News•Jan 28, 2026
Abstract Security Partners with Netskope to Bring Real-Time Detection Into Security Data Streams
Abstract Security announced a partnership with cloud‑security leader Netskope to embed real‑time detection directly into Netskope One telemetry streams. The integration streams high‑fidelity Secure Service Edge data into Abstract’s adaptive pipeline, allowing on‑the‑fly enrichment, filtering and routing to SIEMs, data lakes or analytics platforms. By eliminating traditional log indexing delays, joint customers gain faster threat visibility, reduced false positives and lower storage costs. The deal underscores Abstract’s venture‑backed growth, highlighted by its $23.5 million funding round.
By SiliconANGLE
News•Jan 28, 2026
Apiiro Introduces Guardian Agent to Secure AI-Driven Software Development
Apiiro Ltd. launched Guardian Agent, an AI‑driven application security agent that prevents vulnerable and non‑compliant code generation. The solution continuously monitors software architecture, attack surface, runtime exposure, and policy compliance, rewriting prompts to secure AI coding assistants in real time....
By SiliconANGLE
News•Jan 28, 2026
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
Point Wild’s Lat61 Threat Intelligence team has identified the GoTo Resolve remote‑administration tool, specifically the HEURRemoteAdmin.GoToResolve.gen component, as a Potentially Unwanted Application that can install silently and maintain a hidden, persistent presence on Windows machines. The tool bundles a hidden “32000~”...
By HackRead
News•Jan 28, 2026
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open‑source scheduling platform, patched critical broken‑access‑control vulnerabilities that allowed attackers to hijack accounts and expose booking data. The flaws included an authentication bypass in the organization signup flow that let attackers take over any user by using an...
By GBHackers On Security
News•Jan 28, 2026
Hackers Hijack Exposed LLM Endpoints in Bizarre Bazaar Operation
Researchers at Pillar Security uncovered a large‑scale cyber‑crime operation dubbed “Bizarre Bazaar” that hijacks exposed LLM endpoints. Over 40 days they logged 35,000 attack sessions, showing attackers exploit misconfigured AI APIs to mine cryptocurrency, resell access, exfiltrate data, and pivot...
By BleepingComputer
News•Jan 28, 2026
ESkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
Source Defense’s year‑long study of 550 e‑commerce sites shows e‑skimming remains a chronic problem, with 18 % of sites still infected after twelve months. Over half of the persistent infections (57 %) have evolved into new script variants, indicating attackers adapt once...
By GBHackers On Security
News•Jan 28, 2026
Slovakian Man Pleads Guilty to Operating Darknet Marketplace
A Slovakian national, Alan Bill, pleaded guilty to operating the Kingdom Market darknet platform, which sold drugs, forged IDs, stolen data and cyber‑crime tools from March 2021 to December 2023. The marketplace listed about 42,000 illicit items and processed payments in privacy‑focused cryptocurrencies....
By BleepingComputer
News•Jan 28, 2026
SKADI and HelloGard Robotics Partner to Embed Autonomous Cybersecurity in Robotics
SKADI Cyber Defense and HelloGard Robotics announced a strategic partnership to embed autonomous cybersecurity directly into AI‑powered robots and connected automation systems. The collaboration will co‑develop cross‑platform security solutions for Windows, Android and Linux that protect robotic operating systems, AI...
By AiThority
News•Jan 28, 2026
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
IDIS Cloud Manager’s Windows viewer contains a critical flaw (CVE‑2025‑12556) that lets attackers trigger remote code execution with a single click. The vulnerability stems from CWGService.exe accepting unsanitized command‑line arguments via a local WebSocket, which are passed to the Chromium...
By GBHackers On Security
News•Jan 28, 2026
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers at Symantec and Carbon Black have uncovered a PureRAT trojan campaign that is being authored with artificial‑intelligence tools. The malware is distributed through phishing emails masquerading as job offers and contains code comments and emojis typical of AI‑generated scripts....
By Infosecurity Magazine
News•Jan 28, 2026
Rein Security Launches with a Focus on Real-Time Production Application Security
Rein Security launched a platform that delivers real‑time production visibility for applications, targeting blind spots in API, AI‑generated code, and Model Context Protocol security. The solution uses an agentless architecture to capture runtime behavior, validate vulnerabilities, and enforce protections without...
By SiliconANGLE
News•Jan 28, 2026
From Triage to Threat Hunts: How AI Accelerates SecOps
AI‑driven SOC agents are moving from hype to practical augmentation, handling every alert with human‑level accuracy. By automatically correlating telemetry from EDR, identity, cloud and network sources, they eliminate the triage bottleneck and achieve near‑zero dwell time. The continuous investigation...
By The Hacker News
News•Jan 28, 2026
AI Security Threats Loom as Enterprise Usage Jumps 91%
Zscaler’s ThreatLabz 2026 AI Security Report reveals a 91% surge in enterprise AI usage, encompassing 989.3 billion transactions across more than 3,400 applications in 2025. Despite this rapid adoption, every AI system examined harbored critical vulnerabilities, with 90% compromised within 90...
By Infosecurity Magazine
News•Jan 28, 2026
Sicarii Ransomware Locks Your Data and Throws Away the Keys
Sicarii ransomware generates a fresh RSA key pair on each victim system and discards the private key, making encrypted data unrecoverable even after ransom payment. This defect breaks the standard ransomware‑as‑a‑service model that relies on attacker‑held private keys for decryption....
By CSO Online
News•Jan 28, 2026
Best IT Managed Services for Large Enterprises
Large enterprises are shifting IT from a support function to a strategic growth engine, and the article outlines the criteria that define the best managed services for this scale. It highlights five enterprise‑tier attributes—strategic partnership, transparent governance, proactive operations, comprehensive...
By HackRead
News•Jan 28, 2026
MIND Launches DLP for Agentic AI to Secure Data Used by Autonomous Systems
Data security firm MIND Security launched DLP for Agentic AI, a data‑centric solution that safeguards sensitive information used by autonomous AI agents across enterprise applications. The service provides visibility into active AI agents, real‑time risk detection, and automated remediation, shifting...
By SiliconANGLE
News•Jan 28, 2026
Researchers Uncover 454,000+ Malicious Open Source Packages
Security vendor Sonatype reported that developers downloaded 9.8 trillion open‑source components in 2025, yet 454,648 of the packages were newly identified as malicious. The report describes a shift from opportunistic spam to industrialized, often state‑sponsored campaigns that use typosquatting, namespace confusion,...
By Infosecurity Magazine
News•Jan 28, 2026
Almost 9 in 10 Firms Remain Vulnerable to Cyber Risks
KYND’s analysis of over 2,000 firms—including FTSE 350 and S&P 500 companies—found that 88 % of organizations with identified cyber‑risk exposures remain vulnerable for six months or longer. While 11 % of the sample faced actively exploited vulnerabilities, remote code execution (RCE)...
By Fintech Global
News•Jan 28, 2026
N8n Adds Chat Hub to Centralize AI Access Inside Automation Workflows
n8n launched Chat Hub, a built‑in chat interface that lets users query large language models and trigger workflow agents without exposing workflow logic or credentials. The feature introduces a dedicated Chat role, centralizes model and credential management, and supports both...
By Help Net Security
News•Jan 28, 2026
Cybercriminals Exploit Canadians’ Dependence on Digital Services in Widespread Attacks
Canadian cybercriminals are running a large‑scale phishing campaign that impersonates government agencies, Air Canada and Canada Post, using the PayTool phishing‑as‑a‑service platform. The operation distributes SMS alerts and malicious ads that direct victims to spoofed portals hosted on shared IP...
By GBHackers On Security
News•Jan 28, 2026
Why “Platform Consolidation” Often Increases Risk Instead of Reducing It
Enterprises chase security‑stack consolidation to cut costs and simplify management, but most vendor‑driven platforms are built from acquired point solutions rather than unified architectures. This commercial consolidation delivers single contracts yet leaves fragmented data stores, disparate analytics, and multiple agents,...
By Security Boulevard
News•Jan 28, 2026
Love? Actually: Fake Dating App Used as Lure in Targeted Spyware Campaign in Pakistan
ESET has uncovered a sophisticated Android spyware campaign that uses a fake dating app, GhostChat, to lure Pakistani users through romance‑scam tactics. The app presents locked female profiles with hard‑coded unlock codes, creating an illusion of exclusive access before installing...
By WeLiveSecurity
News•Jan 28, 2026
AHA Releases New Guides to Strengthen Hospital Emergency and Cyber Preparedness
The American Hospital Association unveiled two new guides—Strategies for Medical Surge Management During Public Emergencies and Strategies for Cyber Preparedness in Health Care—to help hospitals navigate both public health crises and cyber threats. Both resources adopt the “four S’s” framework—staffing,...
By The Cyber Express
News•Jan 28, 2026
Chinese National Sentenced to 46 Months for Laundering Millions Stolen From U.S. Investors
A Chinese national, Jingliang Su, received a 46‑month federal prison sentence for laundering roughly $36.9 million stolen from U.S. investors in a cryptocurrency fraud scheme run from Cambodia. The court ordered him to pay nearly $27 million in restitution and highlighted a...
By GBHackers On Security
News•Jan 28, 2026
Wallet Linked to Alleged US Seizure Theft Launches Memecoin, Crashes 97%
A Solana‑based memecoin called John Daghita (LICK) was launched on the Pump.fun launchpad by a wallet investigators link to an alleged theft of US government‑controlled crypto. Within its first day the token lost roughly 97% of its value, dropping from...
By Cointelegraph
News•Jan 28, 2026
McAfee Upgrades Scam Detector to Spot QR Code Scams and Suspicious Messages
McAfee has upgraded its Scam Detector tool to include instant QR‑code safety checks and enhanced detection of suspicious direct messages, even when they contain no links. The update comes as QR‑code scams affect 68 % of recent scanners, with 18 % encountering...
By Help Net Security
News•Jan 28, 2026
Always-On Privileged Access Is Pervasive — and Fraught with Risks
Enterprises are plagued by pervasive always‑on privileged access, with 91 % of users remaining logged in at their highest privilege level. Legacy governance, mergers, cloud migrations and rapid fixes have left dormant privileged accounts embedded in critical workflows, creating a massive...
By CSO Online
News•Jan 28, 2026
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Researchers uncovered two malicious PyPI packages, spellcheckerpy and spellcheckpy, that pretended to be spell‑checking tools but delivered a Python‑based remote‑access trojan. The packages were downloaded just over 1,000 times before being removed, with version 1.2.0 adding an execution trigger that runs...
By The Hacker News
News•Jan 28, 2026
Cloudbrink Adds AI Innovations to Its Platform to Protect Agents, Apps, and Data
Cloudbrink announced new AI‑focused security features that extend its secure connectivity platform to protect AI agents, browser‑based AI services, and custom large language models. The enhancements include a Safe AI BrinkAgent that detects data leaks, a continuously updated definitions database...
By Help Net Security
News•Jan 28, 2026
Fortinet Expands FortiCNAPP with Network, Data, and Runtime-Aware Risk Prioritization
Fortinet has upgraded its FortiCNAPP platform to incorporate network enforcement, data security posture management, and runtime validation into a single risk‑prioritization workflow. The enhancements enable network‑aware risk scoring, in‑place data sensitivity analysis, and runtime‑informed prioritization, reducing alert fatigue and focusing...
By Help Net Security
News•Jan 28, 2026
Yubico Extends Hardware Passkey Deployment Options
Yubico has broadened its YubiKey as a Service offering by adding self‑service ordering and a revamped Customer Portal. The new workflow lets employees and partners select YubiKey models, enter shipping details, and receive keys directly in the U.S., Canada or...
By Help Net Security
News•Jan 28, 2026
Volante’s Multi-Cloud Resiliency Service Keeps Payments Running During Cloud Outages
Volante Technologies has introduced a Multi‑cloud Resiliency Service designed to keep payment processing operational when a primary cloud provider experiences an outage. The solution offers rapid, zero‑data‑loss failover to a secondary cloud environment, eliminating single‑provider dependency for banks and other...
By Help Net Security
News•Jan 28, 2026
Digital Element Announces NAT Detector — Industry’s New Standard for Accurate IP Geolocation and Risk Intelligence
Digital Element launched NAT Detector, a new feature in its NetAcuity IP intelligence platform that identifies Network Address Translation (NAT) and Carrier‑Grade NAT connections. The tool flags shared‑IP environments, helping advertisers, security teams, DRM providers, and fintech firms interpret IP...
By MarTech Series
News•Jan 28, 2026
Pondurance RansomSnare Blocks File Encryption and Data Exfiltration
Pondurance has added RansomSnare, a new module to its Managed Detection and Response (MDR) service that halts ransomware the moment it tries to encrypt a file. The capability terminates the malicious process instantly, blocking both encryption and data exfiltration without...
By Help Net Security
News•Jan 28, 2026
Pallma AI Closes $1.6M Pre-Seed Round for AI Agent Security
London‑based Pallma AI announced a $1.6 million pre‑seed round led by Marathon Venture Capital, with participation from tech leaders at AWS, Meta, and Google. The startup offers an AI‑native security platform that monitors, detects, and mitigates risks such as prompt injection...
By Tech.eu
News•Jan 28, 2026
Delegation Is a Risk Decision Every Leader Makes, Not an Ops Choice
Leaders increasingly delegate decision‑making authority to software, turning routine operational choices into enterprise‑level risk decisions. When systems automatically issue credits, payments, or pricing adjustments, the underlying authority often lacks explicit ownership, exposing organizations to financial, legal, and reputational fallout. Security...
By CSO Online
News•Jan 28, 2026
SelfAudit Launches Partner Program to Speed CMMC Readiness
SelfAudit AI introduced a Partner Program aimed at MSPs, MSSPs, and compliance professionals to accelerate Cybersecurity Maturity Model Certification (CMMC) readiness. The initiative offers a standardized, AI‑driven workflow that streamlines gap analysis, remediation, and audit‑ready documentation. By integrating partners into...
By AI-TechPark
News•Jan 28, 2026
US Charges 87 in Major ATM Jackpotting Scheme Linked to Tren De Aragua
A Nebraska federal grand jury has indicted a total of 87 defendants in a sprawling ATM jackpotting conspiracy tied to the Venezuelan gang Tren de Aragua. The scheme used a variant of the Ploutus malware to hack ATMs nationwide, stealing...
By The Cyber Express
News•Jan 28, 2026
Opportify Gains Early Adoption for Email Insights to Stop Sign-Up Fraud
Opportify has launched its Email Insights solution, a risk‑based intelligence platform designed to stop fraudulent sign‑ups at the point of entry. Unlike traditional validators that rely on simple syntax or MX checks, Email Insights scores each address on domain stability,...
By AI-TechPark
News•Jan 28, 2026
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of twelve vulnerabilities in OpenSSL have been patched, including a high‑severity remote code execution (RCE) flaw. All issues were identified by a single cybersecurity research firm and disclosed through coordinated channels. The fixes address weaknesses that could allow...
By SecurityWeek
News•Jan 28, 2026
Hackers Exploit React2Shell Vulnerability to Deploy Miners and Botnets Worldwide
A critical insecure‑deserialization flaw in React Server Components, identified as CVE‑2025‑55182 or “React2Shell,” is being actively exploited worldwide. The vulnerability affects react‑server‑dom‑webpack, –parcel and –turbopack versions 19.0‑19.2, allowing attackers to execute arbitrary code and deploy a range of malware, including...
By The Cyber Express
News•Jan 28, 2026
CERT UEFI Parser: Open-Source Tool Exposes UEFI Architecture to Uncover Vulnerabilities
The Software Engineering Institute at Carnegie Mellon University released the CERT UEFI Parser, an open‑source utility that statically parses UEFI firmware binaries and source code into a structured, machine‑readable model. By extracting modules, execution phases, protocols and dependencies, the tool gives...
By Help Net Security
News•Jan 28, 2026
Why Prevention-First Secrets Security Will Define Enterprise Scale: Learnings From a Leading Telecom
Orange Business discovered that traditional secret detection tools generate massive false positives, leading developers to ignore alerts. By implementing mandatory GitLab pre‑receive hooks and a three‑layer defense, they reduced new secret leaks by 80% while keeping false positives below 5%....
By Help Net Security
News•Jan 28, 2026
Major Cyberattack Cripples Russia’s Alarm and Vehicle Security Provider Delta
Russian security firm Delta suffered a large‑scale external cyberattack on Jan 26, crippling its alarm, home, and vehicle security platforms. The breach disabled online services, phone lines, and the mobile app, leaving thousands of customers unable to control alarms or unlock...
By The Cyber Express
News•Jan 28, 2026
Grammarly and QuillBot Are Among Widely Used Chrome Extensions Facing Serious Privacy Questions
Incogni’s 2026 privacy risk report examined 442 AI‑powered Chrome extensions and found that over half collect user data, often with deep‑level permissions. The study highlighted that scripting and activeTab permissions let extensions read and modify any web page, exposing emails,...
By Help Net Security
News•Jan 28, 2026
Audits for AI Systems that Keep Changing
ETSI released TS 104 008, a continuous‑auditing based conformity assessment (CABCA) specification for AI systems. It shifts assurance from periodic reviews to ongoing cycles that automatically collect evidence from logs, model parameters, and data samples. The framework operationalizes regulatory requirements into machine‑readable...
By Help Net Security
News•Jan 28, 2026
CISO Salaries Continue to Rise Despite Economic Uncertainty
The IANS and Artico Search CISO Compensation Benchmark Report shows that chief information security officer pay grew 6.7% in 2025, outpacing the modest 4% rise in security budgets. Equity‑based compensation expanded faster than cash, reflecting confidence in the role’s strategic...
By Security Magazine (Cybersecurity)
News•Jan 28, 2026
Lumana's Vision for Agentic AI: When Cameras Stop Recording and Start Acting
Lumana is redefining video surveillance with an agentic AI platform that moves cameras from passive recorders to active decision‑makers. Its VIA‑1 system learns locally from each camera’s environment, delivering over 90% reduction in false alerts for customers such as Salesforce...
By Just AI News
News•Jan 28, 2026
Citizen Engagement Strategies Powered by CIAM
Citizen engagement is now driven by digital experiences, and fragmented login processes are the primary barrier. The article argues that Customer Identity and Access Management (CIAM) is essential for municipalities to centralize services, provide a single digital identity, and build...
By Security Boulevard
News•Jan 28, 2026
Customer Identity Management for Cruise Customer Experience
Cruise operators are shifting focus from flashy onboard attractions to the invisible infrastructure that links every guest interaction. By deploying consumer identity and access management (CIAM), brands can maintain a single, secure passenger profile from discovery through post‑cruise loyalty. This...
By Security Boulevard