News•Jan 23, 2026
Smarter DDoS Security at Scale
NETSCOUT introduced Arbor Edge Defense (AED), a selective decryption solution that inspects only suspicious encrypted traffic to mitigate DDoS attacks hidden in TLS 1.3 sessions. Traditional full‑traffic decryption is resource‑intensive, creating blind spots for security teams. AED combines known‑source blocking, TLS handshake analysis, TCP limiting, and rate‑based protections, leveraging the ATLAS Intelligence Feed to drop malicious flows before decryption. The approach preserves bandwidth and scales to high‑volume traffic while allowing customizable decryption policies.
By CSO Online
News•Jan 23, 2026
French Authorities Investigate Data Breach of Crypto Tax Platform
French prosecutors and the National Cyber Unit have opened a preliminary investigation into a data breach at Waltio, a cryptocurrency tax platform that exposed personal information of roughly 50,000 users, most of them in France. The hacker group Shiny Hunters...
By Cointelegraph
News•Jan 23, 2026
Venezuelan Nationals Face Deportation After Multi State ATM Jackpotting Scheme
Two Venezuelan nationals were convicted of a multi‑state ATM jackpotting scheme that hit banks in South Carolina, Georgia, North Carolina and Virginia. Using laptops and custom malware, they opened older ATMs at night, forcing the machines to dispense cash until...
By HackRead
News•Jan 23, 2026
Shift Left QA for AI Systems. Catching Model Risk Before Production
Shift‑left QA repositions testing to the earliest stages of AI development, targeting data selection, prompt design, and model behavior before any user interface exists. Traditional software QA, which validates deterministic code after UI creation, misses the probabilistic failures that AI...
By Security Boulevard
News•Jan 23, 2026
A Hacker’s $23 Million ‘Flex’ Backfires After Sleuth Traces Funds to a Massive U.S. Government Seizure
A self‑styled hacker known as “John” publicly displayed control over roughly $23 million in cryptocurrency during a live “band for band” showdown on X. Blockchain analyst ZachXBT later traced the wallet to a chain of addresses that include funds seized by...
By CoinDesk
News•Jan 23, 2026
Corr-Serve Strengthens South Africa’s Cybersecurity Market Through Expanded Seceon Partnership
Corr-Serve has expanded its seven‑year partnership with global cyber‑security firm Seceon, becoming the exclusive distributor for Seceon's AI‑driven Open Threat Management platform across the Southern African Development Community. The deal positions South Africa as the operational hub, delivering real‑time threat...
By Security Boulevard
News•Jan 23, 2026
Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser
The browser has evolved from a simple web gateway into the primary enterprise endpoint, handling over 70% of global traffic. Generative AI agents that can act autonomously inside browsers are turning them into intelligent workspaces, prompting incumbents and startups to...
By Security Boulevard
News•Jan 23, 2026
From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience
Ransomware attacks now cost $156 million daily, prompting firms to rush system restoration. However, without forensic recovery, organizations lack the evidence needed to confirm breach eradication and understand attacker tactics. Modern forensic solutions capture and analyze digital artifacts in real time,...
By Security Boulevard
News•Jan 23, 2026
What an AI-Written Honeypot Taught Us About Trusting Machines
Intruder used an AI model to draft a honeypot prototype, but the generated code mistakenly trusted client‑supplied IP headers, allowing attackers to inject payloads via spoofed headers. The flaw went unnoticed by static analysis tools like Semgrep and Gosec, highlighting...
By BleepingComputer
News•Jan 23, 2026
NHS Issues Open Letter Demanding Improved Cybersecurity Standards From Suppliers
The UK National Health Service has issued an open letter to suppliers, demanding proactive cybersecurity collaboration across the health and social care system. The initiative builds on last year’s voluntary supply‑chain charter and aligns with the Cyber Security and Resilience...
By Infosecurity Magazine
News•Jan 23, 2026
CyberAlloy Launches to Unite Europe’s Cyber Defenders in a Single Trusted Network
CyberAlloy, an independent network launched this week, brings together corporations, governments, academia, venture capital and security experts across Europe to create a trusted cyber‑resilience ecosystem. The platform enables real‑time threat‑intelligence sharing, collective decision‑making and standardized governance, aiming to lighten the...
By Tech.eu
News•Jan 23, 2026
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
SecurityWeek’s weekly roundup highlights a record €1.2 billion in GDPR fines in 2025, with Ireland accounting for the bulk of penalties, and a 22 % jump in breach notifications. Mandiant released Net‑NTLMv1 rainbow tables that can crack legacy hashes in under 12 hours,...
By SecurityWeek
News•Jan 23, 2026
ExaGrid Announces All Flash/SSD Tiered Backup Storage Solution
ExaGrid has launched an all‑flash, SSD‑based tiered backup storage solution that ships with software version 8 and a unique front‑end Landing Zone paired with a non‑network‑facing repository tier. The new appliances—EX90‑SSD through EX540‑SSD—scale to over 17 PB in a single scale‑out...
By AI-TechPark
News•Jan 23, 2026
Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Concern
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
By DataBreaches.net
News•Jan 23, 2026
TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
TrustAsia revoked 143 SSL/TLS certificates after uncovering a critical vulnerability in its LiteSSL ACME service. The flaw allowed domain‑validation data to be reused across different ACME accounts, enabling unauthorized issuance of wildcard certificates. The issue stemmed from a logic error...
By GBHackers On Security
News•Jan 23, 2026
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
By DataBreaches.net
News•Jan 23, 2026
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
In 2025 phishing evolved from a nuisance into a professional, subscription‑based service. Threat actors now rent disposable infrastructure, use generative AI to craft high‑fidelity pages, and repurpose mainstream no‑code platforms, while large language models eliminate the classic bad‑writing tell. These...
By Security Boulevard
News•Jan 23, 2026
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
By HackRead
News•Jan 23, 2026
Arqit Launches ‘Encryption Intelligence’ to Automate Discovery for Post-Quantum Migration
Arqit Quantum has launched Encryption Intelligence (EI), an automated SaaS platform that inventories an organization’s cryptographic assets across cloud, OT and legacy systems. The tool identifies obsolete algorithms and protocols, providing real‑time visibility to accelerate post‑quantum cryptography (PQC) migration and...
By Quantum Computing Report
News•Jan 23, 2026
Secure Your Google Ads Account Against The Rise In Hijackings
Google Ads account hijackings are accelerating, especially against agencies that manage large budgets. Attackers exploit weak login practices, phishing, and even Google Analytics or Tag Manager to bypass two‑factor authentication. Google’s official guide recommends HTTPS, verified @google.com emails, link scrutiny,...
By Search Engine Roundtable
News•Jan 23, 2026
Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial...
On Jan. 16, 2026 the Supreme Court granted certiorari in United States v. Chatrie, asking whether bulk geofence warrants satisfy the Fourth Amendment’s particularity requirement. A geofence warrant compels a data custodian to hand over location records for every device within a...
By Security Boulevard
News•Jan 23, 2026
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
By SecurityWeek
News•Jan 23, 2026
Percipience Achieves SOC 2 Type I Compliance
Percipience, an insurtech data and analytics provider, announced it has achieved SOC 2 Type I compliance, confirming that its security, availability, and confidentiality controls are properly designed. The audit, conducted by an independent firm, validated the company’s policies on access management, change...
By AI-TechPark
News•Jan 23, 2026
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise
Red Teaming simulates real‑world attacker behavior across people, processes, and technology, going beyond traditional penetration testing that only flags technical flaws. It helps enterprises verify whether detection, response, and containment capabilities can stop a breach before business damage occurs. Leaders...
By Security Boulevard
News•Jan 23, 2026
How ASPM Protects Cloud-Native Applications From Misconfigurations and Exploits
Application Security Posture Management (ASPM) consolidates vulnerability, misconfiguration, and runtime data into a single, continuous risk model for cloud‑native applications. By graph‑linking code commits, container images, Kubernetes objects, and cloud resources, ASPM reveals which findings are truly exploitable. This unified...
By Security Boulevard
News•Jan 23, 2026
149 Million Usernames and Passwords Exposed by Unsecured Database
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
By WIRED (Security)
News•Jan 23, 2026
Elastic Agent Builder Expands How Developers Build Production-Ready AI Agents
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
By Help Net Security
News•Jan 23, 2026
Cobalt Achieves CSA AI Trustworthy Pledge
Cobalt, a pioneer of Penetration Testing as a Service, has earned the Cloud Security Alliance (CSA) AI Trustworthy Pledge by completing the STAR Level 1 CAIQ Self‑Assessment based on version 4.0.3. The certification aligns Cobalt’s practices with the CSA Cloud Controls Matrix,...
By AI-TechPark
News•Jan 23, 2026
Ring Now Lets Users Verify Whether Videos Have Been Altered
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
By Help Net Security
News•Jan 23, 2026
What Are Drive-By Download Attacks?
Drive‑by download attacks automatically install malware when a user visits a compromised website, requiring no clicks or consent. They exploit outdated browsers, plugins, or operating systems, often via malicious scripts, malvertising, or exploit kits. The resulting payloads range from trojans...
By Security Boulevard
News•Jan 23, 2026
Buterin Calls 2026 the Year to Reclaim Self-Sovereign Computing
Vitalik Buterin announced 2026 as the year to reclaim self‑sovereign computing, swapping his daily tools for open‑source, privacy‑preserving alternatives. He moved from Google Docs to Fileverse, Telegram to Signal, Google Maps to OrganicMaps/OpenStreetMap, and Gmail to ProtonMail, while also experimenting with...
By Cointelegraph
News•Jan 23, 2026
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
Manage My Health, a New Zealand digital health portal, confirmed a breach that accessed documents in its My Health Documents feature, affecting over 120,000 patients. While live clinical systems remained untouched, fraudsters are now impersonating the service to send phishing and...
By The Cyber Express
News•Jan 23, 2026
Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t
Technology veteran Alan Shimel discovered an Instagram account impersonating him, using the handle shimel.alan, which quickly followed 85 of his contacts and received follow‑backs from ten. He reported the account through Meta’s built‑in AI‑driven reporting tool, only to receive an...
By Security Boulevard
News•Jan 23, 2026
Iboss Unveils AI-Powered SSPM Capability to Reduce SaaS Risk
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
By Help Net Security
News•Jan 23, 2026
This Guide Will Show You How to Create SAML Identity Management.
The guide walks CTOs and VPs of Engineering through building SAML‑based identity management for enterprise single sign‑on, covering claim design, certificate handling, and a step‑by‑step migration from ADFS. It explains how to configure assertions, secure metadata, and align SAML with...
By Security Boulevard
News•Jan 23, 2026
ADIB Names Winners of UAE Cybersecurity Innovation Challenge to Drive Digital Resilience
Abu Dhabi Islamic Bank (ADIB) announced the three winners of its UAE Cybersecurity Innovation Challenge—Corgea, Nothreat and DTEX Systems—selected from more than 50 global applicants. The competition, run with the UAE Cyber Security Council and DIFC Innovation Hub, featured 10...
By The Fintech Times
News•Jan 23, 2026
Finextra & ACI Worldwide Release New Survey Report on the Global State of Fraud and Financial Crime
Finextra and ACI Worldwide released the "AI in Action" global survey, analyzing responses from 154 industry leaders on AI‑driven fraud prevention. Over half of organisations (51%) already run AI solutions, with another 47% planning deployments within two years. The study...
By Finextra
News•Jan 23, 2026
South Korea Probes Loss of Seized Bitcoin in Phishing Attack
South Korean prosecutors in Gwangju are investigating the disappearance of a large bitcoin cache seized in a criminal case, which an internal audit attributes to a phishing breach during official custody. The incident underscores the vulnerability of government-held digital assets...
By CoinDesk
News•Jan 23, 2026
Microsoft Introduces Winapp, an Open-Source CLI for Building Windows Apps
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
By Help Net Security
News•Jan 23, 2026
Ethereum Mainnet Daily Active Addresses Surpass All Layer-2s
Ethereum’s mainnet daily active addresses have surged to roughly 945,000, briefly peaking at 1.3 million, surpassing all major layer‑2 networks. The recent Fusaka upgrade, which slashed gas fees, is credited for the activity boost, though security analysts warn that address‑poisoning attacks...
By Cointelegraph
News•Jan 22, 2026
Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
By BleepingComputer
News•Jan 22, 2026
NDSS 2025 – Rethinking Trust In Forge-Based Git Security
The NDSS 2025 paper introduces gittuf, a decentralized security layer for Git repositories that removes reliance on a single trusted forge. By distributing policy declaration, activity tracking, and enforcement among all contributors, gittuf lets developers independently verify changes. The system...
By Security Boulevard
News•Jan 22, 2026
Why AI Is Making Attack Surface Management Mandatory
Amit Sheps of CyCognito warns that AI is rapidly expanding enterprise attack surfaces, making traditional vulnerability hunting insufficient. He stresses that without continuous external discovery and clear ownership mapping, security teams cannot prioritize true risk. AI both creates new entry...
By Security Boulevard
News•Jan 22, 2026
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
By HackRead
News•Jan 22, 2026
AI-Powered Disinformation Swarms Are Coming for Democracy
Researchers warn that advances in AI will enable single operators to command swarms of thousands of autonomous social‑media agents that produce indistinguishable human content. These AI‑driven disinformation networks can adapt in real time, target specific communities, and conduct rapid micro‑testing...
By WIRED AI
News•Jan 22, 2026
ICE Agents Are ‘Doxing’ Themselves
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
By WIRED (Security)
News•Jan 22, 2026
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
By SecurityWeek
News•Jan 22, 2026
Microsoft Teams to Add Brand Impersonation Warnings to Calls
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
By BleepingComputer
News•Jan 22, 2026
10Web WordPress Photo Gallery Plugin Vulnerability via @Sejournal, @Martinibuster
A vulnerability in the Photo Gallery by 10Web WordPress plugin allows unauthenticated attackers to delete image comments. The flaw stems from a missing capability check in the delete_comment() function and affects all versions up to 1.8.36, primarily the Pro edition...
By Search Engine Journal
News•Jan 22, 2026
INC Ransomware Opsec Fail Allowed Data Recovery for 12 US Orgs
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
By BleepingComputer