Multi-Stage "BadPaw" Malware Campaign Targets Ukraine
ClearSky researchers have uncovered a new malware campaign dubbed “BadPaw” that exploits the Ukrainian email provider ukr.net to lend credibility to phishing messages. The attack delivers a ZIP archive that actually contains a hidden HTA application, which checks system age to evade sandboxes before installing a multi‑stage backdoor called MeowMeowProgram.exe. Persistence is achieved through a scheduled VBS script that extracts code steganographically from an image, and only nine antivirus engines flagged the payload at analysis time.
Privacy-First IOT: Why Retail and Public Spaces Are Moving Away From Camera-Based Analytics
Retailers and public‑space operators are abandoning camera‑based analytics in favor of radar‑based people counting solutions that respect privacy. Traditional video systems capture personally identifiable information, triggering GDPR obligations, costly consent processes, and public distrust. Radar sensors operating at 60 GHz millimetre‑wave...
Webinar: The True State of Security 2026
Storyblok’s "True State of Security 2026" webinar brings together its VP of Engineering, Information Security Manager, and content marketer to challenge the prevailing AI‑centric security narrative. The presenters argue that AI, while a genuine risk, has become a costly distraction,...
Thales Updates and Enhances Naranja X’s Payment Security
Thales announced that Argentina fintech Naranja X has expanded its use of the Thales D1 Platform, adding Entersekt’s authentication suite to secure online payments. The cloud‑native solution enables tokenized Apple Pay and Google Pay wallets and implements 3‑DS protocols for e‑commerce. Naranja X reports over...
Pentagon Vendor Cutoff Exposes the AI Dependency Map Most Enterprises Never Built
The Pentagon’s six‑month ban on Anthropic’s Claude has exposed a blind spot in enterprise AI risk management: most firms cannot map the full chain of AI model dependencies. A Panorays survey shows only 15% of CISOs have complete visibility, while...
Zero Trust Vendor Keeper Security Delivering New Partner Program Benefits for MSPs
Keeper Security announced its 2026 MSP partner program, introducing four tiered levels—Authorized, Silver, Gold and Platinum—with revenue‑based discounts and expanded market development funds. The program centers on KeeperPAM, an AI‑enabled, cloud‑native privileged access management solution that delivers zero‑trust encryption across...
Over 1,200 IceWarp Servers Still Vulnerable to Unauthenticated RCE Flaw (CVE-2025-14500)
A critical unauthenticated remote code execution flaw (CVE-2025-14500) affects IceWarp's business communication platform, allowing attackers to execute OS commands as root or SYSTEM. The vulnerability, rooted in improper handling of the X‑File‑Operation header, was disclosed in September 2025 and patched...
Amex Taps Customers for Fraud Fight
American Express is leveraging direct conversations with cardholders who have faced fraud to gather real‑time intelligence on scam tactics. The data helps the firm refine detection models as U.S. consumers lost $12.5 billion to fraud in 2024, a 25 percent rise. Executives...
Siemens Delivers Verified AI-Driven Cybersecurity Solution for Industrial 5G with Palo Alto Networks
Siemens announced a verified AI‑driven cybersecurity solution for private industrial 5G networks, developed with Palo Alto Networks. The offering integrates Siemens’ private 5G infrastructure, the SINEC Security Monitor, and Palo Alto’s next‑generation firewall optimized for OT protocols, delivering IEC 62443‑grade protection...
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free, cracked software inadvertently introduce malware into corporate networks, according to Barracuda’s recent findings. The illicit installers often disable antivirus and embed payloads such as infostealers, cryptominers, and ransomware, leading to complex remediation that may require full system...
As Market Pivots Toward Identity Resilience, iProov Surpasses 1M Daily Transactions
iProov, the leading science‑based biometric verification provider, announced it processed over one million daily transactions in 2025, marking a milestone in high‑assurance identity checks. The surge coincides with a Gartner‑reported 62% of organizations suffering deep‑fake attacks, prompting a market shift...
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group uncovered a powerful iOS exploit kit called Coruna, covering iOS 13.0 through 17.2.1 with five full exploit chains and 23 vulnerabilities that use non‑public techniques. The kit first appeared in targeted surveillance operations, then in Ukrainian‑focused...
How CIOs Can Build an Evolving Crisis Strategy
CIOs must treat crisis strategies as living documents, revisiting them at least quarterly as new services, integrations, and threat vectors emerge. Experts from Pynest, Tufin, and Euristiq stress defining clear decision‑making roles, integrating automation, and simplifying language to ensure rapid...
LastPass Issues Alert as Customers Face Second Major Phishing Campaign of 2026
LastPass warned customers of a new phishing wave that mimics internal email threads and uses display‑name spoofing to appear legitimate. The messages, sent from unrelated domains, direct recipients to a fake verify‑lastpass.com site and its numbered variants to harvest credentials....
VoidLink Malware Framework Targets Kubernetes and AI Workloads in New Cyber Attack Wave
VoidLink is a new Linux‑based malware framework that specifically targets Kubernetes clusters and AI workloads, using fileless, in‑memory techniques to remain invisible. The framework fingerprints cloud environments, harvests credentials and metadata, and can compile payloads on demand for AI‑enabled attacks....
Defusing the MCP Ticking Time Bomb
The AI Accelerator Institute highlighted a looming security crisis in Model Context Protocol (MCP) deployments after analyzing 281 MCP servers and finding that ten of them carry a 92% security risk. The report warns that vulnerabilities such as prompt injection,...
Njordium Vendor Management System Eliminates Duplicate Third-Party Assessments
Njordium Cyber Group unveiled its Vendor Management System (VMS), a platform that consolidates third‑party risk assessments to satisfy Europe’s overlapping regulations in a single run. The solution claims to replace up to five parallel assessments with one, automatically generating outputs...
New RFP Template for AI Usage Control and AI Governance
Enterprises are finally allocating budgets for AI security, but many lack clear requirements. A new RFP template reframes AI protection as an interaction‑level problem rather than an app‑cataloging exercise, enabling tool‑agnostic control. It exposes the blind spots of legacy CASB/SSE...
Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows
The OpenID Foundation released a report urging the creation of a global digital‑estate framework to protect deceased users’ online accounts. It warns that the absence of consistent standards leaves devices, social media, email and cryptocurrency vulnerable to fraud, especially as...
Protecting Education: How MDR Can Tip the Balance in Favor of Schools
The education sector faces escalating cyber threats from ransomware gangs, nation‑state actors, and AI‑enabled attackers, putting student data and learning continuity at risk. In the first half of 2025 ransomware incidents rose 23 % year‑over‑year, while infostealer‑as‑a‑service lowers entry barriers for...
The Most Important Google Setting You Aren't Using
Google’s free "Results About You" tool lets users request removal of personal details—such as name, address, phone number—from Google Search results. The service automatically scans the web, notifies users when new data appears, and allows both automated and manual removal...
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers discovered three malicious Laravel packages on Packagist—nhattuanbl/lara-helper, simple-queue, and lara-swagger—that install a cross‑platform remote access trojan (RAT) on Windows, macOS, and Linux. The RAT connects to a C2 server at helper.leuleu.net, gathers system data, and executes commands via...
Anthropic AI Ultimatums and IP Theft: The Unspoken Risk
Anthropic’s Claude AI is caught between a massive Chinese extraction campaign and a U.S. government ban that forces the model out of federal systems. China‑based firms generated over 16 million interactions to map Claude’s reasoning, tool use and coding abilities, while...
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware groups are weaponizing Microsoft’s Azure data‑transfer tool AzCopy to steal large volumes of data before encrypting victims’ systems. By leveraging valid Azure credentials and Shared Access Signature tokens, attackers can silently upload files to attacker‑controlled Blob storage using standard...
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A critical privilege‑escalation flaw was found in IPVanish VPN for macOS, allowing any local, unprivileged user to execute arbitrary code as root. The vulnerability resides in the helper tool "com.ipvanish.osx.vpnhelper," which accepts unauthenticated XPC connections and skips code‑signature verification for...
ArmorCode AI Exposure Management Identifies, Governs, and Reduces Shadow AI Risk
ArmorCode introduced AI Exposure Management (AIEM) on its Agentic AI Platform, expanding its unified exposure management suite. AIEM continuously ingests AI usage signals from security tools, creating a centralized inventory and assigning ownership to mitigate shadow AI. The solution offers...
Arkose Device ID Uses AI to Recognize Devices Across Changing Fingerprints
Arkose Labs unveiled the latest version of Arkose Device ID within its Arkose Titan platform, adding AI‑driven similarity analysis to traditional exact‑match identification. The enhancement allows persistent device recognition even as fingerprints evolve, reducing fraud from identity‑fragmentation attacks while keeping...
Kaspersky Enhances Its Security Awareness Platform with SCORM & PDF Support
Kaspersky has upgraded its Automated Security Awareness Platform (ASAP) to include native support for SCORM and PDF content. The addition lets organizations upload, track, and manage custom e‑learning modules and PDF training materials alongside Kaspersky’s expert‑driven scenarios. This flexibility helps...
How to Know You’re a Real-Deal CSO — and Whether that Job Opening Truly Seeks One
Recruiters struggle to find genuine Chief Security Officers (CSOs) because the role now demands deep technical expertise, business acumen, and executive communication. Title inflation leads firms to hire or promote candidates who excel in architecture but lack governance, risk‑prioritization, and...
Would You Trust an AI Pentester to Work Solo?
Security leaders face mounting pressure to outpace threats while accelerating AI adoption, yet only 36% are satisfied with current pentesting providers. AI‑powered pentesting promises unprecedented speed and scale, scanning massive codebases in minutes, but it falls short on contextual judgment,...
Moving From License Plates to Badges: The Gateway Authorization Proxy
Cloudflare unveiled the Gateway Authorization Proxy, a client‑less solution that shifts identity verification from the endpoint to the network. By integrating Cloudflare Access login and signed JWT cookies, the proxy can authenticate users on any device that reaches the Internet,...
GDS Sets Out the Principles for Secure Personal Data
The UK Government Digital Service (GDS) released the “Principles for Securing Personal Data in Government Services,” a ten‑point framework to help departments share personal data securely and comply with the Data Protection Act 2018 and UK GDPR. Developed by the Office of...
Defeating the Deepfake: Stopping Laptop Farms and Insider Threats
Cloudflare announced a partnership with Nametag to embed workforce identity verification into its Cloudflare One SASE platform, targeting the emerging "remote IT worker" fraud that leverages AI‑generated deepfake IDs and laptop farms. The integration uses OpenID Connect to require a...
CrowdStrike ‘Turbo Charging’ Security Platform Growth With Falcon Flex: CEO George Kurtz
CrowdStrike’s Falcon Flex subscription model propelled its ARR related to Flex deals 120% year‑over‑year to $1.69 billion, contributing to a total ARR of $5.25 billion for fiscal 2026. The company’s managed‑service‑provider (MSSP) channel surged past $1.3 billion, up from under $100 million three years earlier....
Microsoft: Securing AI Agents and Human Teams Crucial for Success
Microsoft’s inaugural Cyber Pulse AI Security Report reveals that over 80% of Fortune 500 firms already deploy low‑code AI agents, and the company forecasts 1.3 billion autonomous agents operating by 2028. Financial services account for roughly 11% of global agent activity, underscoring...
1,700 Dutch Police Officers Get Reminder Not to Access Files without Legitimate Purpose
The Dutch National Police identified roughly 1,700 officers who accessed internal systems without a clear operational need and will receive reminder letters. The audit was sparked by a query into the violent death of 17‑year‑old Lisa from Abcoude, which appeared...
Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure
India‑linked APT group Sloppy Lemming has accelerated its campaign, expanding its command‑and‑control infrastructure to over 112 Cloudflare‑hosted domains and deploying custom Rust‑based tools. The group now targets nuclear regulators, defense contractors, and critical infrastructure in Pakistan and Bangladesh, using phishing...
Eaton Bolsters Hospital Defenses as Healthcare Cybersecurity Act Arrives
Eaton announced a suite of infrastructure‑focused cybersecurity solutions to help hospitals comply with the Healthcare Cybersecurity Act of 2025. The portfolio includes network‑managed UPS systems, a gigabit Network M3 Card with secure boot and traffic filtering, and the Brightlayer digital power‑management...
National Guard Member’s Invention Allows Cyber Warfare Training on the Go
Senior Master Sgt. Taylor Gow unveiled the Agile Cyber Training Environment (ACTE), a backpack‑sized system that lets Massachusetts Air National Guard airmen conduct cyber‑warfare training anywhere. The invention, accepted into the Air Force’s Spark Tank 2026 competition, processes drone imagery...
Channel Partners Are Flying Blind on Network Risk as AI Traffic Surges
AI-driven workloads are reshaping enterprise traffic, creating sudden, high‑volume data bursts that bypass traditional monitoring points. As hybrid, multi‑cloud and edge environments proliferate, channel partners lose end‑to‑end visibility, exposing them to hidden performance and security risks. Legacy network tools, built...
FBI Reminds of Potentially Malicious Activity by Iranian Cyber Actors
The FBI has issued a reminder to critical‑infrastructure operators to adopt mitigations outlined in a June 2025 fact sheet targeting Iranian‑affiliated cyber actors. These actors, motivated by ongoing geopolitical tensions, frequently exploit unpatched software, default passwords, and internet‑exposed operational technology (OT)...
From Legacy to Leadership: Achieving Zero Trust Cybersecurity in Government with AI
Government agencies face mounting cyber threats as legacy systems impede Zero Trust adoption, with 66% citing outdated infrastructure as the biggest barrier. AI‑enhanced Zero Trust offers a pragmatic layer that integrates with existing environments, enabling adaptive authentication, real‑time monitoring, and...
CISA Report Updates Findings on RESURGE Malware Attacks
CISA issued an updated analysis of RESURGE malware on February 26, expanding the agency’s 2024 findings about the threat targeting Ivanti Connect Secure devices. The report reveals that RESURGE can persist silently on compromised VPN appliances and stay dormant until...
Federal Leaders Confront the Next Wave of AI Security Risks
Federal leaders highlighted escalating AI security risks at Zscaler’s Public Sector Summit, noting that over 70% of AI‑generated code goes unchecked and 90% of AI systems were compromised within 90 minutes in a recent red‑team test. The discussion emphasized the...
South Korea, Australia, Portugal Top OECD Digital Government Index for 2025
The OECD’s 2025 Digital Government Index (DGI) places South Korea at the top with a 0.95 composite score, followed by Australia (0.88) and Portugal (0.86). Korea is the only nation to break the 0.9 threshold across all six assessment categories,...
Cisco: AI Is a Double-Edged Sword in Industrial Networks
Cisco’s 2026 State of Industrial AI Report reveals AI is a double‑edged sword for industrial networking teams, simultaneously creating security challenges and offering defensive benefits. While 40% of surveyed professionals cite cybersecurity as a major barrier and 48% list it...
Preview of UK DVS Trust Framework 1.0 Shows What ‘Good Digital Identity Looks Like’
The UK government has released a pre‑release of Digital Verification Services (DVS) Trust Framework 1.0, superseding the Digital Identity and Attributes Trust Framework for business readiness. The new framework aligns formally with the Data (Use and Access) Act 2025 and...
Swiss E-ID Delayed to December, Renewed Focus on Security and Trustworthiness
Switzerland’s e‑ID programme, which barely passed a referendum with 50.39 % support, has been postponed to December 2026 to address security and trust concerns. The delay follows criticism over encryption gaps and data‑privacy safeguards, prompting new requirements such as a public register...
Newly Uncovered Open Server Exposes 676 Million US Identity Records Including SSNs
Cybersecurity firm SOCRadar discovered an unsecured Elasticsearch server hosting roughly 676 million U.S. identity records, including full Social Security Numbers, names, dates of birth, addresses, and phone numbers. The 91.72 GB dataset was publicly accessible without authentication, exposing more records than the...
Announcing Docker Hardened System Packages
Docker announced Docker Hardened System Packages, extending its Docker Hardened Images (DHI) security model to individual OS packages. The offering adds more than 8,000 hardened Alpine packages with Debian support slated soon, and maintains Docker’s SLSA Level 3 build pipeline and...