News•Jan 29, 2026
N-Able Brings AI to Endpoint, Security, and Recovery
N‑able unveiled AI‑enhanced capabilities across its endpoint management, security operations, and data‑protection suite. Leveraging telemetry from over 11 million managed devices and a network of 25,000+ service providers, the company now offers agentic AI that automates scripting, threat detection, and recovery testing. The AI layer promises to cut manual effort, accelerate incident response, and deliver enterprise‑grade resilience for SMBs without added complexity. These features are rolling out immediately, with additional enhancements slated for later this year.
By Help Net Security
News•Jan 29, 2026
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are leveraging Google Search Ads to distribute macOS malware by directing users searching for “mac cleaner” to counterfeit Apple‑styled landing pages. The ads, hosted on compromised Google Ads accounts, redirect to Google Apps Script pages that decode Base64 payloads...
By GBHackers On Security
News•Jan 29, 2026
Tosi Platform Delivers Unified Connectivity, Visibility, and Security for OT at Scale
Tosi has launched a purpose‑built OT platform that consolidates connectivity, visibility, and security into a single console. The offering includes Tosi Control for fleet management and real‑time status, with Tosi Insight adding traffic analytics and anomaly detection, and a full...
By Help Net Security
News•Jan 29, 2026
Sumsub’s AI Agent Verification Binds Automation to Verified Human Identity
Sumsub has introduced AI Agent Verification, a new layer that ties AI‑driven automation to a verified human identity through its Know Your Agent framework. The solution detects automated activity, evaluates its risk, and triggers targeted liveness checks when needed, ensuring...
By Help Net Security
News•Jan 29, 2026
Cside VPN Detection Enables Control of VPN Traffic to Prevent Fraud and Legal Exposure
cside has launched VPN Detection, a solution that identifies and manages traffic routed through virtual private networks. Unlike traditional IP‑list methods, it analyzes network behavior, browser fingerprints, and packet timing across OSI layers three to seven. The tool aims to...
By Help Net Security
News•Jan 29, 2026
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
Enterprises face escalating operational downtime risk, prompting CISOs to prioritize three strategic decisions. First, adopt STIX/TAXII‑compatible threat intelligence feeds that deliver fresh, high‑quality indicators, boosting detection rates by up to 58 %. Second, eliminate noisy false positives to protect analysts from...
By The Hacker News
News•Jan 29, 2026
Google Agrees to Pay $135 Million over Android Data Harvesting Claims
Google has agreed to a $135 million settlement to resolve a class action alleging Android devices transmitted system‑service data over cellular networks without user consent. The lawsuit, spanning over five years, claimed background data transfers drained users’ plans starting in November...
By Help Net Security
News•Jan 29, 2026
Stablecoin Bank Kontigo Suffers Cyber Attack
US neobank Kontigo, a stablecoin bank serving Latin America, suffered a cyber attack that impacted 1,005 users and resulted in the loss of 340,905.28 USDT. The breach exploited a flaw in the Auth provider’s Apple OIDC authentication flow, allowing attackers...
By Finextra
News•Jan 29, 2026
Number of Cybersecurity Pros Surges 194% in Four Years
The UK cybersecurity workforce has exploded, rising 194% between December 2021 and June 2025 to reach 83,700 professionals. This makes cyber the fifth‑fastest‑growing occupation and the most rapidly expanding IT role, outpacing the sector’s average 9.6% growth. Despite the surge, a talent...
By Infosecurity Magazine
News•Jan 29, 2026
EU’s Answer to CVE Solves Dependency Issue, Adds Fragmentation Risks
The European Union has launched the Global Cybersecurity Vulnerability Enumeration (GCVE.eu) database, aggregating advisories from over 25 public sources into a single, searchable platform hosted by Luxembourg’s CIRCL and co‑funded by the EU’s FETTA project. The initiative aims to mitigate...
By CSO Online
News•Jan 29, 2026
Why Protecting Your Phone Number Matters for Online Security
Phone numbers are increasingly used as digital identifiers for account recovery, two‑factor authentication, and user verification, making them a prime target for attackers. The article outlines how numbers become publicly accessible through social profiles, directories, data breaches, and app permissions....
By Security Boulevard
News•Jan 29, 2026
Real-Time Blackhole List – How to Remove an IP From It?
Email senders increasingly encounter DNS‑based Real‑Time Blackhole Lists that block IPs suspected of spam, phishing, or compromised servers. When an IP lands on a blacklist, major ESPs reject or filter messages, causing bounce errors, silent drops, and plummeting engagement metrics....
By Security Boulevard
News•Jan 29, 2026
Bumble, Panera Bread, Match Group, and CrunchBase Hit by New Wave of Cyberattacks
A coordinated cyber‑attack wave hit Bumble, Panera Bread, Match Group and CrunchBase, with the hacker group ShinyHunters claiming responsibility. The intrusions stemmed from phishing and vishing tactics that compromised contractor or employee credentials, granting brief, limited access to internal networks....
By The Cyber Express
News•Jan 29, 2026
Python-Based PyRAT Emerges as Cross-Platform Threat With Advanced Remote Access Capabilities
A new Python‑based Remote Access Trojan, dubbed PyRAT, has been identified as a cross‑platform threat capable of compromising both Windows and Linux systems. The malware leverages Python’s portability, compiling into ELF and PE binaries, and employs lightweight persistence mechanisms—XDG autostart...
By GBHackers On Security
News•Jan 29, 2026
NIST’s AI Guidance Pushes Cybersecurity Boundaries
NIST’s Center for AI Standards and Innovation released a formal Request for Information targeting secure practices for autonomous AI agents, signaling a shift from broad, principle‑based AI risk guidance to concrete, operational controls. The agency highlighted the limits of treating...
By CSO Online
News•Jan 29, 2026
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus, a C++‑based downloader sold as Malware‑as‑a‑Service since 2020, has evolved into a modular backdoor platform with its latest 3.0 release featuring heavy obfuscation, ChaCha20‑encrypted strings, and Protobuf‑encoded C2 traffic. The malware leverages DLL sideloading through a malicious HRUpdate.exe MSI...
By GBHackers On Security
News•Jan 29, 2026
A Practical Take on Cyber Resilience for CISOs
Standard Chartered CISO Shebani Baweja explains cyber resilience as an extension of information security focused on recovery, trust, and continuity during severe incidents. She highlights three priority areas: managing third‑party risk, preparing for emerging threats like AI‑driven attacks, and embedding...
By Help Net Security
News•Jan 29, 2026
Enterprise API Security: Protecting Your Digital Ecosystem From Modern Threats
APIs have become the backbone of digital business, but they also represent the most frequent attack vector for enterprise web applications, according to Gartner. The guide outlines common vulnerabilities such as broken authentication, excessive data exposure, and rate‑limiting gaps, and...
By TechBullion
News•Jan 29, 2026
ImmuniWeb Reports Double-Digit Growth and Platform Advances
ImmuniWeb reported an all‑time sales record for 2025, maintaining double‑digit year‑over‑year growth while staying profitable. The company rolled out four major AI Platform updates, adding AI‑specific testing for web, mobile, API, LLM vulnerabilities and post‑quantum encryption readiness. Independent ISO 9001 and...
By Help Net Security
News•Jan 29, 2026
NSFOCUS Unveils Enhanced AI LLM Risk Threat Matrix for Holistic AI Security Governance
NSFOCUS announced an upgraded AI LLM Risk Threat Matrix, adding 14 new threat categories that focus on AI agent, multimodal, and Multi‑Agent Communication Protocol (MCP) vulnerabilities. The matrix expands coverage across identity, application, model, data, and infrastructure security throughout the...
By Security Boulevard
News•Jan 29, 2026
AI-Enabled Scams Rose 500% in 2025 as Crypto Theft Goes ‘Industrial’
TRM Labs reports a five‑fold surge in large language model‑powered scams in 2025, propelling AI‑generated deepfakes, voice clones and synthetic images into mainstream fraud. Crypto theft amounted to $35 billion, a slight dip from 2024, while illicit crypto wallet inflows jumped...
By Cointelegraph
News•Jan 29, 2026
Regtech Prove Highlights Transformation of Identity Verification and Digital Onboarding Processes
Regtech firm Prove says identity verification is evolving from a single, static check to a continuous, adaptive process. The shift is driven by deepfake threats, AI‑powered fraud, real‑time payment demands, and multi‑device interactions. Prove argues that dynamic verification can maintain...
By Crowdfund Insider
News•Jan 29, 2026
UK Plans Sweeping Overhaul of Policing Amid Surge in Online Crimes
The UK government announced a sweeping reform of policing that will create a new National Police Service, modeled after the FBI, to lead the fight against cybercrime, fraud and other internet‑enabled offenses. The proposal consolidates responsibilities currently spread across dozens...
By DataBreaches.net
News•Jan 28, 2026
OPNsense 26.1 Brings Updates to Open-Source Firewall Management
OPNsense released version 26.1, code‑named Witty Woodpecker, enhancing firewall management, traffic visibility, and automation interfaces. The update revamps the live firewall log, redesigns the firewall rules UI, and expands API coverage to include Source NAT tagging and Destination NAT port...
By Help Net Security
News•Jan 28, 2026
Silicon Valley Wades Into a Trade Spat with South Korea
Coupang, South Korea’s e‑commerce powerhouse with $35 bn in sales, suffered a massive data breach that has escalated into a diplomatic dispute. U.S. officials, backed by allies in the Trump administration, are pressing for tighter security controls on the firm’s handling...
By The Economist » Business
News•Jan 28, 2026
Open Banking Continues to Outperform on Fraud
Open Banking’s latest financial‑crime report shows fraud rates of just 0.013 % of transactions, far below the 0.045 % industry average, and an improved performance versus 2024. While overall fraud remains low, Authorised Push Payment (APP) scams now represent 74 % of Open...
By Payments Cards & Mobile
News•Jan 28, 2026
NDSS 2025 – Recurrent Private Set Intersection For Unbalanced Databases With Cuckoo Hashing
Researchers from NYU Abu Dhabi introduced a recurrent Private Set Intersection (PSI) protocol tailored for unbalanced databases. The solution combines leveled Fully Homomorphic Encryption with cuckoo hashing, delivering real‑time performance for repeated small‑set queries against a large set. Benchmarks using...
By Security Boulevard
News•Jan 28, 2026
Survey Surfaces Lots of Room for DevSecOps Improvement
A new UserEvidence survey of 506 security leaders reveals that while 80% of organizations have security and DevOps teams sharing observability tools, only 45% feel the teams are very aligned on tooling and workflows. Most respondents (93%) use three or...
By Security Boulevard
News•Jan 28, 2026
SSO Vs. Federated Identity Management: A Guide
Modern enterprises face escalating identity challenges as employees and automated workloads proliferate across SaaS, micro‑services, and multi‑cloud environments. Single Sign‑On (SSO) centralizes human authentication, reducing password fatigue and providing a unified audit trail, while federated identity extends access across organizational...
By Security Boulevard
.jpg?height=635&t=1769625646&width=1200)
News•Jan 28, 2026
2026 Enterprise Security Trends: What Leaders Must Prepare For In An Interconnected Risk Landscape
Enterprise security in 2026 is defined by the merging of cyber and physical domains, the rise of AI as both an attack accelerator and defense multiplier, and the recognition that cloud outages are now security incidents. Recent incidents like the...
By Security Magazine (Cybersecurity)
News•Jan 28, 2026
Student Data at Risk: What the Victoria Education Breach Exposes About Public Sector Security
The Victoria Department of Education suffered a data breach that exposed personal information of current and former students, prompting a privacy investigation. The breach highlighted longstanding issues in public‑sector access governance, such as dormant accounts and overly broad permissions. Attackers...
By Security Boulevard
News•Jan 28, 2026
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack
Fortinet has confirmed that the FortiCloud Single Sign‑On (SSO) authentication bypass vulnerability (CVE‑2026‑24858) is being actively exploited in the wild. The flaw, rated 9.4 on the CVSS scale, affects FortiOS, FortiManager, FortiAnalyzer and FortiProxy, allowing attackers with a valid FortiCloud...
By eSecurity Planet
News•Jan 28, 2026
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Moltbot, an open‑source AI coding assistant with over 85,000 GitHub stars, has no official Visual Studio Code extension, yet a counterfeit "ClawdBot Agent – AI Coding Assistant" appeared on the Marketplace. Published on January 27 2026, the malicious extension automatically runs on IDE launch...
By The Hacker News
News•Jan 28, 2026
What Are Service Accounts and Why Are They a Security Risk?
Service accounts are non‑human identities that power cloud, container and CI/CD workloads, but they often rely on static, long‑lived credentials. Over‑privileged and poorly managed accounts generate a majority of cloud security alerts and have been leveraged in high‑profile breaches such...
By Security Boulevard
News•Jan 28, 2026
Outtake Raises $40M Series B
Outtake, a digital‑trust platform that safeguards organizations from AI‑driven impersonation, closed a $40 million Series B round. The financing was led by ICONIQ with participation from CRV, S32, and a roster of high‑profile tech and security executives, including Microsoft CEO Satya Nadella and...
By VC News Daily
News•Jan 28, 2026
Why Your Security Team Needs to Hire Non-Traditional Professionals
Security leaders are urged to consider candidates with non‑traditional backgrounds, as highlighted in a recent Security Magazine podcast with threat analyst Aaron Walton. Examples like CISO Holly Drake, who transitioned from Russian literature and social work, illustrate how diverse education...
By Security Magazine (Cybersecurity)
News•Jan 28, 2026
Russian Cybercrime Platform RAMP Forum Seized by FBI
U.S. FBI seized the clearnet and dark‑web domains of the Russian‑language cybercrime forum RAMP, known for ransomware and access‑broker services. The operation, coordinated with the DOJ’s Computer Crime and Intellectual Property Section and the Southern District of Florida, redirected both...
By HackRead
News•Jan 28, 2026
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
A critical vulnerability (CVE‑2025‑56005) has been disclosed in the Python PLY library version 3.11, allowing attackers to execute arbitrary code by loading a crafted pickle file via the undocumented *picklefile* parameter. The flaw triggers during parser initialization, meaning code runs before...
By eSecurity Planet
News•Jan 28, 2026
Great Refractor Initiative Looks to AI to Harden Critical Code
The Great Refactor initiative proposes using AI to automatically translate vulnerable C and C++ open‑source code into Rust, targeting 100 million lines by 2030 with a $100 million investment. Rust’s memory‑safety design could eliminate roughly 70 % of software vulnerabilities that stem from...
By IEEE Spectrum AI
News•Jan 28, 2026
Critical and High Severity N8n Sandbox Flaws Allow RCE
Two critical sandbox bypasses were discovered in the n8n workflow automation platform, affecting its JavaScript expression engine (CVE‑2026‑1470, CVSS 9.9) and Python Code node (CVE‑2026‑0863, CVSS 8.5). Both flaws let authenticated users escape the sandbox and execute arbitrary commands on the host...
By Infosecurity Magazine
News•Jan 28, 2026
NDSS 2025 – Iris: Dynamic Privacy Preserving Search In Authenticated Chord Peer-To-Peer Networks
The NDSS 2025 paper introduces Iris, a scheme that enables privacy‑preserving searches in authenticated Chord peer‑to‑peer networks while remaining compatible with the existing protocol. Iris defines a new alpha‑delta privacy notion, extending k‑anonymity to protect query information across iterative hops....
By Security Boulevard
News•Jan 28, 2026
Veracode’s Platform Enhancements Help Prevent Software Supply Chain Attacks
Veracode unveiled a suite of platform enhancements for the second half of 2025, highlighted by the launch of Package Firewall, a preventive control that blocks malicious third‑party packages before they enter development environments. The feature integrates with major package managers...
By Help Net Security
News•Jan 28, 2026
SolarWinds Warns of Critical Web Help Desk RCE, Auth Bypass Flaws
SolarWinds issued emergency patches for its Web Help Desk platform, fixing four critical vulnerabilities—two authentication bypass flaws (CVE‑2025‑40552, CVE‑2025‑40554), two remote code execution bugs (CVE‑2025‑40553, CVE‑2025‑40551), and a hard‑coded credentials issue (CVE‑2025‑40537). The flaws can be exploited remotely without authentication,...
By BleepingComputer
News•Jan 28, 2026
Bedrock Data Extends DSPM to Atlassian Confluence, Mapping SaaS Data to AI Inference Risk
Bedrock Data announced native Data Security Posture Management (DSPM) support for Atlassian Confluence, enabling automatic discovery of spaces, pages and blogs. The platform classifies unstructured content for PII, secrets and intellectual property, resolves inherited permissions, and maps that data to...
By AiThority
News•Jan 28, 2026
EPC Issues RFI for Fraud Information Sharing Platform
The European Payments Council (EPC) has issued a Request for Information (RFI) to find operators for a central fraud‑information sharing platform under its Frida scheme. The initiative anticipates the EU Payment Services Regulation (PSR) that will take effect in early...
By Finextra
News•Jan 28, 2026
Show HN: Sandbox Agent SDK – Unified API for Automating Coding Agents
The Sandbox Agent SDK introduces a Rust‑based server and TypeScript client that let developers run AI coding agents—Claude Code, Codex, OpenCode, and Amp—inside isolated sandboxes while controlling them over a unified HTTP/SSE API. By normalizing disparate agent interfaces into a single...
By Hacker News
News•Jan 28, 2026
Abstract Security Partners with Netskope to Bring Real-Time Detection Into Security Data Streams
Abstract Security announced a partnership with cloud‑security leader Netskope to embed real‑time detection directly into Netskope One telemetry streams. The integration streams high‑fidelity Secure Service Edge data into Abstract’s adaptive pipeline, allowing on‑the‑fly enrichment, filtering and routing to SIEMs, data...
By SiliconANGLE
News•Jan 28, 2026
Apiiro Introduces Guardian Agent to Secure AI-Driven Software Development
Apiiro Ltd. launched Guardian Agent, an AI‑driven application security agent that prevents vulnerable and non‑compliant code generation. The solution continuously monitors software architecture, attack surface, runtime exposure, and policy compliance, rewriting prompts to secure AI coding assistants in real time....
By SiliconANGLE
News•Jan 28, 2026
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
Point Wild’s Lat61 Threat Intelligence team has identified the GoTo Resolve remote‑administration tool, specifically the HEURRemoteAdmin.GoToResolve.gen component, as a Potentially Unwanted Application that can install silently and maintain a hidden, persistent presence on Windows machines. The tool bundles a hidden “32000~”...
By HackRead
News•Jan 28, 2026
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open‑source scheduling platform, patched critical broken‑access‑control vulnerabilities that allowed attackers to hijack accounts and expose booking data. The flaws included an authentication bypass in the organization signup flow that let attackers take over any user by using an...
By GBHackers On Security