Netskope Launches AI Security Platform to Monitor and Protect Enterprise AI Systems
Netskope unveiled Netskope One AI Security, extending its Zero Trust platform to monitor and control AI agents, models, and data flows across enterprises. The suite adds an Agentic Broker, AI Guardrails, AI Gateway, and AI Red Teaming to give security teams granular visibility and policy enforcement. Performance‑focused NewEdge AI Fast Path ensures protection without slowing AI workloads, while private‑deployment options meet strict data‑sovereignty requirements. Netskope also positions the solution as a foundation for MSSPs to deliver managed AI security services.
HIMSS26: Imprivata Introduces Agentic Identity Management to Secure and Govern AI Agents
Imprivata unveiled Agentic Identity Management at HIMSS26, a platform that secures and governs AI agents used in clinical documentation, prior authorizations, and triage. The solution treats AI agents as managed identities, issuing short‑lived tokens and enforcing least‑privilege access across both...
AWS Expands Security Hub for Multicloud Security Operations
Amazon Web Services has broadened AWS Security Hub into a centralized multicloud security operations platform. The enhanced service aggregates risk signals from AWS and third‑party tools, delivering near‑real‑time analytics, automated analysis, and prioritized insights across multiple cloud providers. New capabilities...
Microsoft's 'Patch Tuesday' For March Addresses Two Zero-Day Flaws
Microsoft’s March 2026 Patch Tuesday delivered fixes for 83 vulnerabilities, including two publicly disclosed zero‑day flaws. The first, CVE‑2026‑21262, is an elevation‑of‑privilege bug in SQL Server that could grant admin rights over a network. The second, CVE‑2026‑26127, is a .NET denial‑of‑service...
Employee Crime Poses Growing Threat to Large Enterprises
A QBE Insurance survey finds 80% of risk managers at large U.S. firms faced employee crime in the past year, with billing fraud leading at 36%. Incidents often involve multiple perpetrators and senior staff, while 41% of managers express very...
Meta Ramps Up Efforts to Disrupt Industrialized Scamming
Meta announced it removed 10.9 million Facebook and Instagram accounts tied to criminal scam centers in 2025, alongside deleting over 159 million scam ads. The company introduced new account protections, including Messenger scam‑detection alerts, WhatsApp device‑link warnings, and Facebook friend‑request...
Inside ThreatLocker’s Rise From Startup to Global Cybersecurity Company
ThreatLocker has scaled from a two‑person startup to a global cybersecurity firm with over 700 employees, anchored by a deny‑by‑default, Zero Trust platform that blocks unauthorized software before it runs. The company’s growth has been propelled by its appeal to...
Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users
Quittr, a self‑help app marketed to men seeking to curb pornography use, suffered a massive data breach that exposed intimate details, including masturbation frequencies, of hundreds of thousands of users. The company had previously assured users of robust security, yet...
New Report Finds One in Two U.S. School Districts Experienced a Cybersecurity Incident in 2025
Clever released its Cybersecure 2026 Report, surveying nearly 500 U.S. K‑12 administrators and technology professionals. The study found that one in two school districts experienced a cybersecurity incident in 2025. More than 77% of districts rely on Clever’s identity platform...
Storage Vendor Offers a Real Guarantee — but Check Out Those Fine-Print Exceptions
Scality announced a $100,000 cyber guarantee for its Artesca storage line, promising payment if an external attack destroys or encrypts data. The company markets the guarantee as simple and accessible, but the fine‑print limits coverage to external incidents, requires a...
Meta Rolls Out New Features for Scam Protection
Meta introduced AI-driven tools to identify brand and celebrity impersonators and flag deceptive links across its platforms. The company also added user alerts for suspicious friend requests on Facebook, device‑link warnings on WhatsApp, and suspect‑account warnings on Messenger. Additionally, Meta...
The Rise of Teen Hackers ‘Makes for a Good Headline’, but Cyber Crime Activities Peak Later in Life
Orange Cyberdefense’s analysis of 418 public law‑enforcement cases from 2021 to mid‑2025 shows cyber‑crime activity peaks among adults aged 35‑44, who account for 37% of incidents. Combined, individuals aged 25‑44 represent 58% of all reported cases, while teenagers and young...
Cyber-Attacks on UK Firms Increase at Four Times Global Rate
Check Point’s February 2026 report shows UK organisations faced a 36% year‑on‑year rise in cyber‑attacks, far outpacing the 9.8% global increase. Despite the surge, UK firms averaged 1,504 attacks per week, still below the global mean of 2,086. Education, energy,...
Child Rapist Could Have Profiled Victims Through Unaudited Access to NHS Databases
A former NHS analyst and convicted child rapist, Paul Lipscombe, is alleged to have used unaudited SQL queries to extract personal details of his victims from hospital databases. The whistleblower highlighted that while patient administration systems are logged, analysts can...
Your Face Is Your Hospital ID Under Mount Sinai's New Clear Scanning Contract
Mount Sinai Health System has signed a system‑wide contract with Clear Secure to deploy facial‑recognition scanners across its seven hospitals and roughly 400 outpatient clinics, serving about five million patient visits annually. The technology, already used in airports and major...
Beyond Trade Policy: What the BIS Connected Vehicle Rule Really Demands From Automotive Software Teams
The U.S. Bureau of Industry and Security’s Connected Vehicle Rule, effective March 2025, focuses on software provenance rather than merely restricting Chinese or Russian components. It requires manufacturers to file Declarations of Conformity backed by defensible documentation that proves where each...
CISOs on Alert: Strengthening Cyber Resilience Amid Geopolitical Tensions in the Middle East
Rising geopolitical tensions between Israel, the US and Iran are prompting CISOs across the Gulf to tighten cyber resilience. Leaders emphasize readiness over panic, focusing on nation‑state threat monitoring, rapid incident response, and robust data protection. Immediate measures include enhanced...
States and Feds Consider a Simple Solution to SNAP Fraud
Thieves stole at least $320 million in SNAP benefits between October 2022 and December 2024, and the USDA projects another $233 million could be lost in fiscal years 2025‑26 without stronger controls. The fraud stems from magnetic‑stripe EBT cards that are vulnerable to skimming and...
Iran’s Fake “Shelter Danger” Calls Part of Psychological Cyber Warfare Playbook
Israel’s National Cyber Directorate warned that Iran‑linked actors are conducting a wave of caller‑ID spoofing attacks, impersonating the Home Front Command’s emergency line. Automated calls and fake text alerts instruct citizens to stay out of bomb shelters or anticipate fuel...
The 2020’s Twitter Bitcoin Hack Deconstructed
In July 2020, hackers compromised 130 high‑profile Twitter accounts and used a Bitcoin giveaway scam to steal roughly $121,000 worth of BTC from over 400 victims. The stolen coins were quickly shuffled through a network of 12 addresses, Wasabi Wallet,...
Lululemon Repentant After $702,000 Fine for Email Breaches
Australia: Negative Light Technology Conceals Data in Plain Sight
Australian researchers from UNSW Sydney, Monash University and Imperial College London have demonstrated a novel communication method that embeds data within natural infrared emissions using negative luminescence. The technique employs thermoradiative diodes to create subtle, darker fluctuations in mid‑infrared radiation,...
Intel Demos Chip To Compute With Encrypted Data
Intel unveiled its Heracles processor at ISSCC, claiming up to a 5,000‑fold speed boost for fully homomorphic encryption (FHE) workloads compared with a top‑of‑the‑line Xeon server. The chip is fabricated on Intel’s 3‑nanometer FinFET process and occupies a die roughly...
Why 2026 Will Be the Year of Governed Cybersecurity AI
The 2025 Cost of a Data Breach Report shows a 9% drop to $4.44 million, driven largely by security AI and automation that slash detection times. Yet organizations that fully automate see breach costs up to $1.9 million lower than manual peers,...
Cal AI, New Owner of MyFitnessPal, Hit by Alleged Breach of 3 Million Users
Cal AI, the new owner of MyFitnessPal, is accused of a data breach affecting more than 3 million users, according to a post on BreachForums. The alleged leak comprises 12 GB of personal information, including names, dates of birth, email addresses—many using...
New BeatBanker Android Malware Poses as Starlink App to Hijack Devices
BeatBanker is a new Android malware that masquerades as a Starlink app on counterfeit Google Play Store pages, tricking users into side‑loading the malicious APK. The payload blends a banking trojan, the BTMOB remote‑access trojan, and a Monero XMRig miner,...
Social Security Watchdog Investigating Claims that DOGE Engineer Copied Its Databases
The Social Security Administration’s inspector general is probing a whistleblower claim that a former DOGE software engineer copied the agency’s Numident and Master Death File databases, which contain personal data on over 500 million Americans. The engineer allegedly sought help moving...
Fla. LE Agencies Awarded $500K in Federal Funding for Internet Crimes Task Force
South Florida law‑enforcement agencies received $535,000 in federal funding to bolster the Internet Crimes Against Children (ICAC) task force covering 12 counties. The task force has seen a near‑1,000% increase in tips since 2017, resulting in more than 500 arrests...
New 'Zombie ZIP' Technique Lets Malware Slip Past Security Tools
Researchers at Bombadil Systems have identified a new “Zombie ZIP” technique that manipulates ZIP headers to hide malicious payloads from antivirus and endpoint detection and response tools. By marking the compression method as STORED while actually using DEFLATE, scanners read...
Threat Intelligence by ESET Is a Game Changer
ESET reports a mixed security outlook for India, with overall threat detections falling 12 % YoY while ransomware incidents jumped 70 % between late‑2024 and early‑2025. Phishing remains the most common attack vector, and AI‑driven deep‑fake and ransomware threats are intensifying. The...
Microsoft’s Monthly Patch Tuesday Is First in 6 Months with No Actively Exploited Zero-Days
Microsoft’s March Patch Tuesday addressed 83 vulnerabilities spanning Windows, Azure, Office, and core services. For the first time in six months, the update contained no actively exploited zero‑day flaws, though six defects were flagged as more likely to be weaponized....
FBI Says Even in an AI-Powered World, Security Basics Still Matter
The FBI warned that AI is speeding up cyberattacks, but the attack lifecycle remains unchanged, meaning traditional defenses still apply. Deputy Assistant Director Jason Bilnoski highlighted that both criminal and nation‑state actors are leveraging AI, yet basic security steps can...
Crypto Hacks Fall to $49M in February as Attackers Shift to Phishing Scams
Crypto‑related exploits dropped sharply in February, with total losses reported at $49 million, down from $385 million in January. The majority of the February loss stemmed from a single Step Finance breach that siphoned roughly $30 million. Nominis’ analysis shows phishing campaigns and wallet‑authorization...
Mercer Faces Second Class-Action Lawsuit After ShinyHunters Cyberattack
Mercer Advisors is facing a second class‑action lawsuit after a ShinyHunters cyberattack exposed roughly 5.7 million client records, including names, contact details and partial Social Security numbers. The complaint alleges Mercer refused to pay the hackers’ ransom, prompting the group to...
Whistleblower Claims Ex-DOGE Member Says He Took Social Security Data to New Job
A whistleblower alleges that a former employee of the Social Security Administration’s DOGE Service accessed two highly sensitive agency databases and intended to transfer the data to a private‑sector employer. The SSA Office of Inspector General has opened an investigation...
DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders
The Department of Homeland Security reassigned several senior Customs and Border Protection privacy officials after they objected to a December directive that re‑classified Privacy Threshold Analyses (PTAs) as draft documents exempt from FOIA. The policy would allow the agency to...
Treasury Report Identifies Technology Tools to Counter Digital Asset Crime
The U.S. Treasury submitted a congressional report under the GENIUS Act outlining how emerging technologies can combat digital‑asset crime. It disclosed over $9 billion in digital‑asset fraud losses in 2024, with investment scams rising 47% and North Korean actors stealing $2.8 billion....
Microsoft March 2026 Patch Tuesday Fixes 2 Zero-Days, 79 Flaws
Microsoft released its March 2026 Patch Tuesday update, delivering security patches for 79 vulnerabilities across Windows, Azure, .NET, and Office products. The bulletin includes two publicly disclosed zero‑day flaws, though Microsoft says neither has been observed in the wild. Among the...
NIST Concept Paper Explores Identity and Authorization Controls for AI Agents
NIST’s National Cybersecurity Center of Excellence released a draft concept paper urging stakeholders to treat software and AI agents as identifiable entities within enterprise identity and access management systems. The paper proposes adapting existing IAM standards—such as OAuth, OpenID Connect,...
Critical Defect in Java Security Engine Poses Serious Downstream Security Risks
A maximum‑severity vulnerability (CVE‑2026‑29000) was discovered in pac4j, the Java security engine used for authentication across dozens of frameworks. The flaw allows attackers to forge JWTs or inject raw JSON claims, bypassing authentication without needing any secret, merely the public...
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
Check Point Research uncovered a wave of China‑linked cyber attacks on Qatar that began on 1 March 2026, using war‑news files as lures. The campaign employed DLL hijacking in Baidu NetDisk to deliver the PlugX backdoor and later targeted the oil‑and‑gas...
HPE Warns of Critical AOS-CX Flaw Allowing Admin Password Resets
Hewlett Packard Enterprise has released patches for multiple vulnerabilities in Aruba Networking’s AOS‑CX operating system, the most severe being CVE‑2026‑23813, a critical authentication‑bypass that allows unauthenticated actors to reset admin passwords. The flaw resides in the web‑based management interface of...
Hackers Are Selling a Critical Windows Zero-Day Exploit for $220,000 on the Dark Web
Hackers are offering a critical Windows zero‑day exploit, CVE‑2026‑21533, on the dark web for $220,000. The vulnerability targets Remote Desktop Services and can grant system‑level privileges on Windows 10, Windows 11, and Server editions from 2012 through 2025. Microsoft has...
You Should Lock Your SIM Card Before Someone Else Does
The article urges users to enable a SIM PIN in addition to a device lock, explaining that a four‑digit code secures the physical SIM against unauthorized network access. Carriers ship SIMs with generic default PINs (e.g., 1111 or 1234), which...
Claude AI Finds Bugs In Microsoft CTO's 40-Year-Old Apple II Code
Microsoft Azure CTO Mark Russinovich demonstrated Claude Opus 4.6’s ability to reverse‑engineer his 1986 Apple II Enhancer utility, written in 6502 machine code. The AI decompiled the legacy program and uncovered several security flaws, including a silent incorrect‑behavior bug when a...
Iranian APT Hack Targets US Airport Bank and Software Company
An Iranian advanced persistent threat (APT) group has breached a U.S. airport, a bank, and a software company using phishing and credential‑based tactics. The attackers moved laterally with legitimate administrative tools, establishing long‑term persistence to harvest data and monitor operations....
Microsoft Extends Mobile Identity Controls to AI Agents in New Enterprise Bundle
Microsoft announced the Microsoft 365 E7 Frontier Suite, bundling Microsoft 365 E5, Copilot, Agent 365, and Entra Suite for $99 per user per month. The suite introduces Agent ID, giving each AI agent a unique Entra identity subject to Conditional Access, Identity...
Crooks Compromise WordPress Sites to Push Infostealers via Fake CAPTCHA Prompts
Researchers at Rapid7 discovered a campaign where attackers compromise WordPress sites, including a US Senate candidate’s page, to serve fake Cloudflare CAPTCHA prompts that trick users into running commands that download infostealer malware. The malicious code is injected into legitimate...
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Threat actors are exploiting FortiGate next‑generation firewalls to gain initial access and harvest service‑account credentials. Researchers identified abuse of recent CVEs (2025‑59718, 2025‑59719, 2026‑24858) and misconfigurations to extract configuration files containing LDAP and AD service accounts, targeting healthcare, government and...
Egypt Pilots Selfie Biometrics to Streamline Access to Digital Govt Services
Egypt has launched a pilot of the MOIEG-PASS app, a selfie‑biometric platform that combines national‑ID scanning with facial recognition to authenticate users for select government services. The initiative is a joint effort by the Ministries of Interior and Communications and...
