Cato Networks Unveils Modular Adoption Model for SASE Platform
Cato Networks announced a modular adoption model for its core SASE platform, allowing enterprises to select and add capabilities such as AI security, SD‑WAN, SSE and universal ZTNA on demand. The solution runs on the GPU‑powered Cato Neural Edge, a global private backbone with more than 85 PoPs and a 99.999% uptime SLA. Pricing is user‑ and site‑bandwidth based, enabling phased deployment over a 12‑month horizon. Cato positions the approach as a true platform versus the fragmented portfolios common among rivals.
Guidance: Industry Security Notice (ISN)
The UK Ministry of Defence’s Industry Security Notices (ISNs) continue to evolve, with the latest revision on 31 March 2026 adding Defence Cyber Certification (DCC) guidance under DEFCON 658 and clarifying the cyber‑security model scope. Over the past six years the ISNs have...
This App Makes Even the Sketchiest PDF or Word Doc Safe to Open
Dangerzone is a free, open‑source tool that sanitizes PDFs, Word, Excel, PowerPoint, OpenOffice, EPUB and image files by sandboxing them and converting each page to an image‑only PDF. The process runs in a container or virtual machine with no internet...
Fewer CVEs in Your Camunda 8 Containers with Hardened Base Images
Camunda announced that its Camunda 8 self‑managed containers now use hardened Minimus base images, eliminating 354 known CVEs from the base layer. The transition covers Node, OpenJDK, OpenJRE and PHP images and includes a build‑time option for Zeebe’s container. Ongoing...
7,655 Ransomware Claims in One Year: Group, Sector, and Country Breakdown
From March 2025 to March 2026 ransomware groups posted 7,655 victim claims on public leak sites, averaging about 20 claims per day. The five most active groups—Qilin, Akira, INC Ransom, Play and Safepay—account for 40% of all claims, with Qilin alone responsible...
Employee Data Breaches Surge to Seven-Year High
Employee data breach reports to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, the highest level in at least seven years. That marks a 5% rise from the previous year and a 29% increase versus 2019, when reporting...
Change Intelligence and Deployment Connectors for Liquibase Secure
Liquibase Secure announced two new capabilities—Change Intelligence and Deployment Connectors for ServiceNow, GitHub, Harness, and Terraform. Change Intelligence aggregates change data, applies AI‑driven risk analysis, and automatically captures audit evidence in a single view. Deployment Connectors embed governed database change...
KYND Warns Insurers of Surge in US Website Privacy Lawsuits
Cyber‑risk firm KYND warns insurers that U.S. privacy lawsuits tied to routine website tracking have surged from a few hundred to over 2,000 cases annually. The claims focus on marketing pixels and analytics tools rather than data breaches and can...
Let’s Stop Sovereignty Washing
The article warns that cloud providers are marketing “sovereignty” while delivering only data residency, creating a gap between promises and technical reality. It explains that U.S. laws such as the CLOUD Act can compel access to data stored in Europe,...
Hacker Charged with Stealing $53 Million From Uranium Crypto Exchange
U.S. prosecutors have charged Maryland resident Jonathan Spalletta with stealing more than $53 million from the decentralized Uranium Finance exchange through two separate smart‑contract exploits in April 2021. The attacks drained liquidity pools, forced the platform to shut down, and the...
Huawei Secure SD-WAN Full SASE Solution: Secure, Intelligent Connectivity for Modern Enterprises
Huawei has launched its Secure SD‑WAN Full SASE solution, a unified platform that blends networking, security and AI‑driven management for enterprise connectivity. The solution dynamically routes traffic over MPLS, broadband, LTE or 5G while encrypting tunnels and providing integrated firewall,...
The External Pressures Redefining Cybersecurity Risk
External pressures are reshaping cybersecurity risk, with third‑party breaches now accounting for over 35% of incidents. Geopolitical conflicts are spilling battle‑tested tactics into operational technology (OT) and IoT environments, raising safety and continuity stakes. Generative AI accelerates attacker capabilities while...
California Gets Serious About Regulation (Again)
Effective Jan 1 2026, California expanded its CCPA/CPRA into a unified governance framework that blends privacy, cybersecurity, and AI regulations. The new rules mandate formal risk assessments for high‑risk processing, regulate automated decision‑making technologies, and require independent cybersecurity audits. Obligations roll out...
This Month in Security with Tony Anscombe – March 2026 Edition
In March 2026, ESET’s chief security evangelist Tony Anscombe highlighted four major cyber incidents. A hack claimed by Iran‑linked Handala crippled med‑tech giant Stryker, wiping over 200,000 devices and exfiltrating 50 TB of data. Google’s Threat Intelligence Group reported that 77 %...
Here's a Thing - What if Shadow AI Is Actually Telling Us Something Useful?
Enterprises are confronting a surge of shadow AI—unauthorized, employee‑driven use of large language models and autonomous agents. As governance lags, these tools make decisions and act independently, amplifying risk beyond traditional shadow IT. Experts argue that treating employees as AI...
Razorpay Introduces RBI-Compliant Biometric Authentication Solution ‘Passkey’
Razorpay has launched “Passkey,” an RBI‑compliant biometric authentication solution for online card payments, developed with Mastercard and slated to integrate Visa soon. The technology leverages device‑bound fingerprints or facial scans, removing the need for one‑time passwords that cause roughly 35%...
UK Seeks Views on Reshaping Cyber Laws for Downstream Gas and Electricity
The UK government, together with regulator Ofgem, has launched a consultation on revising cyber‑resilience rules for downstream gas and electricity licensees. The proposal would impose baseline cyber security requirements on all Ofgem‑licensed operators, while applying stricter standards to the most...
STV Group and Post-Quantum Successfully Trial World’s First Quantum-Resilient Drones
STV Group and UK‑based Post‑Quantum announced the successful trial of the world’s first quantum‑resilient drones, demonstrating secure, future‑proof communications between unmanned aircraft and operators. The tests, conducted in operational environments linked to Ukraine and other allied theatres, proved the drones...
What Makes Browser Hijacking a Silent Threat?
Browser hijacking, where attackers covertly alter browser settings or install malicious extensions, is emerging as a silent threat to enterprises. Researchers have identified 33 rogue extensions affecting over 2.6 million users, and Microsoft reported a 111 % surge in token‑replay attacks in...
World Backup Day 2026: A Telecom B2B Guide to Data Protection in the AI Age
World Backup Day on March 31 highlights telecoms’ need for robust data protection amid AI‑driven growth. AI adoption has surged, with 77% of telecom executives citing operational benefits and 61% using AI for analytics, but it also inflates data volumes and...
Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan
On March 30‑31 2026, attackers compromised the npm maintainer account for the popular HTTP client library axios and published two malicious releases, axios@1.14.1 and axios@0.30.4. Both versions added a fake dependency, plain‑crypto‑js@4.2.1, which runs a post‑install script that drops a...
How We Eliminated Long-Lived CI Secrets Across 70+ Repos
Pulumi eliminated long‑lived CI secrets across more than 70 repositories by swapping static GitHub secrets for short‑lived, OIDC‑driven credentials via Pulumi ESC. The new flow exchanges a GitHub‑issued JWT for a Pulumi access token, which then opens an ESC environment...
Kernel Observability for Data Movement
Modern security stacks rely on user‑space logs, leaving a blind spot at the operating system layer where data actually moves. Kernel‑mediated events—file reads, network writes, process creation—provide a complete, immutable record of every data flow, yet most tools never tap...
Popular AI Gateway Startup LiteLLM Ditches Controversial Startup Delve
LiteLLM, a widely used AI gateway for developers, announced it is ending its partnership with compliance startup Delve and will pursue new certifications through Vanta and an independent auditor. The move follows a credential‑stealing malware breach that exposed weaknesses in...
UN Norms: Tackling the Rise of Cyber Capabilities
The UN Open‑Ended Working Group (OEWG) wrapped up its 2025 cycle, reaffirming the 2015 GGE’s eleven cyber norms but delivering few fresh agreements. A new permanent Global Mechanism has been created to keep multilateral dialogue on state behaviour in cyberspace...
Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters
Hybrid vishing attacks now combine phishing emails with voice scams by abusing trusted SaaS platforms such as Google Calendar, Microsoft Teams, Zoom, and Squarespace to deliver authenticated invitations that prompt victims to call fraudulent numbers. By leveraging SPF, DKIM, and...
Hackers Hit Patel Email While Cyber Defenses Weakened by Shutdown
The Cybersecurity and Infrastructure Security Agency (CISA) is operating with roughly 60% of its workforce furloughed amid a partial DHS shutdown, forcing the agency to shift from proactive threat hunting to merely reacting to imminent attacks. Within days, Iranian-linked hackers...
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
BeyondTrust Phantom Labs uncovered a critical command‑injection flaw in OpenAI's Codex that leveraged hidden Unicode characters in GitHub branch names to steal OAuth tokens. The vulnerability affected the ChatGPT web interface, Codex SDK, and several developer extensions, exposing full repository...
New RoadK1ll WebSocket Implant Used to Pivot on Breached Networks
Security firm Blackpoint uncovered a new Node.js WebSocket implant called RoadK1ll, which enables attackers to pivot from a compromised host to internal systems via outbound tunnels. The lightweight reverse‑tunneling tool establishes a persistent WebSocket connection to attacker infrastructure, allowing multiple...
Enhancing Security Operations Builds on Zero Trust: Strengthening National Security Through Deception
The Pentagon is moving zero‑trust from policy to full‑scale execution, establishing maturity goals across the department. Recognizing that breaches are inevitable, defense leaders are adding cyber deception to actively engage attackers and gather intelligence. AI‑driven deception platforms now automate decoy...
APRA Pulls Data Submission System After Security Pentest
The Australian Prudential Regulation Authority (APRA) decommissioned its legacy Direct To APRA (D2A) data‑submission system after a routine penetration test on March 19 uncovered unnamed vulnerabilities. The regulator took the system offline on March 20 and urged all banks, insurers and superannuation funds to...
Why Identity-Led Security Services Matter Now for MSPs
Identity-led security is becoming a growth engine for managed service providers as 60 % of breaches now involve compromised identities. MSPs that layer modern IAM—phishing‑resistant MFA, passwordless login, and continuous risk assessment—onto existing services can differentiate themselves and command higher margins....
Public Health Providers Have to Obey Strict Cyber Security Rules – so Should Private Contractors
New Zealand’s recent cyber‑security strategy follows high‑profile health data breaches that exposed over 120,000 patients’ records. The government argues that existing privacy legislation does not impose enforceable cyber standards on private IT contractors supporting public health providers. It calls for...
Steakhouse Financial Warns Users of Phishing Attack
Steakhouse Financial, a Zug‑based DeFi platform, warned users on March 30 to stop using its website and app after detecting a phishing attack that duplicated its front‑end. The compromise, traced to code from the Angelferno wallet‑drainer operation, primarily targets new...
6 Biggest Cybersecurity Mistakes CEOs Make
A 2025 EY study found 84 % of organizations faced a cyber incident in the past three years, many of which were preventable with stronger leadership. CEOs often treat cybersecurity as a technical checkbox rather than a strategic priority, leading to...
AI-Driven Code Surge Is Forcing a Rethink of AppSec
AI‑driven code generation is causing organizations to produce ten to twenty times more software than a year ago, overwhelming traditional application‑security tools. The surge expands the attack surface, making vulnerabilities easier for adversaries to exploit. Black Duck’s CEO Jason Schmitt...
Italian Regulator Fines Financial Giant $36 Million for Data Protection Failures
Italian Data Protection Authority fined Intesa Sanpaolo €31.8 million ($36 million) for unauthorized access to over 3,500 customers' data between February 2022 and April 2024. The regulator cited serious shortcomings in technical and organizational safeguards, noting that internal controls failed to detect the breach....
15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow
A fifteen‑year‑old integer underflow bug (CVE‑2026‑25075) in strongSwan’s EAP‑TTLS plugin can crash VPN services by requesting an impossible 18 exabyte memory allocation. The flaw affects versions 4.5.0 through 6.0.4 and triggers a two‑phase “ghost” attack that only crashes the charon daemon...
OKCupid Gave User Photos To Facial Recognition Company, FTC Charges
The Federal Trade Commission alleges that OKCupid supplied photos and demographic data of roughly three million users to facial‑recognition startup Clarifai in 2014, contrary to its privacy policy. The FTC complaint says OKCupid and its owners concealed the transfer and...
Huskeys Raises $8m Seed to Modernise Legacy Web Security
Edge security startup Huskeys announced its emergence from stealth after closing an $8 million seed round led by investors such as 10D, SV Angel and a roster of athlete angels. The company launched its Edge Security Management platform, which sits atop...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
Researchers at ReliaQuest uncovered DeepLoad, a new malware loader delivered through a ClickFix social‑engineering lure that tricks users into running obfuscated PowerShell commands. The loader employs AI‑generated code obfuscation, APC injection, and dynamic C# compilation to avoid static and behavioral...
Percona and Chainguard Partner to Deliver Secure Open Source Software
Percona has teamed up with Chainguard to offer secure, production‑ready container images for its open‑source database portfolio, including MySQL, PostgreSQL, MongoDB and others. Chainguard builds minimal, provenance‑verified images that aim for near‑zero CVE exposure, while Percona provides enterprise‑grade support and...
Beyond Static Checks: Designing CI/CD Pipelines That Respond to Live Security Signals
Traditional CI/CD pipelines rely on pre‑deployment tests and static scans, but they miss real‑time security signals. Modern distributed systems can become vulnerable after a build due to compromised hosts or newly discovered exploits. The article proposes augmenting pipelines with runtime...
Scamnetic and VanishID Partner to Deliver an Integrated Approach to Identity Protection and Scam Prevention for Enterprises
Scamnetic and VanishID announced a partnership that combines Scamnetic’s real‑time scam and deep‑fake detection with VanishID’s identity exposure reduction platform. The integrated offering lets enterprises automatically block fraudulent communications and lower the amount of publicly exposed executive data. By addressing...
Almost €19 Million Lost by SMEs to Email Related Scams over the Past 2 Years
Irish small and medium enterprises have lost almost €19 million (≈ $20.5 million) to email‑based scams over the past two years, according to FraudSMART data. The average loss per incident exceeds €22,000 (≈ $23,800). A new FraudSMART awareness campaign, launched by Tánaiste Simon Harris...
Nanocosmos Targets Rising Stream Misuse with New Security Solution
German video‑delivery specialist nanocosmos launched nanoStream Control, a security and monitoring layer for its ultra‑low latency streaming platform. The solution lets operators revoke access tokens, block unauthorized joins, and enforce referrer allow‑lists in real time. Continuous anomaly detection, forensic watermarking...
Apple Adds macOS Terminal Warning to Block ClickFix Attacks
Apple’s macOS Tahoe 26.4 introduces a built‑in warning that intercepts potentially malicious commands pasted into Terminal. The feature specifically targets ClickFix attacks, where scammers trick users into executing harmful code under the guise of a fix. When a risky paste is...
How Small Medical Practices Can Build HIPAA-Aligned DevSecOps Without Enterprise Budgets
Small medical practices handle protected health information but often lack the security resources of large hospitals. The article outlines how adopting a HIPAA‑aligned DevSecOps approach—using AWS native tools, strict access controls, secret management, and automated CI/CD pipelines—can close common gaps...
McAfee Review 2026: Solid Protection, Mediocre Performance
McAfee’s 2026 review awards the suite an 8.1‑out of‑10 rating, highlighting strong real‑time protection and a robust identity‑theft insurance offering. The standout feature is unlimited‑device coverage on Plus plans, priced between $50 and $200 for the first year. However, the...
Sri Lanka Building Data Minimization Into Digital ID to Protect Privacy
Sri Lanka is set to launch its first digital ID, SL‑UDI, later this year, embedding data minimization and purpose limitation at the core of the system. The platform uses role‑based access controls, encryption, immutable audit logs, and secure API integrations...