Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Reality Defender to embed deep‑fake detection in Orange Business services
U.S. AI‑security firm Reality Defender has signed a deal to integrate its multimodal deep‑fake detection technology into Orange Business, the enterprise arm of French telecom Orange. The integration will protect video‑conferencing, contact‑center and voice‑telephony services with real‑time, API‑driven analysis of audio, video, images and documents.
SelfAudit AI introduced a Partner Program aimed at MSPs, MSSPs, and compliance professionals to accelerate Cybersecurity Maturity Model Certification (CMMC) readiness. The initiative offers a standardized, AI‑driven workflow that streamlines gap analysis, remediation, and audit‑ready documentation. By integrating partners into its ecosystem, SelfAudit seeks to scale compliance services for organizations across the defense industrial base. The program promises faster certification timelines and more consistent audit preparation.
Leaders increasingly delegate decision‑making authority to software, turning routine operational choices into enterprise‑level risk decisions. When systems automatically issue credits, payments, or pricing adjustments, the underlying authority often lacks explicit ownership, exposing organizations to financial, legal, and reputational fallout. Security...
A Nebraska federal grand jury has indicted a total of 87 defendants in a sprawling ATM jackpotting conspiracy tied to the Venezuelan gang Tren de Aragua. The scheme used a variant of the Ploutus malware to hack ATMs nationwide, stealing...
Opportify has launched its Email Insights solution, a risk‑based intelligence platform designed to stop fraudulent sign‑ups at the point of entry. Unlike traditional validators that rely on simple syntax or MX checks, Email Insights scores each address on domain stability,...
A total of twelve vulnerabilities in OpenSSL have been patched, including a high‑severity remote code execution (RCE) flaw. All issues were identified by a single cybersecurity research firm and disclosed through coordinated channels. The fixes address weaknesses that could allow...
A critical insecure‑deserialization flaw in React Server Components, identified as CVE‑2025‑55182 or “React2Shell,” is being actively exploited worldwide. The vulnerability affects react‑server‑dom‑webpack, –parcel and –turbopack versions 19.0‑19.2, allowing attackers to execute arbitrary code and deploy a range of malware, including...
When AI Agents Turn Against You: The Prompt Injection Threat Every Business Leader Must Understand As organizations deploy #AIagents to handle everything from customer service to financial decisions, a critical #security #vulnerability threatens to turn these digital workers against their...
The Software Engineering Institute at Carnegie Mellon University released the CERT UEFI Parser, an open‑source utility that statically parses UEFI firmware binaries and source code into a structured, machine‑readable model. By extracting modules, execution phases, protocols and dependencies, the tool gives...
Orange Business discovered that traditional secret detection tools generate massive false positives, leading developers to ignore alerts. By implementing mandatory GitLab pre‑receive hooks and a three‑layer defense, they reduced new secret leaks by 80% while keeping false positives below 5%....
Russian security firm Delta suffered a large‑scale external cyberattack on Jan 26, crippling its alarm, home, and vehicle security platforms. The breach disabled online services, phone lines, and the mobile app, leaving thousands of customers unable to control alarms or unlock...
Incogni’s 2026 privacy risk report examined 442 AI‑powered Chrome extensions and found that over half collect user data, often with deep‑level permissions. The study highlighted that scripting and activeTab permissions let extensions read and modify any web page, exposing emails,...
ETSI released TS 104 008, a continuous‑auditing based conformity assessment (CABCA) specification for AI systems. It shifts assurance from periodic reviews to ongoing cycles that automatically collect evidence from logs, model parameters, and data samples. The framework operationalizes regulatory requirements into machine‑readable...
The IANS and Artico Search CISO Compensation Benchmark Report shows that chief information security officer pay grew 6.7% in 2025, outpacing the modest 4% rise in security budgets. Equity‑based compensation expanded faster than cash, reflecting confidence in the role’s strategic...
Lumana is redefining video surveillance with an agentic AI platform that moves cameras from passive recorders to active decision‑makers. Its VIA‑1 system learns locally from each camera’s environment, delivering over 90% reduction in false alerts for customers such as Salesforce...
In this episode Patrick Gray and Adam Boileau review a week of cybersecurity headlines, highlighting France’s decision to replace US collaboration tools like Microsoft Teams and Zoom with a sovereign platform, and China’s alleged “Salt Typhoon” operation that spied on...
The episode covers four security topics: the early tactics of romance scams as detailed in a guest diary, a newly released denial‑of‑service fix for React Server Components, critical OpenSSL updates that patch a remote‑code‑execution flaw, and a Kubernetes Helm chart...
Governor Greg Abbott announced an expanded ban on Chinese‑linked technology for Texas state employees, prohibiting hardware, software, and AI tools from firms such as Alibaba, Shein, Temu, TP‑Link and CATL. The measure, framed as a privacy safeguard against foreign surveillance,...
Cruise operators are shifting focus from flashy onboard attractions to the invisible infrastructure that links every guest interaction. By deploying consumer identity and access management (CIAM), brands can maintain a single, secure passenger profile from discovery through post‑cruise loyalty. This...
Citizen engagement is now driven by digital experiences, and fragmented login processes are the primary barrier. The article argues that Customer Identity and Access Management (CIAM) is essential for municipalities to centralize services, provide a single digital identity, and build...
TRM Labs disclosed a sophisticated crypto‑theft operation that has siphoned over $90 million, including $24.9 million tied to the U.S. Strategic Bitcoin Reserve, after a Telegram “band‑for‑band” challenge inadvertently revealed wallet addresses. The network employed advanced laundering tactics—cross‑chain bridges, mixers, and both...
F5 Inc. posted fiscal Q1 2026 revenue of $822 million, up 7% YoY, and adjusted earnings per share of $4.45, surpassing analyst expectations of $756 million and $3.65 EPS. Systems revenue surged 37% while software revenue fell 8%, and global services grew...
Chinese espionage group Mustang Panda has upgraded its CoolClient backdoor with new infostealer capabilities, including browser credential theft, clipboard monitoring, and active window tracking. The variant has been observed targeting government entities in Myanmar, Mongolia, Malaysia, Russia and Pakistan, delivered via...
D‑Orbit hosted the first in‑orbit capture‑the‑flag (CTF) cybersecurity competition on its ION Satellite Carrier, partnering with ESA and Mhackeroni. Five finalist teams tackled live telemetry, command sequencing and onboard software exploits in a controlled environment. The event exposed the distinct...
SuperQ Quantum Computing Inc. announced the appointment of Brian Beveridge, a 30‑year cybersecurity veteran, as Director of Post‑Quantum Cybersecurity and Partnerships, effective Jan 22 2026. Beveridge will lead the commercialization of the company’s SuperPQC™ suite, which protects against “Harvest Now, Decrypt Later”...
Recent incidents across healthcare, finance, and infrastructure reveal attackers exploiting lateral movement to maintain long‑term footholds. In Belgium a hospital shut down its servers after an undetected breach, while U.S. health providers endured weeks‑long unauthorized access. Phishing and malicious browser...
The NDSS 2025 paper investigates how local differential privacy (LDP) protocols for numerical attributes can be subverted by data‑poisoning attacks, where a small set of malicious clients manipulates server estimates. Researchers evaluate state‑of‑the‑art categorical frequency oracles, binning, consistency, and distribution‑reconstruction...
Memcyco announced a $37 million Series A round, bringing its total funding to $47 million. The oversubscribed round was led by NAventures, E. León Jimenes, and PagsGroup, with existing backers Capri Ventures and Venture Guides participating. Memcyco’s real‑time, agentless platform protects enterprises from phishing,...
Multiple threat actors, including state‑sponsored groups and cybercriminals, are exploiting the high‑severity WinRAR path‑traversal vulnerability CVE‑2025‑8088. The flaw uses Alternate Data Streams to write malicious LNK, HTA, BAT or script files to arbitrary locations such as the Windows Startup folder,...
Powerful new features announced by @WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. https://t.co/nvd2F83n4Z
OpenAI CEO Sam Altman admitted he violated his own rule by granting the Codex model full access to his computer within two hours, citing the agent's reasonable behavior. He warned that the convenience of AI agents can lead users to...
European leaders are accelerating efforts to curb dependence on U.S. technology after a series of Trump‑era sanctions, including the placement of ICC judge Kimberly Prost on a sanctions list that crippled her daily life. The European Parliament’s recent report highlighted...
Anti-detect browsers, originally privacy tools, now enable online professionals to compartmentalize digital identities across multiple client accounts and projects. By creating isolated browser instances, they prevent data cross‑contamination, reduce login overhead, and streamline workflow management. The technology enhances security by...
Zero Trust demands continuous verification of every access request, extending the principle of least‑privilege to the data layer. Data masking swaps sensitive values with realistic stand‑ins, while synthetic data creates entirely fictitious records that retain statistical fidelity. Together they shrink...
The article outlines an SRE‑focused incident‑response playbook for handling exposed secrets, starting with thorough preparation—defining goals, roles, and communication protocols. It details detection techniques such as API usage anomalies, IAM activity monitoring, and automated code‑scanning integrated into CI/CD pipelines. Once...
In December 2025 SoundCloud disclosed unauthorized activity that exposed profile data for roughly 30 million users, about 20 % of its base. The breach revealed email addresses, usernames, avatars, follower counts and limited geographic information, which were later mapped to individual accounts. Attackers...
Calian has launched a $100 million sovereign C5ISRT strategic initiative to accelerate Canada’s command, control, computing, communications, cyber, intelligence, surveillance, reconnaissance and targeting capabilities. The funding will flow through Calian VENTURES, a platform that partners with Canadian SMEs and draws on...
A critical‑severity vulnerability (CVE‑2026‑22709) has been discovered in the popular vm2 Node.js sandbox library, allowing attackers to bypass Promise sanitization and escape the sandbox. The flaw enables arbitrary code execution on the host system and affects versions prior to 3.10.3,...
FinovateEurope 2026 will showcase three innovative fintech solutions. Elephant, from Pipl, offers GDPR‑compliant identity intelligence and fraud signals to streamline onboarding and compliance. Opentech’s OpenPay for Merchants embeds Buy‑Now‑Pay‑Later into merchant checkout, creating a new credit distribution channel for banks....
1Kosmos and Hopae have announced a global partnership to integrate Hopae Connect into the 1Kosmos platform, extending support to more than 60 government‑issued digital identity schemes. The joint solution enables organizations to verify eIDs securely without centralized databases, aiming to...
The article curates a list of essential AI and cybersecurity podcasts for 2026, highlighting shows that deliver deep technical insight, business strategy, and security expertise. It emphasizes the rise of AI agents, the Model Context Protocol (MCP), and AI security...
Kidas, founded by gaming‑fraud veterans, now offers AI‑driven protection against multi‑channel scams that leverage deep‑fake audio, video and large‑language models. CEO Ron Kerbs says traditional filters miss sophisticated GenAI‑generated attacks, prompting the company to expand from Discord and gaming chat to...
Bullbit’s App Rollup architecture passed a rigorous Hacken audit, clearing 26 security findings. The team resolved 19 issues, accepted five with mitigations, and mitigated two external risks, achieving 93.23% code coverage. A redesigned verifier contract with unique nonce tracking prevents...
Researchers at Censys have uncovered a growing ecosystem that weaponizes fake CAPTCHA pages to deliver malware. While the pages visually resemble legitimate verification challenges, they conceal more than 30 distinct payload types, including clipboard‑driven scripts, MSI installers, and server‑controlled, fileless...
Modern ransomware has moved beyond file encryption to a pressure‑centric extortion model that weaponizes stolen data, regulatory threats, and reputation damage. 2025 saw ransomware groups fragment into affiliate networks, making attribution harder while scaling double‑extortion campaigns. Research shows SMBs in...
Meta’s ad platform is exposing users to an estimated 15 billion high‑risk finance advertisements each day, generating roughly $7 billion in annual revenue. A study by BrokerChooser of over 1,200 active finance ads found that 43.36% of UK‑targeted ads are classified as...
Tenable has made its Tenable One AI Exposure product generally available, extending the Tenable One Exposure Management Platform to provide unified visibility, discovery, and governance of AI assets across SaaS, cloud, APIs and on‑premises agents. The solution continuously identifies both...
Syncro and IRONSCALES announced a partnership that places the AI‑driven email security platform in the Syncro Marketplace. MSPs can now provision IRONSCALES protection instantly and have all licensing fees consolidated through Syncro’s Universal Billing. The integration removes the need for...
Fraud losses surged to $12.5 billion in 2024, a 25% rise, as criminals embed illicit activity within everyday payments. The article distinguishes transaction screening—pre‑approval checks against sanctions, PEPs and watchlists—from transaction monitoring, which analyzes post‑payment behavior for anomalous patterns. Relying on...
NICE Actimize introduced the Actimize Insights Network, a real‑time intelligence platform that aggregates counterparty risk data across financial institutions. The network leverages the company’s fraud and financial‑crime expertise to deliver cross‑channel, millisecond‑level risk signals for authorized push‑payment scams, BEC and...
Swimlane unveiled its AI Agent workforce, branding the new Hero AI agents as native extensions of the Turbine platform. The agents claim to perform work equivalent to over 60,000 SOC analysts each day and can be dragged into low‑code playbooks via...
