1B Identity Records Exposed in ID Verification Data Leak
Researchers uncovered an unprotected MongoDB database belonging to IDMerit that exposed roughly 1 billion identity records across 26 countries, including more than 203 million records in the United States. The data set contained full names, addresses, dates of birth, national ID numbers and other personal details used for KYC verification. IDMerit says its platform does not store customer data and claims no breach occurred, but the incident underscores a critical lapse in third‑party security controls. The database was secured a day after discovery, yet the exposure highlights the ease with which criminals can harvest sensitive identity information.
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
Security firm Hudson Rock has linked the 2024 Polyfill supply chain attack, which infected over 100,000 websites, to North Korean threat actors, overturning earlier attributions to China. The attack stemmed from the acquisition of Polyfill.io by Chinese CDN Funnull, which...
DNSSEC Validation for SSL Certificates: CA/B Forum Ballot SC-085 Changes in March 2026
Beginning March 2026, the CA/Browser Forum will require Certificate Authorities to validate DNSSEC signatures during CAA checks and Domain Control Validation when DNSSEC is enabled. DigiCert has already implemented this rule, meaning any misconfigured DNSSEC will cause certificate issuance or renewal...
Lloyds Banking App ‘Glitch’ Shows Transactions of Strangers
Lloyds Banking Group’s mobile apps briefly displayed other customers’ transaction histories on the morning of 12 March 2026. The glitch affected users of Lloyds, Halifax and Bank of Scotland apps before being resolved within minutes. The incident has reignited parliamentary...
Southeast Asia Faces Spillover Cyber Risk From Iran War as ‘Blast Radius’ Widens
Southeast Asia is increasingly exposed to cyber spillover from the US‑Israel‑Iran conflict, as state‑linked hackers target energy, shipping and banking networks beyond the Middle East. Iran has pledged attacks on regional economic interests, while the UAE reported up to 200,000...
Codoxo’s Deepfake Detection Identifies AI-Generated Medical Records for Health Plans
Codoxo has launched Deepfake Detection, an AI‑driven solution that scans medical documentation, diagnostic images and claim context in seconds to flag synthetic or manipulated records. The tool embeds explainable risk scores into payer fraud‑prevention workflows, enabling health plans to intercept...
Vulnerability Reports: Increase in Quantity, Decrease in Quality?
cURL founder Daniel Stenberg has shut down his HackerOne bug bounty program after a sharp rise in low‑quality, AI‑generated vulnerability reports. In early 2026 his team reviewed 20 submissions, seven arriving within 16 hours, none of which were genuine flaws....
Unified Real-Time Anomaly Detection Across Retail Fraud and Network Intrusion Streams Using Dependency-Aware Feature Extraction
A unified, domain‑aware anomaly detection pipeline maps retail transaction and network traffic streams to a common event schema, enabling real‑time monitoring of rare, high‑impact events. The approach extracts temporal features (e.g., time‑since‑last‑event) and contextual typicality without data leakage, then trains...
India Introduces Bug Bounty Program to Target Gaps in Aadhaar Ecosystem
India’s Unique Identification Authority (UIDAI) launched a formal bug bounty program to harden the Aadhaar ecosystem. A panel of 20 vetted security researchers will probe the official website, myAadhaar portal, and the Secure QR Code app for vulnerabilities. Rewards are...
India Outlines Legal Framework to Protect Children From AI and Online Harm
India’s government announced a comprehensive legal framework to shield children from AI‑driven online harms. Existing statutes such as the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 are being leveraged to mandate rapid removal of illegal...
ISACA to Build a Skilled Cyber Security Workforce in the Age of AI
ISACA has been named the Department of Defense’s official CMMC Assessors and Instructors Certification Organisation, giving it authority to deliver the full suite of CMMC credentials worldwide. The CMMC framework blends NIST standards with a maturity model, becoming a global...
Domains.co.za Introduces Complete Domain Protection Service
Domains.co.za has launched a Domain Protection add‑on priced at R69 per year, bundling two‑factor authentication, a transfer lock, WHOIS privacy and Anycast DNS in 62 global locations. The package promises a 1 000 % uptime guarantee and discounts on redemption fees for...
Stryker Breach Puts IT Leaders On Alert. Here’s How To Stay Safe
Medical‑technology giant Stryker disclosed an Iran‑linked cyberattack that compromised its Microsoft Intune mobile device management (MDM) platform, forcing remote wipes of thousands of laptops and smartphones worldwide. The breach, claimed by the Handala collective, showed no ransomware but highlighted the...
Proofpoint Expands AI-Driven Security Strategy While Strengthening Partner Ecosystem
Proofpoint is expanding its AI‑driven security platform to protect the emerging human‑AI workspace, adding intent‑based detection for AI‑generated phishing and modernising threat investigation tools. The company now processes roughly six trillion messages daily, covering about 45 % of global enterprise email...
Meta Disables 150,000 Accounts in Global Sting on Southeast Asian Scam Centres
Meta disabled over 150,000 accounts linked to Southeast Asian scam centres after a joint operation led by Thailand’s Royal Thai Police, the FBI and the U.S. Justice Department. The crackdown resulted in 21 arrests and highlighted the sophisticated, multilingual fraud...
IBM, Signal, and Threema Partner to Fortify Messaging Against Quantum Threats
IBM researchers have teamed up with Signal and Threema to embed post‑quantum cryptography into their messaging platforms. The partnership pivots from classical elliptic‑curve schemes to NIST‑2024 PQC standards, tackling both content and metadata protection. IBM proposes a decentralized gatekeeper model...
How to Use GitLab Container Virtual Registry with Docker Hardened Images
GitLab’s Container Virtual Registry acts as a pull‑through cache for Docker Hub, Docker Hardened Images (dhi.io), Microsoft Container Registry, Quay and internal registries. It consolidates authentication to GitLab, caches images on the first pull and serves subsequent pulls locally, cutting...
Development of Coruna iOS Exploit Kit Pinned on US Military Contractor
U.S. defense contractor L3Harris, through its Trenchant surveillance‑tech division, was identified as a developer of the Coruna iOS exploit kit. Former employees disclosed that the kit, comprising roughly two dozen components originally built for a government surveillance client, has been...
Iran War to Escalate US Organizations' Cyber Risk
The escalating U.S.–Israel conflict with Iran is expected to heighten cyber threats against U.S. public finance issuers, according to Fitch Ratings. Hacktivist and state‑backed actors may increase DDoS, ransomware, and data‑wiping attacks targeting critical infrastructure. Municipalities, which traditionally lag in...
NZ Businesses Report Surge in AI-Related Security Incidents
A Kordia survey of nearly 250 New Zealand firms with 50+ employees shows a sharp rise in AI‑related security incidents. Shadow AI now ranks among the top three cyber risks for 24% of respondents, up from 16% a year earlier. Attacks...
Report: APAC Second Most Targeted Region as Attackers Exploit Basic Gaps
The 2026 IBM X‑Force Threat Intelligence Index shows Asia‑Pacific as the world’s second‑most targeted region, responsible for 27% of tracked cyber incidents. Attackers are leveraging basic security gaps, with AI tools speeding vulnerability discovery and automation. Malware accounts for 45%...
Organizations Track Response, Not Prevention, Survey Finds
A new Malanta survey of 100 security professionals shows enterprises are still focused on response rather than prevention despite investing heavily in threat intelligence. Companies typically run five to eight feeds—some up to 53—with 71% reporting overlapping data and 100%...
Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone
Iran‑linked Handala Hack Team announced cyberattacks on medical‑device maker Stryker and payment‑technology firm Verifone on March 11. Stryker confirmed a network disruption in its Microsoft‑based environment but reported no ransomware or data loss, while Verifone said it found no evidence of...
Seven Essential Security Strategies For Law Firms And Legal Departments
Law firms and corporate legal departments face escalating cyber threats, with one‑third expected to experience a breach this year and average losses exceeding $5 million. The article outlines seven essential security strategies: building a vigilance culture, turning compliance into a market...
Foreign Hacker in 2023 Compromised Epstein Files Held by FBI
In February 2023 a foreign hacker infiltrated the FBI’s New York Field Office server that housed files from the Jeffrey Epstein investigation. The breach was discovered when a special agent found a warning file, and the hacker later engaged in a...
Xygeni GitHub Action Compromised Via Tag Poison
Xygeni’s official GitHub Action was compromised through a tag‑poisoning attack that redirected the mutable v5 tag to a malicious commit containing a command‑and‑control implant. The attacker leveraged a stolen maintainer personal access token and a compromised GitHub App private key...
Iran-Linked Hackers Reportedly Targeted Albanian Parliament Email System
Albanian parliament email system was targeted by the Iran‑linked hacking group Homeland Justice. The attackers sought to access or leak emails of senior political figures, and some content later appeared on Telegram. Albania’s National Cyber Security Authority launched an investigation,...
Bell Cyber Launches Fully Managed Cybersecurity Solution for SMEs
Bell Cyber has launched CyberShield Connect, a fully managed cybersecurity service tailored for Canadian small and medium-sized enterprises. Powered by WatchGuard’s Unified Security Platform, the solution combines cloud‑managed security, automated deployment, and Security Operations Centre monitoring into a single offering....
Swiss E-Voting Pilot Can't Count 2,048 Ballots After USB Keys Fail To Decrypt Them
Swiss authorities suspended Basel‑Stadt's e‑voting pilot after 2,048 ballots could not be decrypted, despite three USB sticks containing the correct codes. The pilot, which served roughly 10,300 expatriates and 30 voters with disabilities, collected votes amounting to less than 4%...
SQLi Flaw in Elementor Ally Plugin Impacts 250k+ WordPress Sites
A critical SQL injection flaw (CVE‑2026‑2413) was found in Elementor's Ally plugin, affecting all versions up to 4.0.3 and potentially exposing data on more than 250,000 WordPress sites. The vulnerability allows unauthenticated attackers to inject malicious SQL via a URL...
F5 Brings New Visibility and AI Controls to Big-IP, NGINX
At its AppWorld conference, F5 unveiled a suite of AI‑enhanced updates to its Application Delivery and Security Platform, including the new observability product F5 Insight, AI‑powered risk scoring for its Distributed Cloud WAF, and post‑quantum TLS support in Big‑IP v21.1....
Iran Warns US Tech Firms Could Become Targets as War Expands
Iranian state‑linked media released a list naming Google, Microsoft, Palantir, IBM, Nvidia and Oracle as legitimate targets in the expanding regional war. The warning follows recent Iranian drone attacks that damaged Amazon Web Services data centers in the UAE and...
ChatGPT Edu Feature Reveals Researchers’ Project Metadata Across Universities (Exclusive)
A flaw in OpenAI's ChatGPT Edu Codex Cloud Environments allows anyone within a university to view the names and interaction counts of GitHub repositories linked to student and staff accounts. Oxford researcher Luc Rocher discovered that project metadata—including how often...
SAP Security Patch Day March 2026 Highlights FS-QUO and Enterprise Portal Risks
SAP’s March 2026 Security Patch Day released 15 security notes, including two critical CVSS 9+ vulnerabilities and one high‑priority denial‑of‑service issue. The critical flaws affect SAP Quotation Management Insurance (FS‑QUO) via an outdated Log4j library, SAP NetWeaver Enterprise Portal Administration through insecure...
This Security Flaw Could Affect 1 in 4 Android Phones - How to Check Yours
Researchers at Ledger’s Donjon team discovered a hardware flaw in MediaTek’s trusted execution environment that affects roughly 25 % of Android smartphones. The vulnerability lets an attacker connect a phone to a laptop via USB and extract cryptographic keys in under...
Hackers Leak Customer Data After Telco Refuses to Pay Ransom
Hackers from the ShinyHunters collective stole personal data of over six million Odido customers and demanded a €1 million ransom. Odido refused to pay, following police advice, prompting the attackers to leak a million lines of data daily and eventually publish...
The Game-Changing Technology Helping Businesses Prevent Catastrophic Data Loss
The article highlights how combining Continuous Data Protection (CDP) with artificial‑intelligence creates near‑zero Recovery Point Objectives (RPO) and dramatically lower Recovery Time Objectives (RTO). AI layers such as predictive failure analysis, anomaly detection and automated recovery orchestration boost CDP’s real‑time...
Microsoft .NET Vulnerability Enables Remote DoS Attacks
Microsoft disclosed CVE‑2026‑26127, an out‑of‑bounds read flaw in the .NET framework that enables unauthenticated attackers to trigger remote denial‑of‑service conditions. The vulnerability affects multiple .NET versions and carries a CVSS rating of 7.5, indicating high severity. Microsoft has released a...
WordPress Security Release 6.9.4 Fixes Issues 6.9.2 Failed To Address via @Sejournal, @Martinibuster
WordPress issued version 6.9.4 after the rushed 6.9.2 security release caused site crashes and left some vulnerabilities unpatched. The 6.9.2 update addressed ten flaws but introduced a template‑loading bug that broke sites using non‑standard themes, prompting a fast‑follow 6.9.3 fix. 6.9.4...
European Groups Form Cybersecurity Initiative for Industrial Automation
A European consortium has launched the three‑year ENFORCERS initiative to secure software supply chains, coordinate incident response, and enhance lifecycle resilience for industrial automation. Backed by EU funding, the project brings together manufacturers, cybersecurity vendors, and research institutes to build...
New PhantomRaven NPM Attack Wave Steals Dev Data via 88 Packages
Security researchers have identified a new wave of the PhantomRaven supply‑chain campaign targeting the npm registry. Between November 2025 and February 2026, Endor Labs discovered 88 malicious packages distributed through 50 disposable accounts, many employing slopsquatting and Remote Dynamic Dependencies...
Ledger Uncovers Security Vulnerability That Could Affect 25% of Android Phones
Ledger’s in‑house security team disclosed a critical flaw in Android phones powered by MediaTek chips, potentially affecting up to 25% of devices. The vulnerability lets attackers extract root cryptographic keys and decrypt full‑disk storage even when the phone is off,...
France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025
The French cybersecurity agency ANSSI reported a modest decline in ransomware incidents in 2025, with 128 attacks versus 141 in 2024. The drop is attributed to proactive cyber‑defense measures and large‑scale law‑enforcement actions such as Operation Endgame. While overall ransomware...
Quectel Leans on Third-Party Security Validation as EU Cyber Resilience Act Deadline Approaches
Quectel Wireless Solutions announced that its IoT module portfolio is already aligned with the EU Cyber Resilience Act (CRA) ahead of the September 11 2026 deadline. The company relies on a four‑year partnership with Finite State to deliver independent security testing, software‑bill‑of‑materials...
IO River Launches Multi-CDN Edge Security With Check Point
IO River unveiled a multi‑CDN edge security platform powered by Check Point’s Web Application Firewall. The solution runs security logic directly at the edge of each CDN, eliminating the need to route traffic back to a central inspection point. By decoupling...
DataBahn Expands Microsoft Sentinel Integration
DataBahn has deepened its partnership with Microsoft, embedding its AI‑driven data pipeline into Microsoft Sentinel via the Content Hub and Azure Marketplace. The joint solution automates ingestion, normalization, and routing of telemetry from hundreds of sources, cutting weeks of manual...
HIMSS Survey: 60% of Health Systems Can’t Protect Unmanaged Medical Devices
A new HIMSS‑Elisity survey reveals that 62% of health systems cannot secure unpatchable or agentless IoMT devices, while 56% struggle with basic inventory visibility. The same respondents cite microsegmentation as the preferred defense, yet 40% fear it will disrupt clinical...
Police Scotland Fined £66k for Extracting and Sharing Mobile Phone Data
The Information Commissioner’s Office fined Police Scotland £66,000 after it extracted the entire contents of a suspect’s mobile phone following a crime report and shared the unredacted data with an unauthorised third party. The ICO found the force failed to...
Researchers Discover Major Security Gaps in LLM Guardrails
Unit 42 researchers revealed that safety guardrails in generative AI, termed “AI Judges,” can be bypassed using a novel prompt‑injection technique. Their custom fuzzer, AdvJudge‑Zero, automatically discovers low‑perplexity token sequences that shrink the logit gap between “allow” and “block,” achieving a...
5 Ways to Protect Manufacturing From Cyberattacks
Manufacturers remained the most targeted sector in 2025, according to IBM X‑Force, driven by high‑value intellectual property and legacy systems that are hard to patch. Experts warn that many firms treat operational technology separately from cybersecurity, lack robust identity controls,...
