Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Reality Defender partners with Orange Business to embed deep‑fake detection
U.S. AI‑security firm Reality Defender has signed a deal to integrate its multimodal deep‑fake detection technology into Orange Business, the enterprise arm of French telecom giant Orange. The solution will protect Orange’s video‑conferencing, contact‑center and voice‑telephony services through real‑time, API‑driven analysis of audio, video, images and documents.
Security researchers uncovered roughly 175,000 Ollama AI servers worldwide that are publicly reachable because they are bound to all network interfaces instead of localhost. These misconfigured instances lack authentication, allowing attackers to perform "LLMjacking"—hijacking the models to generate spam, malware, or run code via tool‑calling features. The abuse consumes the owners' bandwidth, electricity, and compute resources, and can expose uncensored models to malicious output. Fixes are simple: bind the service to 127.0.0.1 or place it behind an authenticated reverse proxy or VPN.
Have we reached the stage of “many AIs make all bugs shallow”? Great writeup on AI, open source, & bug bounties by @stanislavfort cofounder of AISLE “Mass adoption collapsed the median quality (“slop” killed bug bounty..) but.. raised the ceiling” https://t.co/iDvdiDy41J
Microsoft announced that NTLM authentication will be disabled by default in future Windows Server and client releases. The change follows a three‑phase transition—auditing tools in Windows 11 24H2 and Server 2025, introduction of IAKerb and a Local KDC in late 2026, and final...
This is mind blowing. 🤯 Ai agents discussing the best form of payment for finding security holes in open source "skill" repos. Bitcoin at the top of the list.... Turns out humans don't need to convince grandma to use/hold Bitcoin, the...
Poland’s Computer Emergency Response Team confirmed that Russian state‑linked hackers infiltrated wind, solar and a heat‑and‑power plant by exploiting default passwords and the absence of multi‑factor authentication. The attackers deployed wiper malware that disabled monitoring systems at renewable sites, though...
Operation Switch Off, a joint effort by Europol, Eurojust and Interpol led by Italy’s Catania prosecutor and State Police, seized three industrial‑scale illegal IPTV services—IPTVItalia, migliorIPTV and DarkTV—across 14 countries. The crackdown dismantled servers in Romania and Africa, identified 31...
WISeKey International announced proof‑of‑concept testing of post‑quantum cryptography on satellites in late 2025, with a fully operational quantum‑resistant satellite slated for launch in the second quarter of 2026. The initiative combines hybrid Triple Key Encapsulation Mechanisms that blend PQC algorithms with...
The NDSS 2025 paper tackles the lack of provable guarantees in machine‑unlearning by introducing a certification framework for (q, η)-learnability. It proposes Provably Unlearnable Examples (PUEs) that tighten certification bounds and resist simple weight‑recovery attacks. Experiments show PUEs cut certified learnability...
Labyrinth Chollima has split into three distinct North Korean hacking groups—Labyrinth Chollima, Golden Chollima, and Pressure Chollima—according to CrowdStrike. While Labyrinth Chollima continues espionage against defense, manufacturing and critical‑infrastructure firms, the new Golden and Pressure factions focus on cryptocurrency theft. Each group employs a unique...
Blue Cross Blue Shield of Montana disclosed a cyber incident that may have exposed the protected health information of up to 462,000 members through its third‑party vendor Conduent. The breach was discovered on July 1, 2025, investigated internally, and reported to the...
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. https://t.co/6wbZBfOLzj
Lawmakers introduced a minibus package that adds $20 million to expand the Cybersecurity and Infrastructure Security Agency (CISA) and extends the Cybersecurity Information Sharing Act through September 30. Experts warn that the stop‑and‑go extensions erode confidence in real‑time threat reporting, creating...
Researchers at Zimperium’s zLabs have uncovered Arsink, an Android remote‑access trojan that masquerades as over 50 popular apps, including WhatsApp and TikTok. The campaign has infected roughly 45,000 devices in 143 countries, using Telegram, Discord and MediaFire links to distribute...
Nvidia has released a security update addressing four high‑severity GPU driver vulnerabilities that affect Windows, Linux, virtual GPU, and cloud‑gaming platforms. The flaws—CVE‑2025‑33217 through CVE‑2025‑33220—are use‑after‑free and integer‑overflow bugs with a CVSS rating of 7.8, enabling arbitrary code execution and...
In January 2026, ESET’s Tony Anscombe highlighted four major security incidents: Nike faced a ransomware claim involving 1.4 TB of data, cyber‑fraud surpassed ransomware as CEOs’ top concern, unsecured Zendesk support systems powered a massive spam campaign, and ServiceNow patched the...
A new industry report warns that “shadow AI” – unsanctioned artificial‑intelligence tools used by employees and managers – is spreading rapidly across enterprises. The study found a 45% year‑over‑year increase in the use of unapproved AI applications, driven by workers’...
The second NHIcon 2026 conference highlighted that traditional identity and access management (IAM) is ill‑suited for the rise of agentic AI and non‑human identities (NHIs). Speakers argued that static roles, long‑lived credentials, and session‑based trust amplify risk as autonomous agents act...
South Korea's SK Telecom, after acknowledging a massive personal data leak, is fighting a $91 million regulator fine and has turned down a consumer‑agency settlement proposal. The breach exposed millions of customers' personal information, prompting intense regulatory scrutiny. SK Telecom's legal...
Allowing members of a group to see the group messages is literally the purpose of a group. The issue seems to be that sensitive data is shared with poorly established trust boundaries and insecure COMSEC. There is no technical solution...
Microsoft has resolved a bug in classic Outlook that blocked users from opening emails encrypted with the “Encrypt Only” permission after a December 2025 update. The defect replaced the encrypted payload with a message_v2.rpmsg attachment, making the content unreadable in...
Metropolitan Technologies, a Toronto‑based cybersecurity startup, has built an operational‑technology platform that secures critical‑infrastructure assets such as mines, energy grids, water treatment plants, and transportation networks. The company graduated from Rogers Cybersecure Catalyst’s eight‑month Cyber Challenge, receiving $20,000 in non‑dilutive...
Wallarm announced a multi‑pronged growth push, adding a new chief operating officer and field CISO while expanding its employee base by 41% in 2025. The company unveiled API Session Blocking and Schema‑Based Testing to tighten real‑time API defenses and shift...
Thoropass introduced Smart Sort AI, an AI‑driven feature inside its Audit Lifecycle Platform that automatically organizes exported data from any GRC system into audit‑ready evidence. The tool requires no integration, analyzing files, mapping them to the correct controls, and inserting...
LexisNexis Risk Solutions launched IDVerse for Insurance, an AI‑powered document authentication and identity verification platform targeting U.S. personal lines insurers. The solution uses biometric face matching, liveness checks, and proprietary neural‑network models to verify IDs and digital identities within seconds...
Iranian state‑sponsored group APT42 deployed a new PowerShell‑based backdoor named TAMECAT, targeting Microsoft Edge and Google Chrome to harvest saved login credentials. The malware is delivered via a VBScript downloader that checks for antivirus products before fetching an AES‑encrypted loader...
Andesite announced it has earned Cloud Security Alliance AI-STAR Level 2 certification, becoming only the third organization globally to achieve the credential. The AI-STAR assessment validates Andesite’s AI security, risk management and governance practices across its Human‑AI SOC platform. The...
Researchers experimentally validated post‑quantum cryptography on the 5G O‑RAN E2 interface using ML‑KEM (CRYSTALS‑Kyber) within IPsec. Their open‑source testbed compared baseline, traditional ECDH, and ML‑KEM IPsec configurations, measuring tunnel‑setup latency and xApp behavior. Results show only a 3–5 ms overhead for...
HarfangLab uncovered the RedKitten campaign, an AI‑assisted operation delivering the SloppyMIO malware to Iranian human‑rights activists and NGOs. The attack uses shock‑value Excel files masquerading as forensic records to lure victims into enabling macros. Once activated, SloppyMIO pulls additional payloads...
Microsoft has postponed the migration of Microsoft Sentinel from the Azure portal to the Microsoft Defender portal, setting a new sunset date of March 31 2027—about nine months later than originally planned. The shift responds to extensive customer and partner feedback requesting...
SmarterTools released build 9511 to remediate two critical SmarterMail flaws, CVE-2026-24423 and CVE-2026-23760, each scoring 9.3 on the CVSS scale. The first vulnerability allowed unauthenticated attackers to execute arbitrary OS commands via the ConnectToHub API, while the second bypassed authentication...
Orange Cyberdefense compiled a dataset of 418 publicly announced law‑enforcement actions against cybercrime from 2021 to mid‑2025. The analysis shows extortion, malware distribution and hacking as the most frequently targeted offenses, with arrests accounting for 29% of responses. The United...
Researchers uncovered a sophisticated traffic‑distribution system (TDS) that leverages education‑themed domains to deliver phishing pages, scams, and malware. The infrastructure is hosted on bullet‑proof providers in AS202015 (HZ Hosting) and shares WHOIS details such as oreshnik@mailum.com and Regway nameservers. A...
In January 2026 six high‑profile data breaches—Nike, Melwood, SNP Transformations, Venezia Bulk Transport, Global Shop Solutions, and Grubhub—highlight a shift toward exposure through internal access paths and third‑party tools. Breaches ranged from a 1.4 TB internal data exfiltration at Nike to a...
NatWest Bank and the UK National Crime Agency have launched a joint awareness campaign to combat invoice fraud, a cyber‑crime that siphons millions from businesses each year. The partnership highlights the scale of the threat, citing September 2025 data where...
Annex Security uncovered a malicious VS Code extension in the Open VSX registry that pretended to be the Angular Language Service, amassing 5,066 downloads before activating sophisticated malware. The extension decrypts a payload with AES‑256‑CBC, contacts a Solana blockchain address for command‑and‑control,...
Healthcare SaaS vendors now face a non‑negotiable requirement: integrate Single Sign‑On with hospital identity providers to secure access and meet procurement standards. Data breaches in the sector average $12 million per incident, driving CISOs to demand instant revocation and compliance‑ready authentication....
Ad fraud is escalating into a systemic threat that undermines the digital economy’s trust. In 2024 mobile ad fraud rose 21% and programmatic scams siphoned nearly $50 billion, while the ad‑fraud detection market is set to exceed $2 billion by 2034. Dhiraj...
ESET researchers identified a new data‑wiping malware, DynoWiper, used against a Polish energy company in December 2025. Technical analysis attributes the campaign to the Russian‑aligned Sandworm group with medium confidence, noting similarities to the previously observed ZOV wiper. The malware deployed...
Cardamon, a RegTech firm specializing in secure AI for compliance, has entered Microsoft’s AI Partnership Program to deliver enterprise‑grade, auditable AI solutions to highly regulated organizations. The collaboration combines Cardamon’s rapid delivery platform, which claims to automate up to 95%...
Online learning has become core campus infrastructure, but passwords remain the weakest link, exposing grades, payments, and personal data. Passwordless authentication replaces reusable secrets with device‑bound credentials such as passkeys, security keys, magic links, OTPs, and push approvals. The shift...
Arkose Labs unveiled Arkose Titan, a unified platform that defends against both human‑driven and AI‑powered fraud, scraping, and bot attacks. The solution consolidates bot detection, device and email intelligence, API security, behavioral biometrics, and phishing protection into a single API...
Intruder announced record 2025 growth, with enterprise annual recurring revenue climbing 81% year‑over‑year. The surge was fueled by a 51% rise in new business and a 2.5‑fold jump in expansion revenue, alongside the rollout of Cloud Security Posture Management and...
The Electronic Frontier Foundation (EFF) has launched the "Encrypt It Already" campaign, urging major tech firms to fulfill announced end‑to‑end encryption promises, enable encryption by default, and broaden encrypted storage. The initiative groups demands into three categories—Keep your promises, Defaults...
Cyble Research & Intelligence Labs uncovered ShadowHS, a Linux post‑exploitation framework that operates entirely in memory. The tool leverages a weaponized version of hackshell with an AES‑256‑CBC encrypted loader, enabling fileless execution via /proc//fd/. ShadowHS provides an operator‑controlled environment for...
Apple introduced a new privacy setting called Limit Precise Location in iOS 26.3, which reduces the granularity of location data shared with cellular networks. When enabled, carriers can only determine a user’s approximate neighborhood rather than the exact address, while app‑level...
KnowBe4 marks a decade of AI-driven cybersecurity by celebrating the tenth anniversary of its AIDA platform and the deployment of seven active AI agents in the market. The company appointed Harlan Parrott as Vice President of AI Innovation to head...
The CSO editorial team compiled a calendar of security conferences slated for February through May 2026, covering more than 30 events across Asia, Europe, North America and Australia. Highlights include multiple Gartner Security & Risk Management Summits, the BSides community...
Domestic‑abuse charity Refuge reports a sharp rise in technology‑enabled abuse, with a 62% increase in complex cases amounting to 829 women in Q4 2025. Referrals of victims under 30 grew 24%, highlighting younger women’s vulnerability to smart‑device stalking. Perpetrators are exploiting...
Human risk management (HRM) is emerging as a solution to the security awareness training (SAT) paradox, where 70‑90% of breaches originate from employee actions despite billions spent on training. While SAT spending is projected to grow 15% annually, its efficacy...
Black Duck announced it has begun the FedRAMP Moderate authorization process for its Polaris Platform, aiming to secure a federal‑grade cloud offering. The company partnered with stackArmor, a FedRAMP engineering specialist, to fast‑track the Authorization to Operate (ATO). Black Duck...
