News•Jan 27, 2026
Canada Marks Data Privacy Week 2026 as Commissioner Pushes for Privacy by Design
Canada’s Privacy Commissioner Philippe Dufresne launched Data Privacy Week 2026 (Jan 26‑30) with a focus on privacy‑by‑design, urging organizations to embed data protection from the outset. He highlighted recent high‑profile breaches—including Aylo, 23andMe, TikTok, and an investigation into X’s Grok chatbot—to illustrate the real‑world costs of lax privacy. Dufresne also advocated modernizing PIPEDA via Bill C‑15, which would grant Canadians a right to data mobility and streamline cross‑provider data transfers. The OPC is offering guidance and resources to help businesses adopt privacy‑first practices while supporting responsible AI innovation.
By The Cyber Express
News•Jan 27, 2026
Cymulate Joins the Wiz Integration Network (WIN)
Cymulate has joined the Wiz Integration Network, embedding its Continuous Threat Exposure Management platform into Wiz’s cloud‑security ecosystem. The partnership enables automated pre‑ and post‑exploitation simulations across Azure, AWS, and Google Cloud, delivering continuous validation of security controls. Joint customers...
By AI-TechPark
News•Jan 27, 2026
How to Safeguard Executives Through Proactive Planning and Managing Online Presence
Recent high‑profile attacks, including the 2024 assassination of UnitedHealthcare CEO Brian Thompson, have highlighted severe gaps in executive protection, especially online. Organizations are reassessing security operations, investing in physical safeguards while recognizing that digital exposure often reveals executives' locations and...
By Security Magazine (Cybersecurity)
News•Jan 27, 2026
Descope Introduces Dedicated Identity Infrastructure for AI Agents and MCP Ecosystems
Descope has launched an upgraded Agentic Identity Hub that treats AI agents as first‑class identities alongside human users. The platform adds OAuth 2.1, PKCE, DCR, CIMD and tool‑level scopes to MCP servers, letting developers secure agent access with enterprise‑grade policies. It...
By Help Net Security
News•Jan 27, 2026
75% of Visitors Will Switch to a Competitor When a Website Feels Unsafe, Liferay Survey Finds
Liferay’s 2026 Broken Trust Report, based on a survey of 1,000 U.S. adults, finds that 75% of users will abandon a website they perceive as unsafe and often turn to a competitor. A single “off” moment erodes trust for 61%...
By MarTech Series
News•Jan 27, 2026
When Open Science Meets Real-World Cybersecurity
Fermilab CISO Matthew Kwiatkowski explains how open‑science environments create cybersecurity blind spots when scientists design infrastructure without early security input. He notes that collaboration between IT and researchers reduces risky implementations and that publicly releasable data is often mislabeled, prompting...
By Help Net Security
News•Jan 27, 2026
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
By CSO Online
News•Jan 27, 2026
Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
January 2026 saw CERT‑In publish three critical advisories targeting SAP, Microsoft, and Atlassian products. The alerts disclose high‑severity flaws—including remote code execution, privilege escalation, and data exfiltration—affecting SAP S/4HANA, Windows, Azure, and on‑premise Atlassian tools such as Jira and Confluence. One...
By Security Boulevard
News•Jan 27, 2026
Waiting for AI Superintelligence? Don’t Hold Your Breath
AI superintelligence remains a theoretical goal, yet artificial intelligence is already woven into the fabric of enterprise operations, accelerating decision‑making and threat detection. Companies report faster, more accurate alert investigations, but the same speed introduces novel vulnerabilities and operational risks....
By Help Net Security
News•Jan 27, 2026
How Financial Institutions Strengthen SAR Readiness With Smarter Risk Practices
Financial institutions are intensifying their suspicious activity reporting (SAR) programs as fraud cycles accelerate and regulators tighten oversight. Strong SAR readiness hinges on real‑time data signals, skilled analysts, clear processes, and modern AML platforms that automate monitoring and case management....
By TechBullion
News•Jan 27, 2026
Data Privacy Week 2026: Why Secure Access Is the New Data Protection Perimeter
The CyberExpress article argues that the traditional network perimeter is no longer sufficient for data privacy, and that the true protection now lies at the moment of access. It highlights the rise of the “Identity‑Data Gap” and the shift toward...
By The Cyber Express
News•Jan 27, 2026
Cybersecurity Jobs Available Right Now: January 27, 2026
A wave of cybersecurity openings posted on January 27, 2026 spans senior leadership, engineering, and analyst roles across the United States, Europe, Asia, and the Middle East. Companies such as micro1, Bringg, Oracle, and Snyk are hiring C‑level executives, incident‑response...
By Help Net Security
News•Jan 27, 2026
Ivanti Expands Neurons Platform with Agentic AI and Autonomous Endpoint Management
Ivanti announced a major upgrade to its Neurons platform, adding Agentic AI‑driven personas to the IT Service Management suite, autonomous endpoint management (AEM) that unifies DEX, UEM and security, and enhanced asset visibility through Discovery. The Agentic AI preview launches...
By Help Net Security
News•Jan 27, 2026
Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain
Agentic AI assistants such as Clawdbot are moving from simple chatbots to persistent, privileged entities that can act across Slack, Teams, Discord and other platforms. Their ability to retain context, execute commands, and use user‑provided API keys creates new attack...
By Security Boulevard
News•Jan 27, 2026
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
By DataBreaches.net
News•Jan 27, 2026
Single Sign-On Account Management in App Stores
App store identities remain fragmented, with developers often using personal emails that expose enterprises to lockout and breach risks. Managed Apple IDs and Enterprise Google accounts tether accounts to corporate domains, ensuring the organization retains control. The industry is moving...
By Security Boulevard
News•Jan 26, 2026
The 7 Essential Elements of a Compliance Framework You Need to Know
The article outlines a seven‑element compliance framework that moves organizations from ad‑hoc checklists to a systematic operating model. It emphasizes leadership governance, risk assessment, policy translation, controls, training, monitoring, and issue management as interlocking components. By aligning these elements, firms...
By Security Boulevard
News•Jan 26, 2026
Secret Service Foils Card Skimmers
The U.S. Secret Service’s fraud‑prevention unit partnered with local law‑enforcement to locate and deactivate 411 illegal point‑of‑sale card‑skimming devices in 2025. Across 22 coordinated operations, agents inspected roughly 9,000 businesses and examined about 60,000 terminals, potentially averting $428.1 million in fraudulent...
By Payments Dive
News•Jan 26, 2026
Zama’s Encrypted Ethereum Token Auction Draws $118M in Commitments
Zama, a fully homomorphic encryption startup, closed a $118.5 million encrypted token auction on Ethereum, marking the first such ICO on the network. The sealed‑bid Dutch auction attracted 11,103 unique bidders, oversubscribed by 218% and clearing at $0.05 per token. Zama’s...
By The Defiant
News•Jan 26, 2026
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
MSSPs face growing risk from shadow IT and data sprawl as hybrid work and SaaS adoption push data into unmanaged cloud locations. Unapproved applications and fragmented data increase attack surface, compliance exposure, and incident‑response delays. Cavelo offers an agent‑less, multi‑tenant...
By Security Boulevard
News•Jan 26, 2026
Unseen Money 16—Synthetic Identity Fraud
In this episode, Paul Amery and guest Timur Yunusov dissect a bizarre DPD delivery of a non‑existent eBay purchase that led them to explore synthetic identity fraud—a scheme where criminals blend stolen personal data with fabricated details to create usable...
By New Money Review
News•Jan 26, 2026
Genetec Outlines Data Privacy Best Practices Ahead of Data Protection Day
In this episode, Genetec highlights data‑privacy best practices for physical‑security systems ahead of International Data Protection Day. Principal Security Architect Mathieu Chevalier stresses the need for clear data‑use limits, privacy‑by‑design controls, and continuous protection throughout the data lifecycle. The company recommends...
By insideBIGDATA
News•Jan 26, 2026
NDSS 2025 – All Your (Data)base Are Belong to Us: Characterizing Database Ransom(ware) Attacks
Researchers at the IMDEA Software Institute delivered the first systematic analysis of database ransomware attacks, examining 23,736 ransom notes from 60,427 compromised servers over three years. Their honeypot experiments showed new infections rising 60% year‑over‑year, with 6,000 fresh victims in...
By Security Boulevard
News•Jan 26, 2026
ShinyHunters, CL0P Return with New Claimed Victims
ShinyHunters has resurfaced with an onion‑based data leak site, claiming breaches of SoundCloud, Betterment and Crunchbase tied to a new vishing campaign targeting SSO credentials at Okta, Microsoft and Google. The group warns that more victims will follow. In parallel,...
By The Cyber Express
News•Jan 26, 2026
EScan Antivirus Supply Chain Breach Delivers Signed Malware
On January 20 2026, MicroWorld Technologies’ eScan antivirus was compromised through its legitimate update infrastructure, delivering digitally signed malware to global endpoints. The multi‑stage payload installed a 64‑bit backdoor, persisted via disguised scheduled tasks, and altered hosts and registry settings to block...
By Infosecurity Magazine
News•Jan 26, 2026
Why MSPs Should Add Privileged Access Management (PAM) To Their Security Offerings
Managed service providers (MSPs) are urged to add Privileged Access Management (PAM) to their portfolios as identity‑based attacks surge, with data breaches up 72% since 2021. PAM dovetails with Zero Trust principles, securing administrative credentials that attackers most often target....
By Security Boulevard
News•Jan 26, 2026
Why Digital Identity Systems Are Moving Away From Centralized Data Storage
Digital identity systems are transitioning from centralized databases to decentralized architectures. Centralized stores pose massive breach risks, prompting firms to seek models that limit data exposure. Decentralized solutions leverage cryptography and distributed ledgers, granting users control over their credentials. This...
By TechBullion
News•Jan 26, 2026
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
By DataBreaches.net
News•Jan 26, 2026
Saudi Satirist Hacked with Pegasus Spyware Wins Damages in Court Battle
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
By TechCrunch (Cybersecurity)
News•Jan 26, 2026
Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security
The episode examines Google’s Universal Commerce Protocol (UCP), an open‑source standard designed to unify AI‑driven shopping across retailers and payment providers. It highlights UCP’s advantages—single‑point integration, leverage of Google Merchant Center, modular flexibility, and merchant‑first control—while noting the competitive landscape...
By Security Boulevard
News•Jan 26, 2026
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
By The Hacker News
News•Jan 26, 2026
Grid Protection in Severe Weather: What Security Leaders Need to Know
A historic winter storm on Jan. 24‑25 left over 820,000 energy customers without power and placed 200 million people under severe‑cold alerts. While utilities scramble to restore service, cyber adversaries target pre‑existing grid weaknesses such as unpatched systems and lax remote‑access controls....
By Security Magazine (Cybersecurity)
News•Jan 26, 2026
CISA Releases List of Post-Quantum Cryptography Product Categories
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
By Infosecurity Magazine
News•Jan 26, 2026
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
By SecurityWeek
News•Jan 26, 2026
NDSS 2025 – ERW-Radar
The episode delves into ERW‑Radar, a novel detection system designed to combat evasive ransomware by leveraging the unique repetitive I/O patterns ransomware exhibits during encryption and statistical analysis of encrypted byte streams. The authors—Lingbo Zhao, Yuhui Zhang, Zhilu Wang, Fengkai...
By Security Boulevard
News•Jan 26, 2026
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1
In September 2025 Zscaler ThreatLabz uncovered two Pakistan-linked APT campaigns, Gopher Strike and Sheet Attack, targeting Indian government entities. Gopher Strike delivers malicious PDFs that trigger ISO downloads, employing a new Golang downloader called GOGITTER, a lightweight backdoor GITSHELLPAD that...
By Security Boulevard
News•Jan 26, 2026
Hackers Are Using LLMs to Build the Next Generation of Phishing Attacks - Here's What to Look Out For
Security researchers at Palo Alto Networks’ Unit 42 have demonstrated a proof‑of‑concept where generative AI models produce on‑the‑fly JavaScript that creates personalized phishing pages. The technique sends prompts to a legitimate LLM API, receives unique code for each visitor, and executes...
By TechRadar
News•Jan 26, 2026
Expereo: Enterprise Connectivity Amid AI Surge with ‘Visibility at the Speed of Life’
Expereo’s chief digital officer Julian Skeels warns that AI workloads turn networking into a system‑of‑record, requiring deterministic, observable, and resilient connectivity. Enterprises are tangled in hybrid clouds and multiple providers, leading to “connectivity everywhere but visibility nowhere.” The company’s expereoOne...
By Artificial Intelligence News
News•Jan 26, 2026
Microsoft Handed over BitLocker Keys to Law Enforcement, Raising Enterprise Data Control Concerns
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
By CSO Online
News•Jan 26, 2026
6 Okta Security Settings You Might Have Overlooked
Okta is the backbone of many SaaS‑first enterprises, making its security settings critical. The article outlines six often‑overlooked configurations—password policies, phishing‑resistant MFA, ThreatInsight, admin session ASN binding, session lifetimes, and behavior rules—that strengthen identity protection. It also highlights how continuous...
By BleepingComputer
News•Jan 26, 2026
Researchers Uncover “Haxor” SEO Poisoning Marketplace
Security researchers uncovered the HaxorSEO (HxSEO) marketplace, a Telegram and WhatsApp‑based service that sells over 1,000 malicious backlinks from compromised, decades‑old domains. Each listing includes trust scores such as domain authority and is priced at $6, allowing threat actors to...
By Infosecurity Magazine
News•Jan 26, 2026
Upwind Secures $250 Million to Expand Runtime-First Cloud Security for AI Workloads
Upwind announced a $250 million Series B round, bringing total capital to $430 million. The funding, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, will accelerate the company’s runtime‑first cloud security platform aimed at AI‑driven workloads. Upwind claims...
By Help Net Security
News•Jan 26, 2026
Booz Allen’s Vellox Reverser Accelerates Malware Analysis and Threat Intelligence
Booz Allen Hamilton has launched the general availability of Vellox Reverser, an AI‑driven malware reverse‑engineering platform. The solution leverages a resilient agentic AI architecture on AWS Lambda, Bedrock, and Step Functions to automate deep analysis of complex threats. New features...
By Help Net Security
News•Jan 26, 2026
Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies
The recent discovery by Koi Security reveals that NPM’s handling of Git‑based dependencies can circumvent the post‑Shai‑Hulud “PackageGate” defenses, allowing malicious code execution even with the `--ignore‑scripts` flag. The bypass exploits a crafted `.npmrc` file that overrides the Git binary...
By BleepingComputer
News•Jan 26, 2026
Wiz Found It. Swimlane Fixed It. The Cloud Security Power Play
Cloud security teams face alert fatigue, drowning in critical notifications that outpace manual response. Wiz, a cloud risk visibility leader, has partnered with Swimlane’s Turbine agentic‑AI to turn detection into automated remediation. The integration pulls Wiz telemetry, enriches it with...
By Security Boulevard
News•Jan 26, 2026
Stellar Cyber Expands Autonomous SOC Capabilities with Agentic AI
Stellar Cyber unveiled version 6.3, embedding agentic AI to push its Autonomous SOC vision forward. The update automates threat detection, investigation, triage and response across identity, network, endpoint, email and cloud layers, slashing alert fatigue and mean‑time‑to‑respond. New Model Context Protocol...
By Help Net Security
News•Jan 26, 2026
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
US law firm Hagens Berman is urging investors to join a class action against Coupang over a massive June 2025 cyber‑attack that exposed personal data of 33.7 million customers. The breach prompted a police raid, the resignation of CEO Park Dae‑Joon,...
By Infosecurity Magazine
News•Jan 26, 2026
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
North Korean state‑sponsored Lazarus group launched a new Operation DreamJob campaign targeting European defense firms that build uncrewed aerial vehicles. The attackers used fake job offers to distribute trojanized PDFs that install the ScoringMathTea RAT and BinMergeLoader loader. Malware leverages...
By GBHackers On Security
News•Jan 26, 2026
GeoComply Uses Device and Location Data to Stop Fraud
GeoComply’s digital identity platform, integrated with Dabble, combines device integrity, precise location, behavioural and network signals to enhance KYC. The partnership delivered KYC pass rates above 90% and uncovered large fraud clusters, including 250+ accounts from a single address and...
By Crowdfund Insider
News•Jan 26, 2026
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
Blackpoint Cyber uncovered a new fake CAPTCHA campaign that tricks users into executing a signed Microsoft script, SyncAppvPublishingServer.vbs, to install the Amatera Stealer malware. The attack directs victims to press Windows Key + R, paste a code, and run a command, while fetching...
By HackRead