How to Keep Your Communications and Spaces Secure
Modern offices face a dual threat: physical eavesdropping devices and digital interception. Companies must treat spaces and communications as a unified security system, beginning with a realistic threat model that identifies what information matters and who might seek it. Core controls—end‑to‑end encryption, multi‑factor authentication, device hardening, and sound‑dampening meeting rooms—reduce exposure, while periodic professional sweeps verify that safeguards remain effective. Embedding these habits into culture turns security from a reactionary task into a routine business practice.
Kerem Proulx and Kyle Bhiro
Pensar, a startup that delivers continuous penetration testing through AI agents, closed a seed round led by Basis Set Ventures to accelerate its platform. Co‑founders Kerem Proulx and Kyle Bhiro combine deep cybersecurity expertise with entrepreneurial experience to embed security...
RSAC 2026: Swissbit Sets Stage for Post‑Quantum Hardware Authentication
Swissbit AG announced at RSA Conference 2026 that its iShield Key 2 hardware security key now integrates HID Seos credential technology for physical access and will soon support face‑biometric verification with liveness detection. The company also unveiled an early‑stage iShield Key PQC...
RSAC 2026: Commvault Connects AI Threat Detection, Investigation, and Trusted Recovery with Microsoft Security
Commvault Systems has deepened its partnership with Microsoft Security, linking its Cloud backup telemetry to Microsoft Sentinel and Security Copilot. The integration streams real‑time threat‑scan alerts into Sentinel and adds an Investigation Agent in Copilot that autonomously assesses breach scope...
Grameenphone Taps Mobileum to Address Rising 5G Security Threats
Mobileum has launched its AI‑driven risk management platform at Grameenphone, one of Bangladesh’s largest telecom operators. The solution is already cutting fraud exposure and improving customer experience on the carrier’s 5G network. Mobileum’s integrated suite combines roaming, security, testing, and...
Securing UALink in AI Clusters with UALinkSec-Compliant IP
Synopsys announced the UALinkSec_200 Security Module, the first hardware implementation that complies with the UALink 200 G specification’s security framework. The module provides end‑to‑end AES‑GCM encryption and authentication at the full 200 GT/s lane rate, integrating with Synopsys’ UALink controller IP and...
MoltbookThreat Modeling Report
The report applies the CSA MAESTRO framework to dissect security flaws in the Moltbook forum and OpenClaw AI‑agent ecosystem. It documents a rapid surge to 1.6 million registered agents, multiple high‑severity CVEs—including CVE‑2026‑25253 with a CVSS of 8.8—and a massive data leak...
Quantum-Resistant Cryptography Breakthrough: The Race to Secure Our Digital Future
Researchers at the Global Quantum Security Institute unveiled ShieldQ, a new lattice‑based cryptographic algorithm designed to resist attacks from both classical and quantum computers. The open‑source solution promises only a 15% performance overhead, making it viable for existing financial, cloud...
Huntress Brings ITDR to Google Workspace as Identity Attacks Surge
Huntress announced the extension of its Managed Identity Threat Detection and Response (ITDR) solution to Google Workspace at RSA Conference, joining its existing coverage of Microsoft 365. The company now protects more than 10 million Microsoft 365 identities across 93,000 organizations,...
The Scrapers At MyChart's Gate
Fan Pier Labs released an open‑source MyChart connector that automates login, 2FA, and exposes 35+ tools to read and write patient data via the web UI. Unlike official FHIR APIs, it can perform any action a patient can, including messaging providers and...
Asia Daily: March 24, 2026
Hong Kong amended its national security law, granting police authority to demand passwords and decryption tools, with up to one year in jail for refusal. A U.S. report warns that retirements and a steep drop in students studying China will...
Ronald Stein: Security Experts Concerned on Potential Harm of EV Batteries
Cybersecurity and national‑security experts are warning that electric‑vehicle lithium‑ion batteries could be weaponized in terrorist attacks or insider sabotage. The concern stems from the inherent fire and explosion risks of battery chemistry, amplified by the recent Moss Landing plant fire...
The Dark Reality of Meta’s AI Glasses for Women
Meta’s AI‑enabled smart glasses are being marketed as hands‑free wearables, but women report being filmed without consent as the discreet camera and coverable LED indicator enable covert recording. Victims say videos are uploaded to social platforms, drawing abusive commentary and...
In 7 Months, 90% of Americans Will Vote on Easily Hackable Machines That Leave No Evidence of Tampering
In January 2024, Princeton researcher J. Alex Halderman demonstrated in federal court that a Dominion voting machine could be hijacked using a ballpoint pen, a $20 card reader and a $30 homemade smart card, exposing a vulnerability that leaves no...
QNAP Fixed Four Vulnerabilities Demonstrated at Pwn2Own Ireland 2025
QNAP has patched four critical SD‑WAN router vulnerabilities (CVE‑2025‑62843 to CVE‑2025‑62846) that were exploited by Team DDOS at Pwn2Own Ireland 2025, earning a $100,000 bounty. The flaws allowed privilege escalation through physical access, weak LAN authentication, an SQL injection, and...
Access to Registry Data
A University College Dublin lecturer has been charged with unlawfully accessing personal data of more than 100 students and using it to harass them. The alleged breach involved malware that captured student passwords, allowing the lecturer to view addresses, phone...
Routers Replace PCs as Primary Threat Vector in Evolving Device Risk Landscape
Forescout’s 2026 Riskiest Connected Devices report shows routers have overtaken PCs as the top enterprise threat vector, accounting for roughly one‑third of critical vulnerabilities. On average, routers and switches now expose about 32 flaws each, and 75% of the riskiest...
Pro-Iranian Nasir Security Is Targeting Energy Companies in the Gulf
Resecurity has identified a nascent Iran‑linked cybercriminal group, Nasir Security, that is systematically targeting energy firms across the Gulf through supply‑chain compromises. The attackers focus on engineering, construction and safety vendors, stealing authentic contracts, risk‑assessment reports and schematics via business‑email‑compromise...
What Fund Managers Need to Know About Cybersecurity Risks
Fund managers are increasingly treating cyber risk as a core operational concern, not just an IT issue. A stolen password or phishing scam can halt trading, delay reporting, and erode investor trust, prompting regulators like the SEC to tie cybersecurity...
Cohesity Strengthens Data Protection and Security to Advance Enterprise AI Resilience
Cohesity unveiled a suite of upgrades to its data protection and security platform, adding sovereign‑cloud partnerships, integrated threat‑scanning capabilities, and a new Data Security Posture Management solution powered by Cyera. The company also launched an Enterprise AI Resilience strategy and...
3-2-1-1-0 Is the New 3-2-1 – Maximizing Data Security on Asustor
Asustor is expanding the classic 3‑2‑1 backup rule to a new 3‑2‑1‑1‑0 framework, adding an offline or immutable copy and zero‑error verification. The company’s MyArchive hardware creates air‑gapped removable drives, while its WORM storage locks data against alteration. Asustor also...
Black Duck Launches Signal to Tackle the Security Risks of AI-Generated Code
Black Duck announced the general availability of Black Duck Signal, an AI‑driven application security platform built to protect code generated by AI coding assistants. Unlike traditional rule‑based AST tools, Signal employs a suite of specialized AI agents powered by the...
What the Heck Are Passkeys? And Should I Be Using Them?
Passkeys are a password‑less authentication method that stores cryptographic keys on a user’s device. When logging in, the device verifies the user locally via PIN or biometrics, then signs a server‑issued challenge with a private key, sending only the public...
Q&A: “If It’s Not Secure, You Can’t Trust It”
Dewayne Hart, a former U.S. Navy chief and founder of Secure Managed Instructional Systems, emphasizes that trustworthy AI must be built with security‑by‑design. He identifies phishing, ransomware, and third‑party vendor risk as the most damaging cyber threats facing enterprises today....
The Unwitting Fleet
Commercial vessels now act as a global, low‑cost intelligence platform, broadcasting AIS positions, voice and data traffic through often unencrypted VSAT links. A March 2025 cyber‑attack on Iran’s state‑owned fleet, which disabled satellite communications on 116 ships, revealed how a...
What Does TOTP Protect From?
Time‑based One‑Time Passwords (TOTP) rely on a shared secret stored on both client and server, making the secret a single point of failure if the server is breached. The author argues that TOTP’s strongest defense is against client‑side ransomware or...
When Alignment Becomes an Attack Surface: Prompt Injection in Cooperative Multi-Agent Systems
A new research proposal augments the GovSim multi‑agent platform with a Prompt Infection (PI) module, allowing LLM agents to transfer resources that mimic data theft. The study will vary communication norms, network size, and defensive mechanisms such as police agents...
The Day Meta’s AI Agent Broke Least Privilege: A MAESTRO Deep-Dive You Can’t Ignore
Meta’s internal LLM‑driven AI agent unintentionally posted remediation guidance to a public engineering thread, prompting a human to apply a mis‑configured access‑control change. The change exposed large volumes of internal and user data for roughly two hours before a SEV1...
Agent Skill Trust & Signing Service
The blog introduces Skill Trust & Signing Service (STSS), an open‑source layer that secures AI agent skills before execution. It highlights how malicious post‑install scripts and hidden prompts can give attackers full access to an agent’s environment, a risk far...
Deepfakes, Scams, and Small Business Security (6 Prompts)
An event‑security firm nearly fell victim to a deepfake voice scam that demanded a $5,000 emergency deposit. Fraudsters leveraged Deepfake‑as‑a‑Service to clone a supervisor’s voice from a brief social‑media clip, putting small businesses at risk of costly losses or liability....
NemoClaw Review: Strong Security Design, Rough Setup Experience
NVIDIA’s NemoClaw adds a security‑first layer to autonomous AI agents, introducing real‑time monitoring, declarative policies, and sandbox isolation. Built on the open‑source OpenClaw stack, it requires manual approvals for flagged actions, tightening control but slowing time‑sensitive workflows. Deployment hinges on...
SEALSQ Deploys Post-Quantum Cryptography to Bolster Blockchain Security
SEALSQ Corp is integrating NIST‑selected post‑quantum cryptographic algorithms, notably CRYSTALS‑Kyber and CRYSTALS‑Dilithium, into its secure elements and TPM‑class chips to create a hardware root‑of‑trust for blockchain keys. The company is partnering with Swiss platform WeCan to embed these algorithms in...
GAO Evaluation of CMMC Program and Important Information for Defense Contractors
The Government Accountability Office released a report reviewing the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, calling it fundamentally sound but in need of adjustments. GAO highlighted gaps in external factor analysis, such as the limited pool of...
Big Tech Signs Anti-Scam Pact as AI-Driven Fraud Surges
Google, Microsoft, Meta, Amazon and OpenAI announced a voluntary anti‑scam accord aimed at curbing the surge of AI‑driven fraud. The pact commits the signatories to share threat intelligence, coordinate investigations and harmonize detection models across their platforms. With global scam...
Denver’s Crosswalks Hacked to Broadcast Anti-Trump Messages
In Denver, two newly installed pedestrian‑crossing audio units were hacked to broadcast profanity‑laden anti‑Trump messages, startling commuters. The intrusion leveraged factory‑default passwords, a vulnerability previously exploited in crosswalk systems in California and Seattle. City officials confirmed the devices were activated...
Cybersecurity Isn’t Just a Safeguard — It Can Help Businesses Perform Better
A new study by Binghamton University’s School of Management examined conference‑call transcripts of top‑tier U.S. public firms from 2000 to 2023 and found that explicit cybersecurity readiness signals boost financial performance. The researchers used a keyword‑driven algorithm to measure how...
GUEST ESSAY: Executives Trust AI Security Even as Security Teams Confront Blind Spots, New Risks
Recent Manifest Cyber research reveals a stark confidence gap: 80% of executives believe their AI systems are well‑secured, while just 40% of application security practitioners share that view. The study also found that 63% of organizations have uncovered “shadow AI”—unaudited...
French Aircraft Carrier Charles De Gaulle Tracked via Strava Activity in OPSEC Failure
Le Monde reported that a French Navy officer unintentionally disclosed the real‑time position of the aircraft carrier Charles de Gaulle by uploading a public Strava run from the deck. The data showed the carrier sailing in the Mediterranean near Cyprus...
OWASP AIVSS Project Announces the Release of v0.8 Scoring System for Agentic AI Security Risks in Co-Publication with AIUC-1 and...
The OWASP Agentic AI Vulnerability Scoring System (AIVSS) released version 0.8 on March 19, 2026, incorporating over 1,900 public comments and new mappings to AIUC‑1, NIST AI RMF, and CSA MAESTRO. The update adds a refined quantitative model, revised core risks, enhanced usability, and...
Salt Security Launches Agentic Security Platform for the AI Stack Across LLMs, MCP Servers and APIs
Salt Security unveiled the Agentic Security Platform, a unified solution that protects the entire AI agent stack—including large language models (LLMs), MCP servers, and APIs—by mapping their interconnections into an Agentic Security Graph. The platform adds two core capabilities: Agentic...
Navigating the Cybersecurity Challenges of Artificial Intelligence in Medicine
Artificial intelligence is rapidly entering clinical workflows, from diagnostic algorithms to administrative tools, but its adoption creates a new attack surface for cybercriminals. Sensitive health records used to train AI models are attractive ransomware targets, and third‑party AI platforms often...
Hacking a Robot Vacuum
A recent hack of a robot vacuum highlighted the pervasive insecurity of connected consumer devices. Manufacturers often ship IoT products with weak authentication, unencrypted communications, and no reliable patching process. The incident underscores a broader industry trend that prioritizes rapid...
Nemoclaw Helps. The Real Enterprise Problem Remains
Nvidia’s Nemoclaw adds a strict sandbox layer to the OpenClaw agent runtime, enforcing network, filesystem and inference policies by default. However, it does not address OpenClaw’s core enterprise challenge: hostile multi‑tenant isolation on a shared gateway. The OpenClaw Tenant Wrapper...
Altermagnetism for Storage, and DailyObjects’ Unimpressive Loft
Meta Platforms announced it will discontinue end‑to‑end encryption for Instagram direct messages after May 8, prompting users to download any needed data. Researchers in Japan reported that ruthenium dioxide (RuO₂) thin films exhibit altermagnetism, a property that could help resolve the...
Intel Ends Work On Open-Source kAFL-Fuzzer For Fuzzing VMs
Intel has officially archived the kAFL‑Fuzzer front‑end repository, ending development of its hardware‑assisted feedback fuzzer for x86 virtual machines. The project, part of Intel Labs' security research, saw activity dwindle last year with no new commits. While the core kAFL...
Health Care Cyberattacks Expose a Critical National Security Failure
The Iranian‑linked Handala Team launched a wiper attack on Stryker Corporation on March 11, destroying the Lifepak cardiac monitor network that links ambulances to hospitals. The outage halted real‑time ECG transmission in Maryland, jeopardizing STEMI patients and exposing the shared vulnerability...
When the Atom Becomes the Target: Poland’s Nuclear Research Centre Repels a Cyberattack
On March 12, 2026 Poland’s National Centre for Nuclear Research (NCBJ) thwarted a cyber intrusion targeting its IT network. The breach was identified and contained before any disruption to the MARIA research reactor or ongoing scientific work. Preliminary analysis points...
‘75M Salesforce Records Exposed’ in Loblaw Breach: Hacker’s Deadline Approaches
Canada's largest grocer, Loblaw, disclosed a data breach affecting an estimated 75.1 million Salesforce records, 19.3 million Oracle IDCS identities, and additional datasets. The breach, discovered on a non‑critical network segment, exposed names, phone numbers and email addresses but no...
America Is Digitally Fragile — and Our Adversaries Know It
The opinion piece warns that America’s critical infrastructure has become digitally fragile, with adversaries like China embedding persistent footholds in water, energy, telecom and port systems. U.S. cyber strategy remains episodic and reactive, allowing hostile actors to pre‑position capabilities before...
5 Common Signs of Email Fraud
The post outlines five tell‑tale signs that an email is likely fraudulent, including urgent language, mismatched sender addresses, unexpected attachments or links, poor spelling and grammar, and requests for personal or financial information. It emphasizes that these cues are common...