Identity Security 2026: Four Predictions & Recommendations
Todd Thiemann forecasts four identity‑security trends for 2026. AI agents will move from SaaS sandboxes into core business processes, creating new breach vectors that demand holistic identity controls. Mid‑market firms, facing app sprawl, will finally adopt Identity Governance and Administration as costs fall and onboarding accelerates. Finally, identity teams will tighten ties with SOCs through ISPM and ITDR while consolidating fragmented tool stacks into unified platforms.
Fears Mount That US Federal Cybersecurity Is Stagnating—Or Worse
U.S. federal cybersecurity faces a potential setback as the Cybersecurity and Infrastructure Security Agency (CISA) shed roughly 1,000 employees, leaving a 40% vacancy rate across critical mission areas. Recent White House staffing cuts, compounded by the lingering effects of the...
Cybercrime Economics: AI’s Impact and How to Shift Defenses
Generative AI is reshaping fraud economics by automating and personalizing attacks, lowering the skill barrier for cybercriminals. The article explains how traditional perimeter‑centric, rule‑based defenses are increasingly ineffective against AI‑driven, adaptive threats. It advocates a shift to continuous, behavior‑driven detection,...
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Treasury’s Office of Foreign Assets Control removed three individuals tied to the Intellexa Consortium—responsible for the Predator commercial spyware—from the Specially Designated Nationals list. The delisting followed petitions asserting the subjects had distanced themselves from the consortium, though...
Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy
Tyler Shields predicts that 2026 will see an AI‑driven escalation of both offensive cyber attacks and defensive tools, with attackers automating phishing, deep‑fakes, and vulnerability hunting at scale. Security teams will adopt autonomous containment, probabilistic exposure mitigation, and AI‑generated detection...
New Tech Deployments That Cyber Insurers Recommend for 2026
Cyber insurers see a sharp rise in AI‑driven phishing losses and a drop in vendor‑outage claims in H1 2025, prompting a shift in recommended defenses for 2026. Resilience’s Jud Dressler highlights role‑based access controls as the top technology to limit breach...
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
Silver Fox, a China‑based cyber‑crime group, has shifted its phishing focus to India, using income‑tax‑themed emails to deliver the modular ValleyRAT remote‑access trojan. The campaign tricks recipients into opening a PDF that redirects to a malicious zip file, which contains...
How to Integrate AI Into Modern SOC Workflows
AI is rapidly entering security operations, yet many SOCs lack a structured integration strategy. The 2025 SANS SOC Survey shows 40% of teams use AI tools without defined processes and 42% deploy them out‑of‑the‑box, leading to inconsistent value. Effective adoption...
How Can CISOs Create the Ideal Cyber Budget?
Cybersecurity budgets have hit a five‑year low in growth, leaving CISOs to stretch limited funds while confronting emerging AI‑related risks. Chris Wheeler, CISO of Resilience, advises a budgeting approach that prioritizes compliance, seeks controls with positive return‑on‑controls, and plans for...
Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms
Developers are increasingly leaking sensitive credentials across a growing array of platforms, from Git repositories to collaboration tools like JIRA and Slack. A recent “state of secret sprawl” report identified 23 million secrets in the public domain last year, and experts...
SBOMs in 2026: Some Love, Some Hate, Much Ambivalence
Software bills of materials (SBOMs) remain a cornerstone of supply‑chain security, yet widespread adoption stalls due to incomplete data, late‑stage generation, and open‑source gaps. Docker’s Hardened Images showcase a best‑practice model, embedding full SBOMs and Level 3 SLSA provenance, while many...
5 Threats That Defined Security in 2025
2025 was defined by a wave of high‑impact cyber threats, from the Chinese state‑backed APT Salt Typhoon targeting telecom networks and the US National Guard, to severe budget cuts at the Cybersecurity and Infrastructure Security Agency (CISA). The year also saw...
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
The weekly cyber recap highlights a wave of active exploits, most notably the MongoDB "MongoBleed" vulnerability (CVE‑2025‑14847) being leveraged against over 87,000 instances worldwide. High‑profile breaches include a Trust Wallet Chrome extension hack that cost users roughly $7 million and a...
The Worst Hacks of 2025
The worst cyber incidents of 2025 ranged from supply‑chain breaches of Salesforce integrations to ransomware attacks on Oracle’s E‑Business platform, massive data leaks at Aflac and Mixpanel, and a production‑shutting hack of Jaguar Land Rover. Hackers leveraged third‑party connectors, exploited...
The New Surveillance State Is You
In the first year of President Trump’s second term, citizens have flooded social media with videos and apps that track ICE and other federal agents during raids and arrests. The Department of Homeland Security responded with subpoenas to Meta, criminal...
This Month in Security with Tony Anscombe – December 2025 Edition
Tony Anscombe, ESET’s chief security evangelist, recaps the year’s most consequential cyber events in his December 2025 roundup. He highlights that U.S. organizations paid more than $2.1 billion in ransomware ransom from 2022‑2024, a figure FinCEN says only scratches the surface. The...
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
MongoDB disclosed a critical vulnerability (CVE‑2025‑14847, CVSS 8.7) that allows unauthenticated attackers to read server memory via a flaw in zlib compression. Over 87,000 internet‑exposed instances have been identified, with 42% of cloud environments hosting at least one vulnerable deployment. The...
The US Must Stop Underestimating Drone Warfare
The article warns that the United States is vulnerable to low‑cost commercial drone attacks, citing recent strikes by Ukraine, Israel, and Houthi rebels that demonstrated drones’ ability to hit high‑value targets far from battlefields. Despite the Pentagon’s 2025 budget allocating...
Mentorship & Diversity: Shaping the Next Generation of Cyber Experts
Patricia Voight, CISO of Webster Bank, shared her journey from telecom security to leading financial‑services cyber risk, emphasizing the sector’s constant evolution. She highlighted the bank’s mentorship and summer‑intern programs, which deliberately recruit neurodivergent talent and partner with universities. Voight...
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Kaspersky attributes a two‑year cyber‑espionage campaign to the China‑linked APT group Evasive Panda, which used DNS‑poisoning to deliver its MgBot backdoor. The attacks, observed from November 2022 to November 2024, targeted organizations in Turkey, China and India by hijacking DNS responses for...
These Are the Cybersecurity Stories We Were Jealous of in 2025
TechCrunch’s year‑end roundup spotlights the most compelling cybersecurity stories it didn’t publish in 2025, ranging from high‑profile investigations to niche technical exposés. Highlights include The Washington Post revealing a secret UK court order forcing Apple to build a backdoor, The...
_Yuri_Arcurs_alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Dark Reading Opens State of Application Security Survey
Dark Reading has launched its 2026 State of Application Security survey, extending the 2025 study that gathered insights from over 100 cybersecurity professionals. The new questionnaire adds topics like vibe coding and secure‑coding training while retaining core questions for year‑over‑year...
How a Spanish Virus Brought Google to Málaga
Bernardo Quintero finally identified the anonymous programmer behind the 1992 Virus Málaga, a harmless malware that sparked his fascination with cybersecurity. The discovery linked the virus to Antonio Enrique Astorga, who later became a teacher and left a lasting legacy....
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
In 2022 LastPass suffered a breach that exposed encrypted vault backups containing cryptocurrency private keys and seed phrases. TRM Labs now reports that weak master passwords allowed attackers to decrypt these vaults offline, siphoning roughly $35 million in crypto assets through...
Atomic-Scale Randomness in Graphene Enables Hardware-Level Security Keys
Researchers at UIC, Wayne State and Northwestern have turned random atomic defects in graphene transistors into a physical unclonable function (PUF) for hardware security. Each transistor emits a unique radio signature that encodes its microscopic irregularities, creating a one‑of‑a‑kind cryptographic...
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet disclosed that CVE‑2020‑12812, a case‑sensitivity flaw in its SSL VPN, is being actively exploited in the wild. The vulnerability lets attackers bypass two‑factor authentication when local users are linked to LDAP groups and usernames are entered with different casing....
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper
Researchers uncovered a new macOS stealer, MacSync, delivered via a digitally signed and notarized Swift application masquerading as a messenger installer. The signed DMG bypasses Apple Gatekeeper and XProtect, allowing the dropper to execute an encoded script after user interaction....
Industry Continues to Push Back on HIPAA Security Rule Overhaul
The U.S. Department of Health and Human Services unveiled a sweeping update to the HIPAA Security Rule in January 2025, aiming to tighten cybersecurity across hospitals and clinics. A coalition of 100 health‑care groups led by CHIME has called for...
Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates
Operation Sentinel, a 19‑nation Interpol‑led effort, dismantled multiple African cybercrime syndicates, arresting 574 suspects and seizing roughly $3 million in assets. The investigation neutralized over 6,000 malicious links and decrypted six ransomware strains, uncovering $21 million in losses from BEC, extortion and...
US Insurance Giant Aflac Says Hackers Stole Personal and Health Data of 22.6 Million People
Aflac announced that hackers accessed personal and health information of 22.65 million customers, including Social Security numbers, medical records, and government IDs. The breach, disclosed in June, is linked to the Scattered Spider cyber‑criminal collective, which has been targeting insurers. Aflac’s...
Inside Uzbekistan’s Nationwide License Plate Surveillance System
Uzbekistan’s Ministry of Internal Affairs operates a national license‑plate‑reading system that monitors traffic with over a hundred high‑resolution cameras across the country. Security researcher Anurag Sen uncovered that the system’s web interface is publicly accessible without authentication, exposing GPS locations...
A Brush with Online Fraud: What Are Brushing Scams and How Do I Stay Safe?
Global e‑commerce sales are set to surpass $6.4 trillion in 2025, fueling intense competition on marketplace review systems. Brushing scams exploit this pressure by sending low‑value items to random addresses, then posting fabricated 5‑star reviews to inflate product rankings. Victims often...
Cybersecurity Stagnation in Healthcare: The Hidden Financial Costs
Healthcare providers are confronting a stark financial reality: the cost of maintaining an immature cybersecurity program now exceeds the expense of modernizing it. Breach incidents in the sector average $11‑12 million, while prolonged outages and regulatory penalties add further strain....
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
WatchGuard disclosed a critical zero‑day vulnerability (CVE‑2025‑14733) in its Firebox firewalls, enabling remote code execution via an out‑of‑bounds write in the Fireware OS. The flaw affects multiple firmware versions and specifically targets the IKEv2 VPN processes, with threat actors actively...
Uzbek Users Under Attack by Android SMS-Stealers
Group‑IB reported a fresh wave of Android SMS‑stealer campaigns targeting users in Uzbekistan since October 2025. Threat groups such as TrickyWonders, Blazefang and Ajina distribute malicious APKs via sideloading and Telegram, exploiting stolen Telegram accounts to lure contacts into installation....
Product Spotlight: 2025 Year in Review
The 2025 Year in Review product spotlight showcases six security‑focused solutions targeting education, enterprise, and financial sectors. Connect ONE’s ERP consolidates school data and grants first‑responder‑only access, while Genetec embeds cloud‑native audio into its Security Center SaaS for real‑time coordination....
Hackers Stole Millions of PornHub Users’ Data for Extortion
Hackers from the ShinyHunters subgroup of the Com stole more than 200 million PornHub user records and began extorting the site. At the same time, a critical Cisco AsyncOS zero‑day has been exploited since November with no patch available, threatening enterprise...
LongNosedGoblin Caught Snooping on Asian Governments
ESET has identified a new Chinese‑backed advanced persistent threat group, LongNosedGoblin, conducting cyber‑espionage against Japan and other Southeast Asian governments since 2023. The group leverages custom C#/.NET malware and uniquely abuses Windows Group Policy to drop payloads and move laterally...
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Home‑care workers are increasingly sending unqualified friends or relatives to patient visits under false identities, a trend highlighted by recent fraud convictions and court cases in the U.S. and U.K. The Department of Health and Human Services reported 298 personal‑care...
Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025
TechCrunch’s 2025 cyber‑horror review highlights unprecedented breaches across government, enterprise and consumer sectors. The U.S. federal system faced multiple intrusions, culminating in the DOGE operation led by Elon Musk that accessed citizen records. ransomware gang Clop exploited a zero‑day in...
A Cybersecurity Playbook for AI Adoption
Artificial intelligence now powers 60 % of enterprise security stacks, accelerating data collection, anomaly detection, and risk scoring across the NIST CSF identify and detect functions. However, the article warns that AI’s nondeterministic nature makes it unsuitable for direct enforcement actions...
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall disclosed a medium‑severity zero‑day vulnerability, CVE‑2025‑40602, affecting the SMA1000 access platform’s management console. The flaw, rated 6.6 CVSS, is being actively exploited in chained attacks that also leverage the critical CVE‑2025‑23006 vulnerability. SonicWall released hotfixes in firmware versions 12.4.3‑03245...
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
Immigration and Customs Enforcement is renewing its Cyber Defense and Intelligence Support Services contract to broaden digital surveillance of employee activity. The updated agreement mandates continuous network monitoring, automated anomaly detection, and systematic archiving of logs from servers, workstations, and...
Dormant Iran APT Is Still Alive, Spying on Dissidents
Iran’s long‑standing state‑level threat group, known as Prince of Persia or Infy, has resurfaced after years of apparent inactivity. SafeBreach’s latest report shows the APT has been continuously spying on Iranian citizens and dissidents across Iraq, Turkey, India, Europe and...
LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan
ESET has identified a previously unknown China‑aligned advanced persistent threat (APT) group, dubbed LongNosedGoblin, targeting governmental entities in Southeast Asia and Japan. The group’s hallmark is the abuse of Windows Group Policy to distribute a suite of custom C#/.NET tools,...
630M Passwords Stolen, FBI Reveals: What This Says About Credential Value
The FBI transferred a list of 630 million stolen credentials to Troy Hunt of Have I Been Pwned after seizing devices from a single suspect. Approximately 46 million of those passwords were new to HIBP, expanding its breach database. Security experts say...
'Cellik' Android RAT Leverages Google Play Store
Cellik is a Remote Access Trojan offered as a service that automatically wraps malicious payloads around legitimate Android apps downloaded from the Google Play Store. The RAT provides full device control, including screen streaming, keylogging, file system access, and encrypted...
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
Enterprise computing is rapidly moving to the edge, with analysts forecasting more than $100 billion in annual edge spend by 2030. The proliferation of IoT, AI, 5G and data‑sovereignty mandates is pushing workloads beyond centralized clouds, creating latency, cost and compliance...
'Fake Proof' And AI Slop Hobble Defenders
Exploitation attempts have surged around the React2Shell vulnerability, a CVSS 10.0 flaw in the popular React UI library. While researchers have published roughly 145 public exploits, many are AI‑generated proof‑of‑concepts that fail to trigger the flaw. These fake PoCs mislead...
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Future of Quantum-Safe Networks Depends on Interoperable Standards
Quantum key distribution is transitioning from laboratory‑scale, point‑to‑point links to multi‑node, carrier‑grade networks. Recent pilots in London and Paris, led by BT, Toshiba, HSBC and Orange Business, demonstrate real‑world QKD deployments combined with post‑quantum cryptography. Industry groups such as ETSI’s...