowed the Everest ransomware group to exfiltrate roughly 12 GB...
By SecurityWeek
Blog•Feb 23, 2026
UIB to Strengthen Cyber Insurance Capabilities with CyberCube Partnership
United Insurance Brokers Limited (UIB) has partnered with cyber‑risk analytics firm CyberCube to bolster its cyber insurance offering. UIB will deploy CyberCube’s Broking Manager and Prep Module, giving its global practice data‑driven exposure insights. The collaboration targets accelerated growth in...
By Reinsurance News
News•Feb 23, 2026
OpenAI Aims for Stablecoin Market With New EVMbench
OpenAI unveiled EVMbench, an open‑source benchmark that tests AI agents' ability to spot and exploit smart‑contract flaws. The tool draws on 120 vulnerabilities from 40 audits, including scenarios from Stripe‑backed Tempo blockchain, and was released in partnership with crypto investor...
By AI Business
News•Feb 23, 2026
Liminal Expands To MSPs With Secure, Multi-Model AI Platform
Liminal, previously focused on enterprise customers, is extending its secure, multi‑model AI platform to managed service providers (MSPs) targeting small‑ and medium‑size businesses (SMBs). The platform consolidates access to leading large language models—including OpenAI, Anthropic, Google and Perplexity—while sanitizing sensitive...
By CRN (US)