News•Feb 16, 2026
Firewall Penetration Testing: Definition, Process and Tools
The episode explains firewall penetration testing, detailing its purpose of validating filtering rules and boundary controls to prevent unwanted traffic. It walks through a 14‑step methodology—from discovery and port scanning to firewalking, NAT testing, and rule‑base analysis—highlighting the tools (Nmap, Masscan, Hping3, Scapy, etc.) used at each stage. Key takeaways include the importance of clear scope, proper authorisation (LOA and ROE), and common vulnerabilities such as permissive rules, weak admin access, and logging gaps. The host emphasizes that manual, traffic‑based testing uncovers configuration flaws that automated scanners often miss.
By Security Boulevard
News•Feb 16, 2026
Making Sense of AI’s Role in Cyber Security
Executive interest in AI has flooded the cyber‑security market, prompting CISOs to evaluate a surge of AI‑enhanced tools. While some solutions genuinely reduce analyst workload and improve detection, many are marketing‑driven add‑ons lacking proven risk reduction. Experts warn that AI...
By ComputerWeekly
News•Feb 16, 2026
Cloud and AI to Ramp up Operational Risk in 2026: Brennan
Brennan’s latest analysis warns that expanding multi‑cloud footprints and rapid AI trials will heighten operational risk in 2026. Seventy‑five percent of surveyed organisations say their attack surface has grown, prompting a move away from pure public‑cloud strategies toward hybrid, repatriated...
By ARN (Australia)
News•Feb 16, 2026
Zero-Knowledge Proofs for Verifiable MCP Tool Execution
The episode examines the trust gap in Model Context Protocol (MCP) deployments, where AI models invoke remote tools without verifiable proof of correct execution. It introduces zero‑knowledge proofs (ZKPs), especially Sigma‑Protocols and non‑interactive variants like SNARKs, as a way for...
By Security Boulevard
News•Feb 16, 2026
Q-Day: Bank Quantum Attack Could Cost US Economy Trillions, Warns Citi
Citi warns that quantum computers could break public‑key encryption within the next decade, estimating a 19‑34% probability of a widespread breach by 2034 and 60‑82% by 2044. A successful quantum attack on a major U.S. bank could generate $2‑3.3 trillion in...
By Finextra
News•Feb 15, 2026
Windows 11 KB5077181 Fixes Boot Failures Linked to Failed Updates
Microsoft has released Windows 11 update KB5077181, fully fixing the UNMOUNTABLE_BOOT_VOLUME boot failure that struck some enterprise machines after recent security patches. The bug, linked to a failed December 2025 update and exacerbated by the January 13, 2026 KB5074109 rollout, affected devices running 25H2...
By BleepingComputer
News•Feb 15, 2026
How Are NHIs Ensuring Protected Data Exchanges in Financial Services?
The episode explores how Non‑Human Identities (NHIs), or machine identities, are essential for securing protected data exchanges in financial services. It explains the lifecycle of NHIs—from discovery and classification to secret rotation and decommissioning—and why holistic management platforms outperform point...
By Security Boulevard
News•Feb 15, 2026
What Makes an Agentic AI System Safe for Medical Records Management?
The episode explores how Non‑Human Identities (NHIs)—machine credentials like tokens and keys—are reshaping cybersecurity in healthcare, especially as cloud adoption and Agentic AI expand. It outlines a lifecycle‑focused NHI management strategy that includes discovery, classification, continuous threat monitoring, and context‑aware...
By Security Boulevard
News•Feb 15, 2026
Can Businesses Truly Trust Agentic AI with Sensitive Data Handling?
The episode explores how Non‑Human Identities (NHIs)—machine credentials and permissions—are essential to securing sensitive data, especially in cloud environments. It outlines a full lifecycle approach to NHI management, from discovery and classification to real‑time monitoring, automated secret rotation, and threat...
By Security Boulevard
News•Feb 15, 2026
How Satisfied Are Companies After Integrating NHIs in Compliance Frameworks?
The episode explores how companies are evaluating the integration of Non‑Human Identities (NHIs) into their compliance frameworks, highlighting the benefits of reduced risk, improved regulatory adherence, and operational efficiency. It outlines best‑practice steps such as discovery, automated secret rotation, behavioral...
By Security Boulevard
News•Feb 15, 2026
The Year Ahead: 2026 Cybersecurity Predictions for the Hotel Industry
Hospitality cyber risk escalates in 2026 as AI-driven phishing, ransomware‑as‑a‑service, and deepfake fraud target increasingly connected hotel environments. Regulatory pressure intensifies with the EU’s NIS2 directive and Cyber Resilience Act, forcing global compliance and tighter insurance terms. Smart‑room IoT devices...
By Hotel Business
News•Feb 15, 2026
CTM360: Lumma Stealer and Ninja Browser Malware Campaign Abusing Google Groups
CTM360 uncovered an active campaign that hijacks more than 4,000 Google Groups and 3,500 Google‑hosted URLs to distribute credential‑stealing malware. The threat actors deliver Lumma Info‑Stealer to Windows devices and a trojanized “Ninja Browser” to Linux systems, embedding organization‑specific keywords to boost...
By BleepingComputer
News•Feb 15, 2026
What Are the Impacts of GNSS Outages?
Global Navigation Satellite System (GNSS) outages are emerging as a systemic risk for modern infrastructure, affecting both positioning and, critically, precise timing. Interference such as jamming and spoofing can disrupt multiple constellations simultaneously, while system‑level faults can degrade services worldwide....
By New Space Economy
News•Feb 14, 2026
Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack
Nevada’s Governor’s Technology Office unveiled a statewide data classification policy, introducing four distinct categories—public, sensitive, confidential, and restricted. The initiative follows a costly ransomware attack that disrupted state systems and cost roughly $1.5 million in response. Agencies must now assign a...
By DataBreaches.net
News•Feb 14, 2026
Snail Mail Letters Target Trezor and Ledger Users in Crypto-Theft Attacks
Physical letters masquerading as official communications from Trezor and Ledger are being used to lure hardware‑wallet owners into scanning QR codes that lead to counterfeit setup sites. The sites prompt victims to enter their 12‑, 20‑, or 24‑word recovery phrases...
By BleepingComputer
News•Feb 14, 2026
Guernsey Medical Practice Sanctioned After Cyber Criminals Access Patient Data Through Email Account
Guernsey’s Data Protection Authority has sanctioned First Contact Health after a phishing attack compromised an employee’s email, exposing confidential patient data. The breach was discovered by the practice, which reported it to authorities, but regulators found the organization lacked adequate...
By DataBreaches.net
News•Feb 14, 2026
New “Kurd Hackers Forum” Focuses on Middle Eastern Data Breaches and Leaks
A new online community called the Kurd Hacker Forum has emerged, focusing on data breaches across Iran, Syria, and Turkey. The clear‑net site, registered on Jan 28 2026, mirrors the layout of BreachForums and hosts threads in English and Kurdish. It currently...
By DataBreaches.net
News•Feb 14, 2026
Indian Pharmacy Chain Giant Exposed Customer Data and Internal Systems
India’s largest pharmacy chain, DavaIndia, part of Zota Healthcare, suffered a critical security breach that gave unauthenticated attackers full administrative control of its platform. The flaw exposed roughly 17,000 online orders and allowed manipulation of product listings, pricing, and prescription...
By TechCrunch (Cybersecurity)
News•Feb 14, 2026
CISA Adds SolarWinds, Microsoft, Apple, Notepad++ Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, covering SolarWinds Web Help Desk, Microsoft Configuration Manager, Apple operating systems, and Notepad++. The SolarWinds flaw (CVE‑2025‑40536) and the Microsoft SQL‑injection...
By SC Media
News•Feb 13, 2026
Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities
Zscaler announced the acquisition of Singapore‑based startup SquareX, adding its Chromium‑based browser extension to the Zero Trust Exchange platform. SquareX’s browser detection and response (BDR) technology provides real‑time threat detection inside browsers on managed and personal devices. The deal, closed...
By Dark Reading
News•Feb 13, 2026
Attribution of Sprawling Cyberespionage Campaign Allegedly Held Back Amid China Retaliation Fears
Palo Alto Networks' Unit 42 researchers linked the sprawling TGR‑STA‑1030 cyberespionage campaign to an Asian state‑aligned group, but chose not to publicly attribute it to China. Sources say the decision was driven by fears of retaliation, as Palo Alto's security software...
By SC Media
News•Feb 13, 2026
Google Gemini Weaponized in State-Sponsored Attacks
Google’s Gemini large‑language model is being weaponized by multiple state‑sponsored threat actors, according to the Google Threat Intelligence Group. North Korean UNC2970 and several Chinese groups such as Mustang Panda, Judgment Panda, APT41 and UNC795 are using Gemini for rapid...
By SC Media
News•Feb 13, 2026
Fintech Lending Giant Figure Confirms Data Breach
Fintech lender Figure Technology confirmed a data breach after an employee fell for a social‑engineering attack, allowing the hacking group ShinyHunters to exfiltrate roughly 2.5 GB of customer files. The leaked data includes full names, home addresses, dates of birth and...
By TechCrunch Fintech
News•Feb 13, 2026
From Perimeter to Protocol: Reducing Telecom Attack Surface with Privacy-First Mobile Technology
Telecom operators are confronting nation‑state campaigns such as Salt Typhoon and Volt Typhoon that exploit signaling and subscriber identity systems, rendering traditional perimeter defenses inadequate. In a briefing hosted by the Institute for Critical Infrastructure Technology, experts advocated privacy‑first mobile‑carrier...
By SC Media
News•Feb 13, 2026
Sex Toys Maker Tenga Says Hacker Stole Customer Information
Japanese sex‑toy manufacturer Tenga disclosed a data breach after a hacker accessed a staff member’s professional email account, potentially exposing customer names, email addresses, and order details. The intrusion allowed the attacker to view historical correspondence and send spam to...
By TechCrunch (Cybersecurity)
News•Feb 13, 2026
1,800+ Windows Servers Hit by BADIIS SEO Malware
Elastic researchers uncovered a large‑scale SEO poisoning campaign that has compromised more than 1,800 Windows servers running Microsoft IIS. The BADIIS malware installs as a native IIS module, intercepting crawler traffic and injecting malicious backlinks to promote illicit gambling and...
By eSecurity Planet
News•Feb 13, 2026
What You Need to Know About GSA's New CUI Security Framework
In early 2026 the General Services Administration issued CIO‑IT Security‑21‑112 Revision 1, a procedural guide that shifts CUI contractor verification to a NIST Risk Management Framework (RMF) model rather than the DoD’s Cybersecurity Maturity Model Certification (CMMC). The guidance mandates case‑by‑case...
By Washington Technology
News•Feb 13, 2026
Network Jobs Watch: Hiring, Skills and Certification Trends
Network and infrastructure roles are rapidly evolving as AI‑driven automation, multicloud, and zero‑trust solutions gain traction. Recent Foote Partners data show a 1.9% decline in pay premiums for traditional network administration, while network architecture commands an 18% premium and AI‑related...
By Network World (sitewide)
News•Feb 13, 2026
IT Bonuses Reward Network, Security Skills that Can’t Be Automated
Foote Partners’ Q4 2023 IT Skills and Certifications Pay Index reveals that premium pay is shifting from routine, execution‑level tasks to high‑order engineering, architecture, and risk‑ownership roles. Security‑focused skills such as risk analytics, security architecture, and threat detection command cash...
By Network World (sitewide)
News•Feb 13, 2026
NAVWAR Cyber Directorate’s Mission to Secure, Survive, Comply
The Naval Information Warfare Systems Command (NAVWAR) created a new cyber directorate last August to centralize its cybersecurity efforts. The directorate targets three pillars—zero‑trust adoption, secure software development, and cutting‑edge defensive technologies—while automating risk‑management framework (RMF) compliance. By feeding feedback...
By Federal News Network
News•Feb 13, 2026
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Microsoft faces mounting pressure as ransomware groups increasingly leverage bring‑your‑own‑vulnerable‑driver (BYOVD) attacks to neutralize endpoint security tools. While Windows has introduced driver signing enforcement and a vulnerable driver blocklist, legacy compatibility rules allow drivers with expired or revoked certificates to...
By Dark Reading
News•Feb 13, 2026
Navy Installations Shift to Continuous Cybersecurity Model
The U.S. Navy is moving to a continuous cybersecurity model that relies on artificial intelligence to detect and mitigate threats in real time. Navy Installations Command (CNIC) is replacing its legacy risk‑management framework with the Cybersecurity Risk Management Construct, emphasizing...
By GovernmentCIO Media & Research
News•Feb 13, 2026
Cyberintelligence Institute Launches CYROS App to Warn Against Cyber Threats
The Cyberintelligence Institute (CII) has released CYROS, a free smartphone app that warns users of emerging cyber threats such as ransomware, phishing, and digital sabotage. The platform aggregates alerts from Germany's Federal Office for Information Security, consumer‑protection groups, and security...
By SC Media
News•Feb 13, 2026
What Interoperability in Healthcare Really Means for Security and Privacy
Healthcare interoperability is accelerating data exchange among hospitals, labs, insurers and pharmacies, but each connection expands the sector's attack surface. Misconfigured integrations, outdated protocols and weak identity controls can leak sensitive patient records, turning routine sharing into a security liability....
By HackRead
News•Feb 13, 2026
NATO Must Impose Costs on Russia, China over Cyber and Hybrid Attacks, Says Deputy Chief
At the Munich Cyber Security Conference, NATO Deputy Secretary General Radmila Shekerinska warned that the alliance must make cyber and hybrid attacks by Russia and China more costly. She cited a December cyber‑attack on Poland’s energy infrastructure as a recent...
By The Record by Recorded Future
News•Feb 13, 2026
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Threat Intelligence Group disclosed a coordinated campaign by state‑sponsored actors from China, Iran, Russia and North Korea targeting the defense industrial base. The operations concentrate on battlefield technologies used in the Russia‑Ukraine war, recruitment‑process infiltration, edge‑device entry points, and...
By The Hacker News
News•Feb 13, 2026
China May Be Rehearsing a Digital Siege, Taiwan Warns
Taiwan’s senior security adviser warned that China is using a secret cyber‑training platform called "Expedition Cloud" to simulate attacks on critical infrastructure. The platform creates digital twins of power grids, transport and communications networks, allowing Beijing’s teams to rehearse disruptive...
By The Record by Recorded Future
News•Feb 13, 2026
SMART Toolkit Helps Map Healthcare Cyber Risk
Intermountain Health’s chief information security officer Erik Decker unveiled the SMART toolkit, a framework that maps an organization’s critical clinical and administrative functions to assess cyber‑risk exposure. The tool helps leaders identify which services must remain operational during a breach...
By MobiHealthNews (HIMSS Media)
News•Feb 13, 2026
Deepfake Business Risks Are Growing – Here's What Leaders Need to Know
Deepfake attacks have moved from a niche concern to a mainstream cybersecurity priority, with 62% of organizations reporting at least one incident in the past year. Hackers are leveraging publicly available AI models, such as Google Gemini, to create convincing...
By ITPro (UK)
News•Feb 13, 2026
Fake North Korean IT Workers Are Rampant on LinkedIn – Security Experts Warn Operatives Are Stealing Profiles to Apply for...
Security Alliance (SEAL) reports that North Korean actors are hijacking authentic LinkedIn profiles to pose as remote IT workers and infiltrate companies worldwide. By leveraging stolen personal data, verified workplace emails and AI‑generated imagery, they pass background checks and secure...
By ITPro (UK)
News•Feb 13, 2026
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
The Munich Security Index 2026 released at the MSC shows G7 nations rank cyber‑attacks as their top security risk for the second consecutive year. Disinformation campaigns sit in third place, while economic crises occupy the second slot. In contrast, the...
By Infosecurity Magazine
News•Feb 13, 2026
Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
Dutch mobile carrier Odido announced a data breach that exposed personal information of more than 6 million customers, including names, addresses, phone numbers, email, dates of birth, bank account and passport or driver‑license details. The intrusion occurred on February 7‑8 and targeted...
By SecurityWeek
News•Feb 13, 2026
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Researchers uncovered a wave of malicious Chrome extensions that siphon data from corporate tools, social platforms, AI assistants, and general browsing activity. The CL Suite add‑on steals Meta Business Suite credentials and analytics, while VK‑styled extensions hijacked roughly 500,000 VKontakte...
By The Hacker News
News•Feb 13, 2026
The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams
The 2026 Chainalysis report estimates crypto‑related scams cost $17 billion, driven by a 1,400% surge in impersonation attacks and a 456% jump in AI‑enabled fraud. Machine‑learning tools have turned scams into factory‑scale operations, making them 4.5 times more profitable than traditional...
By HackRead
News•Feb 13, 2026
The Cyber Express Weekly Roundup: Escalating Breaches, Regulatory Crackdowns, and Global Cybercrime Developments
The Cyber Express weekly roundup highlights a series of high‑profile cyber incidents across continents. The European Commission’s mobile device management system was breached but contained within nine hours, while Senegal’s national identity services were crippled by ransomware. In Australia, FIIG...
By The Cyber Express
News•Feb 13, 2026
Npm’s Update to Harden Their Supply Chain, and Points to Consider
npm completed a major authentication overhaul in December 2025, revoking classic long‑lived tokens and moving to short‑lived session tokens with MFA default for publishing. The changes also promote OIDC Trusted Publishing, giving CI systems per‑run credentials. However, MFA phishing attacks...
By The Hacker News
News•Feb 13, 2026
60,000 Records Exposed in Cyberattack on Uzbekistan Government
Uzbekistan’s Digital Technologies Ministry confirmed that a cyberattack on three government information systems in late January exposed roughly 60,000 individual data records, not the personal data of 15 million citizens as earlier rumors suggested. The breach, which lasted from January 27‑30, was...
By The Cyber Express
News•Feb 13, 2026
Japanese Broker Rakuten Securities to Change MT4 Login Method to Enhance Security
Rakuten Securities will overhaul the MetaTrader 4 login process. Beginning Saturday, February 28 2025, the broker will issue random passwords for its MT4, MT4 Securities CFD and MT4 Commodity CFD accounts. After Saturday, February 28 2026, direct MT4 logins will be permanently disabled, requiring traders...
By FX News Group — Feed
News•Feb 13, 2026
Kaspersky Warns Against ‘Valentine’s Gift’ Card Scams
Kaspersky warns that scammers are targeting the surge in Valentine's Day gift‑card purchases with sophisticated phishing campaigns. The security firm’s latest global survey shows 80% of consumers plan to buy digital gifts, prompting fraudsters to create fake verification sites and...
By IT News Africa
News•Feb 13, 2026
8,000+ ChatGPT API Keys Left Publicly Accessible
Cyble Research and Intelligence Labs uncovered more than 8,000 publicly accessible ChatGPT API keys, including over 5,000 GitHub repositories and roughly 3,000 live production websites. The keys were hard‑coded in source code, configuration files, and client‑side JavaScript, making them instantly...
By The Cyber Express