Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and Supply‑Chain Breaches Surge Across Industries
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises. High‑profile attacks include a ransomware intrusion at Hasbro, a malicious LiteLLM package update that hit AI startup Mercor, and a North Korean‑linked exploit of the Axios JavaScript library.
Also developing:
A new research paper demonstrates how open‑source intelligence can turn public torrent metadata into actionable threat intelligence. By harvesting file descriptors, tracker‑provided peer lists and enriching over 60,000 IP addresses with geolocation, ISP and VPN indicators, the authors built network graphs that expose behavioral clusters tied to high‑risk content. The study found that roughly 20% of observed peers use privacy services, while over 75% of IPs linked to child‑exploitation material employ VPNs or proxies. Researchers suggest expanding to DHT scraping would broaden coverage and improve recall.
EU’s proposed Chat Control regulation, originally targeting online child sexual abuse, now extends to robots that facilitate interpersonal communication. By defining any interactive service as a communication service, the law obliges robot providers to conduct risk assessments and potentially embed...
Hackers infiltrated the University of Hawaiʻi Cancer Center’s servers in August, exfiltrating participants' Social Security numbers and other personal data. The university delayed reporting the ransomware attack to the state legislature until December, missing the statutory 20‑day notification window. UH...
Researchers at Shandong University presented EMIRIS at NDSS 2025, demonstrating that electromagnetic emissions from near‑infrared iris sensors can be captured and used to reconstruct iris patterns. By reverse‑engineering the sensor’s data transmission format and applying a diffusion‑based inverse‑problem solver, the...
California's Privacy Protection Agency fined data‑broker Datamasters $45,000 and barred it from selling Californians' personal health information after it failed to register under the California Delete Act. The agency also ordered the firm to delete millions of records by the...
In this episode, Tristan Handy talks with Lauren Anderson, head of Okta's enterprise data platform, about how identity underpins the emerging challenges of AI agents and open data lakes. Lauren explains the need for central governance and a shared semantic...
International law enforcement, led by Spain’s National Police, German authorities, and Europol, raided Black Axe cells in Spain, arresting 34 suspects across Seville, Madrid, Málaga and Barcelona. The criminal syndicate, originating in Nigeria with about 30,000 members, is responsible for...
Dan Lohrmann’s January 2026 roundup lists the ten most‑viewed cybersecurity blogs of 2025, featuring stories on state bans of human microchip implants, humanoid robots, AI‑driven human verification, federal employee resilience, government cloud security, AI career impacts, and nation‑state threat assessments. The data...
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil....
The week’s security roundup highlighted a critical proof‑of‑concept for an unauthenticated remote‑code execution flaw in Trend Micro Apex Central (CVE‑2025‑69258) and a newly disclosed exploit of HPE OneView (CVE‑2025‑37164). The UK government unveiled a £210 million Cyber Action Plan to harden public‑service...
On January 9 2026 a database containing 323,986 BreachForums user records was posted on the ShinyHunters site. The dump includes MySQL metadata, email addresses, display names, Argon2i password hashes and links to external accounts such as Telegram. BreachForums administrators claim the data...
A dark‑web marketplace is selling personal data from 17.5 million Instagram accounts, marking one of the largest social‑media breaches to date. Malwarebytes first reported the leak on X, confirming that usernames, email addresses, phone numbers and partial location data are being...
This week’s security roundup highlighted ICE’s deployment of Penlink’s Tangles and Webloc tools, enabling block‑level phone tracking across neighborhoods. Meanwhile, xAI’s Grok chatbot drew criticism for generating graphic sexual imagery, prompting X to restrict access to verified users. Iran imposed...
Application security testing (AST) is a set of processes and tools that identify vulnerabilities throughout the software development lifecycle, enabling organizations to shift security left and remediate issues before deployment. The global AST market now exceeds $33 billion, reflecting the critical...
Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update omitted the mandatory "IRL" issuing‑state code in the machine‑readable zone. The defect affects passports issued between 23 December 2025 and 6 January 2026, potentially causing eGate and border‑control rejections worldwide....
Cybercriminals are exploiting news of Venezuelan President Nicolás Maduro’s alleged arrest to distribute a backdoor malware via spear‑phishing ZIP attachments. The ZIP contains a weaponized KuGou executable that loads a malicious DLL through DLL search‑order hijacking, creates a hidden Technology360NB...
In this episode the host revisits Twingate, focusing on the new Twingate LXC connector and how it’s been deployed to replace most remote access to datacenter servers and pentest dropboxes. He shares practical observations on performance, security benefits, and the...
USPS announced it will restrict access to package tracking data for commercial API users, introducing paid access and stricter authorization requirements. Consumers can still view tracking information on the USPS website, mobile app, and Informed Delivery without changes. The new...
Microsoft is testing a new RemoveMicrosoftCopilotApp policy that lets IT administrators uninstall the AI‑powered Copilot app from managed Windows 11 devices. The policy rolls out to Dev and Beta Insider channels on build 26220.7535 and works with Intune or SCCM. It targets...
AI-driven cyber defense has shifted from optional to essential as threats become faster, more sophisticated, and harder to detect with legacy tools. Machine‑learning models analyze massive network and user‑behavior data in real time, flagging anomalies and enabling automated response. Companies...
Privileged Access Management has shifted from a compliance checkbox to a critical security control as organizations adopt hybrid cloud, SaaS, DevOps pipelines, and AI agents. The 2026 guide evaluates ten leading PAM vendors, highlighting capabilities such as Zero Standing Privileges,...
Researchers observed more than 91,000 attack sessions targeting AI infrastructure over a four‑month window, highlighting a shift from experimental probing to systematic exploitation. The first campaign leveraged server‑side request forgery against Ollama and Twilio webhooks, using a uniform JA4H TLS...
Tonic.ai’s January 2026 release adds Guided Redaction in Textual, a beta human‑in‑the‑loop workflow that couples AI detection with manual review for high‑risk data. The platform also expands model‑based custom entity types, letting users train detectors for niche business vocabularies. A...
XMRig, an open‑source Monero miner, is increasingly weaponized by threat actors across Windows, Linux, Kubernetes and AWS environments. Recent campaigns have leveraged the high‑severity React2Shell exploit and UPX‑packed binaries to spread the miner via game torrents and commodity malware. Expel’s...
A hacker using the alias “Lovely” is now offering nearly 40 million Condé Nast user records for sale, expanding on a prior leak of 2.3 million Wired.com accounts. The alleged dataset spans dozens of Condé Nast‑owned sites, including high‑traffic titles such as Vanity Fair,...
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
A critical vulnerability (CVE-2026-21876) in the OWASP Core Rule Set lets attackers bypass charset validation, enabling encoded XSS payloads to slip past web application firewalls. The flaw resides in rule 922110, which only inspects the final part of multipart requests,...
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
MITRE’s Center for Threat‑Informed Defense released a major update to its INFORM maturity model, incorporating two years of field feedback and new partner input. The revision introduces revamped assessment questions, a timeliness factor, and an impact‑vs‑complexity recommendation matrix. INFORM now...
Illinois prosecutors have charged 26‑year‑old Kyle Svara with a large‑scale phishing scheme that compromised roughly 570 Snapchat accounts, stealing private photos from nearly 600 women. Between May 2020 and February 2021 he impersonated Snap representatives, texting over 4,500 targets to obtain access...
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
The BFSI sector faces mounting regulatory pressure, prompting banks, insurers and financial firms to adopt rigorous data‑governance frameworks. Robust policies, access controls and quality standards protect customer data, reduce fraud risk, and enable faster, more accurate decision‑making. Vendors such as...
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
Arctic Wolf Labs identified a new ransomware variant called Fog targeting U.S. organizations, primarily in education (80%) and recreation (20%) sectors. The attackers gained entry through compromised VPN credentials from two vendors and quickly escalated privileges using pass‑the‑hash, PsExec, and credential‑stuffing...
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
Illinois resident Kyle Svara was indicted in Boston federal court for phishing Snapchat access codes from roughly 570 women, accessing at least 59 accounts, and stealing nude images. He allegedly sold or traded the illicit content on internet forums. The...
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
AhnLab Security Intelligence Center uncovered a campaign that disguises the open‑source xRAT (QuasarRAT) remote‑access trojan as a fake adult game on Korean web‑hard services. The ZIP archive contains a Game.exe launcher that first runs a legitimate game stub, then copies...
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
Chinese authorities extradited billionaire Chen Zhi and two associates from Cambodia to face charges linked to the Prince Group’s $15 billion Bitcoin‑based pig‑butchering operation. The joint China‑Cambodia investigation uncovered forced‑labour scam compounds, seized the largest cryptocurrency haul in history, and triggered...
The first week of 2026 saw a wave of cyber incidents spanning education, activism, corporate, and government sectors. Higham Lane School in England shut down after ransomware crippled systems for 1,500 students, while Australian insurer Prosura faced unauthorized access exposing...
The article curates a list of the 50 best free cyber‑threat‑intelligence (CTI) tools available in 2026, spanning data‑feeds, analysis platforms, automation frameworks, and IOC‑parsers. It highlights open‑source projects such as MISP, OpenCTI, and IntelMQ, as well as real‑time feeds like...
The 2025 Threat Landscape Report shows a sharp rise in initial‑access sales targeting Australia and New Zealand, with 92 documented compromised‑access listings. Retail accounts for roughly one‑third of incidents, while BFSI and professional services together make up over half. The market...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)
Sectigo is retiring its legacy multi‑purpose root and intermediate CAs in favor of single‑purpose public roots, with a hard migration deadline of January 1 2026. Browsers will cease to trust certificates issued under the old chains, causing security warnings, broken HTTPS, and...
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
The Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives spanning 2019‑2024, the largest bulk closure in its history. All required mitigations are now covered by Binding Operational Directive 22‑01, which leverages the agency’s Known Exploited Vulnerabilities (KEV) catalog....
The California Consumer Privacy Act (CCPA) is entering a pivotal phase in 2025‑26 as inflation‑adjusted thresholds raise applicability and new rules target automated decision‑making and cybersecurity governance. Organizations must continuously reassess scope, maintain precise data inventories, and embed repeatable rights‑fulfillment...
