News•Feb 20, 2026
GitLab Extends Omnibus Package Signing Key Expiration to 2028
GitLab announced that the GPG key used to sign its Omnibus packages will now expire on February 16, 2028, extending the previous 2026 deadline. The key, which authenticates package integrity across CI pipelines, remains separate from repository metadata signing keys and the Runner signing key. GitLab chose to extend the key’s lifespan rather than rotate it to minimize disruption for downstream users. Users who validate package signatures should refresh their local copy of the public key.
By GitLab Blog
News•Feb 19, 2026
Security as a Service Enhances Federal Cybersecurity and Improves Scalability
Federal agencies are increasingly turning to Security as a Service (SECaaS) to maintain cyber defenses amid staffing cuts and the recent shutdown. The Navy, VA, Energy, Justice and Homeland Security rely on FedRAMP‑authorized AWS and Azure tools such as GuardDuty,...
By FedTech Magazine
News•Feb 19, 2026
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
Chiplet technology is reshaping semiconductor design by allowing modular, mix‑and‑match silicon components, accelerating AI data‑center and autonomous‑vehicle development. However, the distributed manufacturing model creates new supply‑chain vulnerabilities, as a single compromised chiplet can introduce hardware Trojans that affect entire systems....
By Dark Reading
News•Feb 19, 2026
Meriden, Connecticut Shuts Down City Internet After Disruption Attempt
Meriden, Connecticut, temporarily shut down its municipal internet and public Wi‑Fi after detecting an attempted cyber disruption. The city’s IT department isolated the network within minutes, limiting impact to non‑essential municipal operations while emergency services remained functional. Police have opened...
By DataBreaches.net
News•Feb 19, 2026
NSA Issues Guidelines on Zero Trust Architecture
The National Security Agency has issued a two‑phase Zero Trust Implementation Guidelines to help organizations adopt zero‑trust architecture in line with Department of Defense standards. The guidance details specific activities and requirements, acknowledging that implementation can be resource‑intensive and costly....
By AHA News – American Hospital Association
News•Feb 19, 2026
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
Dark Reading reported that the npm package for Cline version 2.3.0 was compromised, causing it to silently download the OpenClaw tool during an eight‑hour window. The breach stemmed from a prompt‑injection flaw that allowed an attacker to steal release tokens and...
By Dark Reading
News•Feb 19, 2026
FBI Says ATM ‘Jackpotting’ Attacks Are on the Rise, and Netting Hackers Millions in Stolen Cash
ATM jackpotting has shifted from a security demo to a lucrative crime, with hackers now pulling millions from cash dispensers. The FBI reports over 700 attacks in 2025 alone, netting at least $20 million in stolen cash. The primary tool, Ploutus...
By TechCrunch (Cybersecurity)
News•Feb 19, 2026
4 Reasons Cybersecurity Stocks Are Primed for a Breakout
Cybersecurity stocks have lagged behind the broader software sector this year, with the Amplify Cybersecurity ETF down 4.8% while the S&P 500 barely rose. Jefferies analyst Joseph Gallo argues the sell‑off is overstated, pointing to rising AI‑driven threat vectors and strong...
By MarketWatch – ETF
News•Feb 19, 2026
How Mycroft Scaled to over 100 Customers without a Playbook
Mycroft, a Canadian AI‑driven cybersecurity startup, has surpassed 100 B2B customers and is approaching $2 million CAD in ARR after a $3.5 million USD seed round. Founder Mike Kim built the platform as a virtual CISO, using AI agents to automate policy...
By BetaKit (Canada)
News•Feb 19, 2026
US Dominance of Agentic AI at the Heart of New NIST Initiative
The U.S. National Institute of Standards and Technology (NIST) has launched the AI Agent Standards Initiative under the Center for AI Standards and Innovation (CAISI) to develop industry‑led standards for autonomous AI agents. The effort aims to cement U.S. leadership,...
By CSO Online
News•Feb 19, 2026
Google’s Tensor G6 Rumored to Be Paired with New Titan M3 Security Coprocessor
Google is reportedly developing a third‑generation Titan M security coprocessor, dubbed Titan M3, for its upcoming Tensor G6 chipset, internally codenamed “Google Epic.” Leaked internal listings reference firmware named “longjing,” suggesting the chip is in early development. The move appears aimed at narrowing...
By 9to5Google
News•Feb 19, 2026
We’re Not the only Ones Saying It: Windows 11 Desperately Needs a Single Privacy Toggle
Windows 11’s privacy controls are dispersed across multiple menus, forcing users to hunt through dozens of toggles to limit data collection. The operating system still enables telemetry by default, and many settings only reduce—not eliminate—Microsoft’s tracking. Users and tech writers are...
By Windows Central
News•Feb 19, 2026
Cyber Responses Will Be ‘Linked to Adversary Actions,’ Involve Industry: White House
The White House announced that future U.S. cyber responses will be directly linked to specific adversary actions and will involve close coordination with state and local governments as well as private‑sector operators of critical infrastructure. The approach will be codified...
By Defense One
News•Feb 19, 2026
HHS Burrows Into Identifying Risks to Health Sector From Third-Party Vendors
HHS is intensifying its focus on third‑party vendor security after the 2024 Change Healthcare ransomware attack, which exploited a remote‑access portal lacking multifactor authentication and exposed the data of about 190 million individuals. The breach threatened the liquidity of the entire...
By CyberScoop
News•Feb 19, 2026
ONCD Official Says Trump Administration Aims to Bolster AI Use for Defense without Increasing Risk
The Office of the National Cyber Director announced that the Trump administration will accelerate the deployment of AI-driven cyber defensive tools while safeguarding against expanded attack surfaces. Principal Deputy Assistant Cyber Director Alexandra Seymour said the effort will be coordinated...
By CyberScoop
News•Feb 19, 2026
Automating Unix Security Across Hybrid Clouds
The article introduces a “Patching as Code” framework that automates Unix security updates across hybrid‑cloud environments by containerizing the patching toolchain and driving it through a CI/CD pipeline. A CSV‑based schedule stored in Git triggers a Python controller that launches...
By DZone – DevOps & CI/CD
News•Feb 19, 2026
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
INTERPOL’s Operation Red Card 2.0, conducted from Dec 8 2025 to Jan 30 2026, resulted in 651 arrests across 16 African nations and the seizure of more than $4.3 million. The eight‑week crackdown exposed scams responsible for roughly $45 million in losses and identified 1,247 victims worldwide....
By The Hacker News
News•Feb 19, 2026
Better-Auth Flaw Allows Unauthenticated API Key Creation
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
By eSecurity Planet
News•Feb 19, 2026
When Air Gaps Are Not Enough—Managing File and Media Risk in Nuclear Facilities
Urenco, a global uranium enrichment firm, faced fragmented, manual controls for removable media and file transfers across its air‑gapped nuclear facilities. To achieve consistent security, it deployed OPSWAT’s MetaDefender platform, routing all devices through centralized, zero‑trust inspection checkpoints. The solution...
By POWER Magazine
News•Feb 19, 2026
Flaw in Grandstream VoIP Phones Allows Stealthy Eavesdropping
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
By BleepingComputer
News•Feb 19, 2026
MSP Next Dimension Consolidates Security Stack on Todyl Platform
Next Dimension has entered a strategic partnership with Todyl to migrate its managed security services onto Todyl’s cloud‑native platform, unifying SIEM, EDR and MXDR under a single console. The integration replaces fragmented toolsets with AI‑driven, contextual case management, cutting investigation...
By ChannelE2E
News•Feb 19, 2026
Google Blocked over 1.75 Million Play Store App Submissions in 2025
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
By BleepingComputer
News•Feb 19, 2026
Saving Banks From Technical Debt: How Atruvia Built Secure, Self-Service Infrastructure
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
By HashiCorp Blog
News•Feb 19, 2026
Chinese Telecom Hackers Likely Holding Stolen Data ‘in Perpetuity’ for Later Attempts, FBI Official Says
The FBI disclosed that the Chinese state‑backed group Salt Typhoon infiltrated dozens of telecom operators worldwide, exfiltrating data from over a million Americans. The hackers accessed U.S. lawful‑intercept systems, targeting communications of senior officials in a campaign that began at least...
By FCW (GovExec Technology)
News•Feb 19, 2026
How to Create a Mobile Device Management Policy for Your Org
Mobile device management (MDM) policies are now a core governance tool for protecting data across corporate, BYOD, and hybrid workforces. The guide outlines five essential steps—defining purpose, engaging stakeholders, drafting usage rules, setting enforcement, and ongoing review—to build a robust...
By TechTarget SearchERP
News•Feb 19, 2026
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
By SC Media
News•Feb 19, 2026
Federal AI Series: Security Priorities
Federal agencies are rapidly integrating artificial intelligence, prompting heightened focus on securing the underlying data and systems. Zscaler’s Federal Field CTO Chad Tetreault outlined the evolving AI threat landscape, highlighting supply‑chain vulnerabilities, data‑poisoning, prompt‑injection, and emerging agentic AI risks. He...
By GovernmentCIO Media & Research
News•Feb 19, 2026
Remcos RAT Expands Real-Time Surveillance Capabilities
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
By Infosecurity Magazine
News•Feb 19, 2026
Palo Alto Networks CEO Sees AI as Demand Driver, Not a Threat
Palo Alto Networks CEO Nikesh Arora told investors AI will drive, not diminish, cybersecurity demand. He argued AI expands attack surfaces, creating new risk categories that require robust security solutions. The company posted 15% year‑over‑year revenue growth to $2.6 billion and...
By Cybersecurity Dive (Industry Dive)
News•Feb 19, 2026
Analysis: Palo Alto Networks Vs. Everyone
Palo Alto Networks marked the two‑year anniversary of its platformization strategy, a move that initially sank its stock but has since become an industry standard. CEO Nikesh Arora highlighted a “flywheel” effect as new customers consolidate tools onto Palo Alto’s...
By CRN (US)
News•Feb 19, 2026
ICO Wins Appeal over Data Protection Obligations in Currys Cyber Attack
The UK Court of Appeal upheld the Information Commissioner’s Office decision to fine Currys Group Ltd (formerly DSG Retail) £500,000 for failing to protect personal data after a 2017‑18 cyber‑attack. The ruling confirms that organisations must safeguard all personal data,...
By ComputerWeekly – DevOps
News•Feb 19, 2026
The New Geography of Enterprise Risk
Enterprises are seeing risk migrate from downstream system failures to upstream decision‑making as software adoption cycles shrink. Identity and access management, once a gatekeeper for core systems, now sits at the top of the IT stack, shaping workflows, roles, and...
By TechTarget SearchERP
News•Feb 19, 2026
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
By Infosecurity Magazine
News•Feb 19, 2026
University of Mississippi Medical Center Closes All Clinics in Wake of Cyberattack
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
By DataBreaches.net
News•Feb 19, 2026
Connected and Compromised: When IoT Devices Turn Into Threats
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
By Dark Reading
News•Feb 19, 2026
Adronite Secures $5M Series A to Scale AI Code Platform
Adronite announced a $5 million Series A round led by Gatemore Capital Management, appointing Gatemore’s Liad Meidar as board chair. The funding will accelerate development of its AI‑powered platform that scans entire software codebases across more than 20 languages, delivering deterministic, explainable...
By Just AI News
News•Feb 19, 2026
Criminals Outpacing Banks as Firms Struggle with AI Defence, Report Warns
A new State of Financial Crime 2026 report from ComplyAdvantage reveals that financial institutions are falling behind AI‑enabled criminal networks. Over 600 senior compliance leaders reported 99% detection weaknesses, with only 33% employing AI for core AML functions and manual...
By The Fintech Times
News•Feb 19, 2026
How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
By Docker – Blog
News•Feb 19, 2026
Google's Air Gapped Cloud Gets "Public-Like" Networking
Google Cloud has unveiled a new networking layer that gives its air‑gapped, confidential computing environments public‑like connectivity. The feature leverages zero‑trust VPC Service Controls to keep workloads isolated while allowing them to communicate with external services as if they were...
By The Stack (TheStack.technology)
News•Feb 19, 2026
Industrial Control System Vulnerabilities Hit Record Highs
Forescout’s 2026 report shows industrial control system (ICS) advisories surpassed 500 in 2025, the highest level since tracking began. The 2,155 CVEs tied to those advisories pushed average CVSS scores above 8.0, reflecting increasingly critical flaws. Manufacturing and energy assets...
By Infosecurity Magazine
News•Feb 19, 2026
Belkasoft Advances AI-Assisted DFIR With Major Update To Belkasoft X And BelkaGPT
Belkasoft released a major update to its DFIR platform Belkasoft X and the offline AI assistant BelkaGPT. The upgrade adds context‑aware conversational Q&A, expands relevance scoring to up to ten artifacts, and introduces a GPU‑enabled BelkaGPT Hub for media processing. It...
By Forensic Focus
News•Feb 19, 2026
How This Cybersecurity Firm’s Graph Database Investment Is Paying Off
Darktrace, fresh from its $5.3 billion Thoma Bravo acquisition, migrated its security platform to Amazon Neptune, a managed graph database, to map threats across complex cloud environments in real time. The shift enables multi‑hop relationship queries that relational databases struggle with at...
By The Stack (TheStack.technology)
News•Feb 19, 2026
Data Protection Failures on Moldovan Portals Leave Citizens at Risk
Moldovan job‑seeker portal cariere.gov.md exposed 7,758 applicant dossiers, including personal IDs, medical forms and criminal records, due to a lack of authentication. The data were accessible simply by altering a URL parameter, revealing nearly 19,000 JSON files. After a researcher...
By DataBreaches.net
News•Feb 19, 2026
How MSPs Can Ensure Regulatory Compliance and Secure Sensitive Data
Managed Service Providers (MSPs) serving healthcare, finance and legal sectors must embed regulatory expertise into every service layer to meet HIPAA, SEC, FINRA and related compliance mandates. The article outlines how MSPs can implement encryption, MFA, role‑based access, documentation and...
By ChannelE2E
News•Feb 19, 2026
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new phishing kit called Starkiller has emerged on the dark web as a commercial‑grade, subscription‑based service. It proxies live login pages through attacker‑controlled infrastructure, eliminating static HTML templates and allowing real‑time credential capture. By routing authentication traffic through the...
By Infosecurity Magazine
News•Feb 19, 2026
Stephen Chapman Praises UK Passport System, Calls for International Standards to Support National Systems
Stephen Chapman, a veteran UK passport official, lauded the country's end‑to‑end passport issuance system for its efficiency, security, and alignment with ICAO standards. He warned that rising fraud and border‑security threats are driving the adoption of advanced features such as...
By Identity Week
News•Feb 19, 2026
Québec Has a New Digital Sovereignty Plan. Will It Work?
Quebec announced a $1.4 billion digital sovereignty plan to shift data hosting and procurement to local providers, aiming to reduce reliance on US tech giants. The policy emphasizes sovereign cloud services, hydro‑powered data centres, and free‑software development. However, recent cost‑overrun scandals...
By BetaKit (Canada)
News•Feb 19, 2026
Using AI to Generate Passwords Is a Terrible Idea, Experts Warn
Cybersecurity firm Irregular found that popular AI chatbots such as ChatGPT, Claude, and Google Gemini generate highly predictable passwords with low entropy. Tests showed repeated strings and narrow character selection, yielding only about 27 bits of entropy for a typical...
By ITPro
News•Feb 19, 2026
PromptSpy Ushers in the Era of Android Threats Using GenAI
ESET researchers have identified PromptSpy, the first Android malware that leverages Google’s Gemini generative AI to maintain persistence on infected devices. The AI receives a real‑time XML snapshot of the screen and returns JSON‑formatted tap instructions, allowing the app to...
By WeLiveSecurity
News•Feb 19, 2026
USB Drives and the Hidden Front Door Into Secure Systems for Startup Security
Removable media remains a critical attack vector despite the rise of cloud‑based file sharing. Recent Honeywell research shows USB drives are increasingly used to deliver malware in industrial environments, and historic incidents like Stuxnet illustrate how air‑gapped networks can be...
By Startups Magazine