Odido Salesforce Hack: Up to 6M Customers’ Data at Risk
Odido, the Dutch telecom formerly known as T‑Mobile, suffered a social‑engineering breach that compromised its Salesforce instance, exposing personal data of up to six million current and former customers. Attackers phished employee credentials, impersonated the IT department, and gained unauthorized access to Salesforce, downloading phone numbers, addresses, and ID numbers. Odido asserts that call logs, billing details and passwords remain secure, and has engaged external cybersecurity firms while notifying the Dutch Data Protection Authority. The incident underscores persistent vulnerabilities in cloud‑based CRM platforms when human error is exploited.
AWS Security Digest #248 - MCPs Denied
AWS introduced new IAM condition keys that specifically target requests routed through Managed Control Plane (MCP) servers, allowing administrators to deny actions taken via that path. The feature is designed to mitigate risks posed by AI agents that programmatically call...
Dutch Defence Secretary Boldly Claims F-35 Software Could Be ‘Jailbroken’
Dutch Defence Secretary Gijs Tuinman told Dutch radio that the F‑35’s software could potentially be “jailbroken,” hinting at a future where the Netherlands might operate the jet without U.S. approval. He stopped short of confirming any concrete plan, noting the...
Clustrauth API by Smart Banner Hub Offers Quantum-Safe Document Authentication with Flexible Pricing
Smart Banner Hub introduced the Clustrauth API, a REST service that provides NIST FIPS 204‑compliant, quantum‑safe document signing using a hybrid Ed25519 and ML‑DSA signature scheme. The API allows developers to sign files up to 50 MB with three lines of code...
EDPB and EDPS Weigh In on the Digital Omnibus: Personal Data, Breach Reporting, and AI Governance
The European Data Protection Board and the European Data Protection Supervisor issued a joint opinion on the EU’s Digital Omnibus, endorsing its goal to ease administrative burdens while flagging key concerns. They warn that a narrower, controller‑specific definition of personal...
OpenClaw in the Clinic: A Business Plan for HIPAA-Compliant Deployment of Agentic AI at Scale in Payer and Provider Organizations
The episode dissects OpenClaw, an open‑source, agentic AI platform that can autonomously interact with files, commands, and dozens of applications, and evaluates its viability for payer and provider health organizations. It explains why the default, unsecured version violates HIPAA, outlines...
Keeper Commander Introduces SuperShell™
Keeper Security launched SuperShell™, a full‑screen terminal user interface for Keeper Commander, available from version 17.2.7 onward. The TUI provides a split‑view vault browser with vi‑style keyboard shortcuts, searchable panes, raw JSON inspection, and live TOTP display. Designed for developers,...
On Misusing Transparent DNS Forwarders For Amplification Attacks
Researchers have identified transparent DNS forwarders as a potent, overlooked vector for reflective amplification attacks. Unlike traditional open resolvers, these forwarders relay queries without rewriting source IPs, allowing attackers to exploit shielded recursive resolvers and bypass rate‑limiting controls. Weekly Internet‑wide...
Black Duck Signs MSSP Agreement with Accenture
Black Duck announced a managed security service provider (MSSP) agreement with Accenture, designating the Black Duck Polaris platform as the standard tool for Accenture’s Application Security Practice. Polaris combines static, dynamic, and software composition analysis into a single SaaS offering,...
EU Commission Breach – The Importance of Upholding Strong Device Management Infrastructure
Last week the European Commission disclosed a cyberattack that compromised its mobile device management (MDM) platform, exposing staff names and phone numbers. Security experts from Huntress, Keeper Security, and CyberSmart warned that MDM systems are now a primary attack vector,...
Balancer DAO Caps Recovery Bounty at 10% After $128M Exploit
Balancer DAO approved a proposal (BIP‑908) to allocate up to 10% of any recovered assets as a bounty for the November exploit that siphoned roughly $128 million from its V2 pools. The vote achieved a 158% quorum, though only nine votes...
Quantum Communication Secured by Choosing Measurement Basis Offers Ultimate Privacy
Researchers have unveiled a one‑way quantum secure direct communication (QSDC) protocol that hides the secret in the choice of measurement basis—computational or Hadamard—rather than a pre‑shared key. Using finite ensembles of entangled EPR pairs and a public authenticated channel, the...
OQC Demonstrates Quantum Algorithm on Toshiko System, Boosting Defence Network Resilience
OQC and QinetiQ have demonstrated a quantum‑based solution that identifies critical vulnerabilities in Mobile Ad‑Hoc Networks used for military and emergency communications. By running QinetiQ’s Quantum Approximation Optimisation Algorithm on OQC’s Toshiko processor, the collaboration pinpointed nodes whose failure would...
Post-Quantum Encryption Bypasses Digital Certificates for Faster, More Secure 5G Networks
Researchers have introduced a post‑quantum identity‑based encryption framework that eliminates X.509 certificates for TLS in 5G core networks and Kubernetes environments. By deriving public keys from identity strings and employing lattice‑based primitives such as ML‑KEM and Module‑NTRU, the scheme offers...
Redefining Global Advisory: How Jeff Shapiro’s London Leadership Anchors HaystackID’s 2026 European Strategy
HaystackID announced on February 10, 2026 that Jeff Shapiro will serve as Managing Director for Europe, anchoring its Global Advisory practice in London. The appointment comes as the EU AI Act and Data Act enter critical enforcement phases, demanding localized...
Edinburgh Student Forum Spotlights Hybrid War Lessons
The University of Edinburgh and Kyiv National University hosted an online student forum that gathered Ukrainian and UK experts to dissect drones, disinformation, civil resilience, and energy security, showing how Ukraine’s war is reshaping European security thinking. Panels highlighted drone‑induced...
The Current State of RDAP
The IETF‑ratified Registration Data Access Protocol (RDAP) has entered a rapid growth phase after the mandatory whois sunset on 28 January 2025. Who‑is queries fell 60 % while RDAP queries surged from 7 billion to 65 billion per month, overtaking whois by June 2025. Adoption now...
Quantum-Proof Software Tools Tackle Looming Cyber Threats with Novel Adaptation Framework
Scientists warn that quantum computers threaten today’s cryptographic defenses, and simply swapping libraries will not suffice. Researchers led by Lei Zhang propose a new discipline—Quantum‑Safe Software Engineering—and introduce the Automated Quantum‑Safe Adaptation (AQuA) framework. AQuA’s three‑pillar approach tackles PQC‑aware detection,...
Critical Fortinet FortiClientEMS Flaw Allows Remote Code Execution
Fortinet disclosed a critical vulnerability (CVE‑2026‑21643) in its FortiClientEMS product, earning a CVSS 9.1 rating. The flaw is an unauthenticated SQL‑injection that allows remote code execution via crafted HTTP requests. Only FortiClientEMS 7.4.4 is affected, and Fortinet recommends upgrading to...
Reliance Global Group to Acquire Majority Stake in Post-Quantum Cybersecurity Firm Enquantum for $2.125M
Reliance Global Group announced a definitive agreement to acquire a 51% controlling interest in post‑quantum cryptography firm Enquantum Ltd. for $2.125 million, payable over ten months in milestone‑linked tranches. The acquisition will be executed through Reliance’s EZRA International Group subsidiary, with...
Leclercq American Capital Backs SandboxAQ’s Quantum-AI Platform for Cybersecurity & Advanced Simulation
Leclercq American Capital announced an equity investment in SandboxAQ, a quantum‑AI platform that blends artificial intelligence with emerging quantum technologies. SandboxAQ’s B2B suite focuses on post‑quantum cybersecurity, advanced simulation, and next‑generation sensing, aiming to protect critical infrastructure and accelerate research...
Windows Vps: How It Works, What To Choose, And How To Run It Safely
The episode explains what a Windows VPS is, why you’d choose it over Linux or shared hosting, and how to run it securely. It stresses that buying a Windows VPS also means buying responsibility for updates, access control, and backups,...
Unhackable Random Number Generator Sidesteps Device Flaws for Ultimate Security
Researchers from Shanxi University and the Chinese Academy of Sciences have unveiled a semi‑device‑independent quantum random number generator (QRNG) that tolerates device imperfections while resisting general attacks. By imposing only an energy bound on emitted quantum states and applying the...
Rethinking Identity Management: From Who Has Access to What Really Matters
Traditional Identity Governance and Administration (IGA) has focused on compliance, but 99% of granted permissions remain unused, creating “Zombie Access”. This compliance‑only approach leads to rubber‑stamping, with 58% of access reviews ineffective, exposing organizations to insider threats. Integrating data governance...
Attackers Abuse SolarWinds Web Help Desk to Install Zoho Agents and Velociraptor
On February 7, 2026, Huntress confirmed active exploitation of multiple critical vulnerabilities in SolarWinds Web Help Desk (WHD), including CVE‑2025‑40551 and CVE‑2025‑26399, which permit arbitrary code execution via untrusted deserialization. Attackers leveraged the flaw to install a Zoho ManageEngine remote‑management...
The Former Head of NSA on the Future of U.S. Cybersecurity
Retired Gen. Paul Nakasone, former NSA director and U.S. Cyber Command commander, discussed his doctrine of persistent engagement, its role in safeguarding recent U.S. elections, and the evolving cyber threat landscape. He highlighted the need for broader public‑private partnerships, a...
Can You Fly That Thing?
The post argues that AI "skills"—executable English‑written programs—transform conversational agents into operators capable of performing specific tasks. It highlights the rapid growth of public skill repositories, with tens of thousands of community‑built skills amassing thousands of GitHub stars. For consumers,...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs released its Malware Newsletter Round 83, curating the latest research and incident reports across the global malware landscape. The edition spotlights 341 malicious capabilities uncovered in the ClawHavoc bot, APT28’s exploitation of CVE‑2026‑21509, and Amaranth‑Dragon’s weaponization of CVE‑2025‑8088 for...
The Rise of Quantum-Resistant Cryptography: Why 2026 Demands a New Security Paradigm
The episode explains how quantum-resistant cryptography is becoming essential in 2026 as quantum computers threaten traditional encryption like RSA and ECC. It outlines the rapid shift from research to standards, highlighting NIST’s upcoming post‑quantum standards and the surge in industry...
Security Implications of DORA AI Capabilities Model
The DORA AI Capabilities Model highlights how AI can reshape software delivery while exposing critical security concerns. It recommends a layered, least‑privilege access model, centralized proxy routing, and strict version‑control practices to safeguard sensitive data. Human‑in‑the‑loop reviews, audit‑ready platforms, and...
Quantum Cryptography’s Secret Key Rates Boosted by New Entropy Link
Researchers have linked two‑way quantum key distribution, specifically advantage distillation, to asymptotic hypothesis testing using an integral representation of relative entropy. This theoretical bridge yields tighter upper and lower bounds on secret‑key rates, outperforming traditional fidelity‑based limits at short and...
Quantum Encryption Secured Against Hacking with New Digital Signal Processing Technique
Researchers have introduced a secure continuous‑variable quantum key distribution (CV‑QKD) framework that links dynamic digital signal processing (DSP) algorithms to a physically realizable optical model. Conventional dynamic DSP underestimates excess noise, inflating key‑rate estimates and risking security. The new model...
More than an IT Review: How a Network Assessment Is Essential in Healthcare Settings
Pixel Health outlines essential network assessment steps for healthcare providers, emphasizing equipment mapping, security evaluation, documentation, and service‑provider review. Periodic assessments reduce risk, optimize scalability, and prevent costly deferred maintenance. They also improve incident response by testing backup resilience. As...
Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks
A 2026 Mysterium VPN study uncovered nearly 5 million public web servers exposing Git repository metadata, with over 250,000 .git/config files leaking active deployment credentials. The misconfigurations allow attackers to reconstruct source code, steal secrets, and potentially gain cloud access. Affected...
Where Is Governance (Guidance) Going?
The article reflects on a recent conversation with product marketer Anna Daugherty about the future of API governance, emphasizing a shift toward consumer‑first perspectives. It introduces "Spotlight rules" as the next evolution of Spectral and Vacuum linting, extending governance beyond...
New Encryption Method Withstands Attacks From Both Computers and Artificial Intelligence
Researchers introduced Eidolon, a post‑quantum digital signature scheme built on the NP‑complete k‑colourability problem. By extending zero‑knowledge protocols and using Merkle‑tree commitments, the scheme compresses signatures from O(t n) to O(t log n). Empirical tests against integer‑linear‑programming, DSatur, and a custom graph neural...
Quantum Industry Canada Backs 2026 Year of Quantum Security Initiative
Quantum Industry Canada (QIC) has officially joined the global 2026 Year of Quantum Security (YQS2026) initiative, aligning Canada with an international effort to protect digital infrastructure against emerging quantum threats. The program will bring together government, industry, finance and academia...
Quantum Signatures Bypass Tricky Quantum Memory with Classical Computing Power
Researchers unveiled a quantum‑digital‑signature protocol that uses classical shadows of random quantum circuits as public keys, eliminating the need for fragile quantum memory. An enhanced state‑certification primitive improves noise tolerance and cuts sample complexity, enabling a proof‑of‑principle signature on a...
Shows Trojan-Resilient NTT Protects Post-Cryptography Against Control and Timing Faults
Researchers introduced a Trojan‑resilient Number Theoretic Transform (NTT) architecture that detects and mitigates control‑flow and timing faults on reconfigurable platforms. Implemented on an Artix‑7 FPGA, the design uses a clock‑cycle counter, control‑status register, and RENO‑based recomputation to correct anomalies. The...
SEALSQ Corp (NASDAQ: LAES) Details Quantum-Resistant Security Vision
SEALSQ Corp unveiled a "root‑to‑quantum" security platform that embeds a hardware Root of Trust into microcontrollers and TPM‑class devices, pairing it with post‑quantum cryptography and a proprietary quantum highway. The solution promises cryptographic agility, enabling seamless updates as quantum threats...
Microsoft: Info-Stealing Malware Expands From Windows to macOS
Microsoft has observed a rapid rise in information‑stealing malware targeting macOS, a shift from its traditional Windows focus. Since late 2025, threat actors have deployed macOS‑specific stealers such as DigitStealer, MacSync and Atomic macOS Stealer, often written in Python and...
Future Cars Shielded From Quantum Hacking with Adaptable Security System
Researchers at the University of Oslo have unveiled an adaptive post‑quantum cryptography framework designed for 6G vehicle‑to‑everything (V2X) networks. By predicting short‑term mobility, channel conditions, weather, and message urgency, the system dynamically selects lattice, code, or hash‑based PQC schemes. A...
Qcl-Ids Achieves 0.941 Accuracy in Quantum Continual Intrusion Detection Systems
Researchers at Johns Hopkins introduced QCL‑IDS, a quantum‑centric continual‑learning framework for intrusion detection that balances adaptation to new attacks with retention of historic threat knowledge. The system leverages Quantum Fisher Anchors and privacy‑preserved quantum generative replay to achieve mean Attack‑F1...
Fedgraph-Vasp Achieves 0.855 AML Accuracy with Post-Quantum Privacy Preservation
Researchers introduced FedGraph‑VASP, a privacy‑preserving federated graph learning framework that enables virtual asset service providers to jointly detect money‑laundering without sharing raw transaction data. The system exchanges compressed graph embeddings secured with Kyber‑512 key encapsulation and AES‑256‑GCM, delivering quantum‑resistant protection....
Quantum Cryptography Moves Closer with Working BB84 and E91 Protocols
Researchers demonstrated quantum key distribution (QKD) on IBM's superconducting quantum platform by implementing the BB84 and E91 protocols with SX‑gate operations. Using a 133‑qubit device and 128‑shot runs, they achieved zero error for BB84 and a 0.094 error rate for...
AI Didnt Break Cybersecurity
The author argues that AI did not break cybersecurity; longstanding governance failures did. AI merely amplified existing shadow‑IT practices and unclear risk ownership, exposing gaps that boards and CISOs have ignored. The piece calls for a shift from treating security...
Please Don’t Feed the Scattered Lapsus ShinyHunters
The Scattered Lapsus ShinyHunters (SLSH) extortion gang blends data theft with aggressive personal harassment, including swatting, DDoS attacks, and media pressure. Operating through chaotic Telegram channels linked to The Com cyber‑crime network, they target executives via phone‑based phishing and MFA...
Overview of Content Published in January
Didier Stevens published a concise January roundup highlighting two Python tool updates—zipdump.py 0.0.33 and hash.py 0.0.14—and three SANS Internet Storm Center diary entries covering a basic geography quiz, the release of Wireshark 4.6.3, and YARA‑X 1.11.0’s new hash function warnings....
Advances Quantum-Memory-Free QSDC with Privacy Amplification of Coded Sequences
Researchers from Georgia Tech and collaborators introduced a quantum‑memory‑free Quantum Secure Direct Communication (QSDC) protocol that relies on universal hashing and privacy amplification of coded sequences. The information‑theoretic analysis proves security against collective attacks without requiring quantum storage or complex...
WISeKey Advances Post-Quantum Space Security with 2026 Satellite PoCs
WISeKey International announced proof‑of‑concept testing of post‑quantum cryptography on satellites in late 2025, with a fully operational quantum‑resistant satellite slated for launch in the second quarter of 2026. The initiative combines hybrid Triple Key Encapsulation Mechanisms that blend PQC algorithms with...