9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing)
The 2026 identity threat landscape has moved beyond password‑based attacks, with AI‑driven agents, deep‑fake voice impersonations, and quantum‑era data harvesting reshaping how identities are compromised. Nine specific threats—including agentic AI hijacking, MFA‑fatigue, deep‑fake voice phishing, AI‑generated spear phishing, MCP token misuse, SIM‑swap, proxy session hijacking, synthetic identity fraud, and “harvest‑now‑decrypt‑later” quantum attacks—are detailed. The Verizon DBIR reports a 217% YoY rise in MFA‑fatigue and a 900% surge in deep‑fake files, while a 2024 Hong Kong fraud case used AI‑generated voices to steal roughly $3.2 million USD. Legacy password, SMS OTP, and push‑based MFA defenses are ineffective, prompting a shift toward passwordless, zero‑store, and post‑quantum authentication.
13 Hidden Costs of Password-Based Authentication (With Real ROI Math)
Passwords impose hidden, multi‑million‑dollar costs that span IT support, security breaches, compliance fines and lost revenue. A single reset averages $70, while credential‑based breaches cost $4.9 M on average and SMS OTP delivery can exceed $100 K annually. The article shows that...
10 Warning Signs Your Current Authentication Stack Is a Breach Waiting to Happen
The article outlines ten warning signs that indicate an authentication stack is vulnerable to breach, ranging from short password policies to lack of bot detection and indefinite session tokens. It provides quick diagnostics for each sign and concrete remediation steps...
15 Costliest Credential Stuffing Attack Examples of the Decade (and the Authentication Lessons They Teach)
Credential stuffing attacks have siphoned billions, triggered regulatory fines, and exposed hundreds of millions of users over the past decade. The article catalogs 15 high‑profile incidents—from Snowflake’s 165‑organization breach in 2024 to 23andMe’s $2.9 million UK fine—highlighting how reused passwords and...
Secure Medical Image Cryptanalysis with Quantum Neural Networks for IoT-Enabled Cloud Storage
The paper introduces a unified security framework for IoT‑enabled medical imaging that blends hybrid post‑quantum encryption, a quantum neural network for cryptanalysis, federated deep learning, and secure cloud storage. The hybrid scheme merges post‑quantum cryptography, chaos‑based diffusion, and AES‑GCM, while...
‘AiFrame’ Browser Attacks Continue with Fake Authenticator, Converter Extensions
Six new malicious Chrome extensions tied to the AiFrame campaign have been uncovered, expanding the original set of 32 AI‑impersonating add‑ons. The extensions—including a fake two‑factor authenticator, an AI‑to‑PDF converter and a HEIC‑to‑JPG tool—have roughly 134,000 combined installs and request...
ADT Confirms Data Breach After ShinyHunters Leak Threat
ADT confirmed a data breach after the ShinyHunters extortion group threatened to expose stolen records. The company detected unauthorized access on April 20, 2024, and found that personal information—names, phone numbers, addresses, and in some cases dates of birth and the...
Iran Cyber Campaign Targets Critical Infrastructure’s Weakest Links
Operation Epic Fury marks Iran’s shift from espionage to disruptive cyber attacks on U.S. critical infrastructure. Iranian‑affiliated APT groups are actively exploiting internet‑facing programmable logic controllers in water, energy and government sectors, causing operational disruptions and financial loss. The campaign...
Some Brands Are Safe From The US' Foreign Router Ban, But No One Seems To Know Why
On March 23 2026 the FCC added foreign‑made consumer routers to its Covered List, effectively banning any new router not manufactured in the United States. Approximately 60 % of U.S. routers are sourced from China, so the rule sent shockwaves through the market....
Rev. 3 Is Coming – Start Preparing for the Next CMMC Requirement
The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon require compliance with NIST SP 800‑171 Revision 3, which supersedes the current Rev 2 baseline. Rev 3, released in May 2024, adds three new control families—supply‑chain security, incident response, and advanced threats—while reducing the...
Firestarter Malware Survives Cisco Firewall Updates, Security Patches
U.S. and U.K. cyber agencies have identified a custom backdoor, Firestarter, that remains active on Cisco Firepower and ASA firewalls even after firmware updates and security patches. The malware exploits CVE‑2025‑20333 and CVE‑2025‑20362 to gain initial access, then uses the...
CMMC Won’t Fail on Controls. It Will Fail on Proof.
The Cybersecurity Maturity Model Certification (CMMC) is evolving from a checklist of controls to a verification regime that demands provable evidence. Contractors often have the right technical safeguards but lack the ability to produce continuous, defensible proof on demand. This...
ShinyHunters Claims Udemy Data Breach of 1.4M Users
ShinyHunters, a financially motivated threat group, alleges it has exfiltrated over 1.4 million Udemy user records and is demanding a ransom before a public leak. The claim surfaced on April 24, 2026, with a deadline of April 27 for Udemy to respond. While...
New ClickFix Attack Hides in Native Windows Tools to Reduce Detection Risk
CyberProof uncovered a new ClickFix campaign that tricks users into running malicious code via a fake CAPTCHA prompt. The attack leverages native Windows utilities cmdkey and regsvr32—known as LOLBins—to download a DLL from a remote server and register a scheduled...
AHA Urges Delay on TEFCA Individual Access SOP over Patient Privacy Concerns
The American Hospital Association (AHA) has urged the Sequoia Project to postpone the rollout of version 3.0 of the Trusted Exchange Framework and Common Agreement (TEFCA) Individual Access Services (IAS) Standard Operating Procedures, originally slated for August 2027. The AHA argues that...
Advisory Details Shifting Tactics of Chinese Cyber Actors Using Covert Networks for Malicious Activity
A joint advisory from U.S. and international cyber agencies warns that China‑aligned threat actors have shifted to large‑scale covert networks of compromised routers, IoT devices, and other edge hardware. These hidden botnets let attackers mask origins, evade defenses, and target...
Iran’s Cyber Threat May Be Less ‘Shock and Awe’ than ‘Low and Slow,’ Officials Say
After a CISA advisory warned of Iranian‑linked cyber actors targeting U.S. critical infrastructure, officials say the threat is more likely low‑and‑slow opportunistic intrusions than a shock‑and‑awe campaign. Former NSA director Tim Haugh and cyber‑security veteran Kevin Mandia note Iran’s tactics...
IHS Leaders Tie Cybersecurity Directly to Patient Care
At the 2026 Splunk GovSummit, Indian Health Service leaders declared cybersecurity a core component of patient care. Serving 2.7 million patients across 37 states, IHS ties security to clinical continuity, emphasizing real‑time monitoring and resilience in remote and urban facilities. The...
Netherlands Weighs Data Sovereignty Concerns with Solvinity Digital Identity Contract
The Dutch House of Representatives voted to block an extension of the DigiD contract with Solvinity if the company is acquired by U.S. IT services firm Kyndryl. Lawmakers cite data sovereignty and national security concerns, fearing U.S. jurisdiction could expose...
ADT Says Customer Data Stolen in Cyber Intrusion
ADT disclosed a cyber intrusion that stole personal data—including names, addresses, dates of birth and the last four digits of Social Security numbers and tax IDs—from customers and prospects. The ShinyHunters group claimed to have taken 10 million records and threatened...
LPL Claims Hackers Accessed Client Accounts Through Advisors’ Devices
LPL Financial disclosed a cybersecurity breach that compromised advisor devices on November 10, 2025, affecting 1,581 client accounts. Malware delivered via phishing gave hackers unauthorized access to the firm’s web‑based advisor portal, leading to illicit securities trades and financial transfers. LPL halted...
Delivering an Impactful 15-Minute Board Briefing
Cyber risk oversight has shifted to audit committees, now covering 79% of S&P 500 firms, up from 71.2% two years earlier. Board briefings are limited to 10‑15 minutes each quarter, forcing CISOs to move from data‑heavy dashboards to concise, business‑focused narratives....
Four Cooley Partners Honored Among Elite in Data Breach Response
Four Cooley partners—Travis LeBlanc, Patrick Van Eecke, Guadalupe Sampedro and Kristen Mathews—were named to Cybersecurity Docket’s Incident Response Elite for 2026, a global list that spotlights top data‑breach response lawyers. LeBlanc earned his ninth appearance, Van Eecke his third, Sampedro...
EU Business Lobby Backs Digital Wallet Plan, Calls for Proportionate Identity Rules
Europe’s leading business lobby, BusinessEurope, has endorsed the European Business Wallet (EBW) proposal, highlighting its potential to cut red tape and streamline compliance across tax, AML and corporate reporting. The group stresses that digital identity verification must be proportionate, low‑cost...
New BlackFile Extortion Group Linked to Surge of Vishing Attacks
A new financially motivated hacking group called BlackFile, also known as CL‑CRI‑1116, UNC6671 and Cordial Spider, has been linked to a wave of vishing‑based credential theft and extortion targeting retail and hospitality firms since February 2026. The attackers impersonate IT...
CISA Last in Line for Access to Anthropic Mythos
Anthropic’s Claude Mythos, a bug‑hunting AI model, is being rolled out through a tightly controlled initiative called Project Glasswing. While the NSA and the Department of Commerce have received access, the Cybersecurity and Infrastructure Security Agency (CISA) remains excluded. Bloomberg...
Microsoft to Roll Out Entra Passkeys on Windows in Late April
Microsoft announced that Entra passkey support will roll out to Windows devices starting in late April 2026, with general availability slated for mid‑June. The feature extends phishing‑resistant, passwordless authentication to corporate, personal and shared Windows machines, even when they are...
New ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux Access
A new vulnerability called Pack2TheRoot (CVE‑2026‑41651) in the PackageKit daemon allows local users to gain root privileges by installing or removing system packages. The flaw, rated 8.8/10, has existed since 2014 across PackageKit versions 1.0.2‑1.3.4 and impacts major Linux distributions...
AI-Generated Code Is Vulnerable
Researchers at Georgia Tech's Systems Software & Security Lab have unveiled the Vibe Security Radar, a tool that scans public vulnerability databases to identify code defects introduced by generative AI tools such as Claude, Gemini, and GitHub Copilot. The radar...
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
U.S. CISA disclosed that a federal agency’s Cisco Firepower appliance was compromised in September 2025 by a new backdoor malware dubbed FIRESTARTER. The implant leverages two recently patched CVEs (2025‑20333, 2025‑20362) to gain root access and persists through firmware updates...
China Now as Good as U.S. at Offensive Cyber: Dutch Intelligence
Dutch intelligence agencies warned that China’s offensive cyber capability now matches that of the United States. The AIVD’s annual report highlighted a sophisticated Chinese national program that evades detection, with only a tiny fraction of attacks being identified. Similar capabilities...
How CrowdStrike Is Helping The Industry To Withstand AI-Driven Vulnerability Deluge: Exec
Cybersecurity leader CrowdStrike unveiled Project QuiltWorks, an initiative that merges its Falcon Spotlight platform with multiple frontier AI models to accelerate vulnerability discovery and remediation. Prompted by Anthropic’s Claude Mythos disclosure, the program aims to pre‑empt AI‑driven exploit spikes by...
FCA Publishes Cyber Co-Ordination Group Insights
On 24 April 2026 the UK Financial Conduct Authority released insights from its 2025 Cyber Coordination Group, which convenes up to 140 financial firms to share best practices on cyber resilience. The FCA emphasized senior‑level involvement in incident‑response drills, live‑environment testing, and...
AI Agents Are Already Inside Your Digital Infrastructure
A new Cloud Security Alliance report finds that 82% of enterprises host unknown AI agents and nearly two‑thirds have suffered AI‑agent‑related incidents in the last year, creating a growing "retirement debt" of lingering permissions. The surge in autonomous agents is...
Cirrascale to Offer On-Prem Google Gemini Models
Cirrascale Cloud Services will deliver Google Gemini large‑language models on‑premise through Google Distributed Cloud, using Dell‑built appliances equipped with Intel CPUs and Nvidia GPUs. The offering supports fully air‑gapped or connected deployments, letting government, defense, finance, healthcare and education customers...
Does The New Federal Data Privacy Bill Have A Snowball’s Chance Of Passing?
House Republicans introduced the SECURE Data Act, a federal privacy bill that would establish a single national standard and preempt state regulations. The legislation applies to companies handling data from over 200,000 consumers or generating at least $25 million in revenue,...
What Claude and OpenClaw Vulnerabilities Reveal About AI Agents
Security researchers at Oasis disclosed two critical vulnerability chains affecting Anthropic's Claude and the open‑source OpenClaw AI agents. In both cases a single manipulated input—whether a crafted search‑ad link or a malicious website—allowed an attacker to hijack the agent and...
Why Cyber Threats to Critical Infrastructure Demand a New Homeland Response Model
A recent Texas flash‑flood response revealed how volunteers used the civilian Technical Awareness Kit (CIVTAK) to coordinate via personal mobile devices. The article warns that nation‑state cyber actors such as Salt Typhoon, Volt Typhoon and CARR have already infiltrated U.S....
US, Allies Warn of Industrialized Chinese Botnets
The United States, United Kingdom and eight allied nations warned that Chinese state‑backed groups are operating industrial‑scale botnets using compromised routers and IoT devices. The joint advisory identified the Volt Typhoon operation, which hijacks outdated Cisco and Netgear routers to expand...
Hasbro Expects March Cyberattack to Impact Second-Quarter Revenue
Hasbro disclosed that a March 2026 cyberattack will affect its second‑quarter revenue and operating profit. The breach forced key order‑processing, shipping and invoicing systems offline, prompting a forensic investigation and added costs. The company expects most delays to be recovered...
Top 5 Roadblocks for MSPs, and How MDR Helps
Managed service providers (MSPs) are grappling with talent shortages, rising costs, and complex security environments, making cyber resiliency a top strategic priority for 35% of them. OpenText’s managed detection and response (MDR) service offers 24/7 threat monitoring, AI‑driven alert triage,...
US Lawmakers Push National Data Privacy Rules Amid State Preemption Concerns
House Republicans introduced two sweeping federal privacy bills—the SECURE Data Act for non‑financial firms and the GUARD Financial Data Act for banks and lenders—to replace a patchwork of state rules. Both proposals grant consumers rights to access, correct, delete, and...
SymphonyAI Helps Payments Giant Slashes Compliance
A global payments processor handling over 200 billion transactions in FY 2024 replaced its fragmented, legacy compliance stack with SymphonyAI’s cloud‑native platform. The new active‑active SaaS solution delivers 99.99% availability and leverages agentic AI to orchestrate workflows, cutting alert processing time by...
Sri Lanka Sets Roles for Digital ID Rollout with DRP, GovTech Split
Sri Lanka has designated the Department of Registration of Persons (DRP) as the legal custodian of its national digital identity system, SL‑UID, while GovTech Sri Lanka will manage technical delivery and ongoing operations. The rollout will be phased, beginning with...
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Anthropic’s Project Glasswing, showcased by the Mythos Preview model, uncovered a 16‑year‑old FFmpeg vulnerability that five million conventional scans missed. The AI’s ability to read code intent, rather than merely enumerate patterns, marks a shift from signature‑based tools toward understanding‑driven security. While...
4 Easy Ways to Stay on Top of Cybersecurity in the Workplace
The article outlines four practical steps for keeping workplace cybersecurity robust: isolating corporate systems from personal devices, preparing staff for AI‑driven threats, strengthening authentication, and maintaining up‑to‑date software. It emphasizes remote‑work realities, the rise of AI‑enabled attacks, and the need...
Commvault Cosies up to Google’s Cloud
Commvault has launched its Commvault Cloud platform and the Clumio SaaS service on Google Cloud, extending unified data protection and ransomware‑resilient backups to GCP workloads. The offering includes native protection for BigQuery, Compute Engine, GKE, Cloud SQL, and Google Workspace,...
Governments on High Alert After CISA Snuffs Out Firestarter Backdoor on Fed Network
CISA disclosed that a previously unknown backdoor malware, dubbed Firestarter, breached a U.S. Federal Civilian Executive Branch agency by compromising a Cisco Firepower ASA firewall. The malware can retain persistent access even after firmware updates, allowing attackers to re‑enter networks...
Windows 10 Support Is Over. Here Are 6 Options for Users
Microsoft ended mainstream support for Windows 10 on Oct. 14 2025, leaving an estimated 500 million PCs exposed to unpatched vulnerabilities. Users can upgrade to Windows 11 for free if their hardware meets TPM 2.0 and other specs, buy a new device, or rent a cloud‑hosted...
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
The weekly roundup highlights several high‑profile security developments: Anthropic’s Claude Mythos AI model was accessed by unauthorized testers through a third‑party vendor, prompting tighter access restrictions. Sean Plankey withdrew his nomination for CISA director, leaving the agency without a permanent leader....