News•Jan 26, 2026
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
Offensive AI is reshaping cyber attacks, with large language models generating and morphing malware in real time. Recent incidents such as Anthropic’s AI‑orchestrated espionage campaign and ClickFix steganography attacks show adversaries bypassing traditional endpoint detection (EDR). Network Detection and Response (NDR) complements EDR by spotting behavioral anomalies and lateral movement across networks, providing a safety net against AI‑driven evasion. Integrating NDR and EDR is becoming essential as remote work and multi‑domain threats expand the attack surface and increase complexity.
By The Hacker News
News•Jan 26, 2026
Deepfake ‘Nudify’ Technology Is Getting Darker—And More Dangerous
Deep‑fake “nudify” services now turn a single photo into realistic, eight‑second explicit videos, offering dozens of sexual scenarios for a small fee. Platforms ranging from web sites to Telegram bots automate image‑to‑video generation, with AI models capable of adding audio...
By WIRED AI
News•Jan 26, 2026
Quantum Computing Firm IonQ Acquires US Semiconductor Firm SkyWater for $1.8 Billion
IonQ announced a definitive agreement to acquire SkyWater Technology for $35 per share, valuing the semiconductor foundry at roughly $1.8 billion in a cash‑and‑stock transaction. The deal creates a vertically integrated quantum platform that combines IonQ’s fault‑tolerant quantum processors with SkyWater’s...
By Help Net Security
News•Jan 26, 2026
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
A new crime‑ware toolkit called Stanley is being sold on Russian‑language forums for $2,000 to $6,000. The kit disguises itself as the Notely note‑taking extension and guarantees that its malicious Chrome extension will pass Google’s Web Store review. Once installed,...
By HackRead
News•Jan 26, 2026
NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution
Security researchers uncovered two critical 0‑day flaws—CVE‑2025‑34164 and CVE‑2025‑34165—in NetSupport Manager versions up to 14.10.4.0. The bugs reside in an undocumented broadcast feature and can be chained to achieve unauthenticated remote code execution by corrupting heap memory and reading stack...
By GBHackers On Security
News•Jan 26, 2026
Why Voice-Based Scams Are a Growing Threat to Banks
Phone‑based scams have moved from a niche consumer problem to a material risk for banks, with U.S. consumers losing over $12.5 billion in 2024, many through voice attacks. Fraudsters exploit the inherent trust of human speech and caller‑ID spoofing to impersonate...
By Banking Dive
News•Jan 26, 2026
Matcha Meta Breach Tied to SwapNet Exploit Drains up to $16.8M
Decentralized exchange aggregator Matcha Meta disclosed a security breach originating from its primary liquidity provider, SwapNet, which allowed an attacker to siphon between $13.3 million and $16.8 million on the Base network. The exploit leveraged an arbitrary call flaw in SwapNet’s router...
By Cointelegraph
News•Jan 26, 2026
F5 Strengthens, Scales & Sustains AI Security With Integrated Runtime Protection
In this episode Adrian Bridgwater discusses F5’s new AI security offerings—AI Guardrails and AI Red Team—designed to protect enterprise AI models throughout their lifecycle. The Guardrails provide both out‑of‑the‑box and custom‑built runtime protections that enforce policies, prevent data leaks, and...
By Security Boulevard
News•Jan 26, 2026
Microsoft Entra ID Will Auto-Enable Passkey Profiles, Synced Passkeys
Microsoft Entra ID will automatically enable passkey profiles and add synced passkey support starting March 2026. The update moves passkey profiles to general availability and introduces a new passkeyType property that lets admins choose device‑bound, synced, or both types of passkeys....
By Help Net Security
News•Jan 26, 2026
Inside Microsoft’s Veteran-to-Tech Workforce Pipeline
Microsoft’s Military Affairs team has expanded the Software and Systems Academy (MSSA) into a nationwide veteran‑to‑tech pipeline, graduating more than 4,000 service members since its 2013 pilot. The program now offers three core learning paths—cloud development, cloud administration, and cybersecurity...
By Help Net Security
News•Jan 26, 2026
Firewalla Outlines a Zero Trust Approach to Fixing Flat Home Networks
Firewalla introduced a zero‑trust, microsegmentation approach that lets homeowners modernize large, flat Wi‑Fi networks without renumbering IP addresses or reconfiguring devices. Using the AP7 and Orange appliances, users can keep existing SSIDs while automatically isolating legacy IoT, newer smart devices,...
By Help Net Security
News•Jan 26, 2026
New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware
A sophisticated phishing campaign has been leveraging Vercel's *.vercel.app subdomains since November 2025 to deliver remote‑access malware. The attackers disguise malicious pages as invoice portals or document viewers, then conditionally serve a signed GoTo Resolve installer after fingerprinting the victim’s browser....
By GBHackers On Security
News•Jan 26, 2026
Brakeman: Open-Source Vulnerability Scanner for Ruby on Rails Applications
Brakeman is an open‑source static analysis scanner that inspects Ruby on Rails codebases for security flaws without executing the application. It evaluates controllers, models, views, templates, and dependency versions, flagging injection, XSS, unsafe redirects, and authentication weaknesses. The tool integrates...
By Help Net Security
News•Jan 26, 2026
Consensys Pushes for Balanced Cybersecurity Rules in FTC’s Nomad Case
Consensys submitted a comment letter to the FTC urging technology‑agnostic security standards in the agency’s settlement with Nomad Capital Labs over the 2022 $190 million bridge hack. The firm warns that prescriptive measures such as mandatory circuit‑breaker mechanisms could clash with...
By Crowdfund Insider
News•Jan 26, 2026
Incident Response Lessons Learned the Hard Way
Ryan Seymour, VP of Consulting and Education at ConnectSecure, draws on over twenty years of incident‑response work to explain why many failures begin before an attack even starts. He shows that teams often hesitate when alerts appear, not because of...
By Help Net Security
News•Jan 26, 2026
AWS Releases Updated PCI PIN Compliance Report for Payment Cryptography
Amazon Web Services has released an updated PCI PIN compliance package for its Payment Cryptography service, confirming a recent third‑party audit with zero findings. The package includes a PCI PIN Attestation of Compliance and a Responsibility Summary that outlines customer obligations. The...
By Help Net Security
News•Jan 26, 2026
The New ATO Playbook: Session Hijacking, MFA Bypass, and Credential Abuse Trends for 2026
In this episode Jason Wagner outlines how account takeover (ATO) has shifted from brute‑force logins to stealthy session hijacking, MFA fatigue, and credential reuse tied to real identities. He explains that attackers now harvest active session tokens and device fingerprints,...
By Security Boulevard
News•Jan 26, 2026
What Is User Managed Access?
User Managed Access (UMA) extends OAuth 2.0 by letting data owners set granular sharing policies. It introduces components such as Resource Owner, Authorization Server, and Requesting Party Token to mediate consent. In enterprise SSO, UMA decouples resource data from policy logic,...
By Security Boulevard
News•Jan 25, 2026
26M+ Scammed By Fake QR Codes: NordVPN
NordVPN research finds more than 26 million people may have been lured to malicious sites via fake QR codes. Scammers embed these codes in “brushing” packages, a tactic that now delivers 26 % of all malicious links. Seventy‑three percent of Americans admit...
By Crowdfund Insider
News•Jan 25, 2026
NDSS 2025 – RContainer
The NDSS 2025 paper introduces RContainer, a secure container architecture that leverages ARM Confidential Computing Architecture (CCA) hardware primitives to protect containers from untrusted operating systems. By deploying a lightweight trusted mini‑OS alongside the host OS, RContainer monitors control‑flow interactions...
By Security Boulevard
News•Jan 25, 2026
Terrifying Solana Flaw Just Exposed How Easily the “Always-On” Network Could Have Been Stalled by Hackers
Solana validators were urged to install Agave v3.0.14 after a critical security advisory revealed two vulnerabilities that could crash nodes or stall consensus. Early adoption was slow, with only 18% of stake on the patched client, exposing the network to...
By CryptoSlate
News•Jan 25, 2026
The Fraud Hiding in Email Signups
E‑commerce merchants are increasingly hit by fraud that begins with fake but technically valid email sign‑ups. Fraudsters use these accounts for low‑value card‑testing transactions and to harvest welcome coupons, driving chargebacks and an estimated $89 billion in annual coupon abuse losses....
By Practical Ecommerce
News•Jan 25, 2026
Microsoft Investigates Windows 11 Boot Failures After January Updates
Microsoft is investigating Windows 11 boot failures marked by the UNMOUNTABLE_BOOT_VOLUME stop code after the January 2026 Patch Tuesday cumulative update (KB5074109). The problem impacts Windows 11 version 25H2 and all editions of version 24H2 on physical devices, displaying a black crash screen and requiring...
By BleepingComputer
News•Jan 25, 2026
Cybersecurity’s New Business Case: Fraud
Government CISOs are being urged to reframe cybersecurity discussions around financial fraud and AI‑generated scams rather than traditional technical jargon. Pandemic‑relief programs alone saw over $300 billion in fraudulent payments, while consumer fraud hit $12.5 billion in 2024, underscoring the fiscal stakes....
By Security Boulevard
News•Jan 25, 2026
Microsoft Releases Emergency OOB Update to Fix Outlook Freezes
Microsoft issued emergency out‑of‑band (OOB) updates on Saturday to address a critical Outlook freeze affecting PST files stored in cloud services such as OneDrive and Dropbox. The problem, introduced by the January 2026 Patch Tuesday roll‑out, caused Outlook to become...
By BleepingComputer
News•Jan 24, 2026
Gmail Is Having Issues with Spam and Misclassification
Google reported a widespread Gmail outage on January 24, 2026, affecting spam filtering and email classification. The issue began around 5 a.m. Pacific, causing promotional and social messages to appear in the Primary inbox and legitimate emails to trigger spam warnings....
By TechCrunch Apps
News•Jan 24, 2026
How Do NHIs Deliver Value in Digital Security Landscapes?
Non‑Human Identities (NHIs) are machine credentials that now underpin most cloud‑native environments. Effective NHI management couples secret rotation, permission controls, and continuous monitoring to reduce breach risk and streamline compliance. Organizations that automate discovery, classification, and remediation see faster incident...
By Security Boulevard
News•Jan 24, 2026
How Does AI Ensure Calm in Cybersecurity Operations?
Non‑Human Identities (NHIs), or machine identities, are becoming the backbone of AI‑driven cybersecurity operations. By pairing encrypted secrets with server‑granted permissions, NHIs function like digital passports that enable secure automated interactions. AI enhances NHI management through real‑time threat analytics, lifecycle...
By Security Boulevard
News•Jan 24, 2026
Can You Trust AI with Your Digital Secrets Management?
Non‑human identities (NHIs) or machine identities are becoming central to digital secrets management, especially as enterprises expand across hybrid cloud environments. Effective NHI platforms automate discovery, lifecycle handling of secrets, and real‑time monitoring, reducing breach risk and compliance burdens. AI...
By Security Boulevard
News•Jan 24, 2026
How Is AI Security Evolving for Better Protection?
AI security is shifting focus toward Non‑Human Identities (NHIs), the machine credentials that underpin modern cloud and AI workloads. Organizations confront challenges in discovering, classifying, and governing these identities, which lack the natural lifecycle of human users. Emerging solutions integrate...
By Security Boulevard
News•Jan 24, 2026
Evaluating the Best Value Cybersecurity Platforms for Enterprises
The article evaluates enterprise‑grade cybersecurity platforms, outlining key criteria such as AI/ML capabilities, coverage breadth, autonomous response, total cost of ownership, and scalability. It reviews five leading solutions—Darktrace, CrowdStrike, SentinelOne, Palo Alto Networks, and Microsoft Defender—detailing each vendor’s strengths and...
By SmartData Collective
News•Jan 24, 2026
Fintech Plaid Reports Growth in Open Banking Adoption, Improves Platform Security
Plaid reported a 55% increase in new European customers and a 53% annual rise in UK open‑banking payments as it expands its footprint across the continent. The fintech data‑connectivity provider added virtual‑account processing for over half of its European transactions...
By Crowdfund Insider
News•Jan 24, 2026
Metriport (YC S22) Is Hiring a Security Eng to Harden Healthcare Data Infra
Metriport, a YC‑backed open‑source platform that moves patient data for over 300 million individuals, is hiring a senior security engineer in San Francisco. The role will harden its HIPAA‑compliant infrastructure, building audit‑logging, RBAC, and security policies. The company reports multi‑million ARR,...
By Hacker News
News•Jan 24, 2026
NDSS 2025 – Secure Data Analytics
Researchers at NDSS 2025 introduced Laputa, a framework that adds fine‑grained policy enforcement to Apache Spark by inspecting physical execution plans. The system isolates Spark workloads using confidential computing compartments, protecting data from malicious users and compromised cloud managers. Laputa’s...
By Security Boulevard
News•Jan 24, 2026
Self-Custody Is No Longer a Retail Hobby. It Is Becoming Institutional Infrastructure
Institutional perception of self‑custody is shifting from a retail‑only risk to core crypto infrastructure. New hardware wallets, multi‑party authorization, and non‑custodial delegation let firms retain direct asset control while satisfying compliance requirements. Proof‑of‑Stake networks now support staking without transferring ownership,...
By CryptoSlate
News•Jan 24, 2026
Konni Hackers Target Blockchain Engineers with AI-Built Malware
North Korean hacker group Konni, linked to APT37, is deploying AI‑generated PowerShell malware to infiltrate blockchain developers. The campaign uses Discord‑hosted links that deliver a ZIP file containing a PDF lure and a malicious LNK shortcut. The shortcut triggers a...
By BleepingComputer
News•Jan 24, 2026
DAST vs Penetration Testing: Key Differences in 2026
The article contrasts modern Dynamic Application Security Testing (DAST) with traditional and AI‑driven penetration testing, highlighting how AI‑powered tools are built on advanced DAST architectures. Modern DAST now offers CI/CD integration, business‑logic testing, and a graph‑based knowledge model that feeds...
By Security Boulevard
News•Jan 24, 2026
Call-On-Doc Allegedly Had a Breach Affecting More than 1 Million Patients. They’ve yet to Comment.
Telehealth platform Call‑On‑Doc is accused of a data breach that may have exposed more than 1.1 million patient records, according to a listing on a hacking forum. The alleged leak includes personal identifiers, contact details, medical conditions and payment amounts, with...
By DataBreaches.net
News•Jan 24, 2026
DOGE May Have Misused Social Security Data, DOJ Admits
The Department of Justice disclosed that operatives from the Department of Government Efficiency (DOGE) may have improperly accessed and shared Social Security Administration (SSA) data. Internal emails show a password‑protected file containing roughly 1,000 individuals’ names and addresses was transmitted...
By WIRED (Security)
News•Jan 24, 2026
How Founder Oversight Prevents Costly Security Gaps
Founder oversight transforms security from a static checklist into a living, strategic asset. By staying involved in access controls, audits, and vendor management, leaders spot hidden vulnerabilities before they become costly incidents. This hands‑on approach reinforces compliance, reduces downtime, and...
By TechBullion
News•Jan 24, 2026
ISO 27001:2013 vs 2022 – A Quick Comparison Guide
ISO 27001:2022 supersedes the 2013 version, introducing a streamlined set of 93 controls organized into four thematic categories—Organizational, People, Physical, and Technological. The update adds 11 new controls targeting cloud security, threat intelligence, secure coding, and data protection, while tightening requirements...
By Security Boulevard
News•Jan 24, 2026
The New Reality of Business Protection When Data, AI, and Risk Collide
Businesses now view protection as safeguarding decisions, trust, continuity, and reputation rather than physical assets. The rise of AI intensifies risk, as models trained on sensitive data can be compromised, leading to regulatory, reputational, and financial fallout. Companies are turning...
By TechBullion
News•Jan 24, 2026
Ethereum Foundation Makes Post Quantum Security a Top Priority as New Team Forms
The Ethereum Foundation announced a dedicated Post‑Quantum team, elevating quantum‑resistant security to a top strategic priority. Led by Thomas Coratger and supported by Emile, the group will accelerate wallet safety upgrades, research prizes and test networks. A bi‑weekly developer session...
By CoinDesk
News•Jan 23, 2026
Equifax Launches AI-Powered Tool to Combat Synthetic Identity Fraud
Equifax unveiled Synthetic Identity Risk, an AI‑driven solution that flags synthetic identity fraud using machine‑learning analysis of identity data, credit histories, and behavioral signals. The tool can be deployed at account opening or continuously for ongoing monitoring, enabling lenders to...
By PYMNTS
News•Jan 23, 2026
CertiK Keeps IPO on the Table as Valuation Hits $2B, CEO Says
CertiK co‑founder and CEO Ronghui Gu told reporters at Davos that the blockchain security firm is still weighing a public listing, with a current valuation of roughly $2 billion. While no concrete IPO timeline exists, Gu said the company would need additional...
By Cointelegraph
News•Jan 23, 2026
Digital Wallet: A Smarter Way to Manage and Move Money
Digital wallets are software platforms that store payment credentials and enable instant, encrypted transactions via smartphones or computers. They combine convenience, security features like biometrics and tokenization, and financial organization tools such as spending categorization. For merchants, offering wallet payments...
By TechBullion
News•Jan 23, 2026
OpenAI's Upcoming Codex Update Will Hit the Company's "High" Cybersecurity Risk Level for the First Time
OpenAI announced that upcoming updates to its Codex code‑generation model will push it into the “High” cybersecurity risk tier in the company’s internal risk framework, the first time a model has reached that level. The “High” designation means Codex could...
By THE DECODER
News•Jan 23, 2026
NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves
Researchers from Southern University of Science and Technology and ByteDance presented WAVEN, a WebAssembly memory virtualization layer designed for trusted execution environments (TEEs). WAVEN enables cross‑module memory sharing and page‑level access control, addressing the linear memory model’s limitations in Wasm‑based...
By Security Boulevard
News•Jan 23, 2026
DeFi Protocol MakinaFi Exploit Analyzed by Blockchain Security Firm CertiK
Blockchain security firm CertiK dissected a sophisticated exploit on the MakinaFi DeFi protocol that drained approximately 1,299 ETH, valued at $4.13 million. The attacker leveraged massive flash loans to manipulate Curve pool valuations, inflating the protocol’s share price and extracting USDC from...
By Crowdfund Insider
News•Jan 23, 2026
NETSCOUT Recognized for Leadership in Network Detection and Response
NETSCOUT has been named a leader in network detection and response (NDR) by Quadrant Knowledge Solutions’ 2025 SPARK Matrix. The company’s Omnis Cyber Intelligence platform leverages Adaptive Service Intelligence to inspect packets at up to 100 Gbps, delivering deep, context‑rich metadata...
By CSO Online