Irish Government Launches CNI Resilience Plan
The Irish government unveiled a National Strategy on the Resilience of Critical Entities to meet the EU’s Critical Entities Resilience (CER) Directive, with implementation required by October 2026. The plan targets essential services such as digital infrastructure, water, energy, transport and health, and embeds five strategic goals covering risk assessment, governance, oversight and cyber alignment. It follows the 2021 Conti ransomware attack on the Health Service Executive, which cost millions of euros (≈$3 million) in remediation. The strategy aims to create a unified, all‑hazards resilience framework for both public and private operators.
Kusari and CNCF: Advancing Software Supply Chain Security for Cloud Native Projects
Kusari announced a partnership with the Cloud Native Computing Foundation (CNCF) to give CNCF projects free access to its AI‑powered security tool, Kusari Inspector. The platform embeds code‑review and dependency‑management checks directly into pull‑request workflows, offering visualized dependency graphs, risk...
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft’s threat intel team warned that a tax‑season phishing campaign compromised 29,000 users in 10,000 organizations, primarily in the United States. The attacks impersonated the IRS and used QR‑code, CPA, and cryptocurrency lures to deliver malicious links and attachments. Many...
Open Source Maintainers Are Drowning in AI-Generated Security Noise - $12.5 Million Is Being Deployed to Throw Them a Lifeline
The Linux Foundation announced a $12.5 million grant from Anthropic, AWS, GitHub, Google, Microsoft and OpenAI to bolster open‑source security through Alpha‑Omega and the OpenSSF. The funding targets the flood of AI‑generated vulnerability reports that are overwhelming project maintainers with low‑context...
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Tycoon 2FA, a subscription‑based phishing‑as‑a‑service platform, continued operating at full capacity despite an international takedown effort. The service was responsible for 62 % of Microsoft‑blocked phishing attempts in 2025 and generated over 30 million malicious emails each month, affecting roughly half a million...
Vanta Introduces Automation Tools to Streamline Enterprise Compliance
Vanta unveiled a new suite of automation tools aimed at streamlining enterprise compliance and privacy management. The offering introduces three context‑aware agents—Compliance, Third‑party Risk Management, and Customer Trust—that continuously monitor evidence, assess vendor risk, and automate security query responses. New...
ZachXBT Says Fake X Accounts Used Viral War Content to Drive Crypto Scams
Blockchain analyst ZachXBT exposed a coordinated network of more than ten X accounts that used AI‑generated war and geopolitical posts to lure users into crypto scams. The fake profiles impersonated influencers, posted sensational "doomposts," and then promoted fraudulent token giveaways,...
Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks
International law enforcement agencies, led by the US DOJ and FBI, dismantled four major botnets—Aisuru, KimWolf, JackSkid and Mossad—that had compromised over three million IoT devices. At their peak, the networks could generate 30 terabits per second of traffic, powering some...
10 Things Keeping IT Leaders up at Night
CIOs are juggling long‑standing uptime worries with a surge of AI‑related challenges. Cybersecurity, especially third‑party risk, remains the top nightmare, while data security and privacy grow more complex as AI deployments accelerate. Leaders must embed AI responsibly at scale, align...
UIDAI Launches Bug Bounty Programme to Enhance Aadhaar Security
The Unique Identification Authority of India (UIDAI) has launched a structured bug bounty program to harden the public‑facing components of the Aadhaar ecosystem. Twenty vetted ethical hackers will probe the UIDAI website, the myAadhaar portal and the Secure QR Code...
Phakamo Tech Champions Integrated GRC Approach at ITWeb Security Summit 2026
Phakamo Tech announced its sponsorship of the ITWeb Security Summit in Johannesburg, scheduled for 2‑3 June 2026, where it will present an integrated cyber security, governance and risk management (GRC) framework. The company argues that African organisations must align security controls...
When Tiny Magnets Attack PV Systems
Cybersecurity researcher Mohammad Al Faruque demonstrated that low‑cost magnetic, electrical and acoustic perturbations can manipulate current and voltage sensors in photovoltaic inverters without physical access. Using a $45 kit of Arduino, MOSFETs, Zigbee and an ultrasonic sensor, his team generated controllable...
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
Oblivion RAT, a new Android remote access trojan, is sold as a malware‑as‑service platform for as little as $300 per month. It uses a two‑stage infection chain that mimics Google Play Store updates to trick users into sideloading a malicious...
Proofpoint Unifies Email, Data, and AI Security to Reduce Enterprise Blind Spots
Proofpoint introduced a unified security platform that merges its Secure Email Gateway with API‑based protection, adds AI‑driven data access governance, and extends AI‑native DSPM to on‑premises environments. The integrated architecture shares threat intelligence and behavioral signals across inbound, outbound, and...
Zero Networks Kubernetes Access Matrix Exposes Hidden Access Paths and Blast Radius
Zero Networks introduced the Kubernetes Access Matrix, a real‑time visual map that displays every allowed and denied network rule inside Kubernetes clusters. The tool automatically discovers existing network policies and presents namespace‑to‑namespace, application‑to‑application, and workload‑to‑workload connections in a single matrix....
3.7M Records Exposed, Many Belonging to Sears Home Services
Cybersecurity researcher Jeremiah Fowler uncovered three publicly exposed databases containing 3.7 million records tied to Sears Home Services' AI virtual assistant. The leak includes audio recordings, call transcriptions, and chat logs, revealing names, contact details, service information, and extended recordings up...
Security Credentials Inadvertently Leaked on Thousands of Websites
A recent investigation uncovered that critical security credentials, including RSA private keys, have been inadvertently exposed on thousands of websites, affecting organizations from small firms to major banks and healthcare providers. The leak could enable attackers to impersonate servers, decrypt...
Zilliz Cloud Launches Customer-Managed Encryption Keys for Enterprise Data Sovereignty
Zilliz announced the general availability of Customer‑Managed Encryption Keys (CMEK) on its Zilliz Cloud platform, giving enterprises full control over encryption keys for AI‑scale vector workloads. The feature separates key ownership from data processing, ensuring Zilliz never accesses customer keys...
Booz Allen’s Vellox Brings AI Vs. AI Defense to Protect Critical Infrastructure and National Security
Booz Allen Hamilton unveiled Vellox, an AI‑native cyber‑defense suite designed to counter AI‑driven attacks that now breach enterprises in minutes. The company’s threat report shows breach dwell time fell below 30 minutes in 2025, with some incidents resolved in seconds....
Building a Layered Security Stack: Identity, Network and Device Protection
Modern enterprises increasingly rely on cloud services and remote work, exposing them to broader cyber threats. To counter this, organizations are adopting a layered security stack that spans identity, network, and device protections. Each layer adds distinct controls—passwordless authentication, MFA,...
A Week in Security (March 16 – March 22)
Malwarebytes’ weekly roundup highlights a surge in privacy‑focused regulations and a wave of novel cyber threats. New legislation in New York aims to curb biometric tracking, while researchers uncovered a font‑rendering trick that masks malicious commands. High‑profile vulnerabilities were disclosed,...
We Know You Can Pay a Million by Anja Shortland Review – the Terrifying New World of Ransomware
Anja Shortland’s new book charts ransomware’s rise from the 1989 AIDS‑Trojan prank to a $1 bn‑a‑year criminal industry that inflicts $57 bn in damages. She identifies three technical breakthroughs—TOR, Bitcoin and asymmetric encryption—that turned a hobbyist stunt into a global extortion machine....
The Insider Threat Rises Again
Insider threats are resurging, with 42% of organizations reporting more malicious incidents and a similar rise in negligent cases, according to Mimecast’s State of Human Risk Report. The average cost per insider‑driven breach now tops $13.1 million, and 66% of security...
RegScale Recognized in the 2026 Gartner® Market Guide for DevOps Continuous Compliance Automation Tools
RegScale, a continuous controls monitoring platform, has been included in Gartner’s 2026 Market Guide for DevOps Continuous Compliance Automation Tools. The inclusion highlights growing enterprise demand for automated, AI‑driven compliance embedded directly in CI/CD pipelines. Gartner forecasts that by 2028,...
Coralogix and Skyflow Redefine Privacy-Safe Observability for the AI Era
Coralogix and Skyflow announced a strategic partnership that introduces privacy‑safe observability for AI‑driven operations. The solution replaces sensitive customer data in logs with consistent, privacy‑preserving tokens, maintaining searchability, correlation, and AI analysis while keeping the raw data governed and isolated....
Your AI Agents Are Moving Sensitive Data. Do You Know Where?
In a Help Net Security interview, Bonfy.AI CEO Gidi Cohen warns that the greatest threat from autonomous AI agents is data‑layer risk, not traditional prompt‑injection attacks. He outlines Bonfy's three‑pronged approach: controlling grounding data, monitoring content across tool calls and...
Zluri Expands Platform to Deliver Identity Security for the Modern Enterprise
Zluri announced the Zluri Identity Security Platform, extending its SaaS governance suite to discover, govern, and monitor human, machine and AI identities across SaaS, cloud and on‑premises systems. The solution tackles the expanding non‑human identity attack surface by providing automated...
Plumber: Open-Source Scanner of GitLab CI/CD Pipelines for Compliance Gaps
Plumber is an open‑source Go tool that scans GitLab CI/CD pipelines for compliance gaps such as mutable container tags, unprotected branches, and outdated templates. It reads the .gitlab-ci.yml file and queries the GitLab API, offering eight configurable controls via a...
NIST Updates Its DNS Security Guidance for the First Time in over a Decade
NIST released SP 800‑81r3, the first major update to its Secure Domain Name System Deployment Guide in over twelve years. The revision emphasizes protective DNS, encrypted DNS protocols (DoT, DoH, DoQ), and modern DNSSEC algorithms such as ECDSA and Ed25519. It...
Women Shaping the Future of Mobile Cybersecurity in a Digital-First Era
India’s mobile‑first digital economy has turned smartphones into the most exposed point in the technology stack, prompting attackers to target mobile applications directly. Companies are shifting from traditional perimeter defenses to embedded solutions like runtime application self‑protection that monitor behavior...
Singapore Cybersecurity Firms Showcase SME-Focused Innovations to Counter Rising Cyber Threats at RSAC 2026 Conference
Cyber threats are projected to cost the global economy $23.84 trillion by 2027, leaving small and medium‑sized enterprises especially exposed. Singapore’s CyberSG Talent, Innovation and Growth Collaboration Centre (TIG Centre), backed by S$20 million, is showcasing three home‑grown startups—AgileMark, Scantist and StrongKeep—at...
Your Smart Home Can Be Easily Hacked. New Safety Standards Will Help, but Stay Vigilant
The Australian government has rolled out mandatory minimum security standards for smart‑home devices, targeting weak default passwords, lack of update policies, and opaque vulnerability reporting. The rules require each product to ship with unique credentials, provide a clear disclosure process,...
Apps That Track You: 17 Of The Worst Offenders In Privacy Invasion
A new roundup highlights 17 mobile apps that are among the worst offenders in personal data collection, from Meta’s suite of social platforms to Amazon’s shopping and Alexa ecosystem. The article details the breadth of data each app gathers—Meta tracks...
Cookies, “Significant Risk,” And 2026 CCPA Assessments
California’s privacy law now mandates written risk assessments for any activity that constitutes a “sale” of personal data and presents a significant risk, including behavioral‑advertising cookies, sensitive data processing, and high‑risk automated decision‑making. The final CCPA regulations, released in September 2025,...
Microsoft Outlines Agentic AI Security Strategy with New Defender, Entra and Purview Capabilities
Microsoft unveiled an "agentic AI" security strategy, rolling out Agent 365 as a centralized control plane for AI agents and embedding new Defender, Entra and Purview capabilities across its suite. The Security Dashboard for AI, Entra backup and tenant‑governance tools, and...
The FBI Just Issued A Warning About A Hidden Threat In Your Home Wi-Fi Network
The FBI has issued a warning that home and small‑business Wi‑Fi networks are vulnerable to residential proxy attacks. In such attacks, criminals compromise a router or device, steal its IP address, and use it as a camouflage for illicit online...
Why Crypto Hacks Don’t End and Continue Even when the Money Is Gone
Immunefi’s 2026 State of On‑chain Security report shows that crypto hacks inflict damage far beyond the initial theft. While the median hack value fell to $2.2 million, the average loss stayed near $24.5 million, with the five biggest exploits accounting for 62%...
Analyst Warns Against Using Microsoft’s Copilot AI on Friday Afternoons
Microsoft’s Copilot AI has suffered several high‑profile mishaps, including hallucinated police reports, exposed passwords, and confidential email summaries. Gartner analyst Dennis Xu warned that companies should consider banning Copilot on Friday afternoons, when employee vigilance tends to wane. The advice...
I Had No Idea How Much Google Maps Was Tracking Me Until I Found These Settings
Google Maps continuously records users' whereabouts through its Timeline feature, logging minute‑by‑minute movements and search queries. The app also retains live‑location shares, background location access, and a detailed Maps history unless users manually disable or delete these data streams. The...
I Stopped Using Google Authenticator for This 2FA App, and It’s Much Better
Bitwarden Authenticator, a free open‑source 2FA app, now offers stronger security than Google Authenticator by encrypting codes locally and supporting biometric locks. The author switched after a brief three‑minute migration, noting the process is straightforward via QR export. Bitwarden also...
VoidStealer Malware Steals Chrome Master Key via Debugger Trick
VoidStealer, a malware‑as‑a‑service platform, now bypasses Chrome’s Application‑Bound Encryption by attaching a debugger and setting hardware breakpoints to capture the v20_master_key in plaintext. The technique extracts the master key directly from memory during browser startup, requiring no privilege escalation or...
Security and Compliance: What Nonprofits Should Know About Online Auction Platforms
Nonprofit organizations increasingly rely on online auction platforms to raise funds, but each event exposes donor names, payment details, and personal addresses to cyber risk. The article stresses that security and compliance are not optional features but core risk‑management criteria,...
Resolv Labs’ Stablecoin Depegs as Attacker Mints Millions of Tokens
Resolv Labs’ USR stablecoin was exploited, allowing an attacker to mint 50 million unbacked tokens after depositing just $100,000 USDC, with an additional 30 million minted due to contract flaws. The sudden supply surge de‑pegged USR, driving its price from a $1...
RSAC 2026 Innovation Sandbox | ZeroPath: From Alarm Accumulation to Executable Fixes
ZeroPath, an AI‑native application security startup founded in 2024, was named a finalist in the RSAC 2026 Innovation Sandbox. Its platform unifies SAST, SCA, secrets and IaC scanning into a single AI‑driven engine that verifies exploitability and produces automated repair pull...
TUMCREATE to Develop Open-Source RISC-V Processor with Integrated Post-Quantum Security
TUMCREATE, the research arm of Technical University of Munich, will lead the QUASAR‑CREATE program to build an open‑source 64‑bit RISC‑V processor with built‑in post‑quantum cryptographic (PQC) accelerators. The processor will be fabricated on GlobalFoundries’ 180‑nm node in Singapore and feature...
Does Your NHI System Deliver Essential Value
Non‑Human Identities (NHIs) now outnumber human users, making machine‑credential security a top priority for enterprises. A robust NHI system manages secrets throughout their lifecycle, providing visibility, automated rotation, and context‑aware controls. Organizations that rely solely on point tools miss hidden...
Is Your Agentic AI Optimized for Latest Threats
Non‑Human Identities (NHIs) are emerging as digital passports that secure machine credentials across cloud environments. A comprehensive lifecycle—discovery, classification, threat detection, and remediation—enables organizations to manage the exploding volume of machine identities in sectors such as finance and healthcare. Integrating...
I Was Exposing My Home Server Every Time I Opened a Router Port — NetBird Fixed It
NetBird, an open‑source WireGuard‑based platform, eliminates the need for router port forwarding by creating private overlay networks for home servers. After installing lightweight clients on the server and endpoints, devices authenticate via a dashboard and connect through encrypted tunnels, with...
You're About to Lose Your Instagram Privacy, so You Might Want to Grab a VPN
Instagram will discontinue end‑to‑end encryption for direct messages on May 8, meaning Meta, ISPs and governments can read private chats. The shift revives concerns that the platform will harvest message data for advertising and AI training. While a VPN can encrypt...
