News•Feb 13, 2026
Supply Chain Cyber Attacks Continue to Evolve in 2026: Group-IB
Group-IB’s High‑Tech Crime Trends Report 2026 warns that supply‑chain cyber attacks have matured into self‑contained ecosystems, with threat actors focusing on upstream vendors rather than direct targets. By exploiting trusted relationships, attackers can infiltrate downstream networks, as illustrated by 263 corporate credentials discovered for sale on the dark web last year. The report urges a fundamental shift from compliance‑checklists to a five‑pronged security model that continuously verifies trust, secures identity tokens, and expands visibility across the digital supply chain. Incident response must also evolve to coordinate across multiple parties simultaneously.
By ARN (Australia)
News•Feb 13, 2026
Should Healthcare Organizations Transition to Biometric Security?
Biometric authentication is now mainstream in U.S. healthcare, with roughly 78% of organizations deploying fingerprint or facial‑recognition systems. The technology promises stronger identity assurance, faster workflow access, and reduced patient misidentification, directly addressing HIPAA compliance and safety concerns. However, high...
By HIT Consultant
News•Feb 13, 2026
Passwordless PostgreSQL: IAM Authentication with Pulumi
Pulumi now offers reusable components to enable AWS IAM authentication for Aurora PostgreSQL, allowing applications to connect using short‑lived tokens instead of static passwords. The setup provisions an RDS cluster with IAM authentication, creates IAM‑enabled database users, and configures IRSA...
By Pulumi Blog
News•Feb 12, 2026
The Cyber Siege of Private Practices: Are You at Risk?
The Identity Theft Resource Center’s 2025 Data Breach Report reveals a 79 % surge in U.S. data compromises, with 534 incidents targeting health‑care providers. Private‑practice physicians face precise, AI‑driven attacks that exploit patient records and vendor relationships. Transparency in breach notifications...
By Medical Economics
News•Feb 12, 2026
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
Booz Allen Hamilton has launched the general availability of Vellox Reverser™, an AI‑driven malware reverse‑engineering platform that automates deep analysis at machine speed. The solution leverages a resilient agentic AI architecture, AWS Lambda, Bedrock and Step Functions to ingest samples,...
By Dark Reading
News•Feb 12, 2026
California Fines Disney For Alleged Privacy Violations
Disney agreed to pay $2.75 million to settle California Attorney General claims it breached the state’s privacy law by not honoring user opt‑out requests. The settlement requires Disney to create a consumer‑friendly, easy‑to‑execute opt‑out process and to cease cross‑context behavioral advertising...
By MediaPost
News•Feb 12, 2026
It’s 2026, but Hospitals Still Haven’t Prevented Snooping in Celebrities’ Records
A Michigan hospital, likely McLaren Northern Michigan, is accused by internet personality Josh Clarke of allowing staff to view his medical records, take selfies in his treatment area, and conceal his presence on a notice board. Clarke’s video alleges that...
By DataBreaches.net
News•Feb 12, 2026
Hacker Linked to Epstein Removed From Black Hat Cyber Conference Website
Black Hat quietly removed veteran hacker Vincenzo Iozzo from its review board after DOJ documents linked him to Jeffrey Epstein. Iozzo, founder of SlashID and former CrowdStrike senior director, had served on the board since 2011. He denies any illegal...
By TechCrunch (Cybersecurity)
News•Feb 12, 2026
Identity Security Looks Different by Industry. Here’s How MSPs Can Keep Up
Identity attacks remain the top breach vector, yet only 33 % of leaders trust their identity providers to stop them. With 82 % increasing spend and 85 % shifting to security‑first identity strategies, execution gaps are widening. Modern identity now includes machines, APIs...
By ChannelE2E
News•Feb 12, 2026
Anna’s Archive Ignores Court Order and Starts Making Stolen Spotify Files Available to Torrent
Anna’s Archive, a piracy activist group, has begun seeding roughly 2.8 million Spotify tracks—about 6 TB of audio—via its torrent index, despite a New York court injunction and a $13 trillion lawsuit filed by Spotify and major labels. The leak follows a massive...
By Complete Music Update (CMU)
News•Feb 12, 2026
UK Customers Aren't as Worried About Sovereignty as EU, Cisco Exec Says
Cisco’s EMEA president Gordon Thomson told The Stack that British companies are less preoccupied with data‑sovereignty than their European counterparts. He noted that infrastructure autonomy has become a board‑level fear across the region, while AI localisation requirements are muddying the...
By The Stack (TheStack.technology)
News•Feb 12, 2026
Apple Patches Actively Exploited Zero-Day Flaw
Apple has issued patches for CVE-2026-20700, a zero‑day vulnerability in the dyld dynamic linker affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw enables arbitrary code execution with memory‑write capability and was actively exploited in highly sophisticated, targeted attacks,...
By eSecurity Planet
News•Feb 12, 2026
Why Every MSP Needs a Battle-Tested Incident Response Framework
Managed Service Providers face escalating ransomware threats, making ad‑hoc responses untenable. A battle‑tested Incident Response Plan (IRP) provides a structured lifecycle—from preparation to lessons learned—that safeguards client systems and the MSP’s reputation. The guide outlines core pillars such as preparation,...
By ChannelE2E
News•Feb 12, 2026
A Guide to the Best Disaster Recovery Solutions for Health Care Organizations
Healthcare providers face heightened risk from cyber attacks and natural disasters, making robust disaster recovery essential. Vendors such as Dataprise, Veeam, Acronis, Zerto, and Carbonite offer cloud, hybrid, and on‑premises solutions that promise rapid recovery, HIPAA compliance, and proactive monitoring....
By MedCity News
News•Feb 12, 2026
Viral AI Caricatures Highlight Shadow AI Dangers
A viral Instagram and LinkedIn trend sees millions prompting ChatGPT to generate caricatures that describe their jobs, then posting the images publicly. The practice unintentionally reveals how employees use large language models (LLMs) at work and what data they may...
By eSecurity Planet
News•Feb 12, 2026
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
World Leaks, a high‑profile extortion group, has introduced a new Rust‑written malware called RustyRocket, according to Accenture research. The tool provides stealthy persistence on both Windows and Linux systems, using heavily obfuscated, multi‑layered encrypted tunnels to exfiltrate data and proxy...
By Infosecurity Magazine
News•Feb 12, 2026
EXCLUSIVE | Trump Pauses China Tech Curbs Ahead of Xi Summit
The Trump administration has temporarily shelved a suite of technology security measures targeting Chinese firms ahead of the April Trump‑Xi summit. The paused actions include a ban on China Telecom’s U.S. operations, restrictions on Chinese equipment in data centres, and...
By BusinessLIVE
News•Feb 12, 2026
Integrating FIDO Standards Into Secure OT Connectivity — A Practical Path to Resilience
The FIDO Alliance is mapping its phishing‑resistant passkeys, Device Onboard (FDO) and emerging Bare Metal Onboarding (BMO) to the UK NCSC’s Secure Connectivity Principles for Operational Technology. By replacing passwords with cryptographic credentials, FIDO eliminates the most common breach vector...
By FIDO Alliance – News/Blog
News•Feb 12, 2026
The Download: AI-Enhanced Cybercrime, and Secure AI Assistants
Artificial intelligence is rapidly becoming a tool for cybercriminals, enabling faster, lower‑skill attacks and fueling a surge in deep‑fake‑driven scams. At the same time, AI‑powered personal assistants such as OpenClaw expose massive amounts of user data, raising urgent security concerns....
By MIT Technology Review
News•Feb 12, 2026
Google Says Hacker Groups Are Using Gemini to Augment Attacks – and Companies Are Even ‘Stealing’ Its Models
Google Threat Intelligence Group, together with DeepMind, released an AI Threat Tracker revealing that state‑backed APT groups are weaponizing Google’s Gemini models to research targets, craft multilingual phishing, and generate code for attacks. Notable actors include China‑based Temp.HEX, UNC6148 targeting...
By ITPro (UK)
News•Feb 12, 2026
AI Skills Represent Dangerous New Attack Surface, Says TrendAI
TrendAI, the new business unit of Trend Micro, warns that AI skills—executable artifacts that blend human‑readable text with LLM instructions—represent a dangerous attack surface. These skills, used in products like Anthropic’s Agent Skills, OpenAI’s GPT Actions, and Microsoft’s Copilot Plugins, can...
By Infosecurity Magazine
News•Feb 12, 2026
Does Your TV Track You Even Through the HDMI Port? Short Answer: Yes
Smart TVs can monitor content played on HDMI‑connected devices using two methods: HDMI‑CEC metadata and Automatic Content Recognition (ACR). ACR takes pixel‑level snapshots to fingerprint shows, movies, or games, while CEC logs device IDs and usage duration. The article outlines...
By ZDNet – Big Data
News•Feb 12, 2026
Companies Are Using ‘Summarize with AI’ to Manipulate Enterprise Chatbots
Microsoft's research reveals a new AI hijacking technique called AI recommendation poisoning, where "Summarize with AI" buttons embed hidden prompts that bias enterprise chatbots toward a vendor’s products. Over two months, researchers found 50 instances across 31 companies in sectors...
By CSO Online – Security
News•Feb 12, 2026
9 Ways to Ensure Regulatory Compliance in Cloud Storage
Cloud storage compliance has become a top priority for IT leaders in 2026 as organizations increasingly rely on remote data repositories. Rising regulatory scrutiny—spanning GDPR, HIPAA, PCI DSS, CCPA and others—means non‑compliance can trigger hefty fines, reputational harm, and operational...
By TechTarget SearchERP
News•Feb 11, 2026
0APT Ransomware Group Rises Swiftly with Bluster, Along with Genuine Threat of Attack
The 0APT ransomware group burst onto the scene last month, publicly claiming roughly 200 victims within its first week. While investigators have found no evidence that any of those organizations were actually breached, the group’s infrastructure includes a fully functional,...
By CyberScoop
News•Feb 11, 2026
Once-Hobbled Lumma Stealer Is Back with Lures that Are Hard to Resist
Lumma Stealer has reemerged at scale after a 2025 law‑enforcement takedown that crippled its command‑and‑control infrastructure. The malware‑as‑a‑service operation now relies on ClickFix lures—fake CAPTCHAs that trick users into running malicious commands—and the memory‑only CastleLoader to evade detection. Researchers report...
By Ars Technica – Security
News•Feb 11, 2026
Interim CISA Chief: ‘When the Government Shuts Down, Cyber Threats Do Not’
Acting CISA Director Madhu Gottumukkala warned that a DHS shutdown would cripple the agency’s ability to issue timely cyber guidance, force over a third of frontline security staff to work without pay, and halt proactive threat‑hunting activities. The shutdown would...
By The Record by Recorded Future
News•Feb 11, 2026
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk
CVE‑2026‑25646 reveals a heap‑buffer overflow in libpng’s png_set_quantize function, a flaw that has existed for nearly three decades across all historic releases. The bug triggers when a PNG image contains a palette chunk without a histogram and requests color quantization,...
By eSecurity Planet
News•Feb 11, 2026
Review: Box Facilitates Secure Collaboration for Healthcare Workers
Box Intelligent Content Management delivers a cloud‑based, zero‑trust platform tailored for healthcare’s strict security and compliance needs. The solution unifies over 1,500 integrations, enabling seamless collaboration between Office 365, Google Workspace and other systems while providing built‑in e‑signatures and workflow automation....
By HealthTech Magazine
News•Feb 11, 2026
CISA’s Acting Chief Says 70 Staff Were Reassigned to Other DHS Offices in Last Year
Acting CISA director Madhu Gottumukkala told House appropriators that roughly 70 CISA employees were reassigned to other DHS components over the past year, while more than 30 staff were moved into the agency. A small number of those transfers went...
By FCW (GovExec Technology)
News•Feb 11, 2026
DOJ Says Trenchant Boss Sold Exploits to Russian Broker Capable of Accessing ‘Millions of Computers and Devices’
The DOJ has charged Peter Williams, former general manager of Trenchant—a cyber‑offensive unit of L3Harris—with stealing eight zero‑day exploits and selling them to a Russian broker for about $1.3 million in cryptocurrency. Prosecutors say the tools could grant access to millions of...
By TechCrunch (Cybersecurity)
News•Feb 11, 2026
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft disclosed CVE‑2026‑21514, an actively exploited vulnerability in Word that bypasses Object Linking and Embedding (OLE) security controls. The flaw lets specially crafted documents execute code without triggering Protected View or enable‑content prompts, requiring only a user to open the...
By eSecurity Planet
News•Feb 11, 2026
Arcjet Release V1 of Its SDK for Enabling Security Capabilities in JavaScript Apps
Arcjet launched version 1.0 of its JavaScript SDK, delivering a stable, production‑ready API for security functions such as bot mitigation, email verification, rate limiting, and data redaction. The SDK can block malicious bots, enforce custom traffic rules, and protect against...
By SD Times
News•Feb 11, 2026
Digital Forensics Round-Up, February 11 2026
The February 11 digital forensics round‑up highlights a wave of open‑source tools—including triagectl for macOS, Hindsight v2026.01’s Chrome Sync parsing, a chunked BitLocker‑key recovery script, a Velociraptor Notepad++ artifact, and FOSSOR for malware hash lookup—aimed at streamlining evidence collection. It also...
By Forensic Focus
News•Feb 11, 2026
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Pentera Labs identified nearly 2,000 publicly exposed training applications across cloud platforms, with about 60% hosted on AWS, Azure or GCP. Roughly one‑fifth of these instances contained crypto‑mining scripts, web‑shells or persistence tools, indicating active exploitation. The vulnerable apps were...
By The Hacker News
News•Feb 11, 2026
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
By SecurityWeek
News•Feb 11, 2026
Identy.io Announces Strategic Expansion in Africa
Identy.io, a global biometric authentication firm, announced a strategic expansion into Africa, focusing initially on Kenya and Nigeria. The company will deploy its software‑first Automated Biometric Identification System (ABIS) that captures biometrics via standard smartphones, reducing hardware costs. To support...
By AI-TechPark
News•Feb 11, 2026
CISOs Must Separate Signal From Noise as CVE Volume Soars
The FIRST forecast predicts 2026 will see roughly 59,000 CVEs, with extreme scenarios approaching 118,000, far exceeding the 48,000 reported in 2025. The surge stems from more CVE Numbering Authorities, expanded bug‑bounty programs, and AI‑driven discovery, not a sudden drop...
By CSO Online
News•Feb 11, 2026
CrowdStrike Appoints Jonathon Dixon as JAPAC Lead
CrowdStrike announced Jonathon Dixon as vice‑president and managing director for Japan and Asia Pacific, tasking him with leading AI‑powered cyber‑security transformation across the region. Dixon arrives with more than 25 years of experience, most recently serving as JAPAC head at Verkada and...
By ARN (Australia)
News•Feb 11, 2026
The European Supervisory Authorities and UK Financial Regulators Sign Memorandum of Understanding on Oversight of Critical ICT Third-Party Service Providers...
The European Supervisory Authorities (EBA, EIOPA and ESMA) have signed a Memorandum of Understanding with the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority to coordinate oversight of critical ICT third‑party service providers under the Digital...
By ESMA – Press
News•Feb 11, 2026
Asia Fumbles With Throttling Back Telnet Traffic in Region
Telnet remains a major security weakness in the Asia‑Pacific, accounting for roughly half of the world’s exposed Telnet endpoints. Global throttling on Jan. 14 cut Telnet sessions by 83 % but Asian providers applied inconsistent filters, leaving the region’s traffic relatively high....
By Dark Reading
News•Feb 11, 2026
Know Before You Share: Be Mindful of Data Aggregation Risks
Financial data aggregators consolidate accounts into a single dashboard, using either APIs or screen‑scraping to retrieve information. While APIs provide scoped, credential‑free access, many providers still rely on screen‑scraping, which requires users to share login details. The article highlights privacy,...
By FINRA – News Releases
News•Feb 11, 2026
Advance-Fee Frauds Keep Dropping the FINRA Name—Don’t Fall for “Regulator” Imposter Ploys
Fraudsters are increasingly impersonating FINRA and its executives, using authentic‑looking logos, signatures, and fake email domains to lure victims into advance‑fee scams. The scams typically demand payment for alleged regulatory or tax charges tied to worthless securities or nonexistent inheritances,...
By FINRA – News Releases
News•Feb 11, 2026
UK to Lead Multinational Cyber Defence Exercise From Singapore.
Britain will lead the Defence Cyber Marvel 2026 exercise, bringing together more than 2,500 personnel from 29 nations in Singapore. The week‑long drill simulates real‑world cyber attacks, pitting blue and red teams against each other while integrating military, government and...
By UK Ministry of Defence (GOV.UK)
News•Feb 10, 2026
Cyber Command, NSA Nominee Rudd Advances to Senate Floor
The Senate Intelligence Committee voted 14‑3 to advance Army Lt. Gen. Joshua Rudd’s nomination as head of U.S. Cyber Command and the National Security Agency. Rudd, currently deputy chief of U.S. Indo‑Pacific Command, has no prior cyber warfare or intelligence...
By The Record by Recorded Future
News•Feb 10, 2026
Best Tools for Test Data Management to Accelerate QA Teams in 2026
Test Data Management (TDM) tools are becoming essential for QA and DevOps teams as CI/CD pipelines demand rapid, compliant data provisioning. In 2026, vendors such as K2view, Delphix, Datprof, IBM Optim, Informatica, and Broadcom lead the market, each emphasizing self‑service,...
By HackRead
News•Feb 10, 2026
February Patches for Azure DevOps Server
Microsoft released February 2026 patches for its self‑hosted Azure DevOps Server suite, covering the core product and the 2022.2, 2020.1.2, and 2019.1.2 releases. Each patch is available via direct download links and includes detailed release notes. The company urges all...
By Azure DevOps Blog
News•Feb 10, 2026
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed CVE‑2026‑22153, an authentication‑bypass flaw in FortiOS versions 7.6.0 through 7.6.4. The bug lets unauthenticated attackers skip LDAP checks for Agentless VPN or FSSO policies when the directory permits anonymous binds, potentially granting access to internal networks via SSL‑VPN....
By eSecurity Planet
News•Feb 10, 2026
Regional Bank Execs Love Mobile Apps, Fear Wire Transfer Fraud
Regional midsize and community banks are prioritizing mobile banking apps, with 54% ranking them among the top five technology spend categories for 2026. At the same time, 42% of respondents view agentic artificial intelligence as the most significant catalyst for...
By American Banker Technology
News•Feb 10, 2026
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
By SecurityWeek